Mr. Chairman and members of the committee, I thank you for the invitation to appear and testify on Bill C-21, an act to amend the Customs Act. I'm going to read my remarks, in a desperate academic attempt to stay within your 10-minute time frame.
Bill C-21 provides statutory powers for the final phase of the entry-exit initiative. As the committee will be aware from previous testimony, the entry-exit scheme dates back to promises made under the Beyond the Border action plan agreed to in 2011 between Canada and the United States. Its provisions are, for now, Canada-U.S.-centric. The Beyond the Border action plan is the latest iteration of agreed schemes for post-9/11 border security, dating back to the safe border accord of December 2001. The Liberal government affirmed its commitment to the entry-exit information plan during a summit meeting between Prime Minister Trudeau and then U.S. President Obama in March 2016.
The entry-exit scheme has had a staged rollout since its first phase, which lasted from September 2012 to June 2013. It served to test the data exchange between Canada and the U.S. at select land border ports of entry. The second phase began in June 2013 for fuller land border crossing information exchange for third country nationals, permanent residents of Canada, and lawful permanent residents of the United States. The final stage of entry-exit, requiring statutory force in Bill C-21, would see the biographical exchange of information on all travellers, including Canadian citizens, at the land border, and the collection of biographical exit data on all air travellers, again including Canadian citizens, leaving Canada.
Biographical data acquired under Bill C-21 would consist, as you've heard, of the page 2 information from Canadian passports presented to Customs and Border Protection officials at U.S. ports of entry when crossing the land border. This information includes, as you'll know, name, nationality, date of birth, sex, and place of birth.
For the air mode, it would involve what is referred to as API/PNR, or advance passenger information/passenger name record, data provided by air carriers and air reservation systems for exit records for air travel. API data includes page 2 biographical passport data plus flight information. PNR derives from airline departure control and reservation systems, and varies depending on the collector. It can include type of ticket, date of travel, number of bags, and seat information.
The information flow that Bill C-21 augments is meant to be automatic. It would involve the passage of electronic data from U.S. CBP at land entry—U.S. entry data becoming Canadian exit data—in near real time. For air travel, it would involve the transmission of electronic passenger manifests from air carriers. All of this information would go to the Canada Border Services Agency for processing.
The backgrounder published by the government when the legislation was first introduced in June 2016 indicates that the entry-exit initiative is meant to serve a large number of objectives. It is not specifically a national security tool, but could, in my view, enhance investigations into the movements of suspected terrorists, foreign espionage actors, and WMD proliferators, among other actors of concerns, and it could provide a useful investigative supplement to other powers available to security and intelligence agencies.
It is worth noting that Mr. Bolduc of CBSA testified before this committee on October 3, making the point that one additional benefit that Bill C-21 powers would provide was “it will bring Canada on par with the rest of the world and our Five Eyes partners. There's a huge, huge benefit for Canada.” This was a direct quotation from Mr. Bolduc. I am not quite sure how to read this enthusiasm, except to say that Bill C-21 measures are, in keeping with a long tradition in Canadian national security, meant to demonstrate our ally worthiness.
In this same vein, it is also important to note the restrictions that the government has said it will put in place in terms of information sharing from the vast pool of data that will be collected under Bill C-21. Land border exit information will inevitably be shared with the United States government, because the information is collected by U.S. CBP agents. We are assured that exit information from the air mode would not be shared with the United States or any other foreign government. Whether this blanket restriction makes sense is questionable, in my view. The committee may wish to consider an amendment to the legislation in this regard, which would bring it more into line with the Secure Air Travel Act, of which I'll speak a little later.
Minister Goodale has testified before this committee that “exchange of information both within Canada and with the U.S. will be subject to formal agreements that will include information management safeguards, privacy protection clauses, and mechanisms to address any potential problems.” These are important promises that presumably will be fulfilled through regulation. Notably absent, however, is any commitment to transparency around the entry-exit initiative. There is no requirement, for example, for any annual report to Parliament and the public on its application and efficacy.
This lack of a transparency commitment is compounded by the current absence of meaningful independent review of CBSA, the core actor that will operationalize Bill C-21.
While government officials have testified that the information flows provided for through Bill C-21 will be seamless and automatic, the real issues, it seems to me, involve analysis of the data by CBSA, retention and security of the data, and information sharing. Bill C-21 legislation is a black box in these regards, leaving much to regulation. There is a question in my mind as to whether the legislation needs to be more forthcoming in three particular areas: data retention schedules, information sharing protocols, and transparency requirements.
Before I come to some modest proposals to improve Bill C-21, a note on a parallel and existing legislative power might be in order. There exists already a limited form of entry-exit controls for air travel, which have been in place since 2007 but which were amended with Bill C-51 in 2015 under the title of the Secure Air Travel Act or SATA. SATA, often referred to as the passenger protect program, creates a list of persons that the Minister of Public Safety “has reasonable grounds to suspect will (a) engage or attempt to engage in an act that would threaten transportation security; or (b) travel by air for the purpose of committing” a terrorism offence. I'm slightly paraphrasing the sections of SATA here.
SATA contains some provisions that are not held in common with Bill C-21, including specific powers and information disclosure, both domestically and through written agreements with foreign states and entities. These are under sections 11 and 12 of the Secure Air Travel Act. These sections, incidentally, are not proposed to be amended in Bill C-59 as that bill comes forward, presumably, to this committee.
There is also an important statutory reference to retention of data received from air carriers or air reservation systems in the SATA legislation, and this requires:
The Minister of Transport must destroy any information received from an air carrier or an operator of an [air] reservation system within seven days after the act on which it is received, unless it is reasonably required for the purposes of this Act.
That's section 18 of SATA. In other words, the minister is empowered to retain records of air travel for the listed persons but not for the general public.
To bring Bill C-21 into closer alignment with SATA on data retention and information sharing protocols and to enhance transparency and ensure independent review of its powers, I would suggest the following responses to Bill C-21, which the committee might want to take under consideration:
First, Bill C-21 should adopt the explicit SATA references in sections 11 and 12 for information sharing domestically and internationally. I think this would be an improvement on doing this by regulation.
Second, Bill C-21 should adopt a reasonable retention schedule for entry-exit data based on expert government advice on the minimum period necessary for the retention to meet the many different objectives of the entry-exit initiative as listed in the backgrounder document published with the bill in 2016. A seven-day retention cycle as provided for in SATA would be self-defeating, but so would overly lengthy retention periods. CBSA must not become a data swamp.
Third, Bill C-21 should contain a mandatory requirement for annual reporting to Parliament on its provisions by CBSA.
Fourth, the committee should encourage the government to be explicit about its plans for the conduct of regulatory review of CBSA national security activities, either through an independent body or captured by the paragraph 8(1)(b) mandate for the proposed national security and intelligence review agency, NSIRA, under Bill C-59. This may require future clarifying amendments to Bill C-59.
Fifth, the committee should encourage the government to finalize its plans for an independent complaints mechanism for CBSA. There have been discussions under way about this for some considerable time now.
Sixth, and finally, I would encourage the committee to hold early hearings on CBSA and its rapidly expanding mandate. Doing so might serve as a foundational exercise for the new national security and intelligence review agency when it is created.
Thank you for your time and attention.