Public Safety Committee on Dec. 5th, 2017

In some ways I think what we're going to learn from these reports is how these powers are being used, how often they're being used, and whether our security services are having difficulty complying with the law. What they're not going to necessarily reveal is what the threats are that these powers are being used against.

People are worried about foreign fighters. We've seen that in the last month's coverage of the foreign fighter issue and I can understand why Canadians are concerned. However, at the end of the day, if we communicated these threats better, in a more reasonable manner, and provided a separate threat assessment or a more robust threat assessment by the national security community, I think that would go some way to help.

Where the transparency is going to be valuable, for someone such as me who is trying to know, is where you can see, for example, whether these powers are being used more or being used less, why they are being used more, whether there an increasing threat, and so on.

Again, I don't see any overly broad restrictions here in terms of sharing information in the legislation. As I noted earlier, if anything, it's actually in a lot of ways wider than the previous legislation, so I believe that won't be a problem.

In terms of how the guidance is translated if the legislation as written is passed, a lot of this will depend on their managers and how this is specifically done, but that will be seen in the review process.

It can be a tough question, but there are processes, mechanisms, and expertise that can be drawn on to make those assessments. It obviously involves careful analysis of law enforcement and security practices in the country from which the information is being received, both in a general sense and in a specific context. There is no perfect equation or process through which information can be filtered and a clear and conclusive determination made that it has or has not been the result of torture. That's why there's a threshold here. What we're looking for is whether there is a serious reason to believe it has been attained through torture.

If there are serious reasons to believe it has been obtained through torture, and even more so, if conclusively it has been possible to determine that it has been obtained through torture, then in our view it should be disregarded and not used in security and intelligence practices.

We would propose that other means of investigation be used, not relying on torture-tainted information.

Number one, relying on torture-tainted information only encourages more torture, both in the short term and in the long term. It is sending a message to torturers that there is a market for the fruits of their crimes, and we want to counter that. We want to break that cycle.

Second, we also have to remember the reality that torture-tainted information is very often unreliable. You will hear it very powerfully—not just from human rights experts, but more so from law enforcement and security experts—that relying on torture-tainted information excessively can be distracting and can take agents away from the real lines of investigation that will give rise to strong intelligence.

Thank you for your question.

Again, I would refer you to the worldwide threat assessment. It is a 10- to 15-page report written in very basic language that provides guidance as to the priorities and concerns of the U.S. national intelligence committee. It's there for anyone to read, and I think Canadians would benefit. Certainly someone like me, who teaches threats to critical infrastructure, would certainly be using any kind of document like that in teaching. I am sure I'm not alone.

There are a lot of university campuses now that are teaching terrorism and national security. We need to educate students about the kinds of threats they will be working on if they choose to go into a law enforcement career or a national security career.

Wesley has pointed at me, so I will go first.

I wish to extend my sincere thanks to the committee for inviting me here to speak on Bill C-59. It's always an honour to be asked to share my observations before this committee.

My colleague Kent Roach is appearing before you next week. He and I have divided up Bill C-59. Today I shall be addressing the new Communications Security Establishment act and the amendments to the CSIS Act.

I support most of the changes Bill C-59 makes in these areas. I recognize the policy objectives they seek to address. I believe the statutory language is usually carefully considered and robust, but I do have one serious concern.

I'll begin with the CSE act and make my single recommendation for today. I respectfully submit that this committee should amend proposed subsections 23(3) and 23(4) to indicate CSE may not, without ministerial authorization, contravene the reasonable expectation of privacy of any Canadian or person in Canada. Those two provisions are found on page 62 of the PDF of the bill.

I have provided a brief to this committee describing the rationale for this change, and I should disclose I've been an affiant in the current constitutional lawsuit brought by the British Columbia Civil Liberties Association challenging CSE activities, but today I appear on my own behalf.

To summarize my concern, while engaged in foreign intelligence in cybersecurity activities, CSE incidentally collects information in which Canadians or persons in Canada have a reasonable expectation of privacy. This is done without advance authorization by an independent judicial officer, and thus likely violates section 8 of the charter.

Bill C-59 attempts to cure this constitutional issue through a ministerial authorization process, one that involves vetting for reasonableness by an intelligence commissioner, a retired superior court judge. This is a creative and novel solution. It preserves a considerable swath of ministerial discretion and responsibility. It is not a full warrant system. Still, given the unique nature of CSE activities, I believe it is constitutionally defensible.

The new system will only resolve the constitutional problem if it steers all collection activities implicating constitutionally protected information into the new authorization process. The problem is this. Bill C-59's present drafting only triggers this authorization process where an act of Parliament would otherwise be contravened. This is a constitutionally under-inclusive trigger.

Some collection of information in which a Canadian has a constitutional interest does not violate an act of Parliament, for example, some sorts of metadata. The solution is simple. Expand the trigger to read as follows: “Activities carried out by the Establishment in furtherance of the foreign intelligence” or cybersecurity “aspect of its mandate must not contravene any other act of Parliament or involve the acquisition of information in which a Canadian or person in Canada has a reasonable expectation of privacy”, unless they are authorized under one of these ministerial authorizations that are subject to vetting by the intelligence commissioner.

This may seem a lawyerly tweak, but if we fail to cure the existing problem with CSE's collection authorization process, a court may ultimately determine that CSE has been collecting massive quantities of data in violation of the Constitution. Such a finding would decimate relations with civil society actors, placing CSE squarely in the crosshairs of a renewed controversy, and making it very difficult for private sector enterprises to partner with CSE on cybersecurity without risking reputational fallout themselves. With Bill C-59, we have a chance to minimize this kind of problem.

I turn to the CSIS Act changes. Bill C-59 does three things. First, it permits CSIS new authority to collect and potentially retain so-called datasets. Here the tension lies in balancing the operational need for CSIS to be able to query and exploit information against the privacy imperative. Rather than prescribe hard standards for what may be included in datasets, Bill C-59 opts for a system of in-advance oversight.

The intelligence commissioner is charged with approving the classes of Canadian datasets that the minister has deemed may be initially collected, and the Federal Court authorizes any subsequent retention of actual datasets. While I am wary of the idea of datasets, I cannot dispute the rationale for them and I can find no fault with the system of checks and balances. I have one concern with the retention of information that's queried in exigent circumstances. I don't know that the bill has the same checks and balances there, but I'm happy to address that further in questions.

The second change to the CSIS Act relates to revisions to CSIS's threat-reduction powers introduced in Bill C-51 in 2015. These provisions were rightly controversial. For our part, Kent Roach and I did not dispute the idea of threat reduction, but we worried that CSIS threat reduction done as a continuation of our awkward, siloed police and intelligence operations runs the risk of derailing later criminal investigations and prosecutions. This would be tragic from a security perspective.

From a rights perspective, Bill C-51 lacked nuance. It opened the door to a violation of any charter right subject to an unappealable, secret Federal Court warrant. The regime was radical, and in my view, almost certainly unconstitutional. It was, therefore, unworkable, whatever the strength of the policy objectives that propelled it.

Bill C-59 places the system on a much more credible constitutional foundation. It ratchets tighter the outer limit on CSIS threat reduction powers. By barring detention—a power I sincerely doubt the service ever wished—it eliminates concerns about the many charter violations for which detention is a necessary predicate. By legislating a closed list of activities that could be done where a warrant is authorized, Parliament tells us what charter interests are plausibly in play—essentially, free speech and mobility rights. I believe that if threat reduction is to be retained, this new system reasonably reconciles policy and constitutional issues.

Lastly, Bill C-59's CSIS Act changes create new immunities for CSIS officers and sources engaged in intelligence functions that may violate law during those activities. The breadth of Canada's terrorism offences makes it certain that a confidential source or undercover officer will commit a terrorism offence simply by participating with the terror group that they infiltrate. An immunity is necessary. The issue is whether there are sufficient checks and balances guarding against abuse of this immunity. Again, I think Bill C-59 does a good job of festooning the immunity provisions with such checks.

I will end, though, with a caution. Our conventional manner of siloed police and CSIS parallel investigations lags best practices in other jurisdictions that employ more blended investigations. As the Air India bombing inquiry observed, we struggle with what is known as intelligence to evidence. The government is working on this matter. We should be conscious, however, that what CSIS does in its investigations, whether in terms of immunized criminal conduct in intelligence investigations or authorized threat reduction, could derail prosecutions if not done with a close eye to downstream impacts. This issue might usefully be a topic of inquiry for the new security and intelligence committee of parliamentarians.

Thank you for your attention. I look forward to any questions.

Mr. Chair and members of the committee, I thank you for this opportunity to testify on Bill C-59, the national security framework legislation.

I'd like to begin with a look backwards. I had the privilege 16 years ago of testifying before a House committee on the original Anti-terrorism Act. I think it might have been, in fact, in this beautiful room. One of the lessons I drew from that experience was that Parliament, if given the chance, could have a significant impact on improving draft legislation and on enabling a strong, if inevitably contentious, public debate. Given the professed openness of the Minister of Public Safety to constructive suggestions, I am optimistic that a similar result will occur from deliberations on Bill C-59.

Bill C-59 represents a very ambitious and sweeping effort to modernize the Canadian national security framework. It should not be seen as just a form of tinkering with the previous government's Bill C-51. There are so many elements in Bill C-59, and as you will have appreciated from testimony by my colleagues, I, like them, am going to focus on only a few elements of this.

The ones I want to focus on are what I call the key forward-looking elements of Bill C-59. By “forward-looking” I mean the genuinely new elements in this legislation, which pose particular challenges for a committee like this in terms of trying to understand their precise potential impact and efficacy. Those three brand new elements, I think, are particularly visible in parts 1 to 3 of the legislation, so that's what I am going to concentrate on, but I'd be happy to take questions on other aspects of the bill.

Part 1 of the act creates a national security and intelligence review agency. I fully support this concept and its rationale, and it is exciting to me to see it embraced by the government. The challenge will be ensuring that the architecture can be made to work. To bring the legislation to light, it will be important to ensure that NSIRA, as I'll call it, has the right fiscal and logistic resources, a high-quality talent pool in its secretariat, excellent working relationships with the security and intelligence agencies, and a viable work plan. It will also be important to ensure that the bodies that are to be reviewed have the resources and proper approach to the enhanced scrutiny they will undergo.

NSIRA part 1 needs, in my view, a few fixes. One has to do with the mandate, in proposed section 8. I believe that the national security and intelligence activities of the RCMP should be specifically listed at proposed paragraph 8(1)(a). It is important to be clear in the legislation that NSIRA will take over some of the current review activities of the Civilian Review and Complaints Commission for the RCMP as it is doing for SIRC and for the Office of the CSE Commissioner. This should not be left simply to coordinating amendments buried in the back of the legislation.

The committee will also note that NSIRA enacts only a partial solution to the problem of dealing with national security complaints, at proposed section 16 and following. Its complaints remit is restricted to CSIS, CSE, and complaints regarding the RCMP that have a nexus in national security, and I would urge the committee to hear from the commissioner of the Civilian Review and Complaints Commission for the RCMP about how well they think the legislation enables the NSIRA complaints mandate when it comes to the RCMP.

Finally, there's an important issue of membership, as you've already heard, in NSIRA. This is at proposed section 4 of the bill. The procedures proposed are, disappointingly to me, an automatic carry-over from SIRC, but SIRC membership has had a sometimes deeply troubled history. Membership size and profile need, I think, to be rethought. In my view, the SIRC membership should be enlarged to allow for more diverse and expert representation and to reduce the burdens on members hearing complaints.

NSIRA membership should also reflect, in my view, a wider range of expertise in security and intelligence issues, including expertise in security threats, on intelligence practices, on international relations, on governance and decision-making, on civil liberties, on community impacts, and on privacy. Those are seven sets of expertise right there.

The ability of NSIRA to get up and running once legislation is passed will be vitally dependent on the continued strength, capacity, and forward planning of the Security Intelligence Review Committee, which will be NSIRA's core. It would be very unfortunate if anything occurred to weaken SIRC in the transition.

Part 2 of the bill is on the intelligence commissioner. Legislation to establish an intelligence commissioner to engage in proactive oversight of aspects of the work of CSE and CSIS is a novel concept that has no counterpart that I'm aware of among our Five Eyes partners. We are being truly innovative here. The concept that's been adopted, I believe, is a made-in-Canada solution to ensuring the legality and charter compliance of some of the most sensitive and important operations conducted by our main intelligence collection agencies, CSE and CSIS.

With regard to the function of the intelligence commissioner, I would like to offer two thoughts and one recommendation.

One thought is that it would be important that the system is and is seen to be a way of ultimately strengthening rather than diluting ministerial accountability, even while it gives some oversight powers to the intelligence commissioner. The second thought is that the ability of the minister to retain traditional powers of accountability while ceding some decision-making authority to the intelligence commissioner is linked in turn to the working of new reporting mechanisms proposed in part 1 of the act.

NSIRA will produce a much stronger stream of reporting to the minister on the activities of the key intelligence agencies, which, if that stream of reporting can be properly digested by the minister and his office, should ensure that the minister can issue authorizations that will pass muster with the intelligence commissioner. In this way part 1 and part 2 of Bill C-59 are intimately linked.

The recommendation I have to offer is that the intelligence commissioner function must not go dark. The Office of the CSE Commissioner, on which the function will partly be based, produced an annual report to the minister that was tabled in Parliament. This has been the practice since the commissioner's office was established in 1996. There is no such requirement at present for the intelligence commissioner. I believe the intelligence commissioner should be required to table an annual report that would review the commissioner's activities and findings.

Then there is part 3, the CSE act. I fully support the importance of creating separate, modernized legislation for CSE, distinct from the National Defence Act. CSE is one of Canada's most important, if not the most important, intelligence collection agency. It provides our principal contribution to the Five Eyes intelligence partnership. Getting the CSE act right is vital to Canada's interests and deserves close attention by the committee.

CSE received its first enabling legislation with the passage of the Anti-terrorism Act back in 2001. It is that legislation that is being modernized with Bill C-59. There were no changes to CSE legislation proposed in the previous Bill C-51.

The CSE act expands the current three-part mandate of CSE by adding two additional powers for what are called active cyber-operations and defensive cyber-operations. Let there be no mistaking that these are major new powers for CSE.

Both kinds of operations require ministerial authorization. Active cyber-operations engaging overseas targets require the consent of the Minister of Foreign Affairs. There have been some concerns raised in Parliament about the need for such consent. I think it is absolutely essential, given the volatile nature of such operations and their potential for blowback against Canadian international interests.

Active cyber-operations are what I call a digital form of covert operations, somewhat akin to classical Cold War covert operations designed to destabilize the capacities of a foreign adversary. In addition to blowback effects, they can also engage an escalatory spiral, as we saw, for example, in the aftermath of the cyber-operation known as Stuxnet, which targeted the Iranian centrifuge cascade that was central to their uranium enrichment program and nuclear weapons development. Active cyber-operations require high degrees of intelligence knowledge and technical skills, but they also require high degrees of political oversight and strong agency command and control.

It is also important to understand that many, if not all, of the operations that CSE might conduct in the future under its active cyber-operations mandate will be mounted within a Five Eyes context. I don’t think we’re going to be going it alone on these ones. This is all the more reason for there to be what has been called “a dual-key approach”. Neither active nor defensive cyber-operations require the consent of the intelligence commissioner, which is something the committee might want to look into, but such operations will be subject to review by the new national security and intelligence review agency.

The CSE act is a very complex piece of legislation. It might be a lawyer's dream, but it would be a layman's nightmare to read. It contains some very important provisions that are sprinkled throughout the bill with little connecting narrative thread. My recommendation with regard to part 3 is that there should be a values principle built into the legislation, perhaps at the proposed mandate section, to draw together some of these different component parts, and I will provide a brief on that.

I was going to add a brief set of remarks about what isn’t in the legislation, but I’m happy to address that in questions.

Thank you.

Sure, absolutely, although I fear the translator may be driven mad by the effort to turn my microprint into French.

My response would be that, certainly from my perspective, Kent Roach and I did not dispute the policy objectives that Bill C-51 was trying to accomplish, with one exception, and that is the new speech crime. We thought it was unnecessary. If one were to repeal those provisions that Bill C-51 introduced, one would be left still with the policy issues that would have to be addressed. I see Bill C-59 is dealing with those same policy issues but putting each of the powers on a more sustainable footing.

I would agree with what my colleague Professor Carvin said earlier, that not only is this just a question of constitutional niceties. It's also a question of certainty. Many of the powers that were introduced by Bill C-51 were clothed with such vagueness that the services might be disinclined to try to test them for fear they would run afoul of a court or a commission of inquiry subsequently.

Again, the policy objectives were real. The drafting, in my view, was insufficient.

Just briefly, I would say something very similar but expressed slightly differently, which is that in my view, Bill C-51 had good elements and bad elements. I think that was also the Liberal Party's position, frankly, when it was the third party in opposition, that there were some elements they could support and some elements that they were committed to overturning, if they ever came into office.

Bill C-59 represents some effort to fix the so-called problematic elements of Bill C-51, but it also provides space to add what I think are important new dimensions that were not addressed in Bill C-51. I would think it would be a time-wasting exercise, frankly, to go back and just repeal and simply eliminate all of Bill C-51 from the law books. Better is the approach that's been taken here.