Wesley has pointed at me, so I will go first.
I wish to extend my sincere thanks to the committee for inviting me here to speak on Bill C-59. It's always an honour to be asked to share my observations before this committee.
My colleague Kent Roach is appearing before you next week. He and I have divided up Bill C-59. Today I shall be addressing the new Communications Security Establishment act and the amendments to the CSIS Act.
I support most of the changes Bill C-59 makes in these areas. I recognize the policy objectives they seek to address. I believe the statutory language is usually carefully considered and robust, but I do have one serious concern.
I'll begin with the CSE act and make my single recommendation for today. I respectfully submit that this committee should amend proposed subsections 23(3) and 23(4) to indicate CSE may not, without ministerial authorization, contravene the reasonable expectation of privacy of any Canadian or person in Canada. Those two provisions are found on page 62 of the PDF of the bill.
I have provided a brief to this committee describing the rationale for this change, and I should disclose I've been an affiant in the current constitutional lawsuit brought by the British Columbia Civil Liberties Association challenging CSE activities, but today I appear on my own behalf.
To summarize my concern, while engaged in foreign intelligence in cybersecurity activities, CSE incidentally collects information in which Canadians or persons in Canada have a reasonable expectation of privacy. This is done without advance authorization by an independent judicial officer, and thus likely violates section 8 of the charter.
Bill C-59 attempts to cure this constitutional issue through a ministerial authorization process, one that involves vetting for reasonableness by an intelligence commissioner, a retired superior court judge. This is a creative and novel solution. It preserves a considerable swath of ministerial discretion and responsibility. It is not a full warrant system. Still, given the unique nature of CSE activities, I believe it is constitutionally defensible.
The new system will only resolve the constitutional problem if it steers all collection activities implicating constitutionally protected information into the new authorization process. The problem is this. Bill C-59's present drafting only triggers this authorization process where an act of Parliament would otherwise be contravened. This is a constitutionally under-inclusive trigger.
Some collection of information in which a Canadian has a constitutional interest does not violate an act of Parliament, for example, some sorts of metadata. The solution is simple. Expand the trigger to read as follows: “Activities carried out by the Establishment in furtherance of the foreign intelligence” or cybersecurity “aspect of its mandate must not contravene any other act of Parliament or involve the acquisition of information in which a Canadian or person in Canada has a reasonable expectation of privacy”, unless they are authorized under one of these ministerial authorizations that are subject to vetting by the intelligence commissioner.
This may seem a lawyerly tweak, but if we fail to cure the existing problem with CSE's collection authorization process, a court may ultimately determine that CSE has been collecting massive quantities of data in violation of the Constitution. Such a finding would decimate relations with civil society actors, placing CSE squarely in the crosshairs of a renewed controversy, and making it very difficult for private sector enterprises to partner with CSE on cybersecurity without risking reputational fallout themselves. With Bill C-59, we have a chance to minimize this kind of problem.
I turn to the CSIS Act changes. Bill C-59 does three things. First, it permits CSIS new authority to collect and potentially retain so-called datasets. Here the tension lies in balancing the operational need for CSIS to be able to query and exploit information against the privacy imperative. Rather than prescribe hard standards for what may be included in datasets, Bill C-59 opts for a system of in-advance oversight.
The intelligence commissioner is charged with approving the classes of Canadian datasets that the minister has deemed may be initially collected, and the Federal Court authorizes any subsequent retention of actual datasets. While I am wary of the idea of datasets, I cannot dispute the rationale for them and I can find no fault with the system of checks and balances. I have one concern with the retention of information that's queried in exigent circumstances. I don't know that the bill has the same checks and balances there, but I'm happy to address that further in questions.
The second change to the CSIS Act relates to revisions to CSIS's threat-reduction powers introduced in Bill C-51 in 2015. These provisions were rightly controversial. For our part, Kent Roach and I did not dispute the idea of threat reduction, but we worried that CSIS threat reduction done as a continuation of our awkward, siloed police and intelligence operations runs the risk of derailing later criminal investigations and prosecutions. This would be tragic from a security perspective.
From a rights perspective, Bill C-51 lacked nuance. It opened the door to a violation of any charter right subject to an unappealable, secret Federal Court warrant. The regime was radical, and in my view, almost certainly unconstitutional. It was, therefore, unworkable, whatever the strength of the policy objectives that propelled it.
Bill C-59 places the system on a much more credible constitutional foundation. It ratchets tighter the outer limit on CSIS threat reduction powers. By barring detention—a power I sincerely doubt the service ever wished—it eliminates concerns about the many charter violations for which detention is a necessary predicate. By legislating a closed list of activities that could be done where a warrant is authorized, Parliament tells us what charter interests are plausibly in play—essentially, free speech and mobility rights. I believe that if threat reduction is to be retained, this new system reasonably reconciles policy and constitutional issues.
Lastly, Bill C-59's CSIS Act changes create new immunities for CSIS officers and sources engaged in intelligence functions that may violate law during those activities. The breadth of Canada's terrorism offences makes it certain that a confidential source or undercover officer will commit a terrorism offence simply by participating with the terror group that they infiltrate. An immunity is necessary. The issue is whether there are sufficient checks and balances guarding against abuse of this immunity. Again, I think Bill C-59 does a good job of festooning the immunity provisions with such checks.
I will end, though, with a caution. Our conventional manner of siloed police and CSIS parallel investigations lags best practices in other jurisdictions that employ more blended investigations. As the Air India bombing inquiry observed, we struggle with what is known as intelligence to evidence. The government is working on this matter. We should be conscious, however, that what CSIS does in its investigations, whether in terms of immunized criminal conduct in intelligence investigations or authorized threat reduction, could derail prosecutions if not done with a close eye to downstream impacts. This issue might usefully be a topic of inquiry for the new security and intelligence committee of parliamentarians.
Thank you for your attention. I look forward to any questions.