Public Safety Committee on Dec. 7th, 2017

With procedure reporting?

Absolutely. NSIRA is a very important step forward, in part because its jurisdiction encompasses all departments and agencies involved in national security, which is a flaw of the current system.

What I'm recommending is that our expertise be added to this mix so that the sum total of expert review and parliamentary review is able to give Canadians the assurance that both their security and their rights are protected.

I'm not sure what you mean by proactive and centralized. I answered Mr. Paul-Hus to say I agree that the collection of information, including that of some who are not a threat, can be useful to actually identify threats.

If that's what you mean by proactive, yes, I agree with that, so long as there are safeguards to ensure that the privacy of those who are not threats is not at risk.

The best example would be, again, that of travellers. The information about travellers, many of whom are not a risk to national security, may be relevant and may contribute to the mandate of the receiving agency, to use the words of the new section 5, because in the mass of travellers there might be some who are a threat. To have information on a more permissive relevancy or contribution standard may be acceptable at the front end. However, when that information is then received and analyzed by the national security agency and the agency determines that the individual is not a threat, on what basis should the information be used and, moreover, retained by the agency? The retention of information about 99.9% of the travellers who are not a threat is not necessary to its work, to its mandate.

In looking at Bill C-59 as a whole with all of its parts, I'm struck by the fact that parts 3 and 4 have essentially the standards. I understand that relevance and necessity are somewhat esoteric notions, but in parts 3 and 4, the government and you as parliamentarians are seized with a bill that recognizes that there is a need for the higher necessity threshold in some circumstances.

CSIS and the CSE will not be able to use and exploit the personal information of individuals unless it meets a necessity test. If it's good for parts 3 and 4, I'm saying it should be good for part 5.

If the necessity threshold for the receiving institution is higher, yes, it will receive irrelevant information, but only for a fleeting period. That may be a price to pay for the fact that in that large basket of information, some information may be relevant.

I wouldn't say we should not be concerned at all, but I see safeguards, including reliability of the information in the bill which are useful. I'm less concerned at the front end, the disclosing end, than I am at the receiving end.

I confess that we haven't paid much attention to this, but we will, and we will address that question in our ultimate submission.

I haven't thought this through in detail, but the intelligence commissioner is an interesting, new creation. It is more of an oversight body. It reviews matters before the fact, as opposed to after the fact. It's a bit novel and it's a different position from, say, the current SIRC, which is clearly subject to judicial review.

I would say probably, yes.

The 90-day period in Bill C-59 applies to the specific situation of the collection of datasets by CSIS. In a model where it's conceivable that more information may be required at the front end, but an exercise is required to funnel this to less information at some point, it's important that this period of analysis not be too long so as to give time to security agencies to do the analysis they need to do.

Ninety days strikes me as a very reasonable period. Should it be 90 days throughout regardless of whether it's CSIS, CSC, or others? We would have to look at it, but 90 days is a good rule of thumb.

Absolutely. There's no magical solution here. It's a question of balancing the value of the information and how long agencies should have to analyze it. Obviously the delay cannot be so long as to result in the creation of profiles or dossiers on all of us forever.

I'll note that for the CSIS provision in part 4, after 90 days the court doesn't base its determination on necessity, but rather on whether the information can be useful. It's a threshold, but we're not yet at the necessity stage. It's when this bank of information is then queried by officers that the necessity threshold applies.

I think there's room for CSIS in the regime for information that may not be clearly necessary at that point to be kept. It can be useful, but it will only be queried by CSIS officers at the back end, on a necessity threshold.