Public Safety Committee on Jan. 30th, 2018

Thank you, Chair.

Mr. Chair, honourable members, I am pleased to appear before this committee again, this time on the subject of Bill C-59. I am accompanied by William Galbraith, the executive director of my office, and by Gérard Normand, special legal advisor.

I have been the Communications Security Establishment (CSE) Commissioner for over four years. I am responsible for reviewing the activities of CSE, primarily to determine whether they complied with the law. This naturally includes everything to do with protecting the privacy of Canadians and persons in Canada. I am a retired judge of the Superior Court of Québec and of the Court Martial Appeal Court of Canada. As I like to often say when I appear before you:

I'm a young 75.

The phrase retired judge means that you cannot expect someone 40 or 50 years old. In order to retire, we have to be at least 69 or 70. That explains my somewhat advanced years.

The law requires the CSE Commissioner to be a supernumerary judge, meaning a judge who is on the bench part-time, or a retired judge of a superior court. My current term expires in mid-October this year, in 2018.

However, once Bill C-59 receives royal assent and part 2 enters into force, my role will change into a completely—and I emphasize completely—new function for intelligence accountability in Canada.

Indeed, the CSE commissioner will no longer perform after-the-fact review of CSE activities. The intelligence commissioner, or the IC if you prefer, will have a quasi-judicial role, of which the first part is reviewing and the second is approving authorizations issued by ministers for certain activities of CSE and CSIS before those activities can be conducted.

This specific role will be to determine whether the minister's conclusion to authorize the activity was reasonable. The test I have to apply is reasonability. In essence, this is similar to the function performed by a court of law when undertaking what we call “a judicial review”. This is, in my view, a critical role, intended to provide a quasi-judicial review of an intelligence agency's activities that may have charter and/or privacy implications.

Part 2 of Bill C-59, the Intelligence Commissioner Act, expressly provides for the transition of the CSE Commissioner into the new role of Intelligence Commissioner. The functions of post-facto review of CSE activities that I now perform will be assumed by the new National Security and Intelligence Review Agency, also proposed in Bill C-59.

This bill also requires the intelligence commissioner to be a retired judge of a superior court, which is appropriate, in my view, given the quasi-judicial function of this new position. However, this bill does not include the possibility of appointing a supernumerary judge, as is the case now with the National Defence Act for the CSE commissioner. I believe this bill should retain the possibility of a supernumerary judge, in part to ensure a broader pool of potential candidates. I was a supernumerary judge when appointed CSE commissioner four years ago, and a short time afterward, I fully retired as a judge.

The problem is the following. The pool of candidates for this job, the new intelligence commissioner, is very narrow. You must find a retired judge who has the proper background to be appointed—for example, a background in security matters or in national defence matters. The pool is very narrow. That's why I'm suggesting that we should keep in the bill what we have in the National Defence Act with regard to the appointment of the intelligence commissioner. In other words, a supernumerary judge should be appointed as the IC and then would retire maybe a few months later. It would be a transitory measure. I can see that if a sitting judge remained the intelligence commissioner for years, he might have some problems with conflicts of interest and what have you. I think for transition purposes, it might be very useful.

Previously, I submitted to this committee a written copy of substantive proposals for amendments to Bill C-59. Those comments were sent to your chair on December 6, 2017. I am also submitting today lists containing additional substantive and technical proposals that I sent to Minister Goodale and Minister Sajjan. I think you have a copy of those comments before you. I will highlight a number of these in my remarks.

The importance of the process the government has chosen to follow for this bill is, as stated by Minister Goodale, to allow new ideas and alternative suggestions to be presented before second reading in the House.

In this context, I will speak to changes I am proposing for three parts of the bill: part 2, the intelligence commissioner act; part 3, the CSE act; and part 4, amendments to the CSIS Act. While I am of the view that the proposed legislation is generally sound and that it addresses most of the recommendations made by me and my predecessors to amend part V.1 of the National Defence Act. I am also of the view, following in-depth analysis and discussions with officials and agencies directly involved, that certain amendments should be proposed. Among my substantive proposals, I will describe seven that I consider the most important.

First, I believe the intelligence commissioner should be involved in approving authorizations for CSE active cyber and defensive cyber operations which may also implicate privacy interests. Some commentators have remarked that this is a new and very broad mandate for CSE and that it is too permissive. By comparison, the CSIS Act requires CSIS to go before a federal court judge, in some instances, to have a warrant issued for similar activities.

Second, as the bill is written currently, the Intelligence Commissioner does not approve the minister's decision to extend the validity of a CSE foreign intelligence or cybersecurity authorization for an additional year. I believe the commissioner should be involved, given that he was involved in approving the initial authorization. Otherwise, in effect, the authorization would be for two years. However, this is not what the bill proposes. It proposes that this type of authorization is valid for a maximum of one year. If the minister granted extensions almost automatically without the commissioner being involved, the duration could end up being two years, instead of the one year provided for in the act.

Third, emergency authorizations for CSE issued by the minister for purposes of foreign intelligence or cybersecurity should also be reviewed by the commissioner immediately after they have been issued. This would be similar to the approach that exists in the Investigatory Powers Act in the United Kingdom. Under the U.K. legislation, the period of validity for these emergency authorizations is five days, the same validity period as in Bill C-59. However, in the U.K., the Judicial Commissioner must review and approve these authorizations within that time frame.

If you give me maybe two or three minutes, I think I can do it.

I'll try to finish the proposal, because I know one of the questions will be on those particular points.

I've been warned.

Fourth, I also believe that the commissioner should have the authority, when engaged in the review and approval process, to request clarifications about the information provided to him that was considered by the minister in making a decision. Without this ability, the commissioner, if not clear on some of the information, may well have no option but to determine that the minister’s conclusion to authorize an activity was not reasonable.

Fifth, I believe the commissioner should be able to conditionally approve an authorization, subject to the minister agreeing to incorporate a condition identified by the commissioner.

I have only two left.

Sixth, the Intelligence Commissioner should prepare a public annual report to the Prime Minister, to be tabled in both chambers of Parliament. This would emphasize the independence of the commissioner and help enhance transparency and public trust.

Seventh and finally, I believe a regulation-making authority should be inserted into the proposed intelligence commissioner act for carrying out the purposes and provisions of the act.

Thank you for this opportunity to appear before you today. We would be pleased to answer your questions.

Thank you, Mr. Chair.

I'll ask the general counsel to answer. I did touch upon that subject matter in my introductory remarks—

—but I'll ask Normand to reply to it.

Essentially, they're not the level of detail that we provided, because we based it on the U.K. legislation, but the idea is the same. Basically it would enable the minister to make a decision in exigent circumstances, but that would be reviewed within five days by the commissioner. Then, depending on his review, depending on the decision, there would be an impact or not on the ongoing authorization. In a sense, it's basically the same thing that we're proposing.

The bill actually provides that if the intelligence commissioner turns down the request submitted to him by the minister—or his conclusion, I should say—then he has to give reasons. On the other hand, if he approves the authorization issued by the minister, he doesn't have to provide reasons.

As a retired judge, I don't mind providing reasons. I've been doing that all my life. When you issue a judgment of any sort, you provide reasons. I'm not against the suggestion that even if I approve the conclusion reached by the minister with regard to the issuance of an authorization, the commissioner should provide some reasons. Obviously those reasons would be rather short compared to when the conclusions of the minister are judged unreasonable by the IC, but I'm not against that suggestion.

Actually, especially in the first few years, I think reasons would be helpful in enabling the agencies to see where the commissioner is coming from in the way of thinking within the reasonableness process.

This is a complex matter. Those are complex provisions within the bill, those provisions concerning the active and defensive cyber operations.

In essence, it was explained to me that the IC will not have a role to play because, unlike when information is collected in active and defensive cyber operations, no collection will occur. They suggest that there are no charter or privacy rights that would be affected by these techniques that will be used outside of Canada. This is with regard to the CSE.

Unfortunately, I don't necessarily agree with that view, and neither does the Department of Justice, which is the legal adviser to the government. I'm quoting from the justice department's legal opinion, page 9 of a document entitled “Charter Statement - Bill C-59”. It's short, but it explains my position. I quote:

The provisions authorizing active cyber operations would not by definition engage any Charter rights or freedoms. However, specific activities authorized under this scheme could potentially engage rights or freedoms. The considerations that support the consistency of this aspect of the mandate with the Charter are very similar to those supporting the consistency of the defensive cyber operations mandate. One difference is the distinct purpose of active cyber operations, which would be to further the government’s compelling objectives in relation to Canada’s international affairs, defence or security.

Although no information is collected, people's private communications will be disrupted, influenced, and interfered with, and this could very well, in my view, affect Canadians in the same way as inadvertently collecting information on Canadians abroad. In my view, there should be no difference between collecting communications of Canadians abroad and disrupting and interfering with communications of Canadians abroad, so—