Public Safety Committee on Feb. 1st, 2018

Yes.

The encryption on the device, whether it's a phone or a computer, is such that we don't have the technology that would allow us to circumvent or overcome the encryption. The evidence that could be contained within that device is kept from us. That's one issue.

What we'll find in investigations, and I can speak more from traditional criminal investigations, is that we will then often liaise with other police agencies, including the RCMP, to determine if they have technology that could assist us in defeating the encrypted device. That is a significant issue for a criminal investigation, but it would also impact national security investigations, where we lay a criminal charge and then only discover additional compelling information or evidence a year later when we're able to get into the device. We may not be able to disclose that information in a timely manner without jeopardizing the convicting charge—

There is a danger in that, and I think we have to be precise in terms of the affidavit that's being drafted to gain access to that device, and in terms of the understanding of the justice or magistrate who's issuing that warrant that we're prescribed about where we can search and what data we could look at.

Thank you, Mr. Chair and honourable members of the committee. My name is Gillian Carter, and I am a staff lawyer with the law reform directorate at the Canadian Bar Association. Thank you for inviting the CBA to discuss Bill C-59 with you today.

The CBA is a national association of more than 36,000 lawyers, notaries, law teachers, and academics. An important aspect of our mandate is to seek improvements in the law and the administration of justice, and that is what brings us here today.

The CBA has offered its views and expertise at many stages in the development of Canada's national security and anti-terrorism regime. Our written submission on Bill C-59 was prepared by multiple sections of the CBA, including the criminal justice, immigration law, charities and not-for-profit, military law, and privacy and access to information law sections. With me today is Peter Edelmann, a member of the immigration law and criminal law sections and a lawyer specializing in immigration law.

I will now turn it over to Peter to address the main points of our submission.

Thank you very much for inviting me to appear before you today.

Bill C-59 proposes complex and major updates to national security law. It would address several decisions of the Federal Court of Canada, and widespread concerns expressed about Bill C-51 in 2015.

The Canadian Bar Association generally supports the goals and structure of Bill C-59 as a positive change, modernizing the legal framework for Canada’s national security infrastructure and increasing transparency, oversight and review, features that have previously been lacking. Our comments and analysis of the proposals in Bill C-59 are offered in hopes of further improving the bill.

Our written submissions provide a number of specific recommendations and I would refer you to those for the more technical amendments we propose. I will use my time today to focus on two or three areas of broader concern.

First of all, we support the creation of the national security and intelligence review agency, the NSIRA. I just have a couple of comments with respect to it but in particular with respect to the mandate. While we commend the decision to avoid language that would unnecessarily restrict the agency's mandate, an overly broad mandate could hinder the agency's ability to focus and assess its performance against its mandate.

In the way that it's drafted now, the NSIRA has responsibility for broad review of any activity of “a department that relates to national security or intelligence”. “Intelligence” is a very broad term. It could include things that are done by anything from the Canada Revenue Agency to Fisheries and Oceans, police departments, etc.

“National security” is also problematic given the multiple definitions that we see in different pieces of legislation. In particular, we remain concerned about the SCISA, the Security of Canada Information Sharing Act, or with the amendments that we have today. The breadth of the definition of an “activity that undermines the security of Canada” in section 2 is still very broad and notably it's different from the definition in the CSIS Act of “threats to the security of Canada”. Having two definitions is not helpful. It's confusing and it doesn't provide a clear mandate for national security agencies and in particular for an oversight or review agency.

I would also note in passing that the amendment to the exception in section 2(2) of the SCISA is troubling as it actually substantially reduces the protection under the current version. Several legitimate political activities might be seen on their face as undermining the sovereignty or territorial integrity of Canada.

In the past, we've recommended that there be one coherent, clear definition of “national security” and we continue to be of that view. It's also unclear whether certain other activities fall under the definition of “national security” at all. For example, the Secure Air Travel Act, SATA, does not refer to national security and it's unclear whether the review of SATA activities would fall under the NSIRA or not. In other words, is this national security legislation? Does it fall under NSIRA?

The coordination of the work of the NSIRA with other review agencies is obviously key although we would note that there remain significant gaps in the review framework. The problem is particularly stark with the Canada Border Services Agency, and we've expressed concerns about this lack of independent review of the CBSA in several past submissions.

CBSA remains one of the largest law enforcement agencies in the country and has no independent oversight or review at all. This is not a role that NSIRA should take on although it does highlight the problem of having a vague definition of “national security” because arguably everything that Canada Border Services Agency does could fall into a broad understanding of national security in a vague sense.

Everyday complaints about problems at the border should not be burdening NSIRA and its resources. A specialized review agency is required.

We also have concerns, in particular, with respect to NSIRA's access to information, and in particular that NSIRA would have access to any information other than a cabinet confidence that it deems necessary to conduct its work. This would extend explicitly to information subject to solicitor-client privilege, professional secrecy of advocates and notaries, or litigation privilege, creating an open-ended mechanism to review legal advice given to the government. This is of significant concern to the CBA.

The role of solicitor-client privilege is fundamental to the functioning of our justice system and this is as true for government actors as it is for private actors. It has been argued that privileged information must be made available because the practices of security agencies often depend on the legal advice they receive.

However, without assurances of privilege, legal advice will be sought less often, based on less candid disclosure by client agencies, or worse, sought and received but not documented.

The other problem with respect to the disclosure of solicitor-client privileged information is how the NSIRA then deals with it in its reports. It's not helpful for the NSIRA to have solicitor-client privileged information. What they need is information about how this is actually deployed in the agency, not the advice that was given behind those decisions.

Concerning the intelligence commissioner, the CBA supports the creation of an independent specialized office for the oversight and authorization of activities by the CSE and CSIS. We have generally called for judicial oversight, but we recognize the advantages of a dedicated commissioner with staff and resources to allow effective ongoing oversight.

The nature of the review mandated by sections 14 to 21 of the proposed intelligence commissioner act does create some concerns for us because there's a system of nested reasonableness findings. Instead of the normal process in front of a judge for a warrant where a judge would find whether there are reasonable grounds to issue a warrant, what the legislation currently foresees is that the minister would make a finding on reasonable grounds, and then the intelligence commissioner would review that on a reasonableness standard.

This creates two problems from our perspective. First, it's unclear how much deference that implies. There's an extensive debate in the courts right now around the application of the reasonableness standard at all and how that plays out in terms of deference.

There's no need to bring that confusion into this area, and there is not that confusion around the reasonable grounds standard, so there's no reason for this nested reasonableness finding other than creating a level of confusion as to how much oversight is actually being provided, in particular because it's going to be provided behind closed doors. It's important for Canadians to understand what the intelligence commissioner is doing and that it be clear.

With respect to the CSE, the CBA generally supports the more detailed mandate of the CSE, and we support the structure as it's being proposed. There are several elements of the proposed mandates that are in tension with one another, in particular, the offence and defence in cyber-operations.

We would recommend that there be an explicit vulnerabilities equities process as part of the mandate of the CSE, so that the balancing can happen in a transparent way. The U.S. has a process in place that might work as a model, or at least give ideas with respect to that.

With respect to CSIS, we continue to have concerns around the disruption powers. In particular, giving kinetic powers to CSIS comes away from the mandate of creating CSIS in the first place, after the McDonald Commission.

I'll refer you to our written submissions with respect to our concerns around section 12.1(3.2). We continue to have concerns similar to those we've had in the past with respect to these warrants limiting charter rights in that context.

Finally, I would note with respect to the Criminal Code provision of counselling of terrorism offence, in my view, following the jurisprudence of the Supreme Court in Hamilton, the counselling offences in the Criminal Code already cover everything this offence covers. There is no need to further complicate the Criminal Code. It's already too complex. It ought to be simplified, and the counselling offence covers everything you're hoping to cover here.

Thank you very much for your time, and I apologize if I went a little bit over.

Mr. Chair, Mr. Clerk, and honourable committee members, thank you for the opportunity to testify before you regarding Canada's national security framework.

Following a set of national consultations regarding the Anti-terrorism Act, formerly Bill C-51, the Liberal government drafted Bill C-59, An Act respecting national security matters to replace the Anti-terrorism Act.

I have reviewed the bill and will comment on it through a human rights lens. Securing the safety of its populace is a fundamental function of government. It is without question that government and its agencies must be equipped with the means necessary to prevent, counter, and address evolving threats in the digital age. In that same vein, a balance must be struck between securing public safety and respecting rights, ensuring any limitations placed on rights are necessary, proportionate, and reasonable.

As a human rights professor, I am pleased to see language recognizing the need to maintain respect for the Canadian Charter of Rights and Freedoms, the rule of law, accountability, and transparency within Bill C-59. The establishment of a national security and intelligence review agency with a mandate to review national security activities, consider complaints, and advance investigations is arguably the most significant advancement.

The bill also establishes an intelligence commissioner to review the reasonableness of Canadian Security Intelligence Service and Canadian Security Establishment authorizations regarding, inter alia, intelligence gathering and cybersecurity. Though Bill C-59 has addressed some shortcomings found in the Anti-terrorism Act of 2015, concerns remain regarding its impact on human rights, particularly the rights to privacy, freedom of assembly and association, freedom of expression, liberty and security, democratic rights, due process rights, and anti-discrimination protections.

Due to time constraints, this testimony focuses on concerns with amendments to the Canadian Security Intelligence Service Act regarding the collection, querying, exploitation, and retention of datasets. The act defines a “dataset” as the collection of information stored as an electronic record and characterized by common subject matter. A dataset could thus encompass any thematic electronic documentation, provided it is a publicly available dataset, relates primarily to non-Canadians living outside of Canada, or constitutes an approved class.

Though it is reassuring that a newly established intelligence commissioner would review classes of datasets to safeguard against abuse, the remainder of section 11.05(2) is read with caution. Use of the term “publicly available dataset” is misleading, as it can include information that is considered private under the Privacy Act, but is available in the public arena, potentially without the consent or knowledge of the person concerned. In other words, publicly available data can extend to private information made public on request, by subscription or by purchase. Rather than exploit this vulnerability by legitimizing and encouraging the commodification and exploitation of the public's data, the Government of Canada has a positive obligation to protect its populace against infringements by third parties that may compromise individual privacy in exchange for profit.

Granting government authority to collect publicly available data appears innocuous, but can reveal highly personal information in violation of the right to privacy. I also caution Canadians against blindly accepting mass government surveillance of foreigners. Though targeted surveillance may be necessary to thwart legitimate threats to peace and security, mass surveillance opens the door for foreign nations not accountable to Canadian voters to collect information about Canadians and share it with our governments, other nations, or corporations.

Under these circumstances, the Government of Canada could also place foreigners in danger by revealing compromising information to governments with poor human rights records. Differential respect for the privacy of Canadians versus non-Canadians outside the country also constitutes a violation of non-discrimination under the international covenant on civil and political rights.

The United Nations special rapporteur on the right to privacy has maintained that the distinction between one's own citizens and foreigners is not in compliance with the principles of the universal right to privacy.

Failing to properly restrain invasions of privacy could prompt charter violations of section 8 protecting against reasonable search or seizure or the promotion of presumption of innocence under section 11(d). In order to satisfy that such limitations are “demonstrably justifiable in a free and democratic society”, the onus is on the Government of Canada to prove these limitations are of sufficient importance, rationally connected to the objective, minimally impair rights, and produce an outcome that outweighs the gravity of the problem it seeks to address.

Though protecting public safety and national security is of sufficient importance to warrant a well-defined, targeted invasion of privacy, the mass collection of data that could lead to results that are relevant to the performance of CSIS's duties and functions is not sufficiently important to encroach on constitutionally protected rights.

Similarly, blanket collection of datasets merely “relevant” to the duties and functions of the service fails to demonstrate a direct rational connection to protecting public safety. If there is no direct connection to maintaining public safety and national security, why does the Government of Canada consider these proposed powers to be a necessary component of the national security framework?

The United Nations special rapporteur on the promotion and protection of human rights while countering terrorism has warned that “restrictions falling short of being necessary...constitute 'arbitrary' interference” with the right to privacy. The special rapporteur further stressed that, “for a restriction to be permissible, it is not enough that it serves one of the enumerated legislative aims; it must also be necessary for reaching the legislative aim.” Given that the aim of Bill C-59 is to protect national security, the blanket collection of any data relevant to the work of CSIS does not satisfy this test.

Information respecting the protection of public safety and national security in Canada should be narrowly defined and collected only “to the extent that is strictly necessary” and when there are reasonable grounds to suspect a threat to the security of Canada. If we allow the bulk collection and storage of personal data without a person's knowledge, consent, or ability to challenge the nature and authenticity of information collected, the next step could be to misuse, alter, deliberately conceal, or manipulate information.

Indeed, the Canadian Security Intelligence Agency Act allows a CSIS director to authorize designated employees to commit direct “acts or omissions that would otherwise constitute offences” in carrying out their duties and responsibilities. Theoretically, the minister could authorize the collection of datasets intended to assist CSIS employees with carrying out otherwise criminal activity. Are these powers consistent with the preamble of Bill C-59, which claims to respect the Canadian Charter of Rights and Freedoms, the rule of law, as well as accountability and transparency, while championing national security?

Amendments to the act do advance safeguards, but the nature of these safeguards raises concerns. The bill includes provisions calling for this service to delete information and datasets regarding the physical or mental health of an individual, information subject to solicitor-client privilege, and material in foreign datasets regarding Canadian citizens. This suggests some datasets will encapsulate information that should be accorded the highest degree of privacy.

The question is, why would the minister and intelligence commissioner approve a dataset that could potentially reveal this type of information about someone who has done nothing wrong? Further, the amendments should expressly state that accidental collection of such data will result in its total destruction, which clarifies the desired outcome more precisely than using the term “delete”.

The Supreme Court of Canada has emphasized that “the protection of privacy is a prerequisite to individual security, self-fulfilment and autonomy as well as the maintenance of a thriving democratic society.” Though not constitutionally protected itself, the right to privacy is essential for the maximum expression of most rights found under the charter, including freedom of expression; freedom of peaceful assembly; freedom of association; the right to vote; the right to life, liberty, and security; fair trial rights, including prevention of unreasonable search and seizure, protecting the presumption of innocence, and maintaining solicitor-client privilege as part of satisfying the right to a fair trial, particularly, the provision against self-incrimination.

Acknowledging the impact on constitutionally protected rights, any limitation of privacy rights should be justified under section 1 of the charter by applying the Oakes test. If the courts identify—

Sure.

What I'll focus on instead are my recommendations. They are as follows:

Ensure any limitation of human rights conforms with Canada's national and international obligations. Any encroachment on human rights must be necessary, proportionate, reasonable, and justifiable in a free and democratic society.

The government must ensure any collection of personal data is directly linked to protecting public safety and national security, rather than being tangentially connected to the duties and functions of CSIS or any other agency.

Legislation should be introduced to protect the Canadian populace from third party commodification of personal data through payment or subscription.

The national security and intelligence review agency should be provided with the authority to render binding decisions.

The role of the intelligence commissioner should be elevated from part-time to full-time status to reflect the breadth of the portfolio.

I need to say some final words and then wrap it up.

My final point is very important.

Thank you kindly. I greatly appreciate that.

Though I cannot in good faith support legislation permitting mass surveillance, for the reasons outlined above, if this option is advanced, the following is recommended. Clearly and comprehensively define “dataset”, “publicly available data”, and “exploitation of data”. Keep a record of every time a dataset is created, queried, and exploited, and by whom. The precise purpose for doing so should be recorded to enhance accountability. Records of such use should be sent periodically to the intelligence commissioner for review.

You had other questions. Thank you very much.