Public Safety Committee on Feb. 8th, 2018

The majority of comments that were received—in fact, almost the entirety of the comments that the OpenMedia community submitted—were not asking for us to compromise our privacy. I think that we say in the consultation results that over 80% of submissions asked to increase our individual privacy, feeling that we've already overstepped those boundaries of individual privacy in the name of protecting national security and that it isn't actually a balance.

I think that's the biggest problem we keep running into, which is acting as though we have to sacrifice all of our personal information in order to be safe. In effect, we haven't seen any evidence that the mass surveillance and mass collection of data has helped prevent any national security incidents. We also haven't seen any evidence that the information will be lacking in future; we haven't seen that it's providing the insights we need.

All we've seen is that Canadians are scared. They're scared of the information their government is collecting about them. They're scared about how it could be misused in future, maybe not by this government, but the government after that, or the one after that.

We've seen a lot of fear after the change in government in the United States about the way the information is being misused, about what happens when that information gets into different hands—and that's only when it stays within the government. If that information gets into the hands of someone outside of government, which we hope never happens, our intelligence agencies will themselves be compromised. We have and will be collecting the information on our own citizens that hand it over to any other government. That's terrifying.

I think what we're hearing from our community is prove to us that you need it, prove to us that it helps.

I'm not clear on exactly which contribution of ours you're quoting, but our concern is that we don't have strong enough protections internally to prevent ourselves from cyber-attack, making Canadians and Canada's databases vulnerable. In addition, we do not believe that we should be proactively creating devices, tools, and technologies to go on the cyber offensive, particularly without the checks and balances that we're asking to be put in place.

Sorry, just to clarify that question, do you mean a specific kind of dataset for CSIS, or just the idea of datasets in general?

Right. Our concern is that without allowing for the definition of what datasets are on a yearly basis.... It is concerning. We believe there should be more clarity on what those datasets could and should be.

As well, we're worried, just as others have pointed out, that throughout the process of collecting those datasets has a changing threshold for what can be collected, what can be retained, and then what can be queried. Instead of allowing for so much information to be collected at the beginning and then narrowing it as we go, there should be strong requirements from the very beginning on of what information can go into those datasets.

Of course, as we've already mentioned, the fact that publicly available information could form a kind of dataset is a concern.

There is also concern that, at the very tail end of CSIS datasets, information collected in Canadian datasets can be accessed at a lower threshold for foreign surveillance purposes and that information collected by CSIS for foreign purposes can be collected, albeit at a higher threshold, from those datasets for domestic intelligence purposes. We believe that to fix that problem we need stronger authorization and stronger thresholds from the beginning. As we've mentioned, we also need an increase in the transparency and powers of the intelligence commissioner to verify those datasets and authorizations.

I would just add that the shifting definition of datasets, the different interpretations of datasets, comes back to the bigger question that we keep revisiting: if it's difficult for the government to understand, it's really difficult for citizens to understand what it means. Ultimately, to give this much power to governments to collect this information, and to our law enforcement agencies to gather and use this information, requires a large level of public trust. When the definitions keep changing and when it seems very vague or hard for parliamentary committees to understand and nail down, it's really hard for our community to understand what it means and what's included in it. Any clarity that can be provided on that would be much appreciated.

We believe that it should be a full-time position and that, as others have suggested, perhaps a pool could be expanded from being a retired judge to looking at the current judicial pool. Definitely, because of the amount of work that's expected from the intelligence commissioner, we believe that it needs to be a full-time position.

We would agree.

We definitely have big concerns about the Security of Canada Information Sharing Act that was enabled by Bill C-51 not really being revised or overhauled in the way we had hoped. One of the big changes that we would look for is limiting the information requested to those who request it, and not allowing it to continue being shared between departments after the fact. Another change we would look for is limiting who can access information within other government agencies.

It's difficult to say precisely legally what it should say, but what I would say is that—

I realize that, yes. We believe that it should be based on the principles of information, on what's defined under the Privacy Act as information that's private for Canadians; that if it is to be shared for national security purposes that it meet the threshold of necessity; and that, as is laid out already in SCIDA, there's clear record-keeping as to what information is being shared, but that there needs to be a necessity threshold—

There is record-keeping, and we believe it should be continued because it's obviously important to have records, but it should be at a necessity level.

We're baffled that the expanded definition of a threat to national security is continued with SCIDA. We believe that it should be removed and that we should follow what's in the CSIS Act of the definition of a threat to Canada's national security.

Off the top of my head, I think those would answer a lot of our concerns, but in general what we see right now with the question of the different levels of threshold, that expanded definition of what constitutes a threat that undermines Canada's national security, raises serious concerns for us. I don't believe that rolling that back would undermine what came out of the Air India inquiry, because clearly we need to be sharing the information between government agencies.

That's one of the concerns. We're also concerned regarding the inclusion of “critical infrastructure” as a threat to Canada's national security. We're also concerned—and the CCLA has raised this—about the changed wording around trying to carve out political expression and activism. Adding to the clause that “unless [it's] carried on in conjunction” with one of those issues actually causes a larger problem than what we see in SCISA—