Public Safety Committee on Feb. 8th, 2018

Good morning. My name is Laura Tribe, and I am the executive director of OpenMedia, a community-based organization committed to keeping the Internet open, affordable, and surveillance-free.

I'm here today with Tim McSorley of the International Civil Liberties Monitoring Group, who were unfortunately not invited by the committee to testify in these proceedings, but whose contributions OpenMedia believes to be critical for an informed discussion of Bill C-59.

OpenMedia's work on privacy and digital security dates back to Bills C-13 and C-30, but has focused more recently on the serious security violations introduced by the previous government's Bill C-51. The OpenMedia community's lengthy efforts on these issues include producing “Canada's Privacy Plan”, a positive vision for the future of privacy in Canada that was crowdsourced from over 125,000 contributors; over 300,000 people speaking up against Bill C-51; two national days of action against Bill C-51, organized in partnership with organizations across the country; over 15,000 citizen comments submitted to the government's national security consultation; and over 6,000 submissions to this committee's written consultation on Bill C-59.

Public Safety Canada's report summarizing the national security consultation results showed that Canadians are overwhelmingly in favour of increased protections for personal privacy. More than four in five responses indicated that their expectation of privacy in the digital world is the same as or higher than in the physical world.

As a result, when Bill C-59 was introduced, we were relieved; it was a sign that change was coming. However, the more we analyzed the bill, the more our worries returned. The changes are less substantive than we had hoped, and invasive new powers were even introduced.

Bill C-59 fails to adequately address the information disclosure provisions and terrorist speech offences brought in by Bill C-51, but also brings in new data collection, cybersecurity, and information-sharing powers that further threaten our privacy and security.

Today this committee has a chance to make this right. Over 6,000 Canadians submitted their concerns about Bill C-59 via OpenMedia's written submission to this consultation. Since then, in the past two weeks, we've had almost 10,000 more Canadians sign a new petition concerning the expanded cyber-operations powers proposed in the CSE act included within Bill C-59. It's addressed to the Standing Committee on Public Safety and National Security and reads:

“As a concerned Canadian, I am urging you to address the dangerous new powers being proposed for CSE in Bill C-59. Throughout the process of reforming Bill C-51, Canadians have been very clear on the need to scale back the drastic and invasive national security measures in the bill.

“Public Safety Canada's own 'What We Learned' report, which formed the basis of Bill C-59, confirmed that a majority of stakeholders and experts called for existing measures to be scaled back or repealed completely, and that most participants in the consultations 'opted to err on the side of protecting individual rights and freedoms rather than granting additional powers to national security agencies and law enforcement...'.

“The new active and defensive cyber-operations powers proposed in Bill C-59 for CSE are directly opposed to the wishes of the majority of Canadians. We asked for privacy, but instead we got an out-of-control spy agency with even more extreme powers than before.

“Security and privacy experts throughout Canada have expressed in great detail the issues with the proposed bill and the changes that need to be made to protect the privacy and security of Canadians. Experts have warned of the consequences of granting powers like these, powers that will be all the more dangerous given the lack of adequate oversight included in the bill.

“I would like to point you to the 'Analysis of the Communications Security Establishment Act and Related Provisions in Bill C-59' report, produced by the Citizen Lab and the Canadian Internet Policy and Public Interest Clinic, CIPPIC. The recommendations laid out in this report should be adopted by the SECU committee.

“In a world and time where digital technologies are being used by so many to threaten our digital safety, we need our government to be helping make the world better, not actively undermining our security.”

As of this morning, our petition has been signed by 9,633 Canadians. On behalf of these signatories, plus the over 300,000 against Conservative Bill C-51, and the other concerned civil society groups who have been unable to join these proceedings themselves, we respectfully ask that you make things right. We are asking you, our elected representatives, to stand up for our privacy and continue the work of repealing Bill C-51. Digital security is critical to Canada's infrastructure, economy, and future. Please do not compromise this in the name of fear or following other countries' bad practices to lead us in a race to the bottom. We need to be stronger than that.

Thank you.

Thank you. I'm very glad to be able to present today on behalf of the International Civil Liberties Monitoring Group and our 45 member organizations. I'd like to thank OpenMedia for inviting us to join them today.

I'd like to touch on three main points: first, review and oversight; second, some of the changes to the Canadian Security Intelligence Service Act; and third, the no-fly list.

Regarding oversight and review, the ICLMG greatly welcomes the creation of the national security and intelligence review agency, as well as the intelligence commissioner. However, we believe there are important ways in which both bodies could be strengthened. We hope the committee and government take this opportunity to ensure that both the NSIRA and the intelligence commissioner have the powers and resources they need to carry out their important work. Others have given feedback, which we largely support, regarding the intelligence commissioner, so I will focus on the NSIRA.

The ICLMG has long supported an overarching review mechanism as a way to ensure Canadians' rights are not violated, and to monitor the effectiveness of Canada's national security activities. Bill C-59 does away with the silos that have restricted the various review agencies' work, which alone is a major improvement.

I would highlight three issues, though, that we think the committee should examine regarding strengthening the NSIRA. First, to ensure independence we suggest that the NSIRA members be appointed via vote in Parliament and not through Governor in Council. Second, the complaints mechanism in the NSIRA act should apply not just to the RCMP, CSIS, the CSE, and security clearances, but be expanded to include, at a minimum, the national security activities of the CBSA as well as Global Affairs Canada, although ideally the complaints mechanism would actually include all federal national security related activities.

Third, SIRC has faced important criticism over the lack of transparency in its complaints system. There is, in fact, an ongoing lawsuit over this issue. We have also raised concerns about SIRC's inability to make binding recommendations. The NSIRA act would transpose these problems onto the new agency. We urge the committee to take this opportunity to improve on the SIRC model and ensure we have a strong, effective, overarching review body.

Next, regarding changes to the Canadian Security Intelligence Service Act, CSIS's threat-reduction powers were introduced with Bill C-51 and were heavily criticized at the time. Bill C-59 attempts to solve some of these issues by restricting the powers to a set list of activities. However, we must reiterate in the strongest possible terms our opposition to granting an intelligence agency, which operates in secret, powers akin to those of law enforcement.

My time does not allow me to go into all our specific concerns, but at the heart of this is that CSIS's creation was meant to separate intelligence activities from law enforcement, and today we continue to have the same concerns we had at that time. Even in cases that require a warrant, we believe that a non-adversarial system will not ensure the protection of a target's civil liberties. We do not believe that this is an issue of “if” the system will violate an individual's rights, but “when”.

We are also concerned about new powers granting CSIS agents immunity for acts or omissions that would otherwise constitute an offence. The Canadian Bar Association, among others, raised serious concerns when these powers were granted to law enforcement officers, calling it antithetical to the rule of law. We believe this even more so when such powers are granted to intelligence agents operating in secret, and we think this section should be removed from Bill C-59.

Finally, regarding the Secure Air Travel Act and the no-fly list, we support the tremendous efforts by the No Fly List Kids and other groups to bring about a redress system. However, we believe the government must go further and address the more fundamental problems with the no-fly list regime. Bill C-59 does not address the due process issues that have been raised since 2007. We cannot condone a system that is used to restrict individuals' travel and to place them on what amounts to a terrorist watch list but does not allow them full access to the information against them, in order to mount a full and adequate defence. We have also yet to be shown that it improves upon Criminal Code provisions already in place that can be used to restrict the activities of an individual suspected of planning a crime. While we appreciate potential solutions put forward by others, such as introducing a special advocate system into the appeals process, we do not believe it is sufficient to restore due process. We maintain our fundamental opposition and call for the repeal of the no-fly list regime.

For more on our positions, we sent a brief to the committee, which I believe was circulated yesterday. I'd also be happy to take any questions, or follow up with any members, following the meeting.

Thank you.

I would say as a starting point, yes. I think it's critical to have additional authorization required for that type of information collection. I think there are a lot of concerns about in particular about collection by the CSE, how that impacts Canadians, and how their information is collected.

You don't show a passport when you browse the Internet. It's really hard to justify who is or isn't a Canadian. I don't hold that against the intelligence agencies. It's difficult to know that information, but I think a lot of the provisions in the proposed CSE act are being hedged in, “But don't worry, this won't impact Canadians”. That's hard to guarantee.

I think that, even further, beyond just the information collection, a lot of the disruption powers can also impact Canadians. I think that's where having that additional authorization is important. I think using the idea they won't target Canadians is a little bit misleading. Even if they're not targeted, they will inevitably be affected by the way the Internet is set up and the way it works.

We would largely agree with what Ms. Tribe just said. I think, as others have pointed out, there are also questions around the thresholds for those authorizations that we would want to keep in mind. In general, we have the same concerns that there's no distinguishing what information is travelling over the global information infrastructure, and there needs to be greater authorizations and oversight of any collection.

We believe both would be helpful. We believe, as we submitted in our brief, that other steps need to be taken to ensure transparency and accountability. The fact that the proposed intelligence commissioner currently isn't required to submit an annual report is a large oversight. It should be included, especially because it is currently part of the CSEC commissioner's role. As well, having CSIS produce an annual report would also help the public to clarify.

We saw yesterday that CSIS issued a report on research it was doing. That gives us a chance to debate publicly what kind of research and work CSIS is carrying out.

I would just add, one of the things that we've heard from our community is that the reports are really important and that that type of transparency is something critical to earn trust from those commissioners and those in positions of authority overseeing this, but that there's an added need to make sure the reports are telling the whole story. A report for the sake of a report doesn't instill confidence, so make sure that there are set criteria for what's being included in that and that there are checks and balances to make sure it's not just a report for the sake of it.

That's a concern we've heard from our community, and I don't have a specific recommendation for how to ensure that, but I feel it's important to pass along that the report itself won't necessarily gain trust if it doesn't come with ensured transparency around it as well.

Yes, please.

We also believe that would improve SCISA. In our brief, we give an outline for why we were opposed to SCISA and still have grave concerns about SCISA. We believe there needs to be more done, as the Privacy Commissioner brought up in his testimony, regarding threshold for disclosure and receipt of information.

Fundamentally, as others have pointed out, it's a complex law. Even some of the security officials have said they're worried it could bring in red tape. We believe the goal of the law, of the act, is to ensure that there's a legal framework for private information being shared and used for national security purposes.

We urge that the committee and the government reconsider having an act like SCISA that changes the definition of “threat to national security” and is very complex and, instead, bring in something much simpler that would simply set out the threshold for when information can be shared for national security purposes. That would answer a lot of the questions that have been raised. Changing SCISA to SCIDA, and how it's framed right now won't go far enough.

I believe there are a lot of very real threats to this country, and a lot of them are cyber-threats. I think the concern we are hearing from our community is that this really is a cyber arms race to try to figure out who can build the biggest and most destructive tools the fastest. What we are looking for is to increase our security, to build up our protections, to make sure that we are safe from those types of threats without building the vulnerabilities and the tools that can be actively captured and misused by other governments or other malicious actors who are trying to build those tools themselves.

As much as we would love to believe that if Canada builds these tools we can keep them safe, we have seen that this is not the case. I am sure the NSA felt the same way about a lot of the tools they built. We have seen those misused. We have seen them sit on exploitations that they have used, and vulnerabilities, that then ended up taking down the U.K.'s national health service. These are the kinds of exploitations we're looking to have Canada proactively prevent, to step in to actually increase our security, to build those protections and tools to keep us safe.

While in the short term it might seem easy.... Sorry, I shouldn't say that; I don't think any of this seems easy, because it might seem more simple to try to build the tools to take down the opposition before they get to us. I think in the end it creates additional tools that we don't actually want to be out there. It just perpetuates that environment with those malicious actors on the other side that we're fearing, and perpetuates a culture of fear. I think there are a lot of proactive digital security tools that we can build ourselves to keep us safe. I think CSE already has a lot of abilities, but I believe the active cyber-operations, particularly the ones geared at deploying tools abroad, pose a large security risk for Canada in the way that they could be exploited.

I'm not certain what the powers are that CSE would use. I know that based on experts' reading of Bill C-59 and the proposed CSE act, those are the capabilities that are possible within the powers that are being given to CSE. I think that's the concern, that we might not be in a position right now where those are being used, but if we continue to grant those powers, we could be in a place where they are used. That's our concern.

I think that Canada could and might and would take those actions if the context arose where they felt it were appropriate. These are really complicated political issues and I'm not pretending otherwise. I think that once you have those powers in a very opaque system where it's difficult to build in the transparency mechanisms, it's hard to see how we can trust a system that we consistently see being misused around the world.

Our concern is not that we think that the current government is immediately about to deploy all of these weapons. It's that we're building the powers without any justification to prove that we need them. That's our concern.