Public Safety Committee on Feb. 8th, 2018

One of our concerns, beyond just intergovernmental, inter-Canadian departmental information-sharing, is how that feeds into the Five Eyes network and all the different agencies within it. I think the DEA providing information to the RCMP is a great example of that.

I think one of the big concerns we have is that we don't know, or have any information about, how many information-sharing agreements Canada has. We don't know whom they're with. We don't know what all of them are about. When we give our information to the Canadian government or it's being collected, we don't know where it could end up. Conversely, when we take part in agreements with other countries, we don't know how that information could end up back in Canada.

One of the concerns we have, and one that our community continues to express, is feeling that no matter what the information it is, eventually anyone can get it within the Five Eyes agencies or within any of the related countries' departments. Once it's in one dataset, it's in everyone's. There are a lot of concerns around that when it comes to accurate record-keeping and how that data can be misused. I think Maher Arar is a great example of how that data can be misused to demonstrate some of its more extreme consequences.

It also comes to simple things like no-fly lists. It comes to all kinds of things where simple mistaken identities from a different agency outside the Canadian government can give us a total spiral of how our information is handled domestically, and vice versa. I think that's where outlining who can share what information and with whom, and what those information-sharing agreements are, would go a long way.

Ms. Tribe has summarized our concerns really well.

I'd just add that one of the recommendations we're making is that, especially for the proposed CSE act and CSIS, proactive roles should be put in place around the disclosure of foreign intelligence-sharing, as well as around SCISA and SCIDA, and that we have clear definitions on what foreign information-sharing is taking place and how it can take place. We should keep in mind, as Ms. Tribe said, that we don't know where that information could eventually end up.

Yes, but I think Tim may have more to say on that.

We believe there needs to be an independent review body for CBSA. As I mentioned, we believe that CBSA should be added to the complaints mechanism for the NSIRA for its national security activities. That fact that so much of what CBSA does isn't specific to national security, and the fact that it is an evolving and changing definition, means there needs to be a review agency for CBSA on its own.

I think because national security can be viewed broadly.... In fact, by including CBSA in the complaints mechanism, it would open up NSIRA to be able to dig into what's happening at the CBSA. In this case they will be able to go further.

However, at the same time, we need clarity on what constitutes national security so that on the other side it can't be shrunk in private to say that national security only means situations where somebody gets flagged on a no-fly list, or something like that, and that everything else, for example, refugees and similar issues, aren't considered.

The biggest concerns we have are that there aren't checks and balances in place in the way that the proposed CSE act is currently worded. There's 90 pages' worth of report and recommendations put forward on it specifically by Citizen Lab and CIPPIC, which gets at a lot of the details.

Fundamentally, though, we are concerned that the scope is too broad, that it lets CSE do too much without the accountability and checks and balances needed to make sure it's used only if someone is targeting something like our energy infrastructure.

There are two responses to that. In the first place, that is a very proactive military solution or militaristic-style solution, which is fundamentally not what we're hearing from our community as the approach they're looking at. It might look and feel different because it's being done online, but its the exact same approach—we need to get them before they get us. This is just a difference of opinion, and we might have to agree to disagree.

I think the idea that we need to keep up with everyone else is what has gotten us here in the first place. That's the challenge we're facing. Just because other countries are doing it doesn't mean we have to. I think CSE already has immense powers around hacking and disruption, and we are looking to ensure that there is transparency and oversight in the system.

Absolutely, I see that point. I think that we are focusing so much on trying to get them before they get us that we're failing to recognize where we're weak, where we're vulnerable. We are also ignoring some of the powers we already have. Of course, I agree that if our health information were to suddenly disappear, that would be a concern.

There are a number of abilities CSE might like—abilities that we might like them to have—that might even be proposed within the CSE act. But this doesn't come with the limitations we need to ensure that it's only being used for things like our health information. I think the scope is too broad. The clarifications are not there to provide the trust that Canadians need. We weren't consulted on it. We were never asked in the consultation what we thought about giving CSE new powers. I think that's where our community's concern comes from.

Indeed, I can. Thank you.