Evidence of meeting #97 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cse.
A video is available from Parliament.
11:30 a.m.
Director General, Strategic Policy, Planning and Partnerships, Communications Security Establishment
We're required to, yes. There's a test right now that if it's not essential to international affairs, security, and defence, then that information has to be destroyed, and then we're reviewed for that.
11:30 a.m.
Associate Chief, Communications Security Establishment
If it's retained, then it's protected.
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
What if it is essential to Canadian national security, if you're out trolling the Internet and you find something going on here, and it's a Canadian? What happens to that information?
11:30 a.m.
Associate Chief, Communications Security Establishment
CSE doesn't really troll the Internet.
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
Sorry, that was a bad term—my apologies. I guess what I was saying is that you're not actively going out trying to find a Canadian—
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
—but you're out there and you're monitoring things and a Canadian happens to fall into that. They haven't necessarily committed a crime, but they're implicated in the conversations that are happening. What do you do with that information?
11:30 a.m.
Associate Chief, Communications Security Establishment
As my colleague mentioned, if in the course of targeting and directing our activities at foreign entities that are outside of Canada and are associated with a foreign intelligence requirement that the government has levied against us, we come across information about a Canadian that is not germane to the foreign intelligence at hand, then we destroy that information.
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
What if it's germane to Canada? What if you've collected something and it could pose and security threat? There was some mention about “unless it's a national security threat”. What if you're collecting this information, and a Canadian could be implicated in a Canadian national security issue? You don't notify anybody and it just sits there?
11:30 a.m.
Associate Chief, Communications Security Establishment
We do. If the information is germane to the foreign intelligence reporting that we're doing about a legitimate threat to the security of Canada, we would include that information and we would write it in an intelligence product, which would be circulated to clients within the Government of Canada who have top secret clearance and who are indoctrinated to receive the information. But that information would not explicitly identify a Canadian. It would have a term that has been used instead of the specific details. If the client who is receiving that information wanted to understand the underlying information, what's behind that marker, they can make an application to CSE in accordance with the Privacy Act. They have to create a justification. They have explain how it relates to their mandate and why they have the lawful authority to have this information. Then CSE may release that, and it will be logged and reviewed by the CSE commissioner on an annual basis.
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
One of the things I've asked a number of witnesses here—and I guess that's where it would come in—is whether ministerial authorization should be involved if you're going to be releasing that information to other departments when Canadians are involved. A number of witnesses here have said yes, it should.
11:30 a.m.
Director General, Strategic Policy, Planning and Partnerships, Communications Security Establishment
How the ministerial authorizations and the capture are distinct from publicly available information is that under the ministerial authorizations, for any information that we acquire where there's a reasonable expectation of privacy or we might interfere with it, that information is brought into the ambit of the ministerial authorization and also the secondary review by the intelligence commissioner.
That authorizes us to undertake a series of activities in support of the foreign intelligence mandate.
11:30 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
But I'm specifically talking about your sharing that information. You take your information and give it to CSIS. Right now, they apply, you decide, and you give it to them. Do we already have a ministerial authorization in the middle of it, that before you release any information on Canadians to another government agency you need that authorization?
11:30 a.m.
Director General, Strategic Policy, Planning and Partnerships, Communications Security Establishment
I guess the only thing I would say is that there are privacy protections that have to be laid out in the ministerial authorization. As well, the minister will designate under the proposed CSE Act who can receive that information. That is a new element in that ministerial designation, so the minister will be engaged. The commissioner will be engaged with the activities undertaken within a ministerial authorization, and NSIRA will review them as well.
11:35 a.m.
Deputy Minister, Department of Public Safety and Emergency Preparedness
This is a really important question, and not just for the mythology around what CSE does or other organizations like CSE do in other countries.
The reality is there are layers of protection for the transfer of information to protect privacy, but also to ensure that information is shared in a timely way, and there are layers of review. We have all the things that Scott and Shelly have described governing the way they do it. It's not willy-nilly, that we'll just toss it over.
11:35 a.m.
Deputy Minister, Department of Public Safety and Emergency Preparedness
I know you weren't, but for greater certainty, I'm trying to make that point.
In that context, the other point is that the receiving organization has a whole series of obligations as well, in the way they treat that information. Our friend the Privacy Commissioner—and he is a friend—plays an important role in all of that. As well, people like me who run these departments have very serious obligations in protecting the way that information is used, and ensuring and justifying its retention for however long we might feel we need to have it.
11:35 a.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
I think the world has changed; 20 years ago the conversation would have been much different. You're talking about personal conversations. They might be phone conversations. Now you have so much personal information out there on the Internet, and the information you can gather is so much wider. Therefore, it's a very different conversation from what we would have had even 10 years ago.
11:35 a.m.
Deputy Minister, Department of Public Safety and Emergency Preparedness
Yes and no. The way that warrants are now used by the authorities that all of these agencies have to go through to access information is a long tradition. The reality is that yes, it's different, but the underlying principles and the foundation in law are the same in the way information is treated. We have to update our procedures and practices, and from time to time examine and ensure that they're still relevant. I think what's in Bill C-59 demonstrates quite a capacity to absorb and propose change. It's important not to think that it's so different that we have to jump to a new framework—not immediately, because we have to think through the consequences.
I think the challenge is to find the right balance to ensure that the concerns you're describing, about people feeling their information isn't being shared willy-nilly, are addressed by the way we manage the information. The layers of scrutiny that are embedded in this bill are so significant that I think.... We'll see, it's a prediction, and I know I've got to stop because I'm taking up your time, but this is an important issue. You have heard witnesses who feel the layers of scrutiny embedded in this bill are too much of a burden.
11:35 a.m.
Liberal
The Chair Liberal John McKay
Yes. Thank you, Mr. Brown, and I emphasize to colleagues that we do have a second hour and you can come back to these issues if they raise serious concerns in your mind.
Mr. Motz, you have five minutes, please.
February 13th, 2018 / 11:35 a.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you, Mr. Chair.
Thank you to the officials for being here.
I appreciate your role as bureaucrats and your hesitancy sometimes maybe to speak freely in a committee like this on a matter like this, but we know this is a national security issue and it's a chance we have while the bill is before us before second reading to make any adjustments, which we probably need, obviously.
I'm going to start with you, Ms. Bruce, and I'll ask Mr. Brown the same question as well.
You spoke about active and defensive cyber operations. The legislation here in this bill sets out some very clear limits on its authorities, and prohibits directing active cyber operations at Canadians, as I read it, regardless of where they might be in the world when that happens, or any person in Canada.
Are you confident or satisfied that these limitations and prohibitions are appropriate, given our current climate of domestic threats with Canadians on Canadian soil?
11:40 a.m.
Associate Chief, Communications Security Establishment
Thank you for your question.
I believe that the authorities that have been given to CSE in this bill reflect where our capabilities and our focus best lie, and that's with foreign targets outside of Canada and on foreign infrastructure.
If there is a threat that materializes within Canada, we have the RCMP and CSIS that are already well placed with authorities to manage those threats. I think it plays to CSE's strengths and to where it naturally gravitates in that global network.
11:40 a.m.
Deputy Minister, Department of Public Safety and Emergency Preparedness
The short answer is yes. I can enthusiastically respond in the affirmative that I think we are well positioned to be able to respond. The act gives a much more complete range of authorities, with the appropriate safeguards. I think our friends in CSIS have views on the same subject, if you'd permit them.
11:40 a.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Yes, I definitely want, as a continuation, to ask CSIS and our RCMP witnesses who are here whether they share the same enthusiasm and support for this bill providing them the legislative support they need to protect Canadians from domestic terrorism.
11:40 a.m.
Assistant Director, Policy and Strategic Partnerships, Canadian Security Intelligence Service
Yes, sir, I'll speak for the service, first of all.
I would say that this is a clear expression of our authorities and our tools: data analytics, threat reduction, and the way in which we operate with human sources. I think these are really important clarifications that have been made.
To your question to Ms. Bruce, I would say that this is where our mandates are quite complementary because, of course, the threat reduction mandate and our role in cyber operations are permitted here in Canada, so this is where I think there is a nice synergy between what CSE is able to do and what we're able to do.