Public Safety Committee on May 30th, 2024

I think there's a specific question about the incident itself. Clarity needs to be provided a little bit, insofar as the service is not the lead for cybersecurity for the Government of Canada. As well, I think this issue is relevant to another committee study, so I won't address that specific fact.

On the broader question around information sharing, certainly the service has some significant limitations in the disclosure of information collected in its duties and functions with anyone outside the federal government beyond law enforcement, effectively. With amendments in the act, there would be a clear authority to engage outside the federal government for the purpose of building resiliency to threats. That could be an early, preventive, proactive kind of disclosure of information, informed by our investigations.

Where information has a personal or private element, the minister would determine that the information could be disclosed if it were in the public interest. I don't want to really speculate on a specific scenario such as this one, with hindsight, but I do think this would improve our ability to engage.

I would correct that presumption. In fact, if there were a manifest threat occurring under the service's threat reduction mandate today, it could disclose information for the purpose of reducing an threat when the threat is unfolding and active.

The amendments in the bill do something different. They enable an earlier and broader engagement for the purpose of building resiliency to threats before the threat is real.

No.

No ministerial consent is required, but there's no disclosure of personal information.

Thank you for the question.

The requirement of the Attorney General's consent already exists in the SOIA, so for the new offences that would be integrated into the SOIA, that requirement would continue to apply.

In general, the requirement for the Attorney General's consent applies to ensure that there is the proper assessment of the key elements of whether there's a reasonable prospect of conviction and if there's a public interest in proceeding with a prosecution, and that assessment is taken at an appropriate level, given the context of the interests at stake.

In practice, in our system, that Attorney General's consent is usually exercised by the director of public prosecutions.

Is your question directed at the regulatory framework that would apply to the foreign influence transparency registry?

The regulatory framework that will underpin it will need to be developed. Parts of this need to be further identified. For example, administrative monetary penalties are a tool that will be available to our commissioner, who can impose an amount of penalty if—

Absolutely.

We've spoken, Chair, about a few things in the legislation for the foreign influence transparency registry that would require the bringing into force of regulation.

For example, individuals who are required to register will have to supply the commissioner with a certain type of information. That will be designated by regulation and could include things like, very obviously, name, address and things like that, but also the nature of the agreement and who the agreement is with.

It would also establish via regulation what kind of information the commissioner would be obligated to publish online in a registry to basically render the transparency effective. It would also determine the amount in monetary penalties a commissioner can impose once they have issued a notice of violation.

Those are some of the key examples of things that would be brought in via the regulatory framework. It would also specify the parameters for sharing information with other agencies.

You will have noticed there are very few exemptions in the bill that would apply if the bill is adopted. The regulations allow the Governor in Council to bring in more exemptions, although the bill is designed in such a way that there are very few exemptions, because we wanted the bill to create the minimum number of gaps or ways of escaping registration.

Some of those examples are what would be required in terms of a regulatory framework to implement the legislation.

The five-year review is proposed there, and it's consistent with what exists in legislation.

We mentioned earlier viewing what other partners are doing around the world, and Five Eyes particularly, so that's a proposal there. It wouldn't, of course, preclude Parliament's ability to study or to bring legislation beforehand. What it does do, though, we think, and the reason it's proposed, is that it allows the government to propose legislation on a clock. It also allows for a review to ensure that CSIS's authorities are fit for purpose, whether its authorities remain justified and provide a regular review outside, hopefully, of emergency situations.

It also allows for civil society and stakeholders to galvanize as well to prepare themselves to contribute to that debate and that discussion in the hope of maturing a national security conversation in the country.

I think the provisions that would stand out the most, or that would be of most interest to Canadians generally, are the information-sharing provisions and the amendments in the act with respect to that. The ability of CSIS to share information outside of the federal government is something that we think a lot of Canadians, especially those in important sectors of the economy—for example, in the academic sector and in communities as well, who are victims of disinformation campaigns, misinformation campaigns.... We think that will help build that resilience and help protect Canada's democratic health as well.