Public Safety Committee on June 5th, 2024

Exactly, yes.

Thank you, Mr. Chair.

Good evening, ladies and gentlemen.

I bring extensive comparative expertise on matters of national security and intelligence across allied and partner democracies, including my book, Intelligence as Democratic Statecraft: Accountability and Governance of Civil-Intelligence Relations Across the Five Eyes Security Community.

The Gathering Storm is the title of volume 1 of Winston Churchill’s five-volume history of World War II. That title is apt to recall once again. The fall and dissolution of the Soviet Union introduced a sense that liberal democracy was ascendent and spreading.

More than thirty years later, around the globe, democracy and democracies have been in retreat. They are coming under growing duress from confident authoritarian regimes and other enemies of democracy who use hybrid warfare activities that leverage grey-zone tactics to undermine democratic institutions, political processes, economic prosperity and social harmony.

Here in Canada, recent reports by NSIRA and the NSICOP expose vast and significant vulnerabilities across a broad scale, including the systematic infiltration of Canada's political, economic and social institutions by adversarial actors who are prepared to go as far as alleged treasonous behaviour. These reportedly include some of your own colleagues.

It could hardly be more ironic that two review entities created by this government to improve the accountability of agencies effectively end up holding the government to account for having been naive and negligent on intelligence and national security.

Make no mistake. The now well and widely documented activities by hostile actors pose an existential threat to Canada's security, prosperity and democratic way of life. For too long, this government and its predecessors have taken democracy for granted. Instead, democracy needs to be defended.

The fragility of Canadian democracy is on full display, yet the bill shows neither courage nor ambition. It amounts to a minimalist approach. It represents the absolute minimum the government would have to do anyway, but only once its hand was forced.

The bill does not update the national security threats to Canada in section 2 of the CSIS Act, which dates from 1984. It fails to remove section 16, which is proving a growing impediment to CSIS to fulfill its mandate. It introduces a minimalist five-year review of the CSIS Act only, instead of the entire security and intelligence framework and posture, as Australia does.

Although it amends the Security of Information Act, notably removing the threshold of harm to Canadian interests, it forgoes other important updates such as the harms provision in section 3.

Why the bill would not grant the minister the ability to designate a list of states and actors of concern as part of the foreign influence transparency registry, as the U.K. does, is beyond me, unless the aim is to avoid ensnaring any one political party's sycophants, lawyers and accountants that make a pretty good living off their hostile state patrons.

This bill does not give FINTRAC explicit enforcement powers to track and seize assets and transactions that are being used to enable foreign interference. There are no amendments to the CBSA Act to deem inadmissible persons suspected of engaging in foreign interference in Canada or another allied country. Also, the bill fails to reform the RCMP with the aim of making it more targeted and effective at meeting its federal mandates.

Just this week during question period the Prime Minister claimed that his government would do whatever it takes to keep Canadians safe.

Okay. I'm on my last sentence, Mr. Chair.

Yet, this bill barely sets minimum thresholds to protect Canadian democracy and make its defence more proactive, robust and resilient against highly persistent adversaries.

Thank you.

Thank you, Mr. Chair.

Members of the committee, I want to begin by thanking you for the opportunity to speak to you.

I have been a lawyer for 10 years and I exclusively practise criminal law, on the defence side. The Criminal Code and certain sections of the Canada Evidence Act are therefore part of my daily life. Therefore, I will focus most of my remarks on these two acts, but I will make a brief incursion into the Security of Information Act to talk about some of the provisions you wish to add to the Criminal Code.

First, I have several observations to make with respect to the proposed amendments to the sabotage offence, which is currently dealt with in section 52 of the Criminal Code. Some efforts are commendable, but many others are alarming.

First of all, as far as I know, the offence of sabotage does not exist in Great Britain. In the United States, federal laws restrict the scope of the offence. In New Zealand, sabotage is also a much more limited offence than what is intended by Bill C‑70.

Subsection 52(1) of the current Criminal Code defines the offence of sabotage as “a prohibited act for a purpose prejudicial to …”. In all transparency, I say to the committee that I think the way this paragraph is formulated right now is incomprehensible. The proposed amendment is therefore very commendable and welcomed by the law clerks, because the proposed wording is much clearer. In addition, proposed subsection 52(5), which provides an exception for certain groups, is an advantage compared to the current version of the Criminal Code. However, I feel the clarification is too restrictive.

The proposed new subsections 52(1) and 52(2) are much more problematic.

Subsection 52(1) that the bill proposes to add to the Criminal Code creates a new sabotage offence in relation to essential infrastructure. First of all, I want to say that this is far too broad. Under proposed subsection 52.1(1)(c), the offence applies to anyone who intends to “cause a serious risk to the health or safety of the public or any segment of the public”. However, the concept of “segment of the public” could be interpreted as meaning two individuals. So it wouldn't have to be the majority of the population. In addition, the bill is far too broad when it talks about a serious risk to safety. I say this because the broader the provisions are, the less they will stand up to the test of the courts as far as constitutionality and Canadian criminal law are concerned.

Next, proposed subsection 52.1(2) defines essential infrastructure. However, I'd like to point out that this definition includes facilities or systems belonging to private companies. If we push the interpretation of this proposed subsection, the facilities or systems of a private video game company like Ubisoft could be considered essential infrastructure, since they are information and communication technology infrastructure. So you're not only targeting public entities, and even companies owned by the federal government or a provincial government, but also private companies, which is very problematic.

Furthermore, the concept of economic well-being, which is added in proposed subsection 52.1(2), is also problematic because it's very broad. It's not restrictive enough and, to my knowledge, it's not defined anywhere in the Criminal Code.

In addition, the safeguard that's added by proposed subsection 52.1(5), which excludes from the definition of the offence acts committed in the course of advocacy, protest or dissent, is not sufficiently restrictive, because it's conditional on the lack of intent to cause any of the harms referred to in proposed paragraphs 52.1(1)(a) to (c). In New Zealand, for example, the exception applies purely and simply to acts committed as part of a protest or as part of a claim, with no conditions attached. Proposed subsection 52.1(5) could lead the courts to interpret it very broadly, even speculatively, in certain situations.

Another thing I note in the proposed provisions is the concept of mischief. The offence of mischief already exists in section 430 of the Criminal Code. However, you want to include in these new provisions almost any type of mischief committed for one of the purposes intended. As a result, mischief will become an even more serious offence, with a maximum sentence of 10 years' imprisonment, rather than two years, or five or 10 years in some cases. You want to make that offence much more serious.

As for proposed section 52.2, there are some issues. I'm thinking in particular of the definition of “device” in proposed subsection 52.2(3). The term “device” is not limited to computer programs. This term is defined in a number of places in the Criminal Code, and the definition includes many more things than computer devices. Devices can be explosives or weapons, for example. That could be a problem in court.

Yes. I'll wrap up very quickly.

With respect to proposed section 52.3, which deals with the consent of the Attorney General, if you want the Government of Canada to retain some jurisdiction over those provisions, you would have to add some missing words.

Mr. Chair and committee members, thank you for the invitation to take part in your study of Bill C-70.

We're an organization representing Canada's most innovative and successful businesses, so I will restrict my comments today to the portion of the bill that has the most direct relevance to the Canadian private sector. That is subclause 34(3), which seeks to amend the Canadian Security Intelligence Service Act to enable CSIS to disclose threat intelligence to stakeholders outside the Government of Canada for the express purpose of increasing their awareness and resiliency against foreign interference.

However, before commenting on this clause, I want to make clear that Canada's business community is broadly supportive of Bill C-70. From the establishment of a foreign influence transparency regime to the creation of updated offences for attacks directed against essential infrastructure, this urgently needed bill will help protect Canadians' lives and livelihoods by providing our government with the tools it needs to better protect our economy and society.

I'll start my substantive remarks by noting that, while the current discussion in Canada surrounding foreign interference has been rightly focused on the integrity of our democratic processes and the safety and security of targeted ethnic and cultural groups, it is important for us all to acknowledge that state actors actively target all aspects of Canadian society to advance their strategic interests. This includes the Canadian economy.

Indeed, in an era of growing geopolitical rivalry, in which supply chains, infrastructure networks and technological innovation increasingly determine strategic advantage, Canadian businesses are often the primary target of our adversaries. This should concern all Canadians. Economic security threats are not abstract, nor do they exist in a vacuum. These threats target the critical infrastructure needed to heat and power our homes. They target the supply chains that provide our families with low-cost medicine and food. They target the intellectual property that creates good jobs and pays our bills. In short, these threats put Canadians' very safety, security and prosperity at risk.

To be sure, Canadian businesses and governments invest billions each year to keep Canadians safe from these and related economic attacks. However, if we want to be truly effective in protecting our way of life, we must replace our independent efforts with collective action. Key to building this partnership is the sharing of threat intelligence. Unlike the domestic security agencies of Canada's Five Eyes partners, such as the United States' FBI or the United Kingdom's MI5—which possess modern authorities that allow them to share detailed threat intelligence with their respective business communities—CSIS is presently prohibited from sharing all but the most generalized information with the Canadian private sector. This represents a significant gap in Canada's defences.

Despite CSIS having both the knowledge and expertise to help companies withstand growing threats, its outdated legislation means Canadian businesses are left fending for themselves. It is for this reason that the Business Council strongly supports subclause 34(3).

With new threat-sharing authorities, CSIS could communicate more specific and tangible information with Canadian companies. This would give business leaders a clear understanding of the growing threat and the protective measures that could be taken to better safeguard their employees and customers, as well as the communities in which they operate.

The use of these new authorities could also benefit the Government of Canada by helping CSIS build greater trust with the Canadian private sector. This would encourage Canadian business leaders to share more with Ottawa about the threats they're seeing on the ground, which would better inform government policy as well as improve CSIS's ability to respond to emerging threats.

Of course, the granting of any new authorities must be consistent with the values we share in our democratic society, including respect for individuals' rights and freedoms. On this front, we are very pleased to see that the Government of Canada has incorporated rigorous standards and safeguards into subclause 34(3), such as those ensuring that individual disclosures protect Canadians' privacy interests.

Before concluding, I want to stress the need for urgency. The Business Council of Canada agrees with many lawmakers that the protections contained within Bill C-70 must be put in place before the next general election. The preservation of our democratic system is of utmost importance.

However, I will add that, when it comes to strengthening the resiliency of our economy, Canada is falling well behind our allies. This exposes everyday Canadians to unnecessary risks. By failing to move in lockstep with our closest allies, we risk being perceived as a weak link. This could jeopardize our country's relationship with our closest allies, especially the United States, at a pivotal moment when the global order is being reshaped and partnerships matter most.

I'll conclude by noting that Bill C-70 is just one of many economic security reforms that must be undertaken urgently to protect Canadians. As a priority, the Business Council urges the Government of Canada to complement subclause 34(3) with a formalized threat exchange to securely receive and disseminate Bill C-70's threat intelligence broadly across the Canadian economy. This and nearly 40 other much-needed reforms are included in the Business Council's recent report, “Economic Security is National Security”. That report is available on our website.

Thank you for the opportunity to speak. I look forward to your questions.

It's not what I think in terms of systemic infiltration. We have plenty of evidence at the municipal level in terms of infiltration. We have ample evidence in terms of research security within our universities. We have evidence at the provincial level of government, and we have evidence that includes charges laid within private and public sector institutions in this country, including of course the government, just this past week, forcing two entities in Vancouver...that engaged effectively in what it appears to be the illicit transfer of dual-use, anti-drone technology to a hostile actor.

I can send you a long list, but the public record on this is extensive.

Yes, I figure that this is probably going to be one of the more critical decisions and one of the more controversial decisions, and I can see both sides, including Director Fadden's case for not, I think, giving the minister the option.

Much of what this legislation will ultimately do, rather than sort of prosecuting people, is about drawing red lines and establishing clearly what sort of behaviour is and is not acceptable in this country. This is what much of the Criminal Code, for instance, also does. It lays out the rules of the road.

The problem that, for instance, universities have when it comes to research security—where the government made a similar choice of listing only public sector entities but not private sector entities, all of whom have Communist Party structures within them that pose the exact same threat that public sector entities engaged in intelligence and defence do—is that, for universities, for private sector actors, it doesn't provide a reference point based on which they can then engage in higher scrutiny. Without government providing that reference point, it will become relatively easy to accuse universities of randomly, for instance, scapegoating or whatnot.

I think more direction from government is required for those players who do not have the classified access that federal government entities do, including on the research security side, for instance, where I chair the Ontario research fund advisory board and where we know there are significant challenges around what is being funded.

Thank you for the question.

The Business Council represents approximately 170 of Canada's largest, most successful businesses, so I can't speak to the specifics of the challenges facing small and medium-sized businesses, but what I can say is that small and medium-sized businesses are very much a part of the supply chains of large businesses. Large businesses are quite concerned about the security posture of small businesses, because they can often be an indirect route to attack large businesses.

There needs to be much more done in this space in terms of government support, and Bill C-26 is one way to help in that regard. The private sector itself is also willing to step up and do more. For instance, our members are very much committed to working with their supply chains to build up their baseline resiliency, including through education, capacity building and relationship brokering, including working jointly with Canada's security and intelligence community, with agencies like CSIS, the CSE and the RCMP.