Thank you, Mr. Chair.
I'm grateful to appear before the committee on this important study.
There are two concerning aspects of Russian disinformation targeting Canada. One is real. It's the effort to manipulate Canadian attitudes towards the Russian invasion of Ukraine. The other is what I call a “potentiality”. It's the use of Russian intelligence and cyber-capabilities, which are significant, to interfere in Canadian elections and democratic processes in the future. These elements were captured in the CSIS intelligence assessment of May 2023, which was recently released to PIFI.
The conclusion to the CSIS assessment reads:
While the Russian diaspora and its organizations may not have a broad impact on Canadian society, their influence becomes more apparent when consolidated with other organizations and their online presence, pro-Russian proxies or agents of influence, and [the Russian Federation's] global disinformation efforts.
There is also, of course, the blowback potential of Russian disinformation operations targeting other countries, especially the United States.
The question I want to address concerns Canadian governmental capabilities to detect and counter Russian-directed online information operations.
The first is on detection. This involves attack attributions back to a Russian state or proxy source, the tracing of methodologies of attack—especially technical ones—and an understanding of intended targets. Canadian capabilities for detection of malicious online information operations are nascent and were created in an evolving and reactive way. This is the history of the rapid response mechanism, or RRM Canada, in a nutshell.
I'll very briefly go over that history. The RRM, as I'll call it, was created following the 2018 G7 meeting in order to perform a coordination function that can respond to a variety of shared threats to democracy. It was only after the Russian invasion of Ukraine that the Prime Minister announced, in August 2022, the establishment of a dedicated unit in RRM Canada at Global Affairs to address Russian and other state-sponsored disinformation. In essence, RRM Canada's disinformation unit is brand spanking new. Its resources are minuscule and its capacity to engage with a range of expert, private sector media-monitoring and open-source intelligence organizations is very limited. It was an innovative idea and has potential, but its “engine room”, as I call it, is far too small, and its fit as a Global Affairs Canada unit within the broader security and intelligence community is very problematic. Our detection side is weak.
What about countering? There are various tools. I'll list them: engaging with foreign state actors directly; working with allies, which is an important one; naming-and-shaming campaigns, as they're sometimes called; helping to strengthen the resilience of targeted communities, not least by giving them the means to be the eyes and ears against disinformation; and providing broader public education through published threat assessments from organizations like CSIS and CSE. At the pointy end, there are two things. One is using CSE powers to what could be called, colloquially, “hack back”. This is, in essence, using powers provided to CSE in 2019 for offensive cyber-operations. The other is criminal sanctions, which should be boosted by some of the provisions in Bill C-70. No one tool will suffice. All are necessary.
What about the foreign influence transparency registry, newly established through Bill C-70? Here I would urge the committee to have realistic expectations. FITR—the acronym—will mostly be a registry for good guys. It won't stop covert bad actors, but it might have a deterrent effect on grey-zone activities and open up a criminal sanctions path, such as the one utilized in the recent United States Department of Justice indictment against two Russia Today actors.
What do we need? First, I would argue that we need upgrades to RRM Canada's capacity and changes to its placement in government. One suggestion would be to move it to Public Safety's office for countering foreign interference. It's in the wrong place at Global Affairs.
We also need—and this is critical to any understanding of foreign malign influence operations—a much stronger open-source intelligence capability in the Canadian S and I community.
There is some capability. The function is far too widely distributed within the S and I community and subject to too many diverse mandates and sets of authorities. We saw some of this at work with regard to the government's efforts to respond to the freedom convoy protests. A central OSINT—open source intelligence—agency with a clear mandate is needed.
Finally, I would encourage the committee to give some serious thought to creating an equivalent of Sweden's Psychological Defence Agency, which was established by Sweden in January 2022. This agency combines an operations role in detecting and countering foreign malign influence operations, especially over social media, with a public role to strengthen societal resilience. A psychological defence agency may sound a little Orwellian, but that's the world we live in.
Thank you, Chair.