Evidence of meeting #39 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.

A video is available from Parliament.

On the agenda

Members speaking

Before the committee

Gary Anandasangaree  Minister of Public Safety
O'Gorman  President, Canada Border Services Agency
Deputy Commissioner Bryan Larkin  Royal Canadian Mounted Police
Pyke  Assistant Commissioner, Correctional Operations and Programs Sector, Correctional Service of Canada
Legault  Chief Financial Officer, Parole Board of Canada
Giles  Deputy Director, Policy, Canadian Security Intelligence Service
McCrorie  Vice-President, Intelligence and Enforcement, Canada Border Services Agency
Hazen  Chief Financial Officer, Royal Canadian Mounted Police
Bilodeau  Senior Assistant Deputy Minister, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness
Nashef  Director General, Policy, Planning and Accountability, Canadian Security Intelligence Service
Superintendent Richard Burchill  Director General, Technical Investigation Services, Royal Canadian Mounted Police
Wong  Acting General Counsel, Policy Sector, Department of Justice
Hiegel  Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness
Gibner  Deputy Assistant Deputy Minister, Policy Sector, Department of Justice

Jacques Ramsay Liberal La Prairie—Atateken, QC

Yes, but if it's being challenged, that means we're going to judicial review. At that point, does the provider have to proceed while waiting to ultimately be found to be in the right, or can it avail itself of that recourse and say that it will wait for the judicial decision?

6:45 p.m.

Senior Assistant Deputy Minister, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

Richard Bilodeau

My understanding of judicial review is that the provider could request a stay of the proceedings while the review is under way. There is the criterion of irreparable harm and all of that, which may come into play.

However, I will turn to Ms. Gibner, who can provide you with more context.

The Chair Liberal Jean-Yves Duclos

Please answer quickly, Ms. Gibner, because we need to move on to another intervention.

6:45 p.m.

Deputy Assistant Deputy Minister, Policy Sector, Department of Justice

Kimberly Gibner

Yes, I'll simply say that my colleague has done a great job of setting it out, and that's correct.

The Chair Liberal Jean-Yves Duclos

Very well.

Mr. Au, you have the floor for five minutes.

6:45 p.m.

Conservative

Chak Au Conservative Richmond Centre—Marpole, BC

Thank you very much.

I don't know who can answer this question.

There has been much discussion about how long and how the suppliers should maintain the information, but here's another aspect. Once the information gets out of the hands of the supplier and into the hands of the police, how are they going to deal with that information? For example, where and how and for how long are the police going to keep the information? Also, when will they destroy the information?

There could be different scenarios. Number one, if the RCMP suspects that a person may have committed a crime and gets the information from the supplier and then at a later date discovers that this person is not really engaged in the criminal activities, when will they destroy that information about the person?

Secondly, will the person be informed that their information was given to the RCMP, and will there be some verification that the information has been destroyed?

6:45 p.m.

Senior Assistant Deputy Minister, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

Richard Bilodeau

I'm going to my colleague from the RCMP, who can answer all of those questions.

C/Supt Richard Burchill

Yes. Thank you very much for the question.

What I could say is that when we get to a point where there is a crime that we're investigating and we get to the point where we're dealing with data, then we're into a judicial authorization that a judge has authorized. With that comes a return to justice. If we're authorized to seize the data, we go to a supplier, to a service provider, and they're able to give us what we have through the court order, we have to do a return to justice.

Generally, every 30 days we have to go back to court to say what we've done: first of all, what we went in to get specifically; then, what we took specifically, what we're currently doing with it and where it's stored for continuity of evidence; and then why we need to keep it for another 30 days. There are returns to justice and a return to court to tell them what we're doing and for how long we're doing it.

If at some point the judge decides or the investigators decide that we don't need to keep this data anymore, it's destroyed. I suspect that the investigators would advise a suspect that they're no longer being investigated and they've destroyed any evidence related to them, but there is a court process with the return to justice as part of a warrant or a production order, where we have to go back and report to court what we're doing with what we've seized.

6:45 p.m.

Conservative

Chak Au Conservative Richmond Centre—Marpole, BC

In that case, you're saying that the person who was investigated would be informed.

C/Supt Richard Burchill

I guess it depends on the circumstances. If informing the person sacrifices the integrity of the investigation, probably not. If at some point there are charges laid and that person has been eliminated as a suspect or part of the file, then they would probably be notified.

Rest assured, I guess, that there is a process with the judicial authorization such that we need to go back to the justice every so many days. It's the judge who decides how often. If it's very sensitive or if it's information that they feel they want to keep more control over, they may require us to come back every two weeks. It's hard to say, but it's up to the judge.

Chak Au Conservative Richmond Centre—Marpole, BC

This is not exactly the answer I wanted, but anyway, I will move on.

In scenario two of the person who was being charged but eventually was found not guilty, again, what would happen to the information that had been collected through this process about him or her?

C/Supt Richard Burchill

For the general disposition of exhibits at the end of a trial, whether conviction or no conviction, it would be to have a disposition. If there is a conviction, they would probably be retained, but if there is a stay or if the person is not convicted of a crime, there would have to be a disposition of those exhibits, with the court saying, “This is what we seized during the investigation and we're now going to be disposing of it” and giving proof of that disposal.

6:50 p.m.

Conservative

Chak Au Conservative Richmond Centre—Marpole, BC

Good. Thank you.

I have another related question. We are being told that this new arrangement of lawful access is needed because of investigations and other kinds of necessity. I get that, but on the other hand, how can we prevent these kinds of measures from being seen as necessary?

At the end, they become measures of convenience because we're talking about two concepts: reasonable suspicion or reasonable grounds to believe. There's a difference there, and I would say the threshold for the first one, grounds to suspect, is lower, much lower than the grounds to believe.

Where would one begin and end? I would suspect that there would be grey areas in between. In that kind of situation, how can we be sure that this will not become a measure of convenience for the police to abuse, if I can use that word, in order to obtain personal information?

The Chair Liberal Jean-Yves Duclos

Give a very short answer, please.

C/Supt Richard Burchill

I can assure you that reasonable grounds to suspect is at the very beginning stages of an investigation. The jeopardy associated with having somebody's specific metadata, that requires reasonable grounds to believe and a general production order.

I'd ask my colleagues from justice to correct me if I'm wrong, but once you get to the point where you're seizing data, you're into reasonable grounds to believe and there's a bona fide investigation, a victim and a crime attached to that. When you're—

The Chair Liberal Jean-Yves Duclos

I'm sorry to interrupt. I'm being very rude, but that's unfortunately what we need to do.

We'll go to MP Al Soud for five minutes.

Fares Al Soud Liberal Mississauga Centre, ON

Thank you, Chair.

Thank you all for being with us today. I am not a usual member on this committee, but it is a privilege to be with all of you given the importance of the topic at hand today.

I believe it was Mr. Nashef who mentioned earlier that we are the only Five Eyes nation, the only like-minded country, absent of lawful access.

I find with legislation like this there are always concerns pertaining to privacy, and that is of course always an important question. One of those concerns I find is this idea, this floating notion, that Bill C-22 would create some sort of mass surveillance or that it would allow law enforcement to access Canadians' information without legal authorization.

I'd like to hear you speak to that, Mr. Nashef, if it's possible, and I'm happy to open it to the rest of the panel if expertise allows.

6:50 p.m.

Director General, Policy, Planning and Accountability, Canadian Security Intelligence Service

Ramzi Nashef

Thanks for the question. I'm glad you raised it because I think it's one of the things that have been in most of the coverage and the testimony that probably most needs myth busting, to be frank, by this group here and others.

I'll speak from CSIS's perspective, but it also, I think, carries for law enforcement on this front.

There has been a lot of discussion about the retention-of-data considerations in the bill. To actually access that data, it goes without saying—it hasn't come up that much today but to reiterate—there is no direct access for either law enforcement or CSIS to any systems of telecommunication service providers, in fact, in the intent of the bill or the letter of the bill. We have that established.

For CSIS or for law enforcement to actually get access to that data.... This idea of mass surveillance gives you the sense that we are floating through and swimming in the waters of the data, looking at it, using it for things investigative or otherwise. None of that is the case here. What we're talking about is that there's a retention of a limited amount of data for very specific investigative reasons, which we can access only with, in our case, a federal court warrant, so it's a significantly high threshold in a high-harm investigation, as I mentioned earlier, related basically to espionage, foreign interference or terrorism.

That would be how I would frame it to you. It's a much narrower access to the data that is being collected for a very particular reason at a very high threshold with significant oversight.

Fares Al Soud Liberal Mississauga Centre, ON

With this notion of the data storage being, of course, a sensitive topic but a very important one, how do you find this legislation addresses the challenge of data being stored outside of Canada, and what improvements does it bring compared to the current system we have?

6:50 p.m.

Director General, Policy, Planning and Accountability, Canadian Security Intelligence Service

Ramzi Nashef

I'm not sure I'm the best one to answer all parts of that question, but let me take a first cut and then somebody can come in with a bit of fire support.

I think taking a half-step back might be helpful to talk about the data storage. There have been a significant number of questions from MP Kirkland and some others—really necessary questions—asking whether that increases the risk of the government mandating specific companies to retain extra data than they would have from a proprietary perspective for a set of reasons.

The first thing I would say is that many of these companies, but not all, retain a huge amount of data for all kinds of different reasons, data that goes far beyond what we're asking for in this bill. In many cases, that's for billing reasons. In other cases, it's for marketing reasons. It's for a whole range of different motivations, let's say. On this idea of the fundamental culture of how data is retained in this country, I think we're already there. The number of times we or folks we know hit “accept all” in any given day is really high and should be scary. This isn't the Rubicon that we're crossing with this bill. This is the data-driven world we have been living in for a while already.

In terms of the vulnerabilities around requiring additional retention of data, the half-step back I'd like to take might be to look at the financial sector as a parallel. It's not a perfect comparator, but it's one that's, let's say, a little less charged than what we're talking about here.

In the financial services world, more records and better records are seen as an inherently positive addition of robustness. Again, it is incredibly important—and we have been discussing that today, and it is at the heart of what we are trying to do—to ensure that we are not introducing unnecessary vulnerabilities. I have said a number of times that no technological system is 100% foolproof and unable to potentially be leveraged in certain circumstances.

I think what we're talking about here, though, is proportional. It's reasonable. It's limited, and it's for very clear applications, which are, again, in our case, highest-harm national security investigations. In the case of law enforcement, they are highest-harm criminal and transnational organized crime applications.

The parallel of the financial sector, where the same thing for different reasons is seen as a net positive—whereas in this case, it is seen or at least has been bandied about a little, as an unnecessary vulnerability—gives us a bit of perspective that could be helpful here.

The Chair Liberal Jean-Yves Duclos

Thank you, Mr. Al Soud. You're making a very good impression for your first appearance. There is a good chance we'll invite you back.

That brings us to the end of this third hour. Before we adjourn, I would like to inform you of a prerogative I am going to exercise. Like everyone else, I noted last time that we didn't have time to reach a formal consensus on the coming days. However, I heard very clearly that you would like a little more time to discuss this bill.

I will therefore propose that we hear from witnesses next Tuesday on Bill C‑22 for two hours, that the deadline for submitting amendments be extended to 5:30 p.m. next Monday, and that on Thursday, June 4, between 3:30 p.m. and 6:30 p.m., we devote the first three hours of our session to a clause-by-clause consideration of the bill.

On that note, I wish you all a good evening. Thank you.