moved that Bill C-622, An Act to amend the National Defence Act (transparency and accountability), to enact the Intelligence and Security Committee of Parliament Act and to make consequential amendments to other Acts, be read the second time and referred to a committee.
Mr. Speaker, it is indeed a pleasure to rise today to speak to my private member's bill, Bill C-622, the CSEC accountability and transparency act.
This legislation takes an important step forward in updating the framework for accountability and transparency for Canada's signals intelligence agency, and it tasks the public's representatives—that is, Canadian parliamentarians—with the responsibility to review and report on the intelligence and security activities of our government.
In the wake of the recent deadly attacks on our soldiers and on Parliament itself, all party leaders confirmed their commitment to protect the rights, freedoms, and civil liberties of Canadians, even as security measures are analyzed and strengthened. Indeed, Canadians expect these fundamental aspects of the very democracy being guarded to be respected, and that is the underlying intention of the bill.
I invite members of all parties to support sending it to committee for further examination and signal the authenticity of their commitment to these democratic freedoms.
Canada does have important guardians of privacy rights, both in law and in our provincial and federal privacy and information officers, and we have strong privacy protections in Canada, in general, although these must continue to contend with the fast pace of technological change.
Where they can be weak, though, is in the scrutiny of the activities of intelligence and security agencies like Communications Security Establishment, or CSE, and my bill aims to ensure sufficient privacy protections for CSE operations on the multiple fronts of its mandate, both abroad and at home.
As the federal and provincial privacy commissioners stated in a recent communique:
Canadians both expect and are entitled to equal protection for their privacy and access rights and for their security. We must uphold these fundamental rights that lie at the heart of Canada’s democracy.
I agree. In fact, the effective protection of individual privacy and the effective delivery of national security measures are not a dichotomy or a trade-off. They are complementary, and both are necessary.
The United States Department of Homeland Security is a good example. This department considers safeguarding civil rights and civil liberties to be critical to its work to protect the nation from the many threats it faces. This third-largest department of the U.S. government now explicitly embeds and enforces privacy protections and transparency in all the department's systems, programs, and activities.
Deputy Secretary Mayorkas confirmed in a recent speech that not only is this an integral part of DHS's mission and crucial to maintaining the public's trust, but it has resulted in homeland security becoming a stronger and more effective department. Bill C-622 reflects that very philosophy.
Now here is some information about Communications Security Establishment Canada. CSE is our national cryptology and signals intelligence agency. It functions within a global alliance of partners' signals intelligence agencies in the U.S., the U.K., Australia, and New Zealand, known as the Five Eyes. CSE intercepts and decodes foreign communications signals. It is the lead agency for cybersecurity for the federal government, and it uses its technological capacities and expertise to assist domestic law enforcement and intelligence agencies.
As its three-part mandate suggests, CSE is an important and powerful contributor to Canada's national security, and we want it to become a stronger and more effective department. Much of CSE's work today focuses on Internet and mobile phone communications between foreigners who might pose a threat to Canada.
CSE does not have the mandate to spy on Canadians, except when it is assisting other federal security and law enforcement agencies that have the appropriate permission, such as a warrant. However, its powers were extended in 2001 to allow it to inadvertently collect Canadian communications when it is targeting a foreign entity or conducting cybersecurity operations.
Here is the challenge: The capability of information and communications technologies has skyrocketed over the past 13 years. However, the laws governing CSE have not changed once in that time. That means that whether they are being used or not, CSE now has much greater powers to intrude into the privacy of people's personal lives and communications, unimpeded by the law.
It is time to update the law in this new environment of cloud computing and the Internet of everything.
This bill leaves in place all the important tools that our security agencies have available to them to protect Canadians. CSE has intrusive powers, but they are most often absolutely necessary.
However, Canadians want assurances that their privacy and the confidentiality of their communications will not be violated. Such violations would not even have been technologically possible just a few years ago.
One key concern of Canadians is government's access to their metadata, that is, their communication activities. It includes, for example, records of communications between one's electronic devices and the devices of others. On the surface, intercepting metadata may not seem terribly intrusive, but metadata is effectively the how, when, where, and with whom people communicate electronically.
As Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, notes:
It has been said that the collection of meta-data is far more intrusive than reading someone's diary because not everything gets written down in a diary.
Last January, Canadians learned that CSE collected, tracked, and analyzed the metadata of unsuspecting passengers who logged into the WiFi at an Canadian airport. Because the law is so outdated, this was probably legal, but it was certainly not respectful of privacy rights.
Both CSIS and the RCMP are required to get court approval to enlist CSE's help in wiretapping a phone, but no such approval is needed to collect metadata.
In June of this year, the Supreme Court ruling, R. v. Spencer, was a strong endorsement of Internet privacy, including the privacy of metadata.
A second concern is the defence minister's quasi-judicial power to issue blanket approvals for CSE operations that would likely capture the private communications of Canadians without needing to explain his or her reasoning to anyone. These ill-defined and overly broad ministerial authorizations have been criticized by CSE commissioners for almost a decade.
A further concern is the absence of accountability or reporting regarding information sharing between CSE and other security and intelligence agencies. In a 2014 ruling, Federal Court Justice Richard Mosley found that CSIS and CSE kept the court in the dark about how they were enlisting foreign intelligence agencies to help spy on Canadians. He noted that the information CSE had shared, without legal authorization, put two Canadians at risk while they were travelling abroad. Justice Mosley's findings underscore the need to reinforce CSE's accountability not only to the courts but also to the minister, to Parliament, and to Canadians.
Finally, the grab bag of various kinds of oversight of various Canadian security and intelligence agencies, including CSE, and the absence of parliamentary oversight or review, puts us definitely offside with Canada's main intelligence partners.
How do we support CSE and our other security functions by embedding better democratic accountability, clarity, reporting, and review, an update that would bring us in line with our Five Eyes allies?
First, Bill C-622 would strengthen judicial oversight by replacing ministerial authorization for the interception of Canadians' protected information with authorization by an independent judge of the Federal Court. This is consistent with the process used by the National Security Agency, CSE's American counterpart. In addition, in this bill, metadata would be included in the new definition of protected information.
Second, the bill would strengthen ministerial oversight. It would require the Chief of CSE to inform the minister of sensitive matters likely to have a significant impact on public or international affairs and any national security or policy issues. The chief would also have to inform the minister and the CSE Commissioner of any operational incidents that may have an impact on the privacy of Canadians.
Each fiscal year a detailed report would be provided to the minister and the national security adviser to the Prime Minister on the activities carried out by the agency during the fiscal year, including any requests to share information with other Canadian security agencies.
Third, the office of the CSE Commissioner will be strengthened. The Prime Minister will be required to consult the opposition leaders before choosing a commissioner. The appointment process will therefore be more independent.
The commissioner will have to verify that CSE's activities are within the law and that they are also reasonable and necessary. He will have to submit public reports that are detailed enough that Parliament and Canadians are properly informed about matters of public interest. The only information that may be excluded is confidential information pertaining to international affairs, defence or security.
Fourth, the bill provides for oversight that is accountable to the public for all Canada's security and intelligence agencies. This integrated overview of the functioning of these sometimes siloed agencies would bring new solutions to strengthen security measures and privacy protections alike. The specific mechanism would be a multi-party committee of security-cleared parliamentarians, the intelligence and security committee of Parliament.
The mandate of this committee would be to review the framework for intelligence and national security in Canada, to review the activities of federal departments and agencies in relation to intelligence and national security, and to issue an annual unclassified report that the Prime Minister would submit to Parliament.
Former CSE chief John Adams supports such a review committee, noting that Canadians are more likely to trust an MP saying that Canada's spy agencies are not violating their privacy than they are to trust the heads of the very spy agencies saying the same thing.
I want to thank my Liberal colleague from Malpeque, retired Conservative senator Hugh Segal, and Senator Romeo Dallaire for their hard work in writing legislation to customize a very successful British parliamentary oversight model for our unique Canadian needs.
The scope and magnitude of CSE's surveillance power have increased. Its accountability to the public has therefore increased accordingly. The current system is outdated and flawed. Parliament cannot perform its oversight duties, and the Minister of National Defence has too much latitude when it comes to authorizing CSE to monitor Canadians' communications.
By passing my bill, Parliament will increase CSE's accountability and give Canadians privacy protections that are closer to those that the Americans and the British take for granted.
In essence, Bill C-622 seeks to modernize outdated laws and embed individual privacy rights within the framework of security and intelligence. Its accountability and transparency measures would restore Canadians' freedom to communicate with each other and with the world without the fear of unlawful or unethical access to their private communications.
The bill seeks to ensure that Canadians can have confidence in the work of CSE and can trust that the government's intelligence and security activities are held to account by the Parliament of Canada, whose duty it is is to ensure that Canadian democratic rights and interests are properly protected.
Public trust, the trust that our civil liberties are respected and that our rights and freedoms are embedded, are key ingredients in the strength and effectiveness of the critical work that security and intelligence agencies do to protect the safety and security of Canadians.
I would like to express my gratitude for the help and support of some of Canada's top experts in privacy, security, and intelligence, notably Professor Wesley Wark of the University of Ottawa and Stephen McCammon of the Ontario privacy commissioner's office, and the many others who helped me develop this essential step forward in protecting fundamental Canadian securities and freedoms.