Public Safety committee  Bill C-70 includes a new provision that would clarify an ability to disclose personal information when it's “in the public interest” and when “that interest clearly outweighs any invasion of privacy that could result from the disclosure”. This is a corollary to the broader provision that would allow for the disclosure of information to build resiliency to threats to the security of Canada.

Public Safety committee  The service, for example, is unlimited in the disclosure of information and intelligence to the Government of Canada. That's its principal client, and of course it can disclose intelligence widely. Are there processes in place for ensuring that the sharing is wide? Yes. Are they perfect?

Public Safety committee  One of the discussions around this, of course, is the very grey nature of foreign interference and making those connections. What is included in this bill is a package of measures that together seek to provide transparency around foreign interference activity and help us—

Public Safety committee  I think there's a specific question about the incident itself. Clarity needs to be provided a little bit, insofar as the service is not the lead for cybersecurity for the Government of Canada. As well, I think this issue is relevant to another committee study, so I won't address that specific fact.

Public Safety committee  I would correct that presumption. In fact, if there were a manifest threat occurring under the service's threat reduction mandate today, it could disclose information for the purpose of reducing an threat when the threat is unfolding and active. The amendments in the bill do something different.

Public Safety committee  No.

Public Safety committee  No ministerial consent is required, but there's no disclosure of personal information.

Public Safety committee  Thank you for the question. Certainly one of the principal objectives of the amendments is to provide a very clear, transparent law when it comes to datasets to maintain the safeguards that are in place and also to ensure that it can be implemented lawfully and appropriately. Currently, the complexity of the regime—as you said, and I think I've written that line before about the analog nature of the law when it comes to very complex, messy, unorganized data—is an extremely challenging space.

Public Safety committee  Really, there are quite a few. There are four aspects of the current CSIS Act that are significantly impacted by the proposed amendments. Operationally, for the service, one of the biggest activities we're coming up against limits on is the sharing of information and the equipping of national security partners and stakeholders outside of the federal government.

Public Safety committee  For CSIS, we certainly always consider our allies, especially the Five Eyes and their legislative schemes. Obviously, they're all very different. The U.K. has done some important work on data, which has informed elements of our data authorities. It just recently amended its data authorities after about a similar amount of time, recognizing the incredibly dynamic pace at which the data and digital world is advancing.

Public Safety committee  As you know, the service is not a law enforcement agency and is not ultimately responsible for the laying of charges or the prosecution thereafter. The foreign interference space is indeed a particularly complex one. Much of the activity, as we've discussed in numerous fora recently, is extremely grey.

Public Safety committee  Thank you for the question. The service has put a significant amount of effort in place to address previous concerns about significant gaps in our duty of candour. It is a duty that we take very seriously. The Federal Court and review bodies have pointed to concerns, and we have taken significant measures—including training, the development of a professional affiant corps, and embedding legal counsel in various operational activities—in order to understand and fully meet the duty of candour to the service.

Public Safety committee  Thank you for the question. The dataset authority in the CSIS Act is an extremely complex regime that thoroughly embeds privacy protection at every step. It requires ministerial accountability and oversight. The collection, retention and use of data is undertaken through strict controls.

Public Safety committee  Good morning. Thank you for the opportunity to be here in support of this important study. Since its creation 40 years ago, CSIS has had to adapt to major changes in the threat landscape to protect Canada and Canadians. From our inception at the height of the Cold War to today's era of global cyber-enabled threats, CSIS has had to continuously evolve its operations.

Canada-China Relations committee  I think it's valuable to point to the sophistication of the threat actors in that region and the fact that the democratic norms we adhere to and value as Canadians are not shared universally. We look for modernization of our authorities in order to really build authorities and powers that respect the values of Canadians but help us to counter incredibly complex and sophisticated threat actors.