SECU Hearings on C-59
5 December 2017
I wish to extend my sincere thanks to the committee for inviting me to appear on bill C-59. It is always an honour to be asked to share my observations before this committee.
My colleague Kent Roach is appearing before you next week. He and I have divided-up C-59. Today, I shall be addressing the new Communications Security Establishment Act and the amendments to the CSIS Act.
I support most of the changes C-59 makes in these areas. I recognize the policy objectives they seek to address. I believe the statutory language is usually carefully considered and robust. But I do have one serious concern.
I begin with the CSE Act and make my single recommendation today. I respectfully submit that this committee should amend s.23(3) and (4) to indicate CSE may not, without ministerial authorization, contravene the reasonable expectation of privacy of any Canadian or person in Canada.
I have provided a brief describing the rationale for this change. (And I should disclose I have been an affiant in the current constitutional lawsuit brought by the BC Civil Liberties Association challenging CSE activities. But today I appear on my own behalf.)
To summarize my concern:
While engaged in foreign intelligence and cybersecurity activities, CSE incidentally collects information in which Canadians or persons in Canada have a reasonable expectation of privacy. Because this is done without advance authorization by an independent judicial officer, this likely violates section 8 of the Charter.
Bill C-59 attempts to cure this constitutional issue through a ministerial authorization process, one that involves vetting for reasonableness by an Intelligence Commissioner, a retired superior court judge.
This is a creative and novel solution. It preserves a considerable swath of ministerial discretion and responsibility. It is not a full warrant system. Still, given the unique nature of CSE activities, I believe it constitutionally-defensible.
But the new system will only resolve the constitutional problem if it steers all collection activities implicating constitutionally-protected information into the new authorization process.
The problem is this: C-59’s present drafting only triggers this authorization process where “an Act of Parliament” would otherwise be contravened. This is a constitutionally-underinclusive “trigger”. Some collection of information in which a Canadian has a constitutional interest does not violate an “Act of Parliament” (for example, some sorts of metadata).
The solution is simple. Expand the trigger to reads: “Activities carried out by the Establishment in furtherance of [the foreign intelligence or cybersecurity aspects] of its mandate must not contravene any other Act of Parliament or involve the acquisition of information in which a Canadian or person in Canada has a reasonable expectation of privacy unless they are carried out under an authorization”.
This may seem a lawyerly tweaking. But if we fail to cure the existing problem with CSE’s collection authorization process, a court may ultimately determine CSE has been collecting massive quantities of data in violation of the constitution. Such a finding would decimate relations with civil society actors, placing CSE squarely in the cross-hairs of a renewed controversy and making it very difficult for private sector enterprises to partner with CSE on cybersecurity without risking reputational fall-out themselves.
With C-59, we have a chance to minimize this kind of problem.
I turn to the CSIS Act changes. C-59 does three things. First, it permits CSIS new authority to collect and potentially retain so-called datasets.
Here, the tension lies in balancing the operational need for CSIS to be able to query and exploit information against the privacy imperative.
Rather than prescribe hard standards for datasets, C-59 opts for a system of in-advance oversight. The Intelligence Commissioner is charged with approving the classes of Canadian datasets that may be initially collected, and the Federal Court authorizes any retention of actual datasets.
While I am wary of the idea of datasets, I cannot dispute the rationale for it, and can find no fault with the system of checks and balances.
The second CSIS Act change relates to revisions to CSIS’s threat reduction powers, introduced in C-51 in 2015. These provisions were rightly controversial. For our part, Kent Roach and I did not dispute the idea of threat reduction. But we worried CSIS threat reduction done as a continuation of our awkward, siloed police and intelligence operations runs the risk of derailing later criminal investigations and prosecutions. This would be tragic from a security perspective.
From a rights perspective, C-51 lacked nuance. It opened the door to a violation of any Charter right, subject to an unappealable, secret Federal Court warrant. The regime was radical and, in my view, almost certainly unconstitutional. It was, therefore, unworkable, whatever the strength of the policy objectives that propelled it.
C-59 places the system on a more credible constitutional foundation. It ratchets tighter the outer limit on CSIS threat reduction powers. By barring detention – a power I sincerely doubt the service ever wished – it eliminates concerns about the many Charter violations for which detention is a necessary predicate.
And by legislating a closed list of activities that can be done when a warrant is sought, Parliament tells us what Charter interests are plausibly in play: essentially, free speech and mobility rights.
I believe that if threat reduction is to be retained, this new system reasonably reconciles policy and constitutional issues.
Last, the C-59 CSIS Act changes create new immunities for CSIS officers and sources engaged in intelligence functions who may violate law during those activities.
The breadth of Canada’s terrorism offences make is certain that a confidential source or undercover officer will commit a terrorism offence simply by participating with the terror group that they infiltrate. An immunity is necessary. The issue is whether there are sufficient checks and balances guarding against abuse of this immunity. Again, I think C-59 does a good job in festooning the immunity provisions with such checks.
I will end, though, with a caution. Our conventional manner of siloed police and CSIS parallel investigations lags best practices in other jurisdictions, which employ more blended investigations. As the Air India bombing inquiry observed, we struggle with what is known as intelligence-to-evidence.
The government is working on this matter. We should be conscious, however, that what CSIS does in its investigations, whether in terms of immunized criminal conduct or authorized threat reduction, could derail prosecutions if not done with a close eye to down-stream impacts.
This issue might usefully be a topic of inquiry for the new security and intelligence committee of parliamentarians.
Thank you for your attention and I look forward to any questions.