Rethinking Intelligence Sharing and Torture

The government released yesterday revamped ministerial directions on intelligence sharing that may implicate mistreatment. The new directions reach CSIS, CBSA and RCMP (the agencies under the Public Safety Portfolio). We should hope for and expect the roll-out of equivalents for other departments and agencies (such as CSE and GAC).

The standards Canada should apply in sharing and receiving intelligence from foreign agencies which may engage in mistreatment (torture or cruel, inhuman or degrading treatment) is a longstanding debate. I rehearse the history in a 2014 article. I have blogged regularly on the issue in this space (keyword search "torture" in the site search field).  And Roach and I cover the topic in our 2015 book, False Security.

Here, I offer up a few quick process thoughts and a few quick substance thoughts tied to the latest development.

1. Process

Up to now, it has been difficult to figure out a) what the government policy was and b) how it was applied. We know about earlier policies because of dogged access to information applications and work by, chiefly, Jim Bronskill. In assessing actual conduct under the policies, it's been like pulling teeth. In terms of public reporting, the best we've had it SIRC's short assessment from last year. And that was confined to CSIS.

The 2017 directions are notable for several reasons.  First, they were proactively released, in keeping with the government's new transparency pledge. Ministerial directions are, in essence, law, because of the manner in which governing statutes give them legal imprimatur. That they have been held close to the chest, and if released, redacted, has been a major irritation -- and should be concerning in a society governed by the rule of law. So A+ on the proactive release.

Second, the directions themselves impose transparency expectations. Key features include the following requirements:

19. Transparency about the use of this Direction is a key principle. In accordance with Principle 4 of the Government's National Security Transparency Commitment, CSIS is expected to publish information that explains how this Direction is implemented, including how risk assessments are conducted, in line with Canadian values, including those expressed by the Canadian Charter of Rights and Freedoms.

The agencies are to compile annual reports on their performance under the directions.  This will be classified, but shared with the minister and the review bodies. But also:

27. This report, in an unclassified format, will be released publicly, containing the contents described above to the extent possible without compromising the national interest, the effectiveness of operations, or the safety or security of an individual.

Maybe you need to have spent a career banging up against agency insularity, but I regard this too as a big deal.  We'll wait and see how thorough these reports are, but so far an A+ for the principle.

2. Content


Intelligence sharing needs to be divided into "in-bound" (coming from foreign partners) and "out-bound" (disclosed to foreign partners).  Out-bound is the most fraught historically and legally. Sharing information in knowledge of risk that it might lead to someone's torture opens the door to a violation of Canada's international obligations (depending on how you define "complicity" in the Torture Convention), constitutional law (depending on the application of causality principles suggested in cases like Suresh) and international and domestic criminal law (depending on the scope of the intent requirement in aiding and abetting concepts).  I discuss all this in the 2014 article noted above. 

Out-bound intel sharing was at the heart of the Arar, Almalki, Elmaati and Nureddin matters -- which were tragic for the victims, tarnishing for the services and expensive in terms of liability and reputation for the government.

We have gone back and forth on the standard to be applied to outbound intel sharing for years.  In 2002, for instance, internal CSIS policies provided: “if there are allegations of human rights abuses, the Service always ensures to use a cautious approach when liaising with the foreign agency and closely scrutinizes the content of the information provided to, or obtained from, the foreign agency” either “in an effort to avoid instances where the security intelligence information exchanged with the latter is used in the commission of acts which would be regarded as human rights violations” or “to ensure none of the security intelligence information exchanged with the latter is used in the commission of acts which would be regarded as human rights violations.”

Various accountability bodies have questioned the effectiveness of these operational policies.  In its 2004-5 annual report, the Security Intelligence Review Committee doubted CSIS could meet the human rights standards expressed in its 2002 policy.

In May 2009, the minister of public safety issued a specific ministerial direction on CSIS information-sharing with foreign agencies.  This document provided:

 so as to avoid any complicity in the use of torture, CSIS is directed to

  • not knowingly rely upon information which is derived from the use of torture, and to have in place reasonable and appropriate measures to identify information that is likely to have been derived form the use of torture;
  • take all other reasonable measures to reduce the risk that any action on the part of the Service might promote or condone, or be seen to promote or condone the use of torture, including, where appropriate, the seeking of assurances when sharing information with foreign agencies.

This standard was revised again in 2011. The 2011 version began with a section on “Canada’s legal obligations”, defined several key terms, established “information sharing principles” and then provided a road map for approving both in-bound and out-bound information sharing “when there is a substantial risk of mistreatment in sharing information”.

Having acknowledged the international, statutory and constitutional prohibitions on torture, the instruments defined “mistreatment” to include both torture and CID treatment or punishment.  “Substantial risk” of such treatment meant a “personal, present and foreseeable risk of mistreatment” that is “real and must be based on something more than mere theory or speculation” that typically arises when “it is more likely than not that there will be mistreatment”.  The latter test was not, however, to be “applied rigidly because in some cases, particularly where the risk is of severe harm, the ‘substantial risk’ standard may be satisfied at a lower level of probability”.

The information-sharing principles applicable to CSIS, RCMP and CBSA included an obligation to avoid “complicity in mistreatment by foreign entities” as well as a requirement to assess the accuracy and reliability of information received from partner agencies.  Approvals for information-sharing was to be indexed to the level of risk of mistreatment.

Where the risk of sending or soliciting information from a foreign entity was substantial, and it was unclear that the risk could be mitigated by caveats and assurances, the CSIS director, the RCMP commissioner or the CBSA president decided on the information-sharing.  These officials considered a list of factors in arriving at their decisions, including the national security interest, the basis for believing a substantial risk existed, measures to mitigate that risk and the views of other departments, including Foreign Affairs.  The matter might also be referred to the minister.  The minister or the director “shall authorize the sharing of information with the foreign entity only in accordance with” the direction and “Canada’s legal obligations”.

For use of in-bound information, the 2011 directions noted that in exceptional circumstances CSIS, RCMP and CBSA could share information from foreign entities that likely stemmed from mistreatment: “When there is a serious risk of loss of life, injury, or substantial damage or destruction of property, CSIS [RCMP or CBSA] will make the protection of life and property its priority.”  As a prudential measure, “[m]easures will also be taken to ensure that the information which may have been derived through mistreatment is accurately described, and that its reliability is properly characterized. Caveats will be imposed on information shared with both domestic and foreign recipients to restrict their use of information, as appropriate.”

Bottom line: the 2011 directions for both out-bound and in-bound had "in case of emergency, break glass" permissions to share information even where torture risk remained high (or in the case of in-bound, even when it had occurred). Hence the criticism.

For me, the out-bound sharing was the most doubtful, because the link to complicity was more acute and the causal consequences more evident. I have urged that in-bound raises different issues. It is not enough to argue, as many human rights advocates do, that use creates a "marketplace" for torture. That is a good sound bite, but a bad analogy. And to the extent people conflate any use with complicity, they stretches the complicity concept beyond both it legal and plain meaning. (And I would accuse the UN Committee Against Torture of invoking implausible understandings of complicity, contributing to the unfortunate sense that the UN human rights bodies are norm entrepreneurs with an indifferent commitment to law.)

On the dilemmas of in-bound, see some of my discussion here and in my 2014 article.

There are, however, some bright lines for in-bound, beyond complicity. For instance, it can't be used as evidence. Art 15 of the UN Torture Convention provides: "Each State Party shall ensure that any statement which is established to have been made as a result of torture shall not be invoked as evidence in any proceedings, except against a person accused of torture as evidence that the statement was made."

In 2006, a group of academics and human rights groups struggled with what other standards should guide in-bound use, beyond this Art 15 expectation. Even that group (which included Canada's chief international human rights groups of the period) chose not to endorse an absolute bar on in-bound use. This is what we came up with, codified as the Ottawa Principles on Human Rights and Anti-terrorism (principle 4.3.2):

Information, data, or intelligence that has been obtained through torture or cruel, inhuman or degrading treatment or punishment may not be used as a basis for:


(a) the deprivation of liberty;
(b) the transfer, through any means, of an individual from the custody of one state to another;
(c) the designation of an individual as a person of
interest, a security threat or a terrorist or by any other description purporting to link that individual to
terrorist activities; or
(d) the deprivation of any other internationally protected human right.


2017 Directions

So what is new in the 2017 directions? For out-bound, the "in case of emergency break glass" prospect is now gone: "If that substantial risk [of mistreatment] cannot be mitigated, information will not be disclosed to that foreign entity." So too when information is requested of a foreign service: "If that substantial risk cannot be mitigated, information will not be requested from that foreign entity."

This an important shift. It amounts to a moral choice about the primacy given to the prohibition on torture. Much will turn on what "mitigation" may mean (for example, would mitigation include doubtful possibilities like "we will tell the Americans and they will tell the Egyptians". )  But if the new checks and balances and transparency discussed above work, these are dilemmas that will regularly be "red teamed" by independent reviewers. [There will be lots of application issues. For instance, Paul Champ raises an excellent point about the definition of substantial risk, which reads in part "a personal, present and foreseeable risk of mistreatment." In Badesha this month, the Supreme Court declined to limit review of torture risk on extradition to this highly personalized assessment, and refused to foreclose "the possibility that there may be cases in which general evidence of pervasive and systemic human rights abuses in the receiving state can form the basis for a finding that the person sought faces a substantial risk of torture or mistreatment."]

On in-bound, there is no absolute bar on use. The information can never be used in a proceeding or "in any way that creates a substantial risk of further mistreatment".  But the "in case of emergency break glass" prospect remains: generally, the information could not be used to deprive someone of their rights or freedoms, except where "it is necessary to prevent loss of life or significant personal injury." So does this line up with the Ottawa Principles? Well, I struggle to imagine a deprivation of a right or freedom that would occur independent of "a judicial, administrative, or other proceeding", for which the suspect in-bound information cannot be used. So the result might be something like:

Ottawa Principles

2017 Direction

Cannot be used as basis for:


(a) the deprivation of liberty;

In Canada, would require use in a proceeding (criminal, civil, administrative, warrant or threat reduction, peace bond, preventive detention – all are proceedings). I would argue that passport revocation and no fly listing is a proceeding captured by this same limitation. Therefore, use in these contexts is barred. Maybe the initial detention under preventive detention in exigent circumstances, prior to show cause review by the court? But to justify detention on evidence could then never use in front of the court would be very suspect.

(b) the transfer, through any means, of an individual from the custody of one state to another; 

In Canada, would require use in a proceeding. Therefore barred.

(c) the designation of an individual as a person of interest, a security threat or a terrorist or by any other description purporting to link that individual to terrorist activities; or

This is the thorny issue.  See below.

(d) the deprivation of any other internationally protected human right. 


In Canada, would almost certainly require use in a proceeding. Therefore barred.


Paragraph c) is the headache. For instance, CSIS may commence an investigation on reasonable grounds to suspect a threat to the security of Canada. If in-bound information constitutes the basis for that reasonable suspicion, nothing in the directions would appear to preclude an investigation, subject to the requirement that the feared security threat is one related to loss of life or significant personal injury. (Or potentially even without this requirement if there is no risk of deprivation of someones rights or freedoms, which is the more likely prospect if we are simply talking about an investigation.)

Now to be clear, CSIS could never get a search warrant using this in-bound information -- that would require a proceeding. But it will collect open source information, perhaps follow a target and flag a person in a dataset of some sort.

People will debate whether this is appropriate. Again, be careful about calling this "complicity". And be careful of overreaching and arguing that this violates Canada's legal obligations.  And note also that if the investigation culminates in some proceeding, the in-bound information cannot be used in it.  Still, the tainted in-bound information seeds an investigation. It seems to me, at the very least, there should be standards on cleaning out this data trail if the investigation turns up nothing. The directions provide that tainted in-bound information needs to be caveated and its reliability properly categorised. But more than that, if there is an authorized use, which turns into a goose chase, then it seems to me that any person flagged by that information or in the deadend investigation it sparked should be protected from forever being in some government security database. That is, there should be a scrubbing. I fear otherwise that even caveated information will prove fungible and the genesis of fruit of poisoned trees down the path.