review

A Law for New Seasons: Bill C-59 from the "Big Picture" Perspective of National Security Reform

Over the next few months, I will try to post thoughts on Bill C-59, the government’s massive national security overhaul package. Kent Roach and I have posted two quick assessments: an oped in Maclean’s and a longer piece at the Institute for Research on Public Policy website. I also provided reactions to the media in various placed, including on The House here and Power & Politics here.

(We always worry about pushing out analyses of such complex legislation on an insta-response basis, and qualify what we say with an open invitation to point out errors and omissions. Like most people, I learn best when I write, reflect, discuss, revise.)

In this space, I want to meditate on two issues emerging in the discussion.  First, that C-59 is about correcting C-51, creating the impression (fanned by some politicians) that C-59 rolls back security powers.  Second, the resource and burden issue.

 

C-59: Reforming without subtracting

A word of warning: Kent and I always took the view that C-51 was dealing (mostly) with real problems, but the solutions were so festooned with their own shortcomings that they didn’t solve the problems, but did create a host of new ones.  (The speech crime was the exception: it was always a solution in search of an invented problem).

I won’t repeat our analysis here. (We set out our conclusions in the 600 pages of False Security.)

This is by way of saying: I was never in the “repeal and return to the prior status quo” camp.  Because that status quo meant returning to a security law system that creaked with age and inadequacy.

 

Fixing the Problematic Parts

If we expect the state to protect us, we need to give it tools.  In part, this is because I believe the civil liberties implications of the day after a security failure are always worse than the civil liberties challenges raised during a calm, premeditated effort to give security services reasonable tools to prevent that incident. (After some bomb goes off, everyone assumes that it stems from a failure of law, and that we need fewer rights.  Usually, the reason is more complex: sometimes it is operational. And sometimes it is simply a manifestation of the old IRA slogan about security services needing to successful all the time, and terrorists only once. Those impossible odds mean something will always happen.  And so you need social resilience, not a stampede to turn your society into North Korea.)

When we do security law and policy reform properly, the questions always are: which tools, are they proportional, and are they compatible with a liberal democracy (and avoid the “burning villages to save them” problem).  And for anti-terror tools, focused on a threat embedded in a civil population, “overclocking” on your tools may precipitate the very threat you intend to stave-off.  (Witness the nonsense discussion on the margins of the internet last month, after the UK incidents, raising the prospect of mass internment. Setting aside the egregious rights violations, this is out past Pluto in terms of security: people need to spend more time examining the blowback consequences of mass internment. It’s a pretty good way to turn a difficult security environment into a 100-year war.)

C-59 is about correcting C-51’s (unnecessary, probably-never-actually-wanted-by-the-security-services) excess, and I think it generally does a good job here (with the real remaining concern being the light-touch amendments to the Security of Canada Information Sharing Act, renamed and tempered, but still vast).  For instance, I doubt CSIS ever wanted to be in the detention and rendition business – so why create a law that made that a legal possibility?

For more on these fixes, see our IRPP piece, linked above.

 

Dealing with (Some) of the Puzzling Omissions

But C-59 is also about giving new powers to the security services.  Four things stand out. First, by placing CSIS threat disruption powers on a more plausible (although surely still novel) constitutional foundation, it makes those actually usable.  (CSIS has clearly not been prepared to use threat reduction that raised constitutional issues under C-51, probably appreciating that the C-51 formula was an invitation for controversy in the courts and out).

Not everyone will think we’ve hit the sweet spot.  See Michael Nesbitt’s excellent analysis.  But we are way closer than with C-51 – with that bill’s formula, it was really hard to find a constitutional lawyer (not taking instruction from government) who thought we were even in the ballmark.  And whatever we might conclude about how carefully drafted some of the new “closed list” powers are, I simply cannot think of any other way to square the constitution with some of the more potent threat reduction powers I believe are quite properly on the table (e.g., interfering with a suspected terrorist’s communications). 

Second, I had not quite appreciated the extent to which CSIS was on the cusp on being paralyzed by its old law. For one thing, the limitations in its Act on retaining information – most dramatically illustrated by the Fall 2016 Federal Court decision on the CSIS ODAC initiative (see a write up here) -- must be deeply constrictive of CSIS deploying big data analytics – or even basic Boolean searching – on information…that they cannot have.  There are, of course, all sorts of privacy concerns – which is where close study is required of both the revamped collection and retention rules and their checks and balances. But at some point, one must concede that if you are to have an intelligence service, it needs to be able to collect, retain and analyze intelligence. (Privacy protections have always has been about checks and balances, from their inception in the early common law through to the present day).

For another thing, I had not quite appreciated how dramatically changes in the concept of Crown immunity – and doubts about its application to CSIS operations – must be crimping operations. It may not be too much of an exaggeration to say, with all the new terrorism crimes introduced since 2001, that every CSIS officer and source covertly infiltrating a terror plot is at risk of prosecution. CSIS recruiting must go something like: “Thank you for your service. As soon as you participate with this group, you are a criminal. But we’ll put in a good word with the prosecutor – assuming we’re prepared to cough up our secret op details. Hopefully things will be ok.”  The response must be something like: “No way.” Or: “Ok, give me $8 million.”

I have no way to know if the problem is that dramatic. But legally, it may be. And if so, together the limit on CSIS data retention and the crimp on human source immunity is pretty serious.  It might mean that Canada risks not having a real security intelligence service. 

Unless you think the world is much safer than I think it is, that is an unhappy prospect.  It is actually astonishing that this was not fixed a long time ago.  So the issue is: are you happy with the C-59 solutions?  And in responding, the first thing I look for it: checks and balances.  So far as I work through the details, I think they measure up quite well – indeed, potentially very well, measured against international comparisons.

Third, the Communications Security Establishment has been burdened with too little law, and too narrow a mandate. On law, we have known since it was first given statutory footing in 2001 that the issue of Canadian-origin information intercepts raised constitutional issues. People have been writing about it for a long time. But it was one of those questions that were, um, academic, until Snowden.  After that, it became a matter of public controversy, and litigation.  Fixing this was never that hard – and I am very pleased to see that C-59 proposes what I think is a viable and even elegant approach.  (Although there is a bug in the drafting, I think, that may leave the problem unfixed.  That requires more explaining, and I will blog on that soon.)

On mandate, CSE’s cybersecurity mandate basically reaches: get into a defensive crouch, protecting your core and vital organs, while the North Koreans, Russians, Chinese, hackers etc pummel you. But the world has changed since 2001. The new “active” and “defensive” cyber operations powers, and the broadening of the traditional cybersecurity mandate make a lot of sense.  Again, that assumes you agree that the world presents real security challenges that require viable responses.  If you do, then the remaining question is: are you happy with the checks and balances?

Four, tempering C-51, and adding a whole host of checks and balances is actually security-affirming.  In a democracy, the activities of the security service depend on consent and cooperation. Security powers that validate a lot of conspiracy theories erode that “social license”. 

C-51 took a lot of conspiracy theories from “plausible only if you assume everyone is a legal rogue and ethically unhinged”, to “legally possible, even if still doubtful in practice because the people involved are not venal and unethical”.  (Our various commissions of inquiry criticized the services, but did not suggest wrongdoing was ill-intentioned – with the exception of the poisonous leaks someone released to smear Maher Arar.)  But as anyone who has spent more than 5 minutes working in a human institution knows, people and institutions make mistakes – sometimes enormous mistakes. Silos, group think, cognitive bias, habit, incompetence, laziness, inattention, petty jealousies.  All the vices of the human form. Law, guidelines, protocols, oversight, review and checks and balances are what we use to minimize the prospect of systems failing, especially where the consequences of failure are significant.

C-59 puts the law back in play as a code of conduct, in a way that C-51 relaxed too much.  I think that is important. One might expect this of a law professor. But I cannot really think of any examples of where “the gloves are coming off” approach to security law and policy in a democracy has worked well.  It tends to produce outcomes that some future political leader needs to apologize for, after a commission of inquiry, disastrous court losses, public acrimony and a general erosion of public trust.

 

Administrative Burden: Better than the alternative

And that brings me to the administrative burden conversation.  C-59 will amp up the checks and balances in national security law considerably.  So considerably that Canada may well be back to where it was in 1984: a leader in this area.  Predictably, there will be anxiety that this will shackle responses, drain resources and infuse lawyers and overseers into the nitty-gritty of security work.  C-59 is, in some respects, the judicialization of intelligence that former CSIS director Jim Judd disliked a decade or so ago.

It is also consistent with developments in other Five Eye states, and even the French have new law in the area of intelligence. (The French, famously, have had little).  It is inevitable: as soon as you focus on security threat emanating from your civil society, intelligence starts to drift closer to police work.  And so, it needs to abide by at least some of those standards that guard police work (many of which echo those announced by Robert Peel in establishing the first police force in the 19th century).

The new systems could be impossibly bureaucratic.  Or they could be elegant and effective.  Much will turn on design, resourcing, staffing. Inattention on these issues will produce disasters: impairing necessary security conduct, done by cautious, risk-adverse services; and/or overpromising on accountability without delivering.

But I will say this: they are the quid pro quo to accomplishing that security expansion noted in the first four points of this blog.  C-59 should establish a regularized, professionalized system of checks and balances.  And whatever burden they impose, that would be dwarfed by the burden imposed by a creaky, inadequately constructed security system that lurches from scandal to commission of inquiry to judicial slap-down; with powers uncertain, planning interrupted by public controversy and all your staff-time devoted to appeasing a disgruntled Parliament, judge or commissioner.  In other words: the 2000s. I don’t know anyone (in any walk of life) that wants to go back to the scandal/response system of national security policy-making. That would be bad for security and rights.

 

Conclusion

In sum, C-59 is probably in, or near, the Goldilocks space between too hot and too cold. Which is not to say it is perfect, or that it fixes everything, or will please everyone.  For instance, the SCISA is not falling. (The author chuckles to himself.) And it isn’t to say we won’t suddenly discover a new concern in the 150 page document.

But based on about 5 readings of the full text and some deep dives on some of the more complex parts, it appears to be more carefully crafted than anything we’ve seen in this area in a long time – probably the 1988 Emergencies Act, and before that the 1984 CSIS Act.  That’s a good place to be, going into the parliamentary process.

Enhancing the National Security and Intelligence Committee of Parliamentarians: Reduxed and Reduced

My part of the joint submission that Kent Roach and I made yesterday to the Senate SECD committee, studying bill C-22, is posted here (just after the earlier Commons testimony).  C-22 creates a National Security and Intelligence Committee of Parliamentarians -- one that would be security-cleared and entitled to see (at least some) classified information.

Also included in my document is an updated table comparing the C-22 proposal to parliamentary review bodies in the United Kingdom, Australia and New Zealand.

Discerning readers will note that Kent Roach and I have, as the saying goes, "put water in the wine" relative to our position at the Commons. There, we called for full C-22 committee access to classified information. But we live in the real world: having had a kick at the can, it is clear that this level of access is not going to happen.

So at the senate, we proposed some modest compromise positions that we think might bridge the distance between the government and opposition. Such a bridge is unusually important here, with a body whose members will be those same parliamentarians. There needs to be a shared commitment and confidence in the body, or it will suffer from a failure to thrive. (See my discussion here. I really hope that rumours of an opposition boycott once the committee starts-up are exaggerated -- this is not a body so anemic in its powers that it should attract that treatment. Nor should any party use national security to triangulate on partisan advantage. That way, madness lies.)

There is now also a measure of urgency. This bill has been in Parliament almost a year. I have little doubt that the government could get a delayed bill through after a rumoured prorogation. But we are running down the parliamentary calendar. Not only will other matters compete for attention, but also it takes considerable time to stand-up a new review body. For instance, even with existing national security review bodies, training a new reviewer takes roughly a year. Starting from scratch means, among other things: determining & security-clearing the membership, finalizing the budget, hiring an executive director, hiring staff (and the body must be well staffed), security-clearing the staff, acquiring secure facilities, putting in place document handling safeguards, establishing protocols for information-sharing by the security agencies (and existing review bodies), establishing internal rules of procedure (including regulations governing that), setting review priorities and...starting actually to fulfil the committee's mandate.

We are talking years before this body is fully operational. We have two years until the next election. Doing all this in an election year would be a very bad idea. And then, during the election the committee ceases to exist, and after the election, its composition will change.

The current C-22 proposal isn't perfect. But even on first reading, it was better than the earlier government bill under the Martin government. After the Commons process, it is much better. It also compares favourably to the systems in other Westminster democracies.

The glass is three-quarters full. Perhaps three-quarters full of watered wine. But at least there is wine. Indeed, at least there is a glass.  Even water. The alternative is: vacuum.

Let's get this done.

C-22 National Security Committee of Parliamentarians Redux: The Good, the Bad, and Avoiding the Ugly

By all accounts, bill C-22 will complete third reading in the Commons next week and will be off to the Senate. But things have not been going all that well.

The Good

C-22 would create a security-cleared national security committee of parliamentarians (CoP). For the first time in Canadian history, parliamentarians who don’t also happen to be ministers would be entitled to access at least some classified information in reviewing Canada’s national security framework and activities.

This is a big deal.

For one thing, Canada is essentially alone among peer states in shutting parliamentarians entirely out of the secrecy tent. 

For another, this idea has been bandied about in one form or another in Canada since the early 1980s. All the official political parties have supported the idea at one point or another. Under the Martin government, an ad hoc parliamentary committee studied the matter and issued a comprehensive report.  The government itself released a detailed discussion paper.  And there was an actual bill introduced in Parliament – that then died with the Martin government.

So in reading what follows, it is important to keep a clear-eyed view of an essential truth: almost any (proverbial) loaf is better than the non-existent loaf we’ve had to date.  

Elsewhere, I have advanced arguments as to why a CoP is important.  But no one can reasonably claim it is a panacea.  No one can reasonably claim that even the most legally formidable CoP could burrow into the deep recesses of the security services and unearth facts that the security services were determined not to share. 

And so everything has always depended on a whole bucketful of good faith: Good faith that the security services are acutely aware that they depend on social licence and they operate in a system built on the rule of law. 

And good faith that a CoP will be something other than another venue in which partisan politicians will play piñata. That is, the CoP must be a place willing to embrace complexity, recognize wicked problems and grapple with nuance.

If you scoff at either of these good faith pre-requisites, then there is no point reading further. And in truth, the idea that parliamentarians could and would meet the good faith standard has been greeted very skeptically in a lot of different places over a good number of years.

In some large measure, C-22 constitutes a suspension of this worry.  And in large measure, that worry is superseded by realization that all of us (the security services included) would benefit from a more sophisticated parliamentary and public discussion of national security.

The Bad

But aspects of the worry lurk, and they explains the structure of C-22.

So where did we start on that structure?  Let’s be clear: even when first introduced in Parliament, C-22 was stronger than its Martin government predecessor.  And while there is some variation of opinion on this, I believed (and continue to believe) that on paper it was (and is) stronger than its Australian and UK analogues.[1] (Whether it will in practice depends on that intangible: the bucketful of good faith).

In other words, C-22 was (and is) at least a half loaf.  But, of course, any half loaf is…missing a half loaf.  And so the parliamentary process is where parliamentarians have a chance to consider a law project.  And I am grateful and appreciative when those parliamentarians call on those of us who are struggling to research and analyze these kind of things.

And so my views (expressed with colleagues) have been: good law project; important development in Canadian national security accountability; has shortcomings that can be fixed.  Put another way: C-22 was a Volkswagen, with some doubtful emissions control results.  With amendments, it could be a BMW.

Without rehearsing all of those shortcomings, the key issue has been: will the CoP have a sufficient entitlement to see the information it needs to do its job? For more on that question, see here.  My view has been that in its first reading version, there were excessive limits on the CoPs access to information that opened the door to too many roadblocks, even when everyone was operating in good faith.  That is because even people operating in good faith can disagree.  And good faith disagreements over sharing of classified information may be the biggest challenge in national security law and policy.  So it would be nice to obviate that inevitable problem by giving the CoP indisputable access.

When C-22 was vetted and amended at committee stage of enactment, we actually got there: full access, except Cabinet confidences. This put the CoP on the same footing as our existing expert review bodies for CSIS and CSE.  I think this is wise and justifiable (see here).

But the manner by which the legislative committee got to these amendments was, well, confusing and did not necessarily reflect the intent of all members of the committee. That is, there were politics in play. And so what had to that point seemed to me to be a very high-calibre legislative deliberation (reportedly) frayed into something less high-calibre.

Predictably, the government put back the legal restraints on access to information when the bill came back to the House on report stage.  Now to be clear: they didn’t put everything back.  They definitely headed in the right direction.  For one thing, they did not restore fully the list of automatic information exclusions.  For instance, military intelligence is no longer automatically excluded from CoP consideration.  But yes, CoP access to information can be carefully controlled by the executive.

And so the question is: what to do now?

Avoiding the Ugly

I’ll offer a few oblique thoughts, for what they’re worth.  Above all else, let’s cool the jets. C-22 is not like other laws.  With most other laws, politicians can irritate each other in Parliament, a bill can pass and the resulting law can still function. 

It can still function because it doesn’t depend on the same politicians now sitting on the institution created by the law, and making it work. 

The C-22 CoP is radically different.  A committee of parliamentarians born in partisan acrimony will die in partisan acrimony.  If the opposition parties see the CoP as a unilateral “Liberal project” bereft of any input attributable to their interventions, they will have no political incentive to seeing the CoP succeed. We may be able to overcome this kind of politics – the actual members of the CoP will not be brick-throwers from their parties. 

But the absence of cross-party buy-in and an accrual of partisan acrimony reduces the prospect that the CoP will work, at all.  The members of the C-22 CoP will need to consolidate around a shared mission, shared professional culture and shared mores of behaviour. 

And if they don’t then the skeptics will be proved right: parliamentarians should never be let anywhere near classified information.

So let me step even further outside of my lane: to get there, there needs to be water in everyone’s wine. The amendments that have been made since first reading close some gaps.  We aren't that far off from a compromise.

What precise changes would bridge the current political crevasse is a matter best left to those who can speak for their parties.  But surely, this is no longer a debate between Volkswagen and BMW.  Instead, we may be within reach of a nice Subaru Outback PZEV with the technology package. (Full disclosure: I have an Outback. It plows through snowy roads nicely).

And so the task shall fall to the Senate. It needs to find us an off-ramp from the impasse.  And along the way, it needs to be thinking about the day after C-22 becomes law. My key point in this essay of mixed metaphors: A parliamentary process that exhausts the stock of good faith needed to power a CoP cuts off the nose to spite the face.

 


[1]                 There is some element of apple and oranges in making this statement. And much depends on how you weight and offset differences in various areas. (For me, breadth of mandate and access to information are the two most important considerations. I also worry a lot about staff resourcing and coordination with the expert review bodies.) For a table that compares the systems in C-22 (as it was at first reading), UK, Australia and NZ, see here.

But to amplify on my view: I think the subject matter and the institutional remit of the C-22 committee is broader than the UK and Australian analogues. (Although Richard Bolto’s fascinating recent study suggests that Australian committee is increasingly able to review operation matters.)

Access to information appears likely to be better for the C-22 committee than the Australian committee – or at least there appear to be more checks and balances on denials.

It is probably a toss-up as to whether the general language in the UK Act on denying access to information is narrower or broader than the more detailed language in the C-22, but what I like about C-22 is that exclusions don’t reach such things as solicitor client privilege.

(In the UK, my sense is that the access to info is a negotiated outcome in some instances, and so it is hard to compare laws and determine what happens in practice. But what is really important is that UK exclusions from information are discretionary -- that is, the government consciously chooses to deny information.  In C-22, there is now a (shorter) list of mandatory exclusions. But that is still a problem: "We can't give you this information, the law stops us. Blame the law". Hard to evolve if that is the standard. Recrafting at least some of these automatic exclusions -- especially the one dealing with law enforcement -- into discretionary exclusions would be a good compromise and something to learn from the UK. Meanwhile, the MoU between the UK ISC and the UK Prime Minister suggests that agency power to deny UK ISC access to information will be exercised “very rarely”.  Hint, hint on where another line of compromise over C-22 might be drawn).

The C-22 regime has more built in efforts to try to web the expert bodies and the C-22 committee together.  On paper, there is more robust staffing powers in C-22. 

The post-2013 UK ISC has some attractive features not reflected in C-22, including the manner in which committee membership is determined.  My own view is that these are not all that consequential. 

For other comparisons that take a less positive view than I do in comparing the C-22 CoP and the UK ISC, see here and here.

 

Create a Strong National Security Committee of Parliamentarians: Our Views

Wesley Wark, Ron Atkey, Kent Roach and I have collaborated on a joint op-ed favouring the strong national security committee of parliamentarians produced by amendments to bill C-22 by the Commons standing committee.  We hope the government chooses to support those changes through the balance of the legislative process.  Our piece appeared in the Globe and Mail here.

Consolidated version of Bill C-22 now available

The consolidated version of the C-22 is now posted.  It now returns to the House on report stage where the plenary Commons will decide whether to accept the standing committee's amendments.

In a prior post, I offered thoughts on the Standing Committee amendments that give the C-22 committee more robust access to information. (Note I have tinkered with these views on review of the full consolidated version, and reversed a view in which I urged that the government could still resort to the Canada Evidence Act). 

At risk of rushing out another blog post during a busy time of term, let me suggest why I think the Standing Committee amendments strike an appropriate balance on granting the C-22 access to classified information.

The bill proposes security-clearing parliamentarians, surrendering their parliamentary privilege and binding them under the Security of Information Act.  These are dramatic safeguards that do not need, in my view, to be supplemented by more limited access to info than is possessed by Canada's existing review bodies, SIRC and OCSEC.  (It is radical from a comparative perspective to security-clear members of the legislative branch, and to subject opposition parliamentarians to intrusive assessments by the executive). Personally, I think these features are a reasonable quid pro quo, if those parliamentarians then have expansive access to info. And I think the SECU surgery accomplishes that. (And the a ministerial veto in 8(b) over some C-22 committee investigations persists -- it is more constrained with the amendments, but still exists.  This is a veto that does not exist for SIRC or OCSEC.)

I strongly suspect that this sort of full C-22 committee information access is not favoured in the security services – but so far, the only justifications that I hear for this view are a visceral “parliamentarians can’t be trusted” and a generally ill-explained “we need to walk before we run”.
 
I think these views discount the extent to which all the walking done in the UK context created a committee with a very mixed record, and a mixed reputation, especially in the immediate the aftermath of 9/11. That is: there is a consequence to setting up a weak system and expecting it to strengthen with time.

These views also discount the fact that our services (at least CSIS and CSE) are habituated to review in a way that wasn’t true in the UK prior to the ISC; being reviewed won’t be a novel experience, and we should be able to leapfrog the UK growing pains. 

And finally, I am just plain puzzled by the argument that parliamentarians are necessarily less trustworthy than say, the former politicians who have traditionally dominated SIRC appointments.  Everything will depend on the quality of the members, and since the PM still holds the ultimate power of appointment, I think that makes it possible to select as wisely as selections are done for SIRC (and ideally, more wisely, given the unfortunate selection in the last decade of a person who ended up passing away in a Panamanian prison). 

I think the experience elsewhere suggests that partisanship can be set aside, and parliamentary review committees don’t leak. 

Nor do I think that we will be so far out of sync with allies that they will balk. The notion that allies will rap Canadian knuckles is entirely a speculative and doubtful proposition, one that can be used in sort of a circular, lowest-common denominator manner to defeat accountability reform.  Different systems are...different. The US can hardly look at the proposed C-22 committee as more sweeping than its congressional oversight system.

And at any rate, different approaches haven't ruptured relations in the past: SIRC has access to third party foreign intelligence (both in law and, as I have confirmed in my inquiries, in practice), something that is not true in many other jurisdictions.  And yet, our relations with allies continue.  Likewise, our special advocate system (including the scope of information access) is likely more robust than the UK system (and doesn't exist in many other places). And yet the Five Eyes relationship continues.

In other words: I take with a large boulder of salt any view that Canada walks the plank if it creates a strong C-22 committee. On the other hand, I fear a Potemkin village if we create a committee that has the power to investigate, but not the information to do so properly.

I hope Parliament endorses the changes made at the Standing Committee.

Stronger Bill C-22 (National Security Committee of Parliamentarians) Goes Back to the House

ADDENDUM: Dec 13: Now that the full, consolidated version of the bill has been posted after committee study, I am thinking that the Canada Evidence Act s.38 argument voiced below is actually a weak one.  See the addendum below.  I am, however, leaving this post in its original form to benchmark my thinking (aka, memorialize my mistake).

 

The Standing Committee on Public Safety and National Security has now reported its amendments to bill C-22, the bill that would create a national security committee of parliamentarians. A number of these amendments are quite significant, but most significant: the amendments greatly constrain the capacity of the government to deny the C-22 committee access to classified information.

This is an important development. As introduced to the House by the government, bill C-22 placed what I have been calling a triple lock on the C-22 committee's access to information. This was a matter of concern, since access to information will be essential for the C-22 committee to perform its functions. There were a number of justifications for this triple-lock, a constraint that does not exist for Canada's two chief expert national security review bodies (SIRC and the CSE commissioner). But basically the justification for the C-22 committee's more limited information access boils down to this: parliamentarians needed to show they could be trusted with classified information.

Even if this suspicion is warranted (and I am suspicious of the suspicion), the triple lock was excessive. This is especially true given that C-22 committee members will be surrendering their parliamentary privileges and will be persons permanently bound by secrecy under the Security of Information Act (and therefore subject to criminal sanction for violating secrecy rules). 

The rolling back of the triple lock so that it, in essence, no longer exists and the C-22 committee is now on a common footing in terms of access to information with SIRC and the CSE commissioner I regard as a good thing, as not only does it remove the prospect of serious and debilitating bun fights over C-22 committee access to information, but it also makes coordination and collaboration with the expert review bodies much easier, at least in principle.  All are now equally into the secrecy tent. 

Still, that rolling back seems to have occurred through a puzzling procedure in the standing committee clause-by-clause review. I fear that some of the amendments may, therefore, be defeated by the government on report stage.

Let me suggest, however, that the government should be content with this standing committee outcome and should now appreciate that they retain a "nuclear" option in terms of controlling access to the secrets it really does not want shared with the C-22 committee: the Canada Evidence Act, s.38.

Among the amendments made by the standing committee is an emphatic power to compel production of information. I think it is even clearer, therefore, that investigations by the C-22 committee are "proceedings" under s.38 of the Canada Evidence Act.  And that means that the government could fight disclosure to the C-22 committee of information prejudicial to national security, defence or international relations in Federal Court.  More than that: it also could issue an Attorney General's certificate to block this disclosure to the C-22 committee should any body, including the Federal Court or the committee itself, order its disclosure.

This certificate constitutes a sweeping power, subject to only rudimentary appeal in the Federal Court of Appeal.  It was controversial when created in 2001 because of its reach.  And it certainly could be used to deny truly sensitive information to the C-22 committee (indeed I think it has fewer checks and balances than ideal).

Bottom line: the government lost its triple-lock on C-22 committee access to information, but it gained its nuclear bomb.

Thus, to suggest that the standing committee amendments went too far would be, in my view, an exaggerated concern.  I hope therefore that the amended C-22 passes muster at report stage.

 

Enhancing the National Security and Intelligence Committee of Parliamentarians

My part of a brief to the House of Commons Standing Committee on Public Safety and National Security, this paper endorses the proposed Canadian National Security and Intelligence Committee of Parliamentarians, but does so with an important caveat. In this last respect, it focuses on constraints imposed by bill C-22 on access by the committee to certain sorts of classified information. It raises concerns that these constraints may limit the effectiveness of the committee. Also contained in this document is annex comparing the proposed bill C-22 committee with analogues in the UK, Australia and New Zealand. The table in the annex includes details on: general features (such as membership and appointment); mandate and jurisdiction; reporting; access to information; and interface with expert review bodies.

Functions of parliamentary accountability in national security

Bill C-22, creating a National Security and Intelligence Committee of Parliamentarians is before the Commons committee for study this week. In prior posts, I have evaluated the pros and cons on this bill in writing and in video form. For a list of these and other resources, see here.

Oversight vs Review

One of the most confounding, recurring issues is whether this body should do real-time operational "oversight" (in the sense of command/control of the security services) or will be limited to ex post facto auditing of service conduct (what we call "review" in Canadian practice). The terms "oversight" and "review" are sometimes used interchangeably, but in Canadian practice they mean different things.

in conventional Canadian practice “oversight” has traditionally meant operational control and coordination of security and intelligence services, something that is very different than “review”. There is much misunderstanding, therefore, over who does or should do actual “oversight” in this classic sense. The general rule is: the executive. There is also a role for the courts to control security agency conduct through the warrant process. 

We do have serious structural problems in terms of oversight in Canada -- see ch 11 of False Security. But reform here means reforming the role of the courts and the executive.

Parliament and "oversight"

It does not mean giving Parliament an "oversight" role. Legislatures do not really do full oversight, in the command/control sense. And there are some good reasons for this. First, they would likely not be good at it -- a committee of parliamentarians signing-off on realtime operational decisions would create an unwieldy process at best. It would also risk politicizing the process. And indeed, in relation to police operations, it would trench on a concept that in Canada has possible constitutional imprimatur: police independence.We have intentionally created legal distance between police operational decisions and politicians for one key reason: avoiding a political police.

But more than that: if parliamentarians become part of the operational chain of command, they then become useless as reviewers. Their conduct becomes part of what must be reviewed. They will be hopelessly compromised in terms of holding the executive to account. This, in my view, is the single greatest reason to avoid true parliamentary oversight (in the command/control sense).

What about other countries?

It is very important to understand that these terms of “review” and “oversight” have different meanings in different places. When other countries talk about “oversight” they are often talking about what we in Canada would call “review”. And when people talk about the US Congress having an “oversight” role, they refer to bundle of functions performed by Congress and congressional committees quite different from what happens in many other countries, and also different from "oversight" in the Canadian sense. The congressional role includes classic legislative activities, such as passing laws governing the S&I community and approving expenditures. Congressional committees also review, in the sense of probing past conduct. And the US executive also gives some congressional committees advance notification of certain sensitive covert foreign operations by US agencies, which leads some to regard Congress as performing a sort of supervisory function. But in fact, this is still quite different from true operational command and control and coordination.

What about C-22?

The C-22 committee is intended as a review body. And that is entirely proper. Now, to be clear, this does not mean that operations have to be complete before a review commences. Review is capable of being close to real time, and I see the language of clause 8(b) as permitting review touching on on-going operations (which is probably why the government inserted a ministerial veto in this provision -- something that deserves debate).  (The language of "activities" in clause 8 is the common style in Canadian statutes of describing operations by, e.g., CSIS and CSE).

But this examination by the Committee, however real-time or close to real-time, will still be review: scrutiny of activities, not approval or control of them.

The key issue, in my opinion, is whether the Committee will have enough access to information to perform even this function effectively.

And that is where the debate on C-22 should focus. I think, personally, that the strictures on information will make the proposed committee an inadequate review body of operational activities. I could live with that if persuaded that existing expert review bodies will be recrafted to fill long-standing gaps in the Canadian review system. But if all we're going to end up with is the parliamentary committee and we persist with the sort of information limitations found in C-22, we should have modest expectations. I would then worry about the value-added on the C-22 committee in relation to any sort of review touching on operational activities.

 

Background Resources: Bill C-22 (National Security & Intelligence Committee of Parliamentarians)

As I write this, bill C-22 is being debated in the House of Commons, on second reading. Once that debate concludes, the bill will be referred to the relevant House of Commons committee -- presumptively, the Standing Committee on National Security and Public Safety (SECU). For those interested in the issue of the parliamentary role in national security "oversight" (as it is usually called -- although for technical reasons it is better described as "review" or "scrutiny"), I have assembled assorted resources here for ease of reference:

The Evolution of the Idea

Our analysis

And of course, to understand how parliamentary scrutiny fits into the "big picture" (of bill C-51, etc), you really should read that big, but very affordable book, written with verve: Forcese & Roach, False Security: The Radicalization of Canadian Anti-terrorism (Irwin Law, 2015).

Video primers (covering off some of the same terrain as our analyses)

Canada's Security & Intelligence Community after 9/11: Key Challenges and Conundrums

I have posted my latest paper here. It (briefly) canvasses a range of outstanding issues that have arisen in the organization of Canadian security and intelligence since 9/11. The abstract reads as follows:

The Canadian security & intelligence community’s historical development and scope reflect the country’s relatively favourable geopolitical circumstances. Since 9/11, anti-terrorism has been the country’s clear security priority, possibly to the point of ignoring other critical issues. Because responses to terrorism involve both criminal law and intelligence-led preemptive activities, Canada’s chief police and intelligence agencies now overlap in their investigations to a considerable degree, creating conundrums for both operations and accountability. This article traces the impact of these developments on the Canadian management of national security, and the institutional design of Canada’s S&I community and accountability mechanisms. It concludes with a series of questions Canadian policy makers must ponder in deciding how best to address Canada’s operational and accountability national security challenges.

10 Minute Primers: Detailed Overview of Proposed National Security & Intelligence Committee of Parliamentarians (Mandate and Challenges)

This is the second, brief explainer video on national security accountability review in Canada.  The first provided a general overview of the concept, and its structure in Canada. In this video, I focus more specifically on the National Security and Intelligence Committee of Parliamentarians proposed in Bill C-22 (as it exists after first reading in the House of Commons).  In the video, I raise concerns about the present limits on the Committee of Parliamentarians, and caution that while it is a marked improvement on the status quo and will make important contributions to "efficacy" review, I doubt it will be a robust review of the propriety of agency activities.  I spell out why that is, with a focus on the committee's access to information.

10 Minute Primer: Assessment of National Security and Intelligence Committee of Parliamentarians Functions from Craig Forcese on Vimeo.

10 Minute Primers: Review and Accountability in Canadian National Security

I have posted a new 10 minute (ok 12 minute) primer on review (which is often called "oversight") of national security and intelligence agencies in Canada, in the context of the new bill C-22 (creating a National Security and Intelligence Committee of Parliamentarians).  I have tried to do four things: 1. identify the justification for review; 2. identify our present challenges; 3. discuss the implications of bill C-22; 4. identify remaining gaps.  The paper co-authored with Kent Roach referred to at the end of the video is here.

 

Nutshell Primer: National Security Accountability Review in Canada from Craig Forcese on Vimeo.

Bridging the National Security Accountability Gap: A Three-Part System to Modernize Canada's Inadequate Review of National Security

As a follow up on our book (and particularly ch 12 and our recommendations in ch 14), Kent and I are releasing for comment our draft working paper on reformed national security review (sometimes called "oversight").  In the paper, we urge that Canada’s reformed national security accountability review structure be built on the model of a three-legged stool: first, a properly resourced and empowered committee of parliamentarians with robust access to secret information, charged primarily with strategic issues, including an emphasis on “efficacy” review; second, a consolidated and enhanced expert review body – a “super SIRC” – with all-of-government jurisdiction, capable of raising efficacy issues but charged primarily with “propriety” review; third, an independent monitor of national security law, built on the UK and Australian model, with robust access to secret information and charged with expert analysis of Canada’s proposed or actual anti‑terrorism and national security legislation.

The paper may be downloaded from the SSRN website (at this time, the "under review" stamp just means it is being integrated into the SSRN permanent collection).  Please share widely as we wish to attract a large audience of interested citizens, experts and stakeholders.  As noted at the paper's beginning, we intend to publish a final version (with TSAS), and welcome comments aimed at strengthening the paper.

New "RCMP Accountability, But... Act" coming into Force

Public Safety Minister Blaney announced today the coming into force of 2013's Enhancing Royal Canadian Mounted Police Accountability Act.  A substantial redrafting of the RCMP Act, the accountability measures in the amendments are an improvement, but come with important catches in the area of national security.  So, tongue in cheek, I have called this blog entry "RCMP Accountability, But... Act".

Readers will recall that the Arar Commission -- rapidly disappearing behind the taillights of inaction -- recommended a robust review body for the RCMP, with powers analogous to those of CSIS's Security Intelligence Review Committee (SIRC).  The key recommendations were an enhanced arm's length complaints (and also review) body which could a) self-initiate reviews on national security matters; b) investigate and report on complaints; c) conduct joint reviews with SIRC and the CSE commissioner; d) conduct reviews at the request of the public safety minister; e) conduct reviews into other government bodies on request of the governor in council (the new body was to extend beyond just the RCMP to include other, currently unreviewable bodies like CBSA); (f) make recommendations to ministers in the course of all these activities.  More than this, the body was to have (g) robust access to the information required for its job.

This is report card season.  And so measured against these recommendations, the new Civilian Review and Complaints Commission for the RCMP gets a D, mostly because of the information access nightmare it sets in  play and also because the government continues to resist the idea that accountability should be streamlined and coordinated, not stovepiped by agency.   Chart 1 gives the details:

Arar Recommendation

Actual Power

a) self-initiate reviews

B grade.  The power exists, but it is not as regularized as the equivalent review function of SIRC and is caveated with provisos about only doing this if there are sufficient resources.  In other words, this is painted as an extraordinary event, not a regular undertaking.

b) investigate and report on complaints;

A grade.  Looks fairly good, subject to concerns about information access in (g) below.

c) conduct joint reviews with SIRC and the CSE commissioner;

F grade.  While there is a language about collaborating with other police review entities, nothing about working with the national security review bodies.  In other words, the new Act misses the entire point of the Arar recommendations.  (For how I would propose fixing it, see the back end of this post.)

d) conduct reviews at the request of the public safety minister;

A grade.  Looks fairly decent, subject to concerns about information access in (g) below.

e) conduct reviews into other government bodies on request of the governor in council (the new body was to extend beyond just the RCMP to include other, currently unreviewable bodies like CBSA);

F grade.  The Commission’s mandate is limited to the RCMP.  Other powerful agencies – not least the CBSA – sail about still without any review body at all.  Very bad news.

f) make recommendations to ministers in the course of all these activities. 

A grade.  Where there is a review, recommendations can be made.

g) full access to information

D- grade.  Herein lies the rub.  The Arar commission envisaged the Commission having SIRC-like access to information (that is, basically unalloyed, at least in principle).  The Act improves on its predecessor, surely, but in the realm of so-called “privileged” information (including that most material to national security matters), it allows the RCMP to resist disclosure on the basis that the information is irrelevant or unnecessary, whatever that means (in the eyes of the Commissioner).  This then provokes a complicated adjudication process by a retired judge.  And after seven years, an endless administrative process, several judicial review applications, and millions of dollars expended in Canada v. Canada cases, maybe the Commission gets the information and the review/investigation can continue.  Or maybe not.  This is not the SIRC model.  At best it is SIRC-lite, or maybe even SIRC-less. 

 

Because of the shortcomings in the information access area, every other improvement in the system risks being illusory. 

A last observation stems from another Arar commission recommendation: "Appointments of [Commission] members should be aimed at inspiring public confidence and trust in their judgment and experience. Appointees should be highly-regarded individuals with a stature similar to SIRC appointees."  Strong agencies with weak appointees are only as strong as their appointees.  Weak agencies with strong appointees can be stronger than their legislative framework.  Ten years post-Arar, SIRC is not a model for uncontroversial and confidence-inspiring appointees, and an even weaker model for proper staffing and financing levels.  Overall, the record of watchdog appointees over the life of the current government is checkered: some very good, some horrific. 

So the final question: who will these commissioners be, and will they be adequately resourced? Unless they are rock-solid, and well-financed and staffed, then the already structurally-imperfect Enhancing Royal Canadian Mounted Police Accountability Act will be empty legal formalism.

Accountability Challenges, Post-Arar

Draft Speaking Notes [from which I did depart to speak more extemporaneously, with probably mixed results]

Conference: Arar +10: National Security and Human Rights a Decade Later

Panel: Accountability and Review

Oct 29, 2014

Our accountability system clearly groans in its efforts to keep pace with increasingly large scale and integrated security operations.  SIRC chairs resign in controversy.  It remains understaffed, and deserving of more resources.  The latest SIRC report suggests all is not well with the CSIS cooperation with its review body.  SIRC and the CSEC commissioner coordinate, but are reportedly criticized by the security services when they make moves to deepen their coordination.  Other important and powerful agencies -- such as CBSA -- wander about without any review at all.  Parliamentarians are blind and often oblivious, and no legislated committee of parliamentarians has attracted government support despite private members bills calling for such measures.

I believe that review bodies need to be staffed earnestly with at least some experts and at least some with legal training.  Their membership needs to be staffed completely, not as a partial roster, and on a full time basis and with resources to spare.  (Right now there are three parttime SIRC members with 17 employees, give or take, to review CSIS, in its entirety.) 

More than this, Parliamentarians must be made relevant by enacting law projects like Bill C-622.  Among other things, this law project would create a legislated committee of parliamentarians with substantial review authority to consider otherwise secret information.

And I also urge that the government enact the Arar recommendations, from the policy report.  These recommendations are now ancient – they stem from a distant era before there were even iPhones, let along iPads.  It is difficult to cast one’s mind back that far.  But they are still relevant.

To wit:

Recommendation 1: Existing accountability mechanisms for the RCMP’s national security activities should be improved by putting in place an independent, arm’s-length review and complaints mechanism with enhanced powers.

[Amplified by Recommendations 2-8]

Developments here have been unsatisfactory. The model on the table [enacted but not in force] falls far short of Justice O’Connor recommendations – allowing access to special operational information, but where relevance is contested by the RCMP only through a complex adjudication overseen by a retired judge.  In other words, power anemic as compared to CSIS’s review body, SIRC. [For a discussion of this issue, with reference to an earlier version of the provisions ultimately enacted in Bill C-42, see here.]

Recommendation 9:  There should be independent review, including complaint investigation and self-initiated review, for the national security activities of the Canada Border Services Agency, Citizenship and Immigration Canada, Transport Canada, the Financial Transactions and Reports Analysis Centre of Canada and Foreign Affairs and International Trade Canada.

No action.  CBSA, if anything, has swelled in importance since the Arar inquiry, with new citizenship revocation powers now on the books (and CBSA now potentially invested in that process and in the others than constitute a “whole of government” anti-terrorism strategy).

Recommendation 11: The government should establish statutory gateways among the national security review bodies, including ICRA, in order to provide for the exchange of information, referral of investigations, conduct of joint investigations and coordination in the preparation of reports.

[Amplified by Recommendation 12]

Again, no action.  And as noted, media reports suggest that whatever modest efforts review bodies have undertaken to coordinate has been questioned by the security service who resist any prospect of secret information flowing between review agencies.  Review remains dangerously stovepiped, even as security intelligence efforts are directed at becoming more seamless.   And domestic coordination is one thing – I have seen no indication that serious international collaboration between review bodies exist, despite the five eyes relationship that webs Canada in a network of intelligence sharing.

I doubt I have to work hard to sell this audience on the notion that all this inaction is bad.  So let me end with this one thought, quoting from Justice Mosley’s famous 2013 condemnation of CSIS’s workaround on extraterritorial surveillance.  Here, at issue was the practice of enlisting allied intelligence agencies in surveilling Canadians located overseas.  Justice Mosley only learned of this practice – supposedly authorized by his warrant – through the reports of the review bodies.  But those review bodies themselves misunderstood the legal authority under which CSIS was operating.

Justice Mosley wrote “SIRC is operating under the mistaken impression that the warrants issued by this Court authorize the collection of intercepts respecting Canadian persons by foreign agencies. In doing so, the Court is associated with the concern identified by SIRC that the ability of a Five Eyes partner to act independently on CSIS originated information carries the risk of the detention of or other harm to a Canadian person based on that information. Both Commissioner Décary and SIRC have recognized in their reports the hazards related to the lack of control over intelligence information once it has been shared. Given the unfortunate history of information sharing with foreign agencies over the past decade and the reviews conducted by several Royal Commissions there can be no question that the Canadian agencies are aware of those hazards. It appears to me that they are using the warrants as authorization to assume those risks.”

This decision, in nutshell underscore that the dangers of intelligence sharing in the post-Arar context have not disappeared – and indeed become more acute no that we have moved from rendition to drones missile strikes – and that coordination of the oversight functions (via warrant) of the courts and the review functions of review bodies is, at best, haphazard and approximate.  Accidental accountability of this sort is not sustainable.  Well beyond time for those “statutory gateways among the national security review bodies”.