threat reduction

How does CSIS threat reduction work?

As I write this, I am still hoping the government will be introducing legislation in Parliament before the summer recess responsive to its promise to reform the "problematic" aspects of Bill C-51 (2015). One of the most controversial aspects of C-51 were new powers given to CSIS to engage in "threat reduction" measures, and especially powers to break any Canadian law and breach the Charter, where pre-authorized by Federal Court warrant.

I am not among those who thinks CSIS should have no threat reduction powers. But I am among those who thinks there is no credible basis for the sweep of powers codified by C-51. As discussed at length in False Security, the untextured language in C-51 opens the door to inevitable legal challenges (especially the idea that CSIS could be pre-authorized in a secret, unappealable judicial process to breach each and every Charter right).  It also compounds problems of confliction with police anti-terror investigations.  Those operational challenges are discussed also in a blog posting here. (That posting may also serve as a refresher in relation to the threat reduction power).

To their credit, CSIS and RCMP clearly appreciate the risks involved. CSIS and RCMP has concluded a protocol -- called One Vision 2.0 -- that augments the level of inter-agency deconfliction. It has some useful features that could minimize the downstream effect of CSIS activities on prosecutions. (Even if CSIS may be immunized from prosecution where it operates pursuant to a lawful threat reduction power, its activities may still be raised as abuse of process as part of a defence by a target, should that target ever be charged with, e.g., a terrorism crime. That has happened even for the police, when they properly exercise their Criminal Code s.25.1 powers to violate the law in the course of an investigation. See R v JJ, 2010 ONSC 735 at paras 282 and 302, leave to appeal refused, [2010] SCCA No 161).

CSIS and Global Affairs also have their own memorandum of understanding on CSIS threat reduction conducted outside of Canada (which is permitted under the bill C-51 framework).

And a mostly-redacted ministerial direction may include language on how CSIS is to deliberate with other government agencies before doing threat reduction.

I say "may" because CSIS operational policy document I obtained under Access to Information suggests it does.  Though deeply redacted as well, this document has some interesting features, which I thought worth canvassing in this blog entry.

Mandatory Government Consultation

The policy says, consistent with ministerial direction, "consultation with GoC partners, including the Royal Canadian Mounted Police (RCMP), DFATD [now Global Affairs] and others as appropriate, will occur prior to seeking approval to undertake s.12.1 measures".  This is especially true for CSIS anti-terror investigations (that is, investigations relating to s.2(c) threats to the security of Canada): "The RCMP must be consulted on all s.12.1 measures for all investigations in relation to s.2(c) of the CSIS Act and others as appropriate".

Global Affairs, for its part, "will be consulted on s.12.1 measures that are assessed as having potential foreign policy implications".

These seem like obvious steps, but my sense is that close synergies between departments to make sure responses are coordinated and do not act at cross purposes has been a work in progress, and a renewed priority since at least 2014. CSIS's more aggressive post-C-51 powers make it urgent to get this right, or watch CSIS operations scuttle prosecutions.

Last Best Tool

There is also language stating that CSIS employees must "consider the range of national security tools available to respond to threats to the security of Canada; the use of s.12.1 measures in an additional tool". I think this language could be stronger, but the theme is a good one: threat reduction is an extreme measure. Disruption may, notoriously, go sideways and prompt unforeseen blowback. Preserving it as a "in case of emergency, break glass" power should be the order of the day.


An inevitable conundrum created by C-51's inelegant structure is the question of when CSIS needs a court warrant prior to conducting threat reduction. The current language is this: "The Service shall not take measures to reduce a threat to the security of Canada if those measures will contravene a right or freedom guaranteed by the Canadian Charter of Rights and Freedoms or will be contrary to other Canadian law, unless the Service is authorized to take them by a warrant issued under section 21.1." 

It follows that a warrant is required where a measures will (not might) contravene a right or freedom under the Charter or be contrary to "other" Canadian law.

"Will" is a high threshold. "Other" law is a big universe. So much will depend on legal advice. The CSIS procedural document specifies that CSIS "will consult with CSIS Department of Legal Services (DLS) to determine if a warrant may be required".

Based on what we know at present, CSIS has conducted threat reduction a few dozen times since 2015. It has never sought a warrant, meaning CSIS and its lawyers concluded that the threat reduction did not meet this "will" contravene Canadian law standard.

My issue is: who will audit this legal advice? Will SIRC have the in-house capacity to review legal advice?  Is there a "red team"?

Consider this example: CSIS concludes that individuals may be radicalizing to violence under the sway of a charismatic figure. (Research suggests that such figures can be pivotal.) Absent, though, a basis for criminal charges or a peace bond or some such thing, there is no legal restraint that can be imposed on the figure. And so CSIS decides to disrupt by engaging in, well, false news. It undermines the credibility of the figure by, say, spreading rumours among his followers that the leader is a fornicator, liar, swindler (whatever).

Does CSIS need a warrant? I would say: "yes".  Rumours like this -- if untrue -- are defamation. Defamation is contrary to "other" Canadian law -- the common law. But would CSIS and its lawyers read the law in this manner and seek a warrant?

Another example: CSIS engages in any threat reduction in a foreign country without the permission of the territorial state.  Does CSIS require a warrant?  I would say "yes". The extraterritorial exercise by a state of "enforcement jurisdiction" (basically any state power) without consent on the territory of another state is a violation of customary international law. Customary international law is part of the common law of Canada, unless displace by statute. There is no such displacement, not least since Parliament is presumed to legislate in conformity with international law. (To the extent displacement of international law exists in the CSIS Act, it comes only under court warrant: a court may authorize a breach of foreign or other -- as in, international -- law, under s.21.1(4). But the Act says nothing about CSIS breaching customary international law unilaterally). And so CSIS conduct is "contrary" to "other" Canadian law. (See discussion here, and the longer discussion here.)

Would CSIS and its lawyers read the law in this manner? I don't know. Do they have international lawyers working with them on this?  Would GAC lawyers be "read in" on the operation to this level?

All of this is to say: I wonder how we will tell whether CSIS is getting the warrants it should be getting.

Assessing CSIS's new Bill C-51 "threat reduction" powers: Observations on the SIRC report

Last week, the Security Intelligence Review Committee (SIRC) issued its annual report – the first covering a period during which C-51 was in effect. That report includes an initial assessment of CSIS’s “threat reduction” activities.

What is Threat Reduction?

“Threat reduction” refers to the new powers Bill C-51 gave CSIS to take “measure” to reduce threats to the security of Canada. With Bill C-51, CSIS is now expressly authorized to “take measures, within or outside Canada, to reduce” very broadly defined “threats to the security of Canada.”

The only categorical restriction on CSIS’s threat reduction powers is that such measures must not intentionally or by criminal negligence cause death or bodily harm, violate sexual integrity, or willfully obstruct justice.[1] CSIS must also believe that the measures are “reasonable and proportional in the circumstances, having regard to the nature of the threat, the nature of the measures and the reasonable availability of other means to reduce the threat.”

Where authorized by Federal Court warrant, the CSIS “measures” may even “contravene a right or freedom guaranteed by the Canadian Charter of Rights and Freedoms” or may be “contrary to other Canadian law.” Judges must determine that such violations are reasonable and proportional when issuing the warrant.

Key Concerns

Summarized briefly, Kent Roach and I have urged that these new powers suffer from two overarching flaws:

  1. First, their outer limit is too extreme, especially given that we are talking about covert conduct intended never to be assessed in open court. Particularly egregious (and in our view, unconstitutional) is the notion that a warrant can authorize a Charter breach. (Such a supposition is inconsistent both with the nature and manner of conventional search and arrest warrants, and the workings of section 1 of the Charter.)
  2. Second, authorizing CSIS to engage in threat disruption compounds the risk of “confliction” between police and CSIS. CSIS threat reduction under Bill C-51 preserves the historical distance between police and CSIS, allowing CSIS to exercise parallel powers outside the regular legal system, potentially in violation of the regular law and constitutionalized human rights. We have argued repeatedly that the logic of Bill C-51’s threat reduction powers is driven by a steady unwillingness to web more closely police and CSIS anti-terrorism, largely because of our unwillingness/inability (depending on to whom you speak) to address the “intelligence-to-evidence” conundrum. We believe that the RCMP/CSIS parallel investigation approach applied to threat reduction is both unsustainable, and potentially dangerous as it encourages the fallacy that Canada can disrupt – in the sense of temporarily interrupt – threats without skillful deployment of criminal justice tools. This raises the prospect that Canada will be drawn into a system of whack-a-mole disruption with no real end-game.

SIRC on Threat Reduction

SIRC’s job is not (and never has been) to assess the wisdom of the laws governing CSIS. But its report is helpful, nevertheless. The SIRC report suggests that problem number 1 has yet to arise because CSIS has opted for abstinence in relation to the extremes its new powers permit. This, of course, is a good thing – and if anything reaffirms our view that CSIS does not need a law that permits such extremes, and indeed those extremes are not echoed in jurisdictions that the government says it is emulating (like the United Kingdom, discussed below).

As to problem 2, the SIRC report points to prudential measures the minister of public safety and CSIS have put into place to guard against road collisions. This is a positive development – and the revamped CSIS/RCMP protocol, One Vision 2.0, includes promising language about preemptive notification by CSIS to the RCMP of threat reduction activities, and then a coordinated decision-making process. 

And there are elemental standards about maintaining records, since the target of the threat reduction activities may ultimately become the subject of a criminal prosecution. Again, this is positive. A patchy or problematic paper trail or one crafted without attention to disclosure obligations is exactly the sort of thing that would be instant fodder for a disclosure dispute in court, and possibly the genesis for an abuse of process holding by the judge, cratering the case. 

So CSIS is apparently coming around to the view that, in relation to threat reduction especially, it must conduct itself with at least some consideration to the downstream impact on criminal prosecutions. That is, it is in the evidence business.  

How this will work at the tactical level is, however, a mystery – that material is redacted from the copy of the One Vision 2.0 released under Access to Information. Tactical level deconfliction is where the risk of things going amiss will be higher – the Nuttall matter is an illustration of how complicated the RCMP/CSIS interface can be and then how ill-considered RCMP tactical level decision-making can scupper a criminal case.

We must also be conscious that partially secret internal directives come and go, and have come and gone without anyone outside government knowing it.

Next Steps

On top of renovation to roll back the extremes of the new CSIS powers, we support, therefore, entrenching into law a strong criminal justice orientation in the decision-making around threat reduction. This could be accomplished by strengthening the language in the C-51 amended CSIS Act. That language currently indicates that threat reduction must be prefaced by consideration “the reasonable availability of other means to reduce the threat”. The issue, properly conceived, is not whether CSIS itself has other means; the issue is whether other government agencies – and specifically the police – are better positioned to reduce the threat. Language could easily be added that obliges CSIS to take close account and orient its efforts in support of the sort of criminal justice tools. Lawful disruption supportive of criminal justice approaches should be the default, with any departures carefully circumscribed.

Indeed, we note with interest that MI5 (CSIS’s UK analogue and an agency whose conduct the government repeatedly invoked in defence of C-51’s changes) is all about disruption through criminal justice tools. MI5 uses the term “disruption” to describe “actions we take to manage risks posed by [Subjects of Interest] or networks.”[2] These take the form of “short term tactical disruptions (e.g., prosecution for road tax evasion) to major covert operational activities aimed at arresting and imprisoning an individual”.[3] Critically, therefore, disruption in the UK context appears to be different from CSIS threat reduction powers: MI5 disruption is not a parallel system of state power, exercised outside the confines of the regular law by a clandestine agency. Instead, it is closely linked to law enforcement.  As described by the UK Parliament’s Intelligence and Security Committee, a specialized oversight body:

MI5 and the police work closely together when considering potential disruption opportunities. Usually MI5 will request that the police provide support through a-pointing a Senior Investigating Officer (SIO) who will assist in the management of the investigation, lead the police interaction and develop a joint tactical strategy with MI5. This management process is then usually formalized through a Joint Operational Team (JOT), comprising an MI5 lead, police SIO and specialists from MI5, the police or any other relevant agency.[4]

Put another way, disruption for MI5 means working closely with police and disrupting security threats through use of the law, especially criminal justice.  Of note, the close MI5/police relationship has sometimes been credited with the United Kingdom’s comparative success since 7/7 in staving off major terror attacks.

Codifying this approach in the CSIS Act (along with serious progress in solving intelligence-to-evidence) would go a considerable distance in relieving concern number 2, noted above, and would facilitate important efforts to legislatively roll-back the extremes noted in concern number 1.


[1]           CSIS Act, ss 12.1 and 12.2.

[2]           UK Intelligence and Security Committee, Report on the intelligence related to the murder of Fusilier Lee Rigby (25 November 2014) at 47, online:

[3]           Ibid.

[4]           Ibid.