Thank you, Mr. Chair. Thank you to the committee for inviting me to appear before you today.
In particular, I will be focusing my comments on the government’s Green Paper, which was recently released. We will present our formal response to Public Safety by December 1. In the meantime, I am happy to provide preliminary comments, in the hope these may be helpful as you prepare to engage with Canadians in several cities across the country.
The stated purpose of the Green Paper is to prompt discussion and debate about Canada’s national security framework, which is broader than the reforms brought about by Bill . I fully support the need to review the entire legislative framework, not just the changes brought about by Bill C-51. But to do that in a comprehensive way, the focus cannot be only on addressing challenges faced by national security and law enforcement agencies. It must also take into account legislative changes and other developments that have had an impact on human rights, including international information sharing and the need to adopt rules to prevent another tragedy like the one lived by Maher Arar.
In order to ensure our laws adapt to current realities, it is important to consider all that we have learned since 2001, including the revelations of Edward Snowden regarding government information gathering and sharing activities, as well as other known risks regarding the protection of privacy and human rights, including those identified during commissions of inquiry. Obviously, we must also consider recent terrorist threats and incidents.
In my public statements on Bill , I expressed significant concern with the broad information sharing authorized by the Security of Canada Information Sharing Act. I warned that the lowering of thresholds for sharing could lead to large amounts of personal information on law-abiding citizens being disclosed. Edward Snowden demonstrated how government surveillance powers can be used on a massive scale. Unfortunately, there is nothing in the Green Paper that addresses the lowering of legal standards for information sharing.
When Bill was tabled, the government maintained SCISA was necessary because some federal agencies lacked clear legal authority to share information related to national security. The Green Paper addresses complexity around sharing, which can prevent information from getting to the right institution in time. These references to the complexity of the old law do not clearly explain its shortcomings. Situations where there is no legal authority for sharing information related to national security can be identified, but so far they have not. I strongly urge this committee to ask specific questions on the subject. A clearer articulation of the problems with the previous law would help define a proportionate solution.
The green paper speaks of the challenges of law enforcement getting access to what it calls “basic subscriber information”, which is cast as relatively innocuous on the premise that it does not include the contents of communications. There has been extensive work done by my officials and other technical experts that finds that this subscriber information, or metadata, is far from benign. Daniel Weitzner, who founded the Internet Policy Research Initiative at MIT, considers metadata to be “arguably more revealing [than content] because it's actually much easier to analyze the patterns in a large universe of metadata and correlate them with real-world events than it is to go through a semantic analysis of all of someone's email and all of someone's telephone calls.”
The GCHQ, the British signals intelligence agency, has publicly stated that metadata is more revealing for intelligence purposes than the content of communications. If, as the green paper suggests, new legislation is to be informed by the privacy expectations Canadians have about metadata, Canadians should be clearly advised of the personal information metadata can reveal about them.
The green paper presents a scenario in which a police officer wants to obtain metadata from an Internet service provider but is unable to do so when the investigation is still in its early stages, and there is not enough information to convince a judge to provide authorization. While we appreciate that it might be useful information to have “at the outset of an investigation”, as it says in the green paper, it is unclear to us why neither the evidentiary threshold required to obtain judicial authorization via production order or warrant nor the exigent circumstances exception articulated in R. v. Spencer can be met.
I should add that preservation orders can be obtained on a reasonable grounds to suspect threshold, a very low standard indeed. In that context, we would urge the committee to probe government for precise explanations of why current thresholds are unreasonable and why administrative authorizations to obtain metadata, rather than judicial authorizations, sufficiently protect charter rights.
Encryption, another issue raised in the discussion paper, represents a particularly difficult dilemma. On the one hand, as a technological tool, it is extremely important, even essential, for the protection of personal information in the digital world. On the other hand, as a legal matter, individuals who use it and companies that offer it to their customers are also subject to laws and judicial warrants that may require access to personal information where legitimately needed in cases in which public safety is at risk. Ultimately, the issue is whether it is possible to enable authorized access for the state without creating technological vulnerabilities imperilling the privacy of significant numbers of ordinary citizens. Where it is not possible to do this, I think it is important to ask which of these two important public interests should prevail. We expect to have more to say on this by December.
The green paper lists accountability mechanisms, including ministerial oversight, judicial review, Parliament, and review by independent bodies of experts. On the issue of parliamentary review, I would note that Bill , which proposes to create the national security and intelligence committee of parliamentarians, fills the need for democratic accountability and brings us into alignment with other western democracies. I would note, however, that many agencies that have a role to play in national security or public safety are not currently subject to any independent expert review. This is an omission that, in my view, needs to be addressed.
As I mentioned, my office will be submitting a formal written response to this green paper once we've fully analyzed some of its newer proposals. In the meantime, I would be happy to answer any questions you may have. For instance, I think it would be important to discuss how monitoring of the Internet to prevent radicalization should not create a climate such that ordinary Canadians feel they cannot enjoy fundamental freedoms.
Thank you very much, and I look forward to your questions.
Chair, and members of the committee, it's my pleasure to have the opportunity to present my views on the government's green paper on national security, and the online consultations that Canadians are invited to take part in.
I will focus my brief introductory remarks on the following four issues: the significance and importance of consulting Canadians on national security issues, proposals for utilizing the consultation process, the green paper, and some problems with the green paper.
The first is on the importance of consulting Canadians. All democratic societies seek to establish what is often called a balance between protecting the security of the state and its citizens, and protecting civil liberties. The search for such a balance cannot be left in the hands of government alone. It requires democratic engagement, and ultimately is based on a perception of democratic legitimacy. The Canadian practice for too long has been based on a notion of paternalistic governance on national security matters, rooted in requirements of near absolute citizen trust, in exaggerated concerns about protecting secrets, and assumptions about the inability of our society to fully grasp or even respond well to national security challenges: government knows best.
This set of attitudes is fundamentally outdated, and has been eroded, in particular by the rise of new security threats in the aftermath of the end of the Cold War, and with the ascendency of global terrorism post-9/11. There are new expectations around citizen knowledge and engagement in discussions on national security that must be met.
When last in power, the Liberals issued Canada's first-ever national security strategy, in April 2004. It was an important effort at public education but proved to be an unfortunate one-off. Now the Liberal government has gone a step further and decided to engage in public consultations about Canadians' views on the effective construction of a balance of security and rights protections, framed in part in response to a very divisive parliamentary and public debate around the previous government's introduction of new anti-terrorism measures in Bill .
I fully support the principle of public consultations on national security, particularly in the aftermath of Bill . I'm also hopeful that these consultations can have a real impact, in two ways: first in terms of an improved public understanding of national security threats and responses; and, second, in terms of improved government legislation and policy. I do not accept the view that these consultations are an empty forum designed with a purely political objective in mind. If we decide, as some in the media would like, that public consultations and national security are a form of ragging the puck, then we are truly in a sad shape as a democracy.
The second issue, to raise it very briefly, is a question of how best to utilize the consultation process. A public consultation exercise on national security is historically unprecedented in Canada and has no counterpart that I'm aware of among our close allies. It is an experiment with an unknowable outcome. The government may well find that public responses exceed its expectations, at least in quantity. The Minister of Public Safety has recently stated that some 7,000 responses have already been logged, and there remain two further months before the online consultation is closed. The government has said it intends to use the consultations as a means to improve both policy and legislation, but has provided few details about how it proposes to handle the consultation material.
I would like to see two developments. One is for the government to create an independent expert advisory panel to study the public inputs and come up with their own summary and recommendations. I regard this as important to ensure that, in addition to the expertise provided by their officials, the government can hear other knowledgeable and diverse perspectives. The second desire is for the government to commit to producing a white paper on national security, a new national security strategy out of the green paper process. Beyond that, as part of a transparency initiative, I would like to see it commit to a regular process for the issuance of national security strategy statements to Parliament and the Canadian public. My hope, of course, is that the committee might endorse these ideas.
With regard to the green paper, green papers, as I'm sure you all are aware, are meant to be policy-relevant studies that consider a range of options or scenarios but do not indicate intended policy. The government's green paper entitled “Our Security, Our Rights” was publicly released on September 8, 2016, after a long and difficult internal birth. It comes in two forms: the shorter document, numbering 21 pages, and a longer background document weighing in at 73 pages. In addition, Canadians are encouraged to consult the terrorism threat statement issued just prior to the release of the green paper. The green paper itself was produced by a task force headed by the assistant deputy minister for national and cyber security at the Department of Public Safety and was conducted as an in-house exercise.
The green paper addresses 10 issue areas, to promote, as the minister's foreword indicates, a “framework that upholds both security and rights”. I'm going to very briefly break down these 10 issue areas.
The first two deal with accountability and prevention, and these address Liberal campaign promises. The next four, threat reduction, information sharing, the passenger protect program, and Criminal Code terrorism measures directly address issues raised by the debates around Bill .
There are two further issues around procedures for listing terrorist entities and terrorist financing. The background to their appearance in the green paper is a mystery to me, and I don't regard either of them as particularly amenable to public discussion. They're very technical and perhaps non-controversial.
The final two issues raised are what we might call unresolved and challenging legacy problems. “Investigative Capabilities in a Digital World” revisits a stalled legislative and public debate over what we have long described as lawful access. The intelligence and evidence problem dates back to the decision to create CSIS in 1984 and to separate security intelligence from police work. It was studied more recently and intensively, of course, in the context of Justice Major's Air India inquiry and report.
I would judge at least eight of the 10 issues worthy of public debate. They are both framework issues and, in some cases, directly relate to current anti-terrorism legislation. Of the eight issues identified, the most forward looking concerns investigative capabilities in a digital world. Canada needs a new approach to digital security and digital intelligence gathering, but one that must be embedded in strong privacy and rights protections. On the digital intelligence gathering side, we need a better understanding of metadata collection powers as exercised by Canadian intelligence agencies and of the use of social media intelligence, which is now widespread, and we need better controls to ensure privacy.
I do have some regrets about the green paper's construction. I think it narrows the frame of public discussion too much by its focus on terrorism-related threats alone. The green paper also fails to deliver enough information about the organization of the Canadian security and intelligence community and about the existing capabilities that that community possesses to deal with threats. We cannot find a balance between security and rights in Canada unless our knowledge is sufficiently well balanced to include an understanding of threats, an understanding of available responses to threats, and an understanding of rights.
To conclude, let me turn to some problems I've identified with the green paper itself.
The shorter version of the green paper presents itself as scrupulously neutral and asks very general questions in its conclusion. The longer background document suggests more of an effort to steer the public conversation through selective attention and raises questions, in my mind at least, about the degree to which the government has already made up its mind or been captured by official advice on some issues.
It is important, I think, that the government really listen to the consultation exercise and keep an open mind about policy and legislation in this very complex field. I see some problems in terms of potential closed-mindedness and bureaucratic capture in the following areas.
On accountability, the green paper does not sufficiently address the problems with the existing system of independent external review of security and intelligence agencies, and it does not address the questions of transparency, public education, and sustaining public knowledge.
On prevention, experts will caution against an over-commitment to a theory about radicalization to violence that does not fully reflect the research that has been done to date and may be a problematic concept in other ways.
On threat reduction, the green paper does not ask fundamental questions about whether threat reduction capabilities in the form created by Bill are needed and who should have the power to deploy them. It makes no distinctions between the very different circumstances of threat reduction activities at home and threat reduction operations abroad.
On domestic national security information sharing, no effort at all is made to genuinely question the changed definition at the heart of SCISA, the Security of Canada Information Sharing Act, which was part 1 of , and that changed definition shifted from, as you will know, section two of the CSIS Act, “threats to the security of Canada”, which has been long our understanding, to something different and admittedly broader called “undermining the security of Canada”.
On passenger protect, Canadians need a commitment to transparency around the no-fly list so that fears of it burgeoning out of size and control can be allayed. I do not mean absolute transparency but an annual reporting of global, anonymized figures for the SATA list, plus more publicly available information about how the SATA list is actually built.
On investigative capabilities in a digital world, this is an important conversation that we need to build into the discussion of controls around metadata collection and the use of social media intelligence.
On intelligence and evidence, it's important to understand this issue is a matter that extends well beyond legal considerations, to include our historical context and the relationship, in particular, between the RCMP and CSIS.
I have not enlarged on any of these concerns but would be happy to address them in questions. I would hope to have a future opportunity to discuss these issues with the committee, particularly when specific amendments to Bill , or new policies and legislation see the light of day.
First of all, I think that probably all Canadians would agree that if we can in Canada, we want to avoid the problems the Americans have had with their own multiplicity of no-fly lists, border lists, watch-lists, and so on, which is a machine which is truly out of control. It impacts on Canada, to the extent that Canadians can be caught up in various American lists.
We share information with the United States and other allies. One of the problems I think around the way in which Bill deals with enhancements to the passenger protect program, which I think were necessary but I think can be fine-tuned in revised legislation, is that the whole regime for information sharing with allies, in terms of what we will share and under what circumstances, is not clearly spelled out in a way that it needs to be spelled out.
As I say, I think it would be an important exercise in public reassurance and transparency for the minister in charge, the Minister of Public Safety, to actually publish an annual report simply indicating the number of individuals on the passenger protect list. It's not naming names, but just indicating the number, so that Canadians don't feel that this list is out of control, too large, or that they don't have another kind of suspicion, that it's too small and the government is not doing their work.
I think that would be an important measure, and it's also an important measure of control and accountability. That's one of the things I would like to see. I think there are other ways in which the passenger protect provisions of Bill can be improved, including the responsibilities that the minister has to respond to appeals to be taken off the list. That is a very awkward piece of drafting at the moment in Bill C-51.
It's an excellent question, sir, and I think it would be difficult for perhaps either of us to give you a truly fine-grained, evidence-based answer to your question. I have views on this, and they're views of long standing that have evolved since 9/11.
I think the first thing that has to be said is that what I call Canadian literacy on national security issues is low. This is not the fault of Canadians themselves. I place the fault squarely at the feet of governments for failing to educate and inform Canadians adequately about national security threats and the kind of response capacity we have to them. I'm hoping that the new Liberal government will change that pattern of past behaviour, and perhaps the green paper is one sign that they truly intend to do so. But I think it has to be systematically done.
I've often responded to media questions whenever there's a terrorist incident or a prevented terrorist plot in Canada. The question is often about how Canadians have responded. My anecdotal feeling about that—and that's all it is—is that Canadian society has shown remarkable degrees of resilience. We haven't faced, fortunately, too many real or prevented terrorist plots since 9/11. But in the instances where we have faced such attacks, as in the Parliament Hill attack, or in Quebec, or things like the Aaron Driver affair, and other conspiracies that have been prevented by law enforcement and intelligence work, I don't see signs of Canadian overreaction or Canadian panic or Canadian misunderstanding of the circumstances. Nor do I see the opposite, which is what is often asked particularly by outside observers of Canada, which is whether Canada is too complacent a country about these kinds of issues.
I think we have, and are capable of having, a mature conversation on national security threats. The challenge for us in having that conversation is that while terrorist and other threats are real, we're not at the epicentre of these threats. We can be impacted by them any minute of the day, but we're not at the epicentre. We're not a European country directly facing the degree of threat that a country like France, for example, or Germany or Italy might. We're not the United States. But we are a country that can be affected by these threats. It's a bit more difficult to judge the reality.
Going forward—and I'll end on this point—I think it's vital that we begin to have a larger conversation about national security. We have been, for the past decade, focused on terrorism as a threat and, from time to time, that's a good focus, but I think it's insufficiently broad for the kind of conversation we have to have going forward. We face other kinds of very significant national security threats that we have to have a national conversation about, including cyber-threats, including the security implications of climate change now and in the future, which are going to impact us and global society. So, the sooner we start having a conversation that is about more than just terrorism, the better off we'll be. I'm sure that Canadian society is capable of having that conversation.