Good afternoon, and welcome.
I'm calling to order this meeting of the Standing Committee on Public Safety and National Security, which is our 42nd meeting of the 42nd Parliament.
We are continuing our study of Bill , an act to establish the national security and intelligence committee of parliamentarians and to make consequential amendments to other acts that are implicated.
We welcome Stephanie Carvin, assistant professor at The Norman Paterson School of International Affairs, and her class, which is with her today, both for learning, hopefully, and for moral support.
Thank you for joining us at our committee meeting today.
Justice John Major was meant to be a witness today as well; however, our time is Eastern Standard Time, and he is on Mountain Time, which puts him two hours out. We may be able to track him down, but if not, we will reschedule him at another meeting.
We will begin with Ms. Carvin. You have 10 minutes, and then the committee will ask you questions.
I thank the committee for inviting me to speak today.
Before I begin, I would, in the interest of disclosure, state that from 2012 until 2015 I worked as an intelligence analyst with the Government of Canada. My views are shaped by this experience, as well as my academic research on national security issues.
However, with regard to the matter at hand, Bill and the question of intelligence oversight and review, I would like to speak to issues that have been somewhat less prominent. My presentation will therefore proceed in two parts. First, I will address three issues that I believe the committee should consider as this bill goes forward: efficacy review of intelligence analysis; counter-intelligence and foreign influence; and, communications with the public. Second, I will provide four recommendations.
The first issue is efficacy review and intelligence analysis. I am presenting these remarks almost two weeks after it was discovered that the CSIS operational data analysis centre, or ODAC, had illegally kept metadata and conducted assessments with it. While this issue largely refers to data collection and retention, it also speaks to the role of intelligence analysis within the Government of Canada.
We have frequently heard that CSIS's early 1980s mandate no longer reflects technological realities, but intelligence analysis was never discussed in the first place. Other than noting in subsection 12(1) that the service
shall report to and advise the Government of Canada
on national security threats, the role of intelligence analysis is barely given any consideration in the CSIS Act. There is no guidance as to how this role should be done, how intelligence should support operations, or in what way advice is to be given. There is no formal or consistent intelligence analysis review.
In short, there is little accountability within much of the intelligence community as to the delivery of intelligence products, how these products are produced, or whether those products are delivered in a timely manner. Additionally, there is no way of knowing how intelligence products are used, or if they adequately support internal operations or policy-making. Further, there is also no way of knowing if analysts have the proper equipment, tools, or training they need in order to produce their assessments.
I believe the committee proposed in Bill can play a role in helping to address these issues by becoming the first body dedicated to intelligence analysis efficacy review in Canada.
Second, thus far the discussion around reform of our intelligence agencies and oversight has largely referred to terrorism and surveillance, not espionage or foreign influence activities. Counter-intelligence work requires a different set of skills and activities than counter-terrorism does. For example, counter-intelligence activities can have an impact on foreign policy, and vice versa.
Therefore, the proposed committee could assess how well our foreign policy and national security agencies coordinate their activities, or whether intelligence services should be more frank regarding the activities of foreign governments on Canadian soil. Without a doubt, it is challenging to air these issues in public; espionage and foreign influence can be a source of diplomatic headaches and embarrassment. Nevertheless, they should not be left out of the conversation and the consideration of Parliament as Bill goes forward. This is especially the case as investigating these issues may require going outside the intelligence community in Canada as traditionally defined.
Third, the proposed committee has the potential to be one of the most important communication tools the government has with regard to providing Canadians information on national security. Unfortunately, at present, there are very few ways in which security agencies are able or willing to communicate with the broader public. Worse, in recent years, it has been a trend for national security agencies to publish their reports infrequently or erratically. For example, CSIS has not produced an annual—now a biennial—public report since May 2015, which covered the period of 2013-14. Public Safety Canada's public report on the terrorist threat, the sole multi-agency report on threat activity in Canada, appears on a more regular basis, but does not cover non-terrorism-related activity.
It is my hope that the committee's report will help remedy this gap and become a powerful communication tool that can help improve knowledge and generate trust. I see this manifesting in two ways.
First, it could become a central source of information on the current threat environment that Canada faces. That this would come from our elected parliamentarians would in my opinion contribute to an overall improvement in the understanding of national security issues in Canada. Second, an honest assessment of activities of our security agencies will generate confidence that our national security services are operating within the letter and spirit of the law.
For the second part of my presentation, I will now present four recommendations.
First, it is imperative that Parliament consider the wider context in which Bill 's committee will exist and the broader roles it can play in generating trust. Oversight and review of national security agencies is and should be the fundamental focus of the proposed committee; however, I would encourage parliamentarians to think broadly about the role it may play in communicating information and building trust.
Second, with regard to analysis, the committee should, as a part of its mandate, ensure the quality and timeliness of intelligence analysis to support the government and policy-making by holding the executives of national security agencies accountable. Additionally, it should also include review of innovative techniques, such as big data analytics. This would of course require a secretariat that is knowledgeable about these issues and that could advise committee members. This will help transform intelligence analysis from a second thought to core activities supporting policy-makers.
Third, while it might have to be done behind closed doors, the issues of counter-intelligence, foreign influence, and cyber-intrusions need to be given greater consideration in terms of how the committee will handle its mandate. This includes ensuring that these operations are well coordinated with other agencies and departments such as Global Affairs Canada, which might shape the scope and mandate of the proposed committee.
Fourth, the committee should be required to publish its findings every 365 days without exception. Everyone sitting here today knows how easy it is for government reports to fall through the cracks and miss deadlines. Nevertheless, as I have already stated, the committee's report will be a crucial tool in communicating to Canadians. The more frank and honest these reports are, the better informed the debate over measures to counter Canada's national security threats will be.
In this sense, I'm very much supportive of MP 's proposals regarding the committee, as stated in his speech to the House on September 27.
Thank you for your time. I'm happy to answer any questions or hear any comments you may have.
Thank you for being here, Madam Carvin. Marco stole almost my entire thunder, but I'm going to build on—
Mr. Marco Mendicino: Sorry.
Hon. Tony Clement: No, no. We were thinking along the same lines.
In my seven minutes, I want to engage with you on the practicalities of this.
This is going to be a committee of parliamentarians, parliamentarians who have other things to do in their lives, such as other committees to be on, or travelling around the country and sometimes around the world. Then we have this very specific role that you have identified in terms of the importance that it has. You've said that we have to get into data analytics and cybersecurity and that our findings have to be timely.
In your mind, how does that actually work? How are we going to be qualitatively able to do this? Also, what's the interaction? You mentioned the secretariat, and I'd like you to build upon that a little bit, but what's the interaction? How does this work? We're not there 24/7.
It's an open-ended question.
Thank you very much. I appreciate it.
I think it speaks to the issue of how over even the last five years we have seen this transition to where everyone is talking about big data. I know that the intelligence services are also struggling with big data, and not just for the reasons we saw last week, controversially, but also for cultural reasons. People who were from the first classes of CSIS, perhaps, don't understand how big data or Bayesian statistics work.
What I think we need is a kind of cultural shift. In terms of this particular committee, you're going to need to have a secretariat that is familiar with data analysis and analytic techniques generally. When I was an analyst, we used to talk about structured analytic techniques—that was one way—but it's also about having just a broad understanding of the way the intelligence cycle works. Third, it's about having some kind of background, hopefully, in how big data can be used and how it can support.
You wouldn't necessarily have to be an expert in it but be familiar enough with it so that if you saw it you would know what you were looking at. This is why I'm so pleased that the bill has considered a secretariat that could support the work.
There is one thing I neglected to say. I did mean to congratulate the parliamentarians here. I can sometimes be a harsh critic of government, but I think the debate over this bill has been excellent, and I think the feedback on it has been constructive. As someone who observes these events and teaches about them, I think it's been absolutely wonderful. I want to make sure that I put that in the testimony.
With regard to the suggestions of Murray Rankin, I believe they're very good. In particular, to reiterate, I think his proposals on the committee's report are essential and should be incorporated.
With regard to paragraph 8(b), speaking as someone who has worked in a classified environment, I can understand the concern. In my notes that I have here, for the second part of the sentence, I believe there needs to be more guidance, if nothing else, where it says:
unless the appropriate Minister determines that the review would be injurious to national security
I can understand why that line is there. If there is an imminent arrest or an imminent investigation, I can understand why you would need to perhaps say, okay, just hold on for a minute. That being said, I think it behooves the committee to put more guidance on that particular clause, perhaps by stipulating the conditions when that would be an appropriate move to make. Right now, I would agree with you that it seems to be unclear.
Professor Carvin, thank you for your service as an analyst, and thank you for being here and for bringing your amazing students.
Justice Major, it's an honour to have you with us.
My questioning has two themes. One is to explore the nature of building trust, because I think public trust in government is one of the strongest assets that this committee is aimed at. I would like to get your views and a bit more detail on that. My second interest is in the relationship with defence issues. I serve on the Standing Committee on National Defence as well, and I think there are clear overlaps, and some teasing out of the details might be helpful.
I want to begin, Professor Carvin, by asking you, just generally, what do Canadians think and feel about national security? How up to speed are they? I know that there are a lot of things in the headlines, but understanding.... My anecdotal assessment is often not as detailed as it needs to be to fully harness or understand the opportunity that this committee represents. What challenges are there on the side of the Canadian public's understanding, and how can this committee work to close that gap?
I wasn't speaking to the issue of sharing information with other countries specifically, but as you're asking that question, there are issues such as the foreign traveller issue. This has become a real issue. We have to work with other democracies and other countries in Europe as we look at the flow of travellers, for example, who are joining the Islamic State. I strongly suspect that those numbers are down, given the losses that the Islamic State has experienced, but that said, they often travel through Europe and countries like this. We need to be able to partner and work better with these countries.
The challenge is that no country likes giving information on their citizens. No country really likes exchanging names. What we've seen increasingly, particularly given Canada's experience in the 2000s with regard to some of the inquiries, is that more and more caveats are being attached to information and trying to have better systems in place and more regular communication going forward.
In some cases, it has proven to be very helpful. For example, there was the case of young girls from Toronto who were trying to go to the Islamic State, and they were stopped in Turkey. You must have some kind of coordinated information sharing.
This is a really great issue that I think parliamentarians on this committee could look at in terms of trying to help the security services find guidance and balance. I could add just one more thing to that, if I may. I think there's a perception in Canada that security services don't want more regulation or oversight. I can't stress to you how much that it's simply not the case. They want guidelines. They want to know where the boundaries are, so they don't cross them. I think this parliamentary committee could work with the security services on these challenging issues, such as sharing information.
I agree with the premise of your question. That's going to benefit everyone going forward.
Justice Major and Ms. Carvin, you have the bill before you. If we could turn to clause 14, I want to start with paragraph 14(e). That's
information relating directly to an ongoing investigation carried out by a law enforcement agency that may lead to a prosecution.
In the operation of clause 14, if it falls within these categories, it's excluded de facto. My worry here is that when we had the minister before us, we spoke about the bully pulpit. Where information is refused, the committee can actually refer to that information in the report and use that as a bully pulpit, but if it falls within clause 14, it's going to be very difficult to use the bully pulpit, because the minister can say, “Well, I'm obliged by the legislation.”
When we had Professors Roach and Forcese in front of us, Justice Major, and they in fact said that an ongoing investigation carried out by a law enforcement agency would in fact include the Air India bombing, because there's still an active investigation. I would put it to you that when we talk about access to information, should we have the provision of paragraph 14(e) in the act as an exclusion without any refusal related to “injurious to national security”? There's not that additional factor that exists in clause 16, and without any reasons provided by the minister.
Yes. Thank you, Chair. I just have one question, so I won't use up too much of that indulgence.
Justice Major, you spoke of the Prime Minister's ability to redact the report, that component of the bill. We have an amendment that, in what we see as the minimum standard, would make that report to at least be clear on where and by whom it was redacted. If I could just, with your indulgence, read the the key component of the amendment, that would be helpful. I'll paraphrase as much as I can.
If the committee has been directed by the Prime Minister to submit “a revised version”, under subclause 21(5), we say that “the report laid before each House of Parliament must be clearly identified as a revised version and must indicate the extent of, and reason for, the revision”. For us, despite the fact that we have issues with the definitions of what can be redacted and the subjectiveness of it, that is the minimum required to at least ensure that Canadians know the motivation behind “the use of the Sharpie”, if you'll allow me that turn of phrase. Perhaps I could quickly get your thoughts on that.
Thank you, Mr. Chair. My remarks will take a bit less than 10 minutes.
I would like to first of all thank you and the committee for inviting me here today as a representative of the commission. Mr. Evans is the senior director of operations of the commission.
I welcome the opportunity to share my views on the proposed legislation and the role of expert review bodies.
As you know, in 2014, amendments to the RCMP Act resulted in the creation of the Civilian Review and Complaints Commission. At that time, the commission’s mandate was expanded beyond public complaints to include systemic reviews of RCMP activities to ensure they are carried out in accordance with legislation, regulations, ministerial direction, or any policy, procedure, or guideline.
The commission now has the ability to review any RCMP activity without having a complaint from the public or linking it to member conduct.
We are currently undertaking two such systemic reviews: one into workplace harassment, at the request of the , and the other, which I initiated, into the RCMP’s implementation of the relevant recommendations contained in the report of the commission of inquiry into the actions of Canadian officials in relation to Maher Arar. The RCMP’s national security activities came under intense scrutiny during the O’Connor commission of inquiry. As such, I felt it was important to undertake an independent review of the RCMP’s implementation of Justice O’Connor’s recommendations.
As a key component of Canada’s security and intelligence framework, enhancing the accountability and transparency of the RCMP’s national security activities is the ultimate goal of the CRCC review. The commission’s review is examining six key areas based on the relevant recommendations of Justice O’Connor, namely: centralization and coordination of RCMP national security activities; the RCMP’s use of border lookouts; the role of the RCMP when Canadians are detained abroad; RCMP information sharing with foreign entities; RCMP domestic information sharing; and, training of RCMP members in national security operations.
The review is ongoing at this time, and it requires the examination of sensitive and classified information. Given that some experts and observers have previously raised concerns regarding whether the commission would get access to privileged information, it is important to note that we have reviewed classified material made available by the RCMP.
Upon completion of the investigation, a report will be provided to the and the Commissioner of the RCMP. A version of the report will also be made public.
This ongoing investigation highlights the key role of the CRCC in reviewing RCMP national security activities. I believe that the expert review provided by the CRCC and its counterparts, including SIRC and the Office of the CSE Commissioner, will be complementary to the work of a committee of parliamentarians.
This bill highlights the critical role of parliamentarians in the national security accountability framework, while acknowledging the contribution of expert review bodies. In that regard, I look forward to a collaborative working relationship with the committee.
Thank you for giving me this opportunity to share my thoughts.
Chair and honourable members, I am pleased to appear before this committee on the subject of Bill . I am accompanied by Mr. Bill Galbraith, the executive director of my office.
Before I make a few remarks about the bill this committee is examining, and since this is my first appearance before this committee, I will very briefly describe the role of my office.
You have my biographical note and a summary of my mandate, so I won’t go over them here, but I would like to say that I have found that my decades-long experience as a judge has stood me in very good stead in more than three years as CSE Commissioner.
Being a retired or supernumerary judge of a superior court is a requirement set out in the National Defence Act, the legislation that mandates both my office and the Communications Security Establishment.
The CSE Commissioner is independent and arm’s length from government. My office has its own budget granted by Parliament.
I have all the powers under Part II of the Inquiries Act which gives me full access to all CSE facilities, files, systems and personnel, including the power of subpoena, should that be necessary.
The commissioner's external, independent role, focused on CSE, assists the , who is responsible for CSE, in his accountability to Parliament, and ultimately to Canadians, for that agency.
Let me turn now to Bill .
I have stated on numerous occasions that a greater engagement of parliamentarians in national security accountability is indeed welcome.
In particular, following the disclosures by Edward Snowden of stolen classified information from the U.S. National Security Agency and its partners, including CSE, the public trust in the intelligence agencies, and in the review or oversight mechanisms, was called into question. Those disclosures dramatically changed the public debate.
I believe that a security-cleared committee, along with the expert review bodies, such as my office and that of my colleagues at the Security Intelligence Review Committee, SIRC, which reviews the activities of the CSIS, along with the Civilian Review and Complaints Commission—the CRCC—for the RCMP, headed by Mr. McPhail, can provide a strong complementary and comprehensive framework for accountability of security and intelligence activities and can indeed enhance transparency.
I believe this committee will help restore and enhance public trust, but it will not be without challenges. Historically, the CSE commissioner was rarely invited to appear before parliamentary committees and the work of my office may not have received its full due. The committee of parliamentarians may help to focus attention on the important work of the expert review bodies. My office and I look forward to working with the committee and its secretariat.
For maximum effectiveness, however, the respective roles of the committee of parliamentarians and of the expert review bodies must be well defined, to avoid duplication of effort and wasting resources. In my view, this is of paramount importance.
Avoiding duplication was an obvious theme and I was pleased to see it stated in the bill, in clause 9 entitled “Cooperation”. The words are straightforward but we will have to work closely with the committee secretariat to ensure this happens in practice. The objectives, to my mind, are to ensure comprehensive overall review and encourage as much transparency as possible.
I have some thoughts on how we might begin a productive relationship with the committee and its secretariat. Perhaps we can explore this issue during our question period.
There are, however, some points that should be discussed. I have a number of observations about various parts of the bill. The three-part mandate of the committee, provided for in clause 8 of the bill, is very broad in relating to any activity that includes operations as well as administrative, legislative, and other matters. As written, this will be another reason why we must work closely with the committee from the outset to ensure the rules are defined in practice, and not just to avoid duplication, but to ensure complementarity.
I am not privy to the government’s intentions with respect to this broad approach. However, the combination of this three-part mandate could adversely impact the effectiveness of the secretariat’s work. The committee will have to establish its priorities. And again, this is where the committee and the review bodies can work closely together for effective overall accountability.
What is clear is that the government wants to have a review of the national security and intelligence activities of those agencies and departments not currently subject to review. It is critical for effective review to maintain the capacity for expert review that we have now and to develop it for those agencies and departments not currently subject to review. This could be done by establishing another review body or bodies, or dividing them among the existing review bodies. The committee of parliamentarians will, I expect, turn its attention to this issue.
As I read the bill in its current form, it is clear that the committee does not have the same freedom of access as my office or, for that matter, as SIRC. In paragraph 8(b) the committee can review “any activity” that relates to national security and intelligence “unless the appropriate Minister determines” otherwise. This provides a potential restriction on what the committee may or may not see.
This is where I believe the complementarity between the committee and the existing review bodies comes in, with reassurance that the latter have unfettered access to the agencies they review. The gap is the departments and agencies not yet subject to review.
In conclusion, I would suggest a couple of small changes to provide clarity, and I could provide these in writing subsequently, if you so wish, Mr. Chair.
Thank you for this opportunity to appear before you today. My executive director and I would be pleased to answer your questions.
I want to get back to what was described by previous deponents as the “triple lock” that is found in the legislation in clause 8, in clause 14, and in one other clause. I want to get a sense from the witnesses of how reasonable that is.
The triple lock means that you have these clauses that make it clear that the mandate of the committee can be circumscribed if there's a national security issue, something “injurious to national security”, as it says in clause 8. Then we have the whole kitchen sink list in clause 14 of things that cannot be before the committee, and the refusal of information. I guess clause 16 is the other one, which incorporates by reference the Security of Information Act. This has been described to this committee already as a triple lock on the ability of the committee to do its job.
I'm speaking as a member of the previous government, and we didn't want to have this committee in the first place, but it seems to me that if you're going to go to the trouble of having the committee, it should be a committee that is actually able and capable of doing something. This was described in negative terms by the deponents, Professor Kent Roach amongst others, as a triple lock.
Monsieur Plouffe, obviously you're the commissioner of an agency, and Mr. McPhail, you've dealt with these kinds of reviews in the past. There's a balance to be struck, and I get that, but how do we strike the right balance? Obviously, no one around this table wants to do something injurious to national security, Lord forbid. At the same time, if I may say so, all parliamentarians are honourable people, and they're busy people, so to have us go through the genuflection of having a committee without having a real committee seems to me to be a waste of time.
I would like to have your thoughts on this matter, gentlemen.
I have one quick question for Mr. Plouffe, but I think it's an important one.
CSEC is an integral part of our national security establishment and deals with a much higher level of technology than most government departments, and overseeing mathematicians and cryptographers whose full-time job is obfuscation is necessarily difficult. It's one thing to have total access to everything; it's another to interpret that data. In signals intelligence, data mining, and so forth, and in the deliberate compromising of targeted machines, who conducts the accountability code audits?
To give you an example of what I'm wondering about, WIRED magazine reported that last year the Kaspersky Lab turned up a pretty fascinating operation called the “Equation Group” that remotely flashed hard-drive firmware and is believed to come from a Five Eyes partner of the National Security Agency. This is low-level assembly language-type work and requires very specific expertise.
What processes are in place to interpret this level of sophistication in oversight capacity, and how is it achieved or how could it be achieved?