Interventions in Committee
RSS feed based on search criteria Export search results - CSV (plain text) Export search results - XML
Add search criteria
Michael Day
View Michael Day Profile
Michael Day
2018-02-15 10:59
Thank you very much, ladies and gentlemen. I appreciate the opportunity to speak in front of this committee.
First, let me say how encouraged I am that Canada, in the space of just a handful of years, has had two bills on national security. Content notwithstanding, the actual debate we're having helps improve...including the choices that we will be deliberately making as a country to either diminish or enhance our security, and I accept that there's a trade-off.
I come at this issue not just from my time in uniform in our special forces community, but also having been the senior uniformed officer responsible for international security in the Department of National Defence as well as being the chief strategic planner. Subsequent to my retirement, I have remained involved in this area, specifically working in the high-tech sector as well as in academia.
As part of the broader issue, I would wish to have my opening comments focused on three specific challenges. First of all is the trade-off between privacy and security, between the charter and the reasonable measures to protect Canadians. This is not, from my perspective obviously, a binary issue, or one that should be looked at as absolutes, but rather a dynamic relationship that should remain constantly under review. We should embrace that tension as opposed to pretending it doesn't exist, with a conversation being seen to have value in and of itself.
Second, there are the unavoidable challenges that are presented with dealing with intelligence and admissible evidence, quality information. This includes the provision of a coherent picture to policy makers. No policy or law will be able to solve this conundrum, however, better processes and deliberate case-by-case choices can be made to better inform our way ahead. I believe those are lacking. I believe this starts with a more coherent, joined up, centrally directed intelligence construct, which is mirrored in other countries, but quite frankly, not fully realized here in Canada. I'll address this a little later. Although this will be debated by many, the gap can be simply defined by the lack of one accountable minister—who is not the Prime Minister—in one department, responsible for the synthesis of a national perspective. The current construct through PCO lacks both authority and reach but most certainly process. The consequences are that we have government officials, both elected and unelected, who are not privy to a complete whole-of-government intelligence assessment, and vulnerabilities ensue as a consequence.
Lastly, we have a cultural blindness as a consequence of the quality of life that we all enjoy. To be sure, that's a double-edged sword, but the willingness to think of others, that they might share our values, our practices, essentially our way of life, is foolhardy. I vacillate, of course, between despair and admiration at this ability to ignore the realities of the world as I've experienced it. I won't be proposing any solution to that issue.
In this first instance, I would want to see a process that is able to flex and contract on a case-by-case basis. I do recognize there are embedded processes within the Government of Canada machinery. I believe them to be inadequate. This space should be defined by a non-political entity, likely expanding on the current judicial processes we have at the moment. In particular, I believe this must be informed by certain rules that trade off the automaticity of an action being appropriate or not with a deliberate set of decisions. Although there are some basic constructs that allow for warrants for certain actions, I don't believe this receives the attention or the expertise that is warranted in a holistic sense. We have a great judiciary, we have a great rule of law, and I believe the solution is in this space.
Lastly, in this area I consider it to be the requirement for whatever process adopted to remain in camera so as to protect that information, which leads me to my second point. By necessity, there's an overlap between various members of the security and intelligence community here in the machinery of government. We need better coordination, not merely information. Too often, even post-Maher, there remain gaps between how information and intelligence are manned in this domain. As an aside, I think it is tremendously important to distinguish between the two—information and intelligence. Although various individuals claim we are addressing this, I would remind this committee, as I'm sure you know, that this claim has been repeated by various officials in various governments for decades now. No good solutions have been reached, in my opinion.
When making this body of knowledge prosecutable, we need to do better. Although recognizing the hue and cry that will result, in some instances, it may mean, or continue to mean, a court process that is not transparent to the general public. These are the types of trade-offs that I believe are necessary. It's not a good solution. In fact, it may be a bad solution, but it's not the worst solution. In fact, it may be the best of a number of bad solutions. We are living in the worst solution, which is that we don't appear to address it at all. Implementation of independent monitors, etc., or any additional process may be considered as part of that solutions space.
With regard to electronic surveillance and security, I admit to an incredulity at either the inability or naïveté of Canadians in general, and quite frankly, the government in particular, accepting that there must be rules and policies surrounding these activities. It has shocked me. Over the last four or five years, I've worked a lot in the cyber domain. It's shocking to me how little effect successive governments have had in addressing the cyber-threats that this country faces on a daily basis. The vulnerability of our energy grid, the financial sector, among others, and the lack of a government-wide set of policies and legislation to enforce compliance leads me to believe that we are living in a country that is now fully compromised by foreign actors at the state and non-state level.
A voluntary system will not work, as a vulnerability by one is a vulnerability to all, in fact. The CSE legal mandate is a good and useful step, but it's only part of the picture. I am a strong believer that mass surveillance metadata, not individual surveillance or collecting individual information, and the power of directed and non-directed machine learning are critical to embrace and to better understand the space in which we are working. Lacking this, we will fall further behind.
Turning briefly to accountability and functionality in the government, I would cite the most recent report by the U.S. director of national intelligence, which is a significantly different role than the proposed commissioner of the intelligence, whose mandate falls well outside of my area of expertise and understanding, although it does appear to me to be a very good step. Although the current intelligent assessment secretariat fulfills some of the functionality of DNI, it falls short. Focused on the provision of intelligence to the Prime Minister and given its position in the Privy Council Office, it lacks the appropriate authorities to direct, as well as the degree of ministerial accountability needed. We have no minister responsible for this and no such equivalent director of intelligence. There is no mandate and therefore, the function is not served.
It seems to me that much of the public debate on the bill in question, C-59, is about legal mandates, compliance, oversight, and governance. I don't wish to imply that this isn't needed, let alone value added, but rather suggest that the necessity of this conversation should not be mistaken for sufficiency. By itself, the debate on those issues is insufficient.
In a rapidly changing world, an equal amount of discussion should be given to the efficacy of the security and intelligence agencies and supporting departments, how well they work together, how rapidly they are able to, not just respond in the moment, but adjust to changing threats, etc.
As a criticism, I could argue that one would say the jealous safeguarding of mandates authorities—or more crudely put, turf battles—will be argued by any number of officials who will come in front of this committee. I would posit that you would be fooling yourself to believe that those turf battles aren't actively fought on a daily basis and therefore, inhibit a fuller, broader understanding of the threats that we face and the actions that we can take in response. However, I was strongly and tremendously encouraged to see Ms. Rennie Marcoux appointed as the executive director of the committee proposed. She is a true intelligence professional, but this is a separate function, and I do not mislead myself into believing that replaces the proposed DNI, which I would support. This is a gap that needs attention.
Furthermore, not being in government at the moment, I do remain uninformed about how the interaction between that commission and PCO, the assistant secretary of security intelligence, and the national security advisor will all work together, reminding ourselves that the PCO answers only to the PMO and there's no accountable minister, let alone mandate, and therefore, no real authority besides that which is practised, but not enforced.
In addressing the oversight committee I believe I noted with concern that in some instances the committee—and I stand to be corrected on this—would not have access to certain intelligence. I think I've read that in some of the critiques. To be very clear, for lack of a better term, I believe that to be admittedly stupid. The committee should have access to any and all documentation seen and used by the intelligence committee regardless of the originator controls. Anything less makes a mockery of oversight. Decisions will be made. Actions will be initiated based on that foreign-based intelligence.
There is a need to continue to force the interaction most especially between the intelligence and security agencies and associated departments. I'm convinced that Bill C-59 is a good step forward, but it needs to be enlarged in processes and interactions, and an accountable minister appointed.
I'd be more than happy to talk about threats and other processes during our Q and A.
Thank you very much.
Stephanie Carvin
View Stephanie Carvin Profile
Stephanie Carvin
2017-12-05 8:47
I'd like to thank the committee for inviting me to speak on Bill C-59, the most comprehensive and far-reaching reform to national security in Canada since 1984. I would like emphasize that I am not a lawyer. However, I do have experience working in national security and intelligence, and I study this area for a living. Indeed, in the interest of transparency, I would like to state that from 2012 to 2015, I worked at the Canadian Security Intelligence Service as a strategic analyst.
My comments are, of course, my own, but they're informed by my research and experience as the national security landscape in Canada has evolved in a relatively short period of time. All of this is to say that today my comments will be focused on the scope of this bill and will address some of the areas that I believe this committee needs to, at the very least, consider as it makes recommendations.
First and foremost, I wish to express my support for this bill. I believe it contains four important steps that are essential for Canadian national security and the functions of our national security agencies.
First, it provides clarity as to the powers of our national security agencies. There's no better example of this than part 3, the CSE act, which gives our national signals intelligence agency statutory standing and spells out its mandate and procedures to a reasonable extent. Given that the first mention of this agency in law was the 2001 Anti-terrorism Act, this bill takes us a long way towards transparency.
Second, Bill C-59 outlines the limits on the power of our national security agencies in a way that will provide certainty to the public and also to our national security agencies. In particular, the bill clarifies one of the most controversial parts of the current legislation formerly known as BillC-51, that is, CSIS' disruption powers.
While it might be argued that this is taking away CSIS' ability to fight threats to Canada's national security, I disagree. Having found themselves embroiled in scandals in recent years, it is little appreciated how conservative our national security agencies actually are. While they do not want political interference in their activities, they no doubt welcome the clarity that Bill C-59 provides as to these measures.
Let there be no doubt that the ability to disrupt is an important one, particularly given the increasingly fast pace of terror investigations, especially those related to the threat of foreign fighters. In this sense, I believe that Bill C-59 hits the right balance, grounding these measures squarely within the Charter of Rights and Freedoms.
Third, Bill C-59 addresses long-standing problems related to review, and in some cases oversight, in Canadian national security. I will not go over the problems of our current system, which has been described as “stove-piped” by experts and commissions of inquiries. I will, however, state that the proposed national security and intelligence review agency, NSIRA, and intelligence commissioner—in combination with the new National Security and Intelligence Committee of Parliamentarians, NSICOP—create a review architecture that is robust and that I believe Canadians can have confidence in.
Fourth, in its totality, Bill C-59 is a forward-looking bill in at least three respects. First, the issue of datasets is not narrowly defined in law. While this has been a cause of concern for some, I believe this is the right approach to take. It allows flexibility of the term, but at the same time it subjects any interpretation to the oversight of the intelligence commissioner and the minister. It subjects the use of datasets to the internal procedures of the national security agencies themselves—and limits who may have access—and the review of the NSIRA and NSICOP.
Second, it takes steps to enhance Canada's ability to protect and defend its critical infrastructure. Increasingly, we are seeing the abilities of states and state-sponsored actors to create chaos through the attacks on electrical grids, oil and gas facilities, dams, and hospital and health care facilities. Much of this critical infrastructure is in the hands of the private sector. This bill takes steps to ensure that there is a process in place to address these threats in the future.
Third, Bill C-59 puts us on the same footing as our allies by mandating an active cyber-role for our national signals intelligence agency. I appreciate the legal and ethical challenges this raises, especially should CSE be asked to support a DND operation. However, the idea that Canada would not have this capability is, I think, unacceptable to most Canadians, and would be seen as unfortunate in the eyes of our allies, many of whom have been quietly encouraging Canada to enhance its cyber-presence in the wake of cyber-threats from North Korea, China, and Russia.
To reiterate, I believe this is a good bill, but there's room for improvement. I'm aware that some of my legal colleagues, especially Craig Forcese, Kent Roach, and Alex, of course, will be speaking to certain specific legal issues that should be addressed to make the law more operationalizable and compliant with our Constitution.
I encourage the committee to seriously consider their suggestions. However, I'm going to focus on four areas that may be problematic in a broader sense, which I believe the committee should at least be aware of or consider when it makes recommendations.
First, I think it's important to consider the role of the Minister of Public Safety. To be clear, I believe our current minister does a good job in his current position. However, the mandate of the Minister of Public Safety is already very large, and this bill would give him or her more responsibilities in terms of review and, in some cases, oversight. At some future date, the scope of this ministry may be worth considering.
Having said this, I acknowledge a paradox. Requiring the intelligence commissioner's approval for certain operations, as is clear in proposed subsections 28(1) and 28(2) of the proposed CSE Act, and potentially denying the approval of a minister is, in my view, at odds with the principle of ministerial responsibility in our Westminster system of government.
To be sure, I understand why this authority of the intelligence commissioner is there. Section 8 of the charter insists on the right to be protected from unreasonable search and seizure. The intelligence commissioner's role ensures that this standard is met.
Why is this a problem? Canada has an unfortunate history of ministers and prime ministers trying to shirk responsibility for the actions of our security services, which dates back decades. Prime Minister Pierre Trudeau used the principle of police independence to state that his government could not possibly engage in review or oversight of the activities of the RCMP even though the national security roles of the RCMP are a ministerial responsibility. There is simply a tension here with our constitutional requirements and with what has been the practice of our system for decades. If this bill is to pass through, it will be up to members of Parliament to hold the minister to account, even if he or she tries to blame the intelligence commissioner for actions not taken.
Second, despite the creation of no less than three major review agencies, there's still no formal mechanism for efficacy review of our security services. We will receive many reports as to whether or not our security services are compliant with the law, but we still will not have any idea of how well they are doing it. I'm not suggesting we need to number-crunch how many terrorism plots are disrupted. Such a crude measure would be counterproductive. However, inquiring as to whether the analysis produced supports government decisions in a timely manner is a worthwhile question to ask. Efficacy review is still a gap in our national security review architecture.
Third, while I praise the transparency of Bill C-59, I'm also concerned about what I'm calling “report fatigue”. I note that between last year's BillC-22 and now Bill C-59, there will have been at least 10 new reports generated, not including special reports as required. It is my understanding that some of these reports are very technical and can be automatically generated when certain tasks such as, hypothetically, the search of a dataset is done. However, others are going to be more complex. More briefings will also be required. Having spent considerable time working on reports for the government in my former work, I know how difficult and time-consuming this can be.
Finally, and related to this last point, it is my understanding that the security services will not be receiving any extra resources to comply with the reporting and briefing requirements of either BillC-22 or Bill C-59. This concerns me, because I believe that enhanced communication between our national security services with the government and review bodies is important. As the former's powers expand, this should be well resourced.
In summary, the ability to investigate threats to the national security of Canada is vital. I believe that for the most part, Bill C-59 takes Canada a great step towards meeting that elusive balance between liberty and security. In my view, where Bill C-59 defines powers and process, it should enable our security services to carry out their important work with confidence knowing exactly where they stand. Further, the transparency in the bill will hopefully go some way towards building trust between the Canadian public, Parliament, and our security services.
Thank you for your time. I look forward to your questions.
Craig Forcese
View Craig Forcese Profile
Craig Forcese
2017-12-05 9:52
Wesley has pointed at me, so I will go first.
I wish to extend my sincere thanks to the committee for inviting me here to speak on Bill C-59. It's always an honour to be asked to share my observations before this committee.
My colleague Kent Roach is appearing before you next week. He and I have divided up Bill C-59. Today I shall be addressing the new Communications Security Establishment act and the amendments to the CSIS Act.
I support most of the changes Bill C-59 makes in these areas. I recognize the policy objectives they seek to address. I believe the statutory language is usually carefully considered and robust, but I do have one serious concern.
I'll begin with the CSE act and make my single recommendation for today. I respectfully submit that this committee should amend proposed subsections 23(3) and 23(4) to indicate CSE may not, without ministerial authorization, contravene the reasonable expectation of privacy of any Canadian or person in Canada. Those two provisions are found on page 62 of the PDF of the bill.
I have provided a brief to this committee describing the rationale for this change, and I should disclose I've been an affiant in the current constitutional lawsuit brought by the British Columbia Civil Liberties Association challenging CSE activities, but today I appear on my own behalf.
To summarize my concern, while engaged in foreign intelligence in cybersecurity activities, CSE incidentally collects information in which Canadians or persons in Canada have a reasonable expectation of privacy. This is done without advance authorization by an independent judicial officer, and thus likely violates section 8 of the charter.
Bill C-59 attempts to cure this constitutional issue through a ministerial authorization process, one that involves vetting for reasonableness by an intelligence commissioner, a retired superior court judge. This is a creative and novel solution. It preserves a considerable swath of ministerial discretion and responsibility. It is not a full warrant system. Still, given the unique nature of CSE activities, I believe it is constitutionally defensible.
The new system will only resolve the constitutional problem if it steers all collection activities implicating constitutionally protected information into the new authorization process. The problem is this. Bill C-59's present drafting only triggers this authorization process where an act of Parliament would otherwise be contravened. This is a constitutionally under-inclusive trigger.
Some collection of information in which a Canadian has a constitutional interest does not violate an act of Parliament, for example, some sorts of metadata. The solution is simple. Expand the trigger to read as follows: “Activities carried out by the Establishment in furtherance of the foreign intelligence” or cybersecurity “aspect of its mandate must not contravene any other act of Parliament or involve the acquisition of information in which a Canadian or person in Canada has a reasonable expectation of privacy”, unless they are authorized under one of these ministerial authorizations that are subject to vetting by the intelligence commissioner.
This may seem a lawyerly tweak, but if we fail to cure the existing problem with CSE's collection authorization process, a court may ultimately determine that CSE has been collecting massive quantities of data in violation of the Constitution. Such a finding would decimate relations with civil society actors, placing CSE squarely in the crosshairs of a renewed controversy, and making it very difficult for private sector enterprises to partner with CSE on cybersecurity without risking reputational fallout themselves. With Bill C-59, we have a chance to minimize this kind of problem.
I turn to the CSIS Act changes. Bill C-59 does three things. First, it permits CSIS new authority to collect and potentially retain so-called datasets. Here the tension lies in balancing the operational need for CSIS to be able to query and exploit information against the privacy imperative. Rather than prescribe hard standards for what may be included in datasets, Bill C-59 opts for a system of in-advance oversight.
The intelligence commissioner is charged with approving the classes of Canadian datasets that the minister has deemed may be initially collected, and the Federal Court authorizes any subsequent retention of actual datasets. While I am wary of the idea of datasets, I cannot dispute the rationale for them and I can find no fault with the system of checks and balances. I have one concern with the retention of information that's queried in exigent circumstances. I don't know that the bill has the same checks and balances there, but I'm happy to address that further in questions.
The second change to the CSIS Act relates to revisions to CSIS's threat-reduction powers introduced in BillC-51 in 2015. These provisions were rightly controversial. For our part, Kent Roach and I did not dispute the idea of threat reduction, but we worried that CSIS threat reduction done as a continuation of our awkward, siloed police and intelligence operations runs the risk of derailing later criminal investigations and prosecutions. This would be tragic from a security perspective.
From a rights perspective, BillC-51 lacked nuance. It opened the door to a violation of any charter right subject to an unappealable, secret Federal Court warrant. The regime was radical, and in my view, almost certainly unconstitutional. It was, therefore, unworkable, whatever the strength of the policy objectives that propelled it.
Bill C-59 places the system on a much more credible constitutional foundation. It ratchets tighter the outer limit on CSIS threat reduction powers. By barring detention—a power I sincerely doubt the service ever wished—it eliminates concerns about the many charter violations for which detention is a necessary predicate. By legislating a closed list of activities that could be done where a warrant is authorized, Parliament tells us what charter interests are plausibly in play—essentially, free speech and mobility rights. I believe that if threat reduction is to be retained, this new system reasonably reconciles policy and constitutional issues.
Lastly, Bill C-59's CSIS Act changes create new immunities for CSIS officers and sources engaged in intelligence functions that may violate law during those activities. The breadth of Canada's terrorism offences makes it certain that a confidential source or undercover officer will commit a terrorism offence simply by participating with the terror group that they infiltrate. An immunity is necessary. The issue is whether there are sufficient checks and balances guarding against abuse of this immunity. Again, I think Bill C-59 does a good job of festooning the immunity provisions with such checks.
I will end, though, with a caution. Our conventional manner of siloed police and CSIS parallel investigations lags best practices in other jurisdictions that employ more blended investigations. As the Air India bombing inquiry observed, we struggle with what is known as intelligence to evidence. The government is working on this matter. We should be conscious, however, that what CSIS does in its investigations, whether in terms of immunized criminal conduct in intelligence investigations or authorized threat reduction, could derail prosecutions if not done with a close eye to downstream impacts. This issue might usefully be a topic of inquiry for the new security and intelligence committee of parliamentarians.
Thank you for your attention. I look forward to any questions.
Wesley Wark
View Wesley Wark Profile
Wesley Wark
2017-12-05 10:01
Mr. Chair and members of the committee, I thank you for this opportunity to testify on Bill C-59, the national security framework legislation.
I'd like to begin with a look backwards. I had the privilege 16 years ago of testifying before a House committee on the original Anti-terrorism Act. I think it might have been, in fact, in this beautiful room. One of the lessons I drew from that experience was that Parliament, if given the chance, could have a significant impact on improving draft legislation and on enabling a strong, if inevitably contentious, public debate. Given the professed openness of the Minister of Public Safety to constructive suggestions, I am optimistic that a similar result will occur from deliberations on Bill C-59.
Bill C-59 represents a very ambitious and sweeping effort to modernize the Canadian national security framework. It should not be seen as just a form of tinkering with the previous government's BillC-51. There are so many elements in Bill C-59, and as you will have appreciated from testimony by my colleagues, I, like them, am going to focus on only a few elements of this.
The ones I want to focus on are what I call the key forward-looking elements of Bill C-59. By “forward-looking” I mean the genuinely new elements in this legislation, which pose particular challenges for a committee like this in terms of trying to understand their precise potential impact and efficacy. Those three brand new elements, I think, are particularly visible in parts 1 to 3 of the legislation, so that's what I am going to concentrate on, but I'd be happy to take questions on other aspects of the bill.
Part 1 of the act creates a national security and intelligence review agency. I fully support this concept and its rationale, and it is exciting to me to see it embraced by the government. The challenge will be ensuring that the architecture can be made to work. To bring the legislation to light, it will be important to ensure that NSIRA, as I'll call it, has the right fiscal and logistic resources, a high-quality talent pool in its secretariat, excellent working relationships with the security and intelligence agencies, and a viable work plan. It will also be important to ensure that the bodies that are to be reviewed have the resources and proper approach to the enhanced scrutiny they will undergo.
NSIRA part 1 needs, in my view, a few fixes. One has to do with the mandate, in proposed section 8. I believe that the national security and intelligence activities of the RCMP should be specifically listed at proposed paragraph 8(1)(a). It is important to be clear in the legislation that NSIRA will take over some of the current review activities of the Civilian Review and Complaints Commission for the RCMP as it is doing for SIRC and for the Office of the CSE Commissioner. This should not be left simply to coordinating amendments buried in the back of the legislation.
The committee will also note that NSIRA enacts only a partial solution to the problem of dealing with national security complaints, at proposed section 16 and following. Its complaints remit is restricted to CSIS, CSE, and complaints regarding the RCMP that have a nexus in national security, and I would urge the committee to hear from the commissioner of the Civilian Review and Complaints Commission for the RCMP about how well they think the legislation enables the NSIRA complaints mandate when it comes to the RCMP.
Finally, there's an important issue of membership, as you've already heard, in NSIRA. This is at proposed section 4 of the bill. The procedures proposed are, disappointingly to me, an automatic carry-over from SIRC, but SIRC membership has had a sometimes deeply troubled history. Membership size and profile need, I think, to be rethought. In my view, the SIRC membership should be enlarged to allow for more diverse and expert representation and to reduce the burdens on members hearing complaints.
NSIRA membership should also reflect, in my view, a wider range of expertise in security and intelligence issues, including expertise in security threats, on intelligence practices, on international relations, on governance and decision-making, on civil liberties, on community impacts, and on privacy. Those are seven sets of expertise right there.
The ability of NSIRA to get up and running once legislation is passed will be vitally dependent on the continued strength, capacity, and forward planning of the Security Intelligence Review Committee, which will be NSIRA's core. It would be very unfortunate if anything occurred to weaken SIRC in the transition.
Part 2 of the bill is on the intelligence commissioner. Legislation to establish an intelligence commissioner to engage in proactive oversight of aspects of the work of CSE and CSIS is a novel concept that has no counterpart that I'm aware of among our Five Eyes partners. We are being truly innovative here. The concept that's been adopted, I believe, is a made-in-Canada solution to ensuring the legality and charter compliance of some of the most sensitive and important operations conducted by our main intelligence collection agencies, CSE and CSIS.
With regard to the function of the intelligence commissioner, I would like to offer two thoughts and one recommendation.
One thought is that it would be important that the system is and is seen to be a way of ultimately strengthening rather than diluting ministerial accountability, even while it gives some oversight powers to the intelligence commissioner. The second thought is that the ability of the minister to retain traditional powers of accountability while ceding some decision-making authority to the intelligence commissioner is linked in turn to the working of new reporting mechanisms proposed in part 1 of the act.
NSIRA will produce a much stronger stream of reporting to the minister on the activities of the key intelligence agencies, which, if that stream of reporting can be properly digested by the minister and his office, should ensure that the minister can issue authorizations that will pass muster with the intelligence commissioner. In this way part 1 and part 2 of Bill C-59 are intimately linked.
The recommendation I have to offer is that the intelligence commissioner function must not go dark. The Office of the CSE Commissioner, on which the function will partly be based, produced an annual report to the minister that was tabled in Parliament. This has been the practice since the commissioner's office was established in 1996. There is no such requirement at present for the intelligence commissioner. I believe the intelligence commissioner should be required to table an annual report that would review the commissioner's activities and findings.
Then there is part 3, the CSE act. I fully support the importance of creating separate, modernized legislation for CSE, distinct from the National Defence Act. CSE is one of Canada's most important, if not the most important, intelligence collection agency. It provides our principal contribution to the Five Eyes intelligence partnership. Getting the CSE act right is vital to Canada's interests and deserves close attention by the committee.
CSE received its first enabling legislation with the passage of the Anti-terrorism Act back in 2001. It is that legislation that is being modernized with Bill C-59. There were no changes to CSE legislation proposed in the previous BillC-51.
The CSE act expands the current three-part mandate of CSE by adding two additional powers for what are called active cyber-operations and defensive cyber-operations. Let there be no mistaking that these are major new powers for CSE.
Both kinds of operations require ministerial authorization. Active cyber-operations engaging overseas targets require the consent of the Minister of Foreign Affairs. There have been some concerns raised in Parliament about the need for such consent. I think it is absolutely essential, given the volatile nature of such operations and their potential for blowback against Canadian international interests.
Active cyber-operations are what I call a digital form of covert operations, somewhat akin to classical Cold War covert operations designed to destabilize the capacities of a foreign adversary. In addition to blowback effects, they can also engage an escalatory spiral, as we saw, for example, in the aftermath of the cyber-operation known as Stuxnet, which targeted the Iranian centrifuge cascade that was central to their uranium enrichment program and nuclear weapons development. Active cyber-operations require high degrees of intelligence knowledge and technical skills, but they also require high degrees of political oversight and strong agency command and control.
It is also important to understand that many, if not all, of the operations that CSE might conduct in the future under its active cyber-operations mandate will be mounted within a Five Eyes context. I don’t think we’re going to be going it alone on these ones. This is all the more reason for there to be what has been called “a dual-key approach”. Neither active nor defensive cyber-operations require the consent of the intelligence commissioner, which is something the committee might want to look into, but such operations will be subject to review by the new national security and intelligence review agency.
The CSE act is a very complex piece of legislation. It might be a lawyer's dream, but it would be a layman's nightmare to read. It contains some very important provisions that are sprinkled throughout the bill with little connecting narrative thread. My recommendation with regard to part 3 is that there should be a values principle built into the legislation, perhaps at the proposed mandate section, to draw together some of these different component parts, and I will provide a brief on that.
I was going to add a brief set of remarks about what isn’t in the legislation, but I’m happy to address that in questions.
Thank you.
View Matthew Dubé Profile
Staying within the authorizations, you get proposed section 37, where we talk about the periods of validity of authorizations, and then in proposed subsections 37(2) and 37(3), it talks about the extension. Proposed subsection 37(3) specifically mentions that they're not subject to review by the commissioner under the intelligence commissioner act.
Do you believe it's appropriate that the minister be able to extend without undergoing the same review process that he would be subject to while making the initial authorization?
Craig Forcese
View Craig Forcese Profile
Craig Forcese
2017-12-05 10:27
My preference is to steer every new change through the intelligence commissioner process. The issue here is that these authorizations are broadly textured. At present, for example, for foreign intelligence I understand there are three ministerial authorizations and one cybersecurity authorization. They cover a whole orbit of specific activities.
If what the minister is proposing is novel and new, then it should be steered through the regular process involving the intelligence commissioner. If it's an extension of an existing authorization, I'd have to think about that. There is the prospect, of course, that the conduct of the minister is always subjected to back-end review by the NSIRA. I'd have to go back to the act to see how narrow the circumstances are for the minister to renew unilaterally.
View Matthew Dubé Profile
I'm just having trouble with something like this because it seems that, in a lot of instances in the bill, the minister basically can't move ahead without getting the commissioner's authorization. Then in that instance you'd be able to extend without the commissioner's authorization.
I'm just wondering if it creates a difficult situation when it comes to the chain of command, for a lack of a better term.
Wesley Wark
View Wesley Wark Profile
Wesley Wark
2017-12-05 10:28
Let me just respond very briefly to this, Mr. Dubé.
I think one thing that's not entirely clear in the legislation is.... My understanding would be that any extension of a current authorization would only occur at the request of what is now called the chief of CSE, a title that part 3 of the bill might want to omit and change, incidentally. I think it would be much more comfortable. It's an offensive and archaic title.
However, the authorization would occur at the request of the CSE head. As Craig indicates, these ministerial authorizations are for broad categories of activity. We're talking about a continuity of effort.
I think probably what was in the minds of the drafters in this regard was that they wanted to ensure, again, the difficult balance between sustaining ministerial accountability and responsibility and the powers of the intelligence commissioner. From my perspective, I would prefer to see that balance maintained rather than giving an additional power to the intelligence commissioner in this kind of circumstance.
Results: 1 - 8 of 8