THE STANDING SENATE COMMITTEE ON NATIONAL SECURITY AND DEFENCE
OTTAWA, Thursday, May 9, 2019
The Standing Senate Committee on National Security and Defence, to which was referred Bill C-59, An Act respecting national security matters, this day at 1:31 p.m. to give consideration to the bill.
Senator Gwen Boniface (Chair) in the chair.
The Chair: I would like to begin by asking senators to introduce themselves, starting on my right, and I know some will still be joining us later because other committees are running over.
Senator Dagenais: Jean-Guy Dagenais from Quebec.
Senator McIntyre: Paul McIntyre from New Brunswick.
Senator Richards: David Richards, New Brunswick.
Senator Gold: Marc Gold, Quebec.
The Chair: I’m Gwen Boniface for Ontario.
Senators, today we finish witness testimony on Bill C-59 with officials. The officials will not be making any opening remarks. They’re here merely to answer all of our questions before we proceed to clause-by-clause on Monday. From the testimony we have heard, I know senators will have many questions to clarify and possibly shape potential amendments. I will ask senators to begin with questions.
Senator Gold: Welcome, everybody, and thank you for being here. Why don’t I start with a very general question, and that will give my colleagues time to zero in and perhaps I can reserve the right to go on second round.
Bill C-59 was a product of a long process of reflection, not only within the government and consultation, but I’m sure within your own agencies. I would invite each of you to share with us your sense of the importance of the bill as it applies to the work that you do. I’m not trying to lead, you because you know your business better than any of us do, but in particular I think it would be helpful to the committee and to Canadians who are watching to know how this bill — if it does — enhance your ability to do the job on the ground that we’ve asked you to do to protect our security and to respect our constitutional rights.
So without asking you to divulge, as you never would, any classified information, if you could just give us an idea of how this bill will affect you in your day-to-day work with as many practical examples as you could share.
John Davies, Director General, National Security Policy, Public Safety Canada: I’ll start from a Public Safety point of view.
It’s a broad question I think. When the new government was formed, clearly the objective was to reconnect Canadians in the area of national security. There was a concern that accountability wasn’t sufficient, given the new powers that were afforded to the agencies. There was concern that Canadians maybe didn’t understand the powers afforded to national security agencies, the transparency under which they worked and so on.
Bill C-59 is really a product of a year-long discussion with Canadians. It’s in the context as well as of former Bill C-22, the National Security and Intelligence Committee of Parliamentarians. In terms of public safety, from our perspective the minister’s role is really around re-establishing strong accountability in the national security community broadly speaking, and it does that through the creation of a couple of new review bodies and an oversight body. As I said, it complements the committee of parliamentarians that was created.
I think that kind of a third-party review, that objective look at the agencies and their powers, explaining their powers and how they’re used buys confidence, goodwill and trust going forward. I think these things go hand in hand, and along the way we’ve learned a lot about working with Canadians and the importance of doing that to build mutual trust as we go forward.
From our perspective, that was the main change in Bill C-59.
Tricia Geddes, Assistant Director, Canadian Security Intelligence Service: Thank you. I’ll speak from the CSIS perspective.
When we talk about Bill C-59, we have often reflected on some changes in the landscape that have had a big impact on our organization. We talk a lot about the evolving legal landscape, we talk about the fact that technology has changed significantly since 1984 when our act was drafted, and we talk about the changing threat environment. One of the other big changes that we need to reflect on, and we certainly have done a lot of reflecting on in our agency, is the accountability requirements and the expectations that Canadians have on us to be quite transparent about the type of work that we’re engaged in and how we are governed and held accountable for that very important work that we do in our organization.
I think it’s worth pointing out that what we are addressing with Bill C-59 is not new tools for our organization; rather it is about ensuring that we have the updated authorities that we require in order to be able to carry out our business. So the three areas are: The data set regime, the justification regime, and ensuring that our threat reduction mandate meets the kind of expectations Canadians have on, as you said, not only confidence that we have the tools to do our business, but we’re doing it in a way that reflects Canadians’ values. All of those parts that we have introduced in Bill C-59 are actually quite critical to our ability to carry out investigations, but similarly having the confidence of Canadians is equally important.
Scott Millar, Deputy Chief, Policy and Communications, Communications Security Establishment: Thank you. For CSE it’s quite an exciting time for us as an agency that has become the Canadian Centre for Cyber Security and moving very much into the world of possibly, pending the approval of Parliament, updating our legislation that was passed in 2001 at a time when the online world was very different, and here we are in 2019.
This is the kind of thing where I could go on for an hour so I will try and be brief, but this bill touches us in a number of ways.
In 2011 we became a stand-alone agency. Right now our current legislative authorities are buried way in the back of the National Defence Act and aren’t structured so much to reflect that stand-alone status. So there are some clear housekeeping kinds of provisions within Part 3 of this bill that set up a deputy head for the organization, lay out the HR authorities, all those kinds of things. As well, it adds precision of language into our legislation that again reflects the 2019 world we live in.
It reflects the fact that successive commissioners of CSE, who have reviewed us for over 20 years, have made recommendations asking for precision in the language of our bill because they review us for lawfulness. Vague language such as saying that we can acquire information, well what does “acquire” mean? How passive or active or malleable is that? So there is additional legal clarity in this bill that will help support a review of us for lawfulness that would happen under the new national security and intelligence review agency, should the bill pass.
Also, we are a foreign intelligence agency and cannot direct our activities at Canadians or anyone in Canada. Over the past 70 years, we’ve taken this mission very seriously. Notwithstanding that, our focus being on foreign intelligence targets, we can run the risk of incidentally interfering with the reasonable expectation of privacy.
As much as there have been provisions that are in our current legislation and proposed under the new legislation to address some of those concerns, the creation of an intelligence commissioner as a retired judge who can act judicially to also approve ministerial authorizations. These are annual authorizations, and all of our collection can only be done in accordance with those authorizations. Having somebody who can independently review and confirm the reasonableness of the minister’s decisions puts us on a better footing as it relates to section 8 of the Charter with respect to what section 8 refers to: warrantless search and seizure of information.
From the foreign intelligence collection side, putting us on better Charter footing and clarity of language about what we have authorities to do also supports the review of those activities.
The cybersecurity portion that’s worth noting here is that, again, since October of last year we have become the Canadian Centre for Cybersecurity, not just responsible for the security of Government of Canada systems but more broadly for Canada. That was in recognition of the fact we block up to a billion malicious cyber attempts a day. There was interest, as a result of Minister Goodale’s cyber review, where Canadians were looking for a single voice and trusted source of advice, guidance and services.
The legislation continues to reflect the role that we have in that regard, but it adds a provision that would allow the minister to designate something as a system of importance outside of the Government of Canada systems. I’m thinking here of critical infrastructure. Beyond general advice, guidance and services, that would allow us to do more targeted support to those critical infrastructure owners. That kind of support would only happen if they were designated and if they had requested such assistance. So it’s not just CSE showing up; it’s at the request of the network owners for that support. Obviously, that is the kind of thing that can support our role as the cyber centre.
Because of our sophisticated online capabilities, another part of our mandate is supported, by virtue of the National Defence Act, federal law enforcement agencies, such as my friends here from CSIS and the RCMP. Again, we became stand-alone from the Department of National Defence in 2011. Because of that, our providing support to defence is a tricky space. Adding National Defence and the Canadian Armed Forces specifically into our assistance mandate will allow us to support them at their request. Similar to the RCMP and CSIS, this would be under their command and control and their lawful authorities.
People sometimes look at me funny when I talk about the Canadian Armed Forces. They say, “Haven’t you been working with them for a long time?” We have been working with them since World War II using our foreign intelligence to support their military operations abroad. However, under Strong, Secure and Engaged, announced by the Minister of National Defence, the Canadian Armed Forces is moving beyond land, air and sea and into the realms of cyber and space. When they look to engage in cyber operations in support of their government-approved military operations, instead of duplicating a capability that already exists at CSE in terms of the supercomputers and online operators, they would be able to leverage our capability in support of that under their command and control.
A cyber operations mandate is also added. There are two parts to it. One is to defend against foreign cyber threats targeting Canadian infrastructure; the other is to leverage our online capabilities to disrupt other kinds of threats. Think of kidnapping, threats to democracy, what have you. I can obviously walk through how those authorizations would work, the prohibitions and the rest around that.
Basically this will close the loop where you have the military doing something in a military context, and both the RCMP and CSIS who can disrupt threats within their mandates and domestic contexts. This will allow CSE to be leveraged by the Government of Canada to disrupt other kinds of threats via online means. Whether we’re being leveraged under the authority of the mandates of others or being leveraged under our own mandate, it would allow Canada really to catch up with our partners throughout the world and also with our adversaries around the world who employ these types of operations every day.
Regarding the review mandate, we have been subject to review for over 21 years. We’ve implemented 100 per cent of the recommendations related to privacy and over 93 per cent of the other ones. The ones that we didn’t were overtaken by events in technology and the rest.
We’ve benefitted from review. We’ve adapted things over the years. Obviously, a review is something we’re used to. And that is preserved by the creation of NSIRA playing that lawfulness role.
Sorry, that was long, but there are a number of things in CSE.
Doug Breithaupt, Director and General Counsel, Criminal Law Policy Section, Department of Justice Canada: Thank you. From the point of view of Justice in Parts 7 and 8 of the bill, we’re certainly doing our part in support of the government’s initiative to protect security and rights, enhance accountability and transparency and fulfil commitments made to bring about this particular bill. This bill was informed by extensive consultations which took place across the country.
To focus on a few items in respect of Parts 7 and 8, efforts were made to revise the offence of advocating or promoting the commission of terrorism offences in general to clarify it as a counselling offence and make corresponding changes to the definition of “terrorist propaganda.”
Extensive changes were put in place to protect witnesses in terms of allowing justices or judges to order testimonial aids, publication bans or other witness protection measures in proceedings against an accused. We then wondered about recognizance with conditions and peace bond proceedings. Are they caught? There seems to be an inconsistent practice across the country. The proposals in Bill C-59 would specifically allow for those witness protection measures to be applied to protect witnesses in a hearing for recognizance with conditions or a peace bond.
Similarly on the youth criminal justice side, the question arose whether youth protections that apply in criminal trials also apply with respect to peace bond and recognizance with condition proceedings. This bill specifically provides for those protections to apply in those particular proceedings.
As well, there was no access period identified for records relating to recognizance orders under the Youth Criminal Justice Act, and this bill would do that. There was no provision for access to youth records for the purposes of administering the Canadian Passport Order, and this has been provided for in this bill. These are attempts to clarify and perhaps fill gaps and basically contribute to the government’s initiative. Thank you.
Senator McIntyre: Thank you all for being here today and answering our questions. We have heard from several witnesses, so my short questions will be limited to and have more to do with clarification.
In certain countries, not including Canada, the role of the office of a national security adviser and/or director of national intelligence is established by statute. In Canada, the office of the National Security Advisor was created in 2004, and since then its role has grown to include intelligence.
In the drafting of this legislation, was any consideration given to defining the office of the NSIA by statute?
Mr. Davies: I think the answer is no. There was not any detailed discussion that I recall on that. Going back to the consultation paper, which is pretty exhaustive, it was part of the full horizontal cut of all the issues facing the national security community and the Canadian approach to national security.
Governance was discussed to some degree, in terms of how the government is organized to address the threats, operations, programs and so on. As I recall, there was no detailed discussion in terms of legislating or further defining the role for the National Security Intelligence Advisor.
Senator McIntyre: Thank you for that answer.
How would Bill C-59 help to safeguard the 2019 general federal election against foreign interference?
Mr. Millar: I can take that one on. Obviously, protecting and preparing Canada to be secure during the next general election is a government team sport. I can’t speak to all the things that the government is doing, but I can speak to the specific elements as it relates to CSE.
As you may have heard, we announced recently that CSE is the chair of an all-source intelligence collection and assessment team called the Security and Intelligence Threats to Elections, or SITE, team that includes representatives from CSIS, Global Affairs and the RCMP. I would say the preservation and confirmation of the scope of the activities that we can take part in, in support of foreign intelligence, will continue to preserve and improve our ability to provide foreign intelligence about possible foreign threats targeting the election.
We are working quite closely now on the cyber defence side with Elections Canada. We’ve been advising political parties and pushing out information, such as our recent update on threats to democratic processes, as well as other types of information about how parliamentarians and Canadians can ensure their security.
For the designation of systems of importance outside of normal Government of Canada systems, our cyber assistance for more targeted types of services could be provided in the context of an election, or anything else that might be related to the election, at the request of a network owner. Again, it’s authority that would be there that would have to be leveraged.
The other element is from the cyber operations standpoint where, if there is a foreign-threat actor we see, we report on and defend against it. But that same foreign threat actor whose system we might be sitting on, we could be leveraged to interfere with their ability to launch that kind of attack or operation. I think those are the main ones I would touch on.
Ms. Geddes: Can I add to that. CSIS participates with CSE in that task force that’s been established to protect the upcoming general election.
As the director has pointed out in numerous appearances recently, including very publicly in speeches, we are quite concerned about foreign interference. That is a space that is increasingly occupying our time in a world where I think the threat landscape was quite devoted to counterterrorism for many years. This is certainly an area we are quite concerned about. The provisions in Bill C-59 to formally establish our statutory authority in some of these spaces and to reinforce the government’s intention around threat reduction, all of those tools would be at our disposal and will be considered in the upcoming election in order to protect democratic institutions.
Senator Richards: Mr. Millar, I think you mentioned there are a million cyber attempts a day? Did you say a million?
Mr. Millar: A billion.
Senator Richards: A billion?
Mr. Millar: A billion against the Government of Canada systems alone. In that regard, we use our foreign intelligence and that of our partners to work into dynamic defence. Obviously, they are not individuals; we have machines dynamically blocking those kinds of things. But that can be anywhere from scanning for vulnerabilities in systems, all the way through to attacks.
Senator Richards: The facilities under attack, are they both public and private?
Mr. Millar: Right now we only have sensors on Government of Canada systems, so that’s what we’re looking at right now.
Senator Richards: I know you’re very sophisticated, but —
Mr. Millar: I think I said that three times.
Senator Richards: How sophisticated is your Canadian defence in this as compared to other countries, like the United States or Israel?
Mr. Millar: Sure. I’m always a little loath to do a comparison game with allies in that regard. I think they’re all taking the cybersecurity game seriously, and they themselves have been standing up national securities of cybersecurity, most notably Australia and the U.K.
I think we have benefitted just from how we are organized in a federal context in the way we have organized our IT. I think about the consolidation that happened by way of Shared Services Canada: that is a consolidation of gateways, networks and data centres. It’s much easier for us to place our sensors on those systems to protect taxpayer information, our personal information that might be held on different systems. We feel quite sophisticated by virtue of the IT tools that we have to block those things. Again, we benefit from the work that we have done with our allies in sharing best practices, but I think we have also benefitted from the realities of how our IT is organized.
Senator Richards: Thank you.
Senator Dagenais: My first question is for Mr. Davies. Can you explain why you set the review of this act at five years whereas, when we studied Bill C-51, the opposition party at the time, the one in power today, suggested the idea of a three-year review? Would it be acceptable to propose an amendment to shorten that five-year period?
Mr. Davies: Thank you for the question. It’s obviously not up to me to decide acceptability. Back at the time when Bill C-59 was being drafted, the idea was to create synchronicity with a review of the National Security and Intelligence Committee of Parliamentarians. There was a review set up in that. I think we mis-predicted Royal Assent dates, but I think the idea was not to overload the system in trying do all the reviews in one year. That doesn’t hold, we know.
The only thing I would say as you consider that issue is that compressing review dates compresses the amount of time you have to implement a wide range of powers. I think this is a 10- or 11-part act. A lot of operational adjustments need to be made. It will take a lot of time to set up these new institutions, train people and so on. A shorter time to get things to a steady state and then reviewed may not produce the best effects. That’s probably all I can say on that.
Senator Dagenais: My next question is for Mr. Millar. I would like to know about the cyber surveillance work that you will be able to do that you are not able to do today. Whatever the case, with investigations abroad, how will the surveillance be conducted, in your opinion? What staffing levels do you have for foreign investigations?
Mr. Millar: Thank you for your question. Can I answer in English?
Senator Dagenais: Certainly.
Mr. Millar: Again, for over 70 years we’ve been a foreign intelligence collection agency. In terms of whether it expands our capability to do that kind of intelligence, I wouldn’t say that it would. I would say it would confirm, by way of legislation, the techniques that we could undertake to do that, making sure that all the time we’re directing that at foreign organizations and persons that are consistent with Government of Canada intelligence priorities set out by the Government of Canada each year. By law, we have to follow those intelligence priorities. I wouldn’t see the scope of that changing.
In terms of staffing levels, I don’t watch these things all the time, but at last count we were around the 2,500 mark in terms of employees at CSE. We don’t break it down much more than that because we are loath to divulge our capabilities to those who might be foreign threat actors. Just to say that we do have a robust and eclectic force of folks that do these things, everything from computer engineers, mathematicians, what have you.
Senator Dagenais: My question is for Mr. Breithaupt. I feel that you are the best person to give us an explanation of a situation that has been raised on several occasions. It seems that, in Australia, about 60 criminal charges of terrorism have been laid, whereas in Canada, there have been none. Can you explain that situation for us?
Mr. Breithaupt: Thank you for the question. It’s not for me to offer a view. Decisions as to the investigation and prosecution of terrorism offences are taken by independent police and prosecutors on a case-by-case basis, with the prosecutors having regard to the law, the available evidence, the reasonable prospect of conviction and the public interest. There is a robust set of tools and offences in the Criminal Code, but that’s basically all I can say. It’s up to the investigative and prosecutorial authorities to bring cases before the courts.
Senator Dagenais: My last question goes to Ms. Geddes. One of the things concerning Canadians is the sharing of information with our allies, the United States, for example. What does Bill C-59 allow? Does it mean that there will be more exchanges or fewer exchanges in the future? Can you give us an idea of the amount of information that is shared with our allies on a daily basis?
Ms. Geddes: Thank you for your question.
Again, to reflect what my colleague has said, providing specific information about how much we share with our allies on any given day would compromise national security, so I won’t go into details there. However, I understand the intent of your question, and it’s really to ask whether or not this will increase or decrease or have any impact on the exchange of information.
I’m not speaking to allies here, but, of course, you will note that the direction on information sharing with foreign partners is included in this piece of legislation. Sharing of information with foreign partners is something that CSIS takes very seriously, both as an obligation — because if we have intelligence that would be of use to one of our allies, or indeed to anyone, it’s important that we carefully consider how we would share information to be able to prevent or address threats — and at the same time being mindful of the fact that we have a duty and obligation to be conscientious and thoughtful about the management of that information.
We have a rigorous process within our organization to manage any considerations around mistreatment, for instance. We take our obligations in that space very seriously. The government’s intent in this bill is to make it clear how we will manage ourselves in that space, but it certainly reflects the current practice at CSIS.
In terms of sharing information with allies like the United States and so on, the United States obviously shares a border with us. It’s important to recognize the threats we have here in Canada and the threats that exist in the United States. We have an obligation to make sure there is an awareness of those threats on both sides of the border.
Again, that is something we manage extremely carefully between our organization and our counterparts to the south. We do that in close collaboration with the RCMP, who similarly have robust information sharing with the United States, but again very appropriate. Our first obligation is to Canada and Canadians, and our national security.
Senator Oh: Just out of curiosity, the issue of Christchurch, New Zealand, where the guy had been promoting information — or counselling, or whatever you call it — on the Internet, on Facebook, for some time, for two years. Why was it not detected, and that thing allowed to happen? So how good are we? Someone could be in the United States and coming into Canada. Do we have the instinct to pick up or something?
Ms. Geddes: It’s a complex question you are asking. I know the director was here recently and spoke about our concerns with the threat, in these cases, around right-wing extremism. We are obviously concerned with any type of violent extremism. That was a troubling event that caused us great concern.
I know the director mentioned, as have others, that it behooves all of us in the national security community to be looking closely at what that threat looks like and whether or not we have the right tools and processes in place to manage that threat to the extent we possibly can.
It is a significant concern and one we are looking at carefully. Again, my colleague from the RCMP would be able to speak a little better to this. When it moves into the criminal space, that is something that the RCMP looks at.
For CSIS, our space begins with: What is a threat to national security? Certainly, what you are describing is in that space. When people are engaging in or advocating violence, those are the types of things we’re looking at, as defined in our act. I would say it’s an area where we in Canada have taken notice of events that have happened both here in our country and abroad, and it’s one we are concerned about.
I would add, because we are here to talk about Bill C-59, that some elements in this bill — and I would suggest in particular our ability to use data analytics, but also our ability to have that justification regime in place and so on — these are the types of tools that are important to our organization to make sure we’re providing the most meaningful contribution we can to what you have rightly articulated as significant threats in Canada and around the world.
Senator Busson: My questions are primarily for Ms. Geddes and Mr. Millar. I want to make a quick comment and then ask a question.
You and your organizations — and Canadians generally — are in a constant struggle to deal with the threat to Canadians, and struggling to find a balance between the right of privacy and the right to security of the person and to be safe in our own country. If you don’t get that balance right, bad things happen. I’m paraphrasing the risk and the life that you folks live every day.
Would you be able to comment on the threat assessment and risk management changes that might happen if this bill were not adopted, a comment perhaps on how that would move the bar on the continuum?
Mr. Millar: There is a lot in that question too. We’ll see how we go, and I can follow up on the rest.
I think threat risk is a little more in the CSIS space in terms of addressing risk to the Government of Canada. In terms of the threat risk assessment with respect to passage of the bill as it relates to the work we do, I would say the element of the role of the intelligence commissioner in our ministerial authorizations puts us — and very necessarily puts us — on a better Charter footing for the foreign intelligence collection we do. I can’t stress enough the importance of making sure that happens, because our ministerial authorizations are the authorities through which we collect all our information.
Having the right balance there, but having someone who can act quasi-judicially in our space when we collect in accordance with intelligence priorities outside of Canada and what have you, the idea of any other kind of regime is tricky in that regard.
I could read to you the ways the legislation is structured, should you wish, to put us in the right space as it relates to the rights and freedoms of Canadians as we conduct our activities. The other thing I would say is that, from a foreign threat actor space, the Government of Canada has been joining our like-minded partners in calling out foreign cyber-threat actors from countries such as DPRK, China and Russia, who are achieving outcomes that are problematic, whether they relate to democratic processes or targeting companies, and that our being in the space where we can also engage in foreign cyber operations with like-minded partners to counter that kind of thing would be very important, and we would need the authorities under this legislation to do that.
The world that we are in, with the Canadian Centre for Cybersecurity being able to support critical infrastructure, should a more surgical, targeted support be required, it would be something that obviously all would benefit from, should the bill pass. I don’t want to defend the bill; I am trying to explain it.
Senator Busson: That’s why I tried to ask the question the way I did. Thank you very much.
Ms. Geddes: I’ll make a couple of points. It’s a very important question. You are right to point out the balance and the stress of this job that our employees certainly face every day as we manage the confidence Canadians need to have in our organization in addressing the threat.
I’ll break the bill into all three the parts. The bill has very important provisions for our organization. You have looked at the justification regime, which would authorize us to commit acts or missions that would otherwise be illegal. Those are very simple activities that you would want your intelligence service to be able to do. This is to be able to pay a source, to be able to give that money to a target. Those are the types of things where we would like to be able to collect that information.
It’s very critical that we have an explicit statutory authority to be able to conduct those types of activities, so it’s very important that Bill C-59 passes.
The data analytics piece, as Scott pointed out and as you did too, managing the balance of privacy obligations is very critical to the service’s success. A few years ago we became quite aware of the fact that for third party, non-threat-related information, we needed a regime like this to be able to manage that type of information. This is information not directly related to a threat but very critical to have as a backdrop in which to do our analytics and identify trends or very specific activities that would be hard to do on a case-by-case investigative basis. That is a very important provision in this bill that will provide those very important Charter protections to make sure we are protecting Canadians’ privacy.
The threat reduction, there were very important language changes in the threat reduction provisions of this bill that again assure people of our compliance with the Charter and that there is no request to contravene the Charter here. We are asking the judiciary to do something appropriate in the space. I think the language is very important to our success in that space. Each piece of this bill affords us a much more direct, clear, explicit authority that I think would be very important for all of our operations.
Senator Busson: Thank you very much.
Mr. Millar: Are witnesses allowed supplemental answers?
The Chair: Go ahead. That’s what you are here for.
Mr. Millar: I would just add two important elements. I alluded to one before, when answering Senator Gold’s question, but the CSE review of us for lawfulness will continue to be a challenge for successive commissioners at CSE should the bill not pass, because their predecessors have noted it’s difficult to know, within precise clunky language in the law that doesn’t represent the rapidly changing and complex technological world we live in.
The other thing that I would say, from assisting the Canadian Armed Forces, is that we are very much looking to leverage our capabilities to conduct cyber operations in the military context. We would not be able to do so without the passage of this bill.
Senator McIntyre: I have two short questions. Has the security context changed since Bill C-59 was introduced?
Ms. Geddes: Sure. I think I have touched on a couple of pieces there. In responding to Senator Oh’s question, I certainly think that right-wing extremism and violent extremism are things in that space which we are quite concerned by and have directed some significant efforts to take a look at that.
Additionally, where we have described terrorism as being a very significant public safety and national security threat, we are also quite concerned about espionage and foreign interference. This is not since the bill has been introduced perhaps but certainly over the last few years, it has been a trend in that threat environment that the service is having to position itself properly to be able to address.
Senator McIntyre: As we know, in the last 40 years there have been at least four commissions of inquiry into Canada’s national security — McDonald, O’Connor, Iacobucci and Major.
To what extent and how does Bill C-59 incorporate the recommendations of those commissions of inquiry?
Mr. Davies: That’s a tough history question for a lot of people to answer. When you look at former Bill C-51 evolving into Bill C-59, Bill C-51 certainly was pulled together much from the results of the Air India Inquiry and incorporated other commissions of inquiry. When you look at things like improving our no-fly list, improving how we share information within the federal government, witness protection, for a lot of these things you can go back to the government’s Air India Action Plan at the time. So in a sense, yes, a lot of those commissions and the things that made sense in an involved environment, showed up in Bill C-51 and were further reflected on in Bill C-59.
Senator McIntyre: We are having a bit of a history lesson today. Thank you for your answer.
Senator Gold: We have heard a lot about how Bill C-59 actually enhances your ability to do the job to keep Canadians secure. And I won’t repeat all of the things that you stated, but I understand correctly that’s generally the position of the intelligence communities.
I want to focus on rights and privacy, and ask you to comment on some of the things we have heard around this table from witnesses during our hearings. There are two important questions.
First, to CSE, and this is around the role of the intelligence commissioner. You have described very well the constitutional importance of having the intelligence commissioner involved in the process of foreign intelligence gathering. The intelligence commissioner is not involved, however, in dealing with ministerial authorizations for the new cyber mandate that Bill C-59 confers upon you. Some witnesses have suggested that it ought to be present.
Could you comment on the recommendation that the intelligence commissioner be involved in overseeing ministerial authorizations for defensive and active cyber?
Mr. Millar: I would be happy to do that. Legislation is not easy to read and it is certainly not always reflective of how a program might run. Notwithstanding the fact that there are separate types of ministerial authorizations, some of which involve the intelligence commissioner and some of which involve the Minister of Foreign Affairs, the intelligence we would use in support of our cyber operations could only be done under those authorizations also approved by the intelligence commissioner.
So the intelligence commissioner is very much involved in what we would do under those cyber operations by virtue of the fact that we can only act upon information that we have collected when he or she approves. There is a prohibition under the foreign cyber operations authorizations against the acquisition of information. I won’t read to you out of the Charter statement, but the intelligence commissioner was set up to deal with section 8 of the Charter.
Maybe I’ll read a couple of portions of the Charter statement. I love it so much. There are other rights and freedoms that are engaged by that. I think the idea is that if something involves a right or freedom, the intelligence commissioner needs to be involved and if he or she isn’t, then that right or freedom is not being addressed.
In the statement it says:
. . . authorizing active cyber operations would not by definition engage any Charter rights or freedoms. However, specific activities authorized under this scheme could potentially engage rights or freedoms.
. . . the nature of any potential effects on Charter rights and freedoms would be limited by the prohibition on activities that would cause, intentionally or by criminal negligence, death or bodily harm, or that would willfully attempt in any way to obstruct, pervert or defeat the course of justice or democracy in any country. . . .
Further, no activities directed at Canadians or persons in Canada could be authorized; only activities aimed outside Canada at foreign individuals, entities and the GII outside of Canada would be permitted.
. . . the Charter may also require the Minister to take relevant “Charter values” into account in exercising a discretion to issue an authorization.
As with other authorizations, the Minister would have to meet the reasonable grounds to believe standard in relation to the following factors that serve to mitigate potential rights impacts: that any activity to be authorized is reasonable and proportionate in light of its nature and objective . . . that “the objective of the cyber operation could not reasonably be achieved by other means”; and that no information would be acquired through the activities unless otherwise authorized under a Foreign Intelligence, Cybersecurity or Emergency Authorization. . . .
This would again involve the intelligence commissioner. I would say intelligence commissioner is involved as it relates to section 8.
Senator Gold: Thank you. I think your latter points were stated by Professor Forcese in testimony that the prohibitions make it impossible for certain Charter rights to be engaged.
My next question is for CSIS, and it has to do with data sets. I think you have explained, and I don’t need you to elaborate, why you need access to data to do your job and to keep up with both our allies and our adversaries, but it does raise privacy concerns. Could you walk us through, without necessarily every detail, the process Bill C-59 sets out to structure how you collect, retain, and use data on behalf of all Canadians. While you are doing that, maybe you can start by saying what kind of data are we talking about? Are we talking about phone books or passport lists?
Ms. Geddes: I think we had provided in advance a copy of our data set framework. We had a flow chart we have provided to you. Don’t get it confused with the CSE one.
Senator Gold: It would have been helpful to have this in hand while you talked.
Ms. Geddes: Yes, perhaps that would be helpful. This certainly helped me, because it’s quite a complex piece of legislation. The drafting of it was quite extraordinary. It took us quite some time to sit down with our colleagues from the Department of Justice who work on matters of privacy and constitutional law. They spent quite a bit of time with us as we worked through the various processes that we could employ to make sure that we were in a space where we were looking at a very Charter-compliant regime.
We have divided it up into the process by which we collect, retain, how we query and exploit, and what we actually do with the result of those queries and exploitations. The collection looks large here, but that takes place quickly at the outset. We have 90 days from the moment of collection to determine whether or not this is something we would like to be able to apply to retain. The first thing we do is take a look at it and decide which of those categories it fits into: Canadian, foreign or publicly available. I’m happy to elaborate a bit more on “publicly available,” because I know it has come up a lot in conversation here.
We need to say at that point that this is something relevant to our mandates. We could get data sets all the time. We are not in the business or practice of wanting to get data that we have no use for. I have talked a lot with our data folks in our organization, and they are not thrilled to have mass amounts of data. That is not actually useful to an investigation. It needs to be focused on what we would need for our mandate.
Once we have determined that it is relevant, we are able to move forward with the regime, which is laid out here in the retention of data-set category where we talk about how, if it was a Canadian data set, we would be going to the federal court. This is a really important provision.
The greatest privacy considerations lie where we have Canadian data. Going to the federal court to persuade them that this is a data set that is really important to our investigations, that’s what happens in that space. On the predominantly foreign, as it says, it would be the minister or the minister’s designate who would make the determination of whether or not that data set is likely to assist our investigations, and the intelligence commissioner who would review that decision. Those are important pieces.
Let me walk you through the rest of the process, and I’ll come back to “publicly available.” I think it’s important that we pause on that for a moment.
When we get to the point of exploiting the information that we have retained, the data sets that are Canadian or foreign, that data is kept segregated. This is important, too. It does not flow into our databases through the entire organization with every employee being able to query it. It’s segregated. There are designated employees who will do these types of queries and exploits. This is another important provision around privacy protections.
Then the determination is made as to whether or not the results of that query or that exploitation are deemed to be strictly necessary, which is what is currently in our acts. We have created a precursor to section 12 of our act that allows us to be able to retain information that is strictly necessary. The whole thing is built up to make sure that we have afforded privacy protections all the way through the process. Importantly, the results of the query exploitation are only then integrated into the investigatory holdings.
It’s not on your chart, but there are very specific provisions about how NSIRA will be able to review this process. There is a new element in the bill where NSIRA would be able to report any shortcomings, failures or unlawfulness to the Federal Court.
To build this into a space where our Charter lawyers felt comfortable took some doing. This is a complex framework. We took a lot of inspiration from our colleagues in the U.K. as to how they have managed a very similar challenge. We are feeling confident that we have built ourselves a framework that will work.
Going back to “publicly available,” I would rather address it immediately as opposed to waiting for questions, because I want to be clear. The types of information we are talking about in “publicly available,” I know in the past we have used phone books, and that is true. We could also be talking about a list of diplomats posted here to Canada. They are up on websites, probably at Foreign Affairs, that any Canadian can take a look at.
We felt it was important that we actually were explicit in statute and told people that we wanted our service investigators to have access to those very basic research tools. When we are trying to find out where someone lives — one of our targets, for instance, if we have a phone number but no address — those are basic types of things we would like to allow our investigators to have access to.
We did build in higher standards than what a Canadian would be subject to in looking at the same information. There are record-keeping requirements around the queries and exploitations. There are internal verifications around that. The reports generated must be sent to the new CIRC, so NSIRA, to assist in their review of how we are using these data sets. If NSIRA believes any of these were not in compliance with the law, they would report this to the federal court. There are a lot of obligations there, even on the publicly available data sets we would like to be able to retain.
It’s very hard to suggest that, as the CSE definition is very explicit about where a reasonable expectation of privacy is engaged, CSE has a very different mandate from CSIS. All of our effort is directed toward protected Canada and Canadian interests.
I was reading the testimony of Mr. Therrien who was here recently. The reasonable expectation of privacy is very fluid and flexible, even in his estimation. This is the type of thing we do at the service all the time. There are lots of operational reasons why we need to constantly review, revise, update — not all alone, we have our Department of Justice colleagues to help us — to make sure we have a sound understanding of where that reasonable expectation of privacy sits. It’s changing all the time, and I don’t need to tell any of the lawyers in this room that case law is being developed as we speak.
So we are trying to allow for a relatively flexible ingest of the publicly available data set, but one is still very mindful that there can be reasonable expectations of privacy in some publicly available information, and we will need to calibrate.
I have already made a statement to say that there are things — hacked or stolen data sets, for example — we have already acknowledged that there is a much higher expectation of privacy associated with those data sets. We have already stipulated that we would not consider those to be publicly available, and that we would instead appeal to the federal court for the ability to retain those data sets. Again, our adversaries, to your point, would have access to that same information because it would have appeared on the Internet, and we would want to make sure that we had access to the same information, but we will do it at a higher standard.
I would close by saying that speaks to confidence again. If NSIRA was uncomfortable with the way we were managing our data set regime, it would have significant impact on our operations and they would make their concerns public. That’s not something we’re looking toward. We’re looking to manage this in a very responsible way from the outset. We are alive to these considerations. This speaks to Senator Busson’s comment earlier about the challenges we experience on a day-to-day basis and making sure we’re alive to these issues. It’s expected of us.
Senator Gold: Thank you very much.
Senator Richards: Thank you again. I’m wondering if the no-fly list comes from the Americans, whether it’s United or whatever, and if the no-fly list for Canada comes from an American list. I’m thinking of the no-fly kids, because very temporarily my son was a no-fly list. He’s off it, thank God, but I was worried to death because he was flying back from Le Guardia last week and I was wondering.
How can we get over this problem of a no-fly list if it comes from another country or other airlines? What if people are on that list and it is not really fair, like a 13-year-old kid, like my kid was? Do you have any answer to that?
Mr. Davies: I can tell you a bit about how the Canadian no-fly list is constructed, if that would help you.
Senator Richards: That’s fine.
Mr. Davies: Every 90 days or so, the relevant agencies come together to talk about the no-fly list: who is on the list, who should be on the list and who should be taken off. If they want to propose that somebody added, they need to bring a case brief, derogatory information that meets the threshold of reasonable grounds to suspect that the person will travel for terrorism-related purposes or is a threat to transportation and security.
The case brief is very thorough, very well discussed. Everyone wants to be sure that the individual’s associations, capabilities and intentions are well documented. We’re assuming legal challenge perhaps down the road, so it’s really well discussed. I can talk more in detail about how we’re changing the process and so on, but in terms of high level for now, that discussion is summarized for a decision maker that’s delegated from the minister. In that case, my boss, the assistant deputy minister of national security branch and public safety signs off on the list every 90 days.
There’s a process for vetting everyone on the list every 90 days. Edits are done to as many changes as needed. People come off the list; people go on the list. Bill C-59 makes a number of changes on how recourse is set up. If you are “no boarded,” if you are alerted that you are on the Canadian list, the recourse process is being changed. It is very transparent in terms of how administrative recourse would work. If you are not satisfied with the decision, that process is to go to the federal court to appeal that decision. Everything is set out in law. In many ways, it’s a pretty thorough, robust process.
I’m not sure if there are any other elements that you have questions about.
Senator Richards: Well, you partially answered it. But the thing is, we talked to people who were here last week, and 8-year-old kids are still on the no-fly list. It can get very murky and cloudy, and I was wondering if there’s any answer to it.
Mr. Davies: There are no 8-year-old kids on the no-fly list, but I don’t want to be accused of legal semantics. What happens is that sometimes someone will have the same name as someone really on the list.
Senator Richards: That’s what I’m saying.
Mr. Davies: What we’re talking about is a false positive match that may happen and delay someone’s ability to print a boarding pass. They may be set aside at the counter. I absolutely acknowledge there’s a stigmatization that happens when a family is set aside and they don’t know what’s going on.
Bill C-59 sets up the authorities to deal with that. It will allow moving from a regulated approach, where the carriers themselves are vetting the system, which creates a lot of inefficiencies and so on, to the government doing that vetting of individuals. Manifests will be coming into the government, almost an instantaneous return. As those names will be reviewed, there will be a redress system set up so you will have a unique identifier. If you thought a family member was being tagged, according to the program you could get a number. It would kick the person out as the manifests are being assembled. It would be seamless and done up to three days in advance of the flight. It would allow you to print your boarding pass at home.
The authorities in Bill C-59 enable us to go forward on this approach and enable us to work on the regulations on what would happen if Royal Assent is given.
Senator Richards: Okay. Thank you.
Senator Dagenais: My question is for Ms. Geddes. Ms. Geddes, earlier, I asked Mr. Breithaupt about charges. He told me that he could not answer my question about terrorism charges in Canada and, despite all the investigations that have been conducted, there have been none. You have been talking about investigations into terrorism activities for a while. Why have there never been any charges? Is it because your investigations are inadequate? Is it because they are not thorough enough? Is it because you do not want to lay those kinds of charges because of the processes in the attorney general’s office? There certainly has to be a reason. You conduct investigations, but no charges are ever laid.
Ms. Geddes: Thank you for your question.
I could ask my colleague from the RCMP to join us, but I’m happy to answer the portion of that question that I can.
These are complex investigations, terror investigations. I prefer not to speak to whether or not there are indictments or there should be more. That’s a very complicated question and certainly outside of my mandate.
I can tell you that we are constantly engaged in discussions and operational reviews with our colleagues at the RCMP to make sure we are conducting as effective a national security investigation as we can and that we are providing the very best intelligence that we can to enable them to do their job. So it’s a piece of work that we engage in continuously.
I can tell you that our national security investigations in this space is something that we’re very proud of. I think we are very good at our work. I think you would probably have to put that question to the RCMP or, as I said, to the Public Prosecution Service, but that would be as far as I could go in answering your question.
Senator Dagenais: Let me humbly give you an example. I was a police officer in the Sûreté du Québec for 39 years. I conducted many investigations, and I can tell you that, if no charges had ever been laid, I would have been discouraged. If you investigate, it is in order to make arrests. I understand that the director of criminal prosecutions has to look at the files, but I cannot believe that no charges have ever been laid. I understand that everyone is doing a good job, but I confess I find it quite surprising that no charges have been laid.
Mr. Breithaupt: Thank you for the opportunity to pursue this conversation. We indicated how charges would be brought about and prosecutions would go forward. The latest statistics we have are from December 11, 2018, where a total of 55 individuals have been charged with terrorism offences in Canada since 2001. It’s not a case where there haven’t been charges or prosecutions brought. There are statistics set out, I believe, in the public threat report.
Mr. Davies: Our apologies, sir, we don’t have the public threat report with us here, but we can have that tabled. All those numbers are detailed in the recently released public threat report the government puts out every year.
Senator Dagenais: I really do not want to labour the point. Just yesterday, we saw a case where there was no charge. Of course, I do not want to talk about that, but I find it quite extraordinary. You are telling me that there have been charges, but no convictions. What are we to make of that?
Mr. Davies: Hopefully you have garnered that there have been indictments, as Mr. Breithaupt has said. We can get you those numbers. Unfortunately, I don’t have those details with me.
Mr. Breithaupt: And with respect to those 27 convictions registered thus far.
Senator Gold: I think it’s an important question my colleague asked. Would you comment on some of the testimony we heard around this issue? We have many terrorism offences in our law. Most of them are — how to put it — preventive in nature and they relate to activity before the bomb, so to speak. They require, in some cases, proving intent, but in many cases they’re really focused on the activity. Nonetheless, it’s complicated.
After the fact, God forbid there’s been an act, though we have terrorism offences as well, we have the regular Criminal Code. We’ve heard from witnesses and have read literature that suggests it’s far easier for prosecutors to charge under, say, the assault provisions, the mischief provisions or homicide provisions, even if it was in pursuit of a terrorist activity. It’s easier to get a conviction.
The statistics don’t always reveal the full picture because of prosecutorial choices made. It’s harder to convict for a terrorism offence because you have to establish intent in many cases, whereas if damage has been done, regrettably, it’s easier to prosecute under the normal provisions.
Is that a fair description of some of the dynamics that go on behind the scenes?
Mr. Breithaupt: I can say that, yes, the terrorism offences and the terrorism chapter have a primarily preventive focus. They are, in large part, designed to allow law enforcement to intervene and charge someone with a terrorist offence before the terrorist attack takes place. It is true that they’re forward in time and law enforcement has to take a decision as to when to intervene.
There are other terrorism offences that are, for example, committing an indictable offence on behalf of, for the benefit of or in association with a terrorist group, which are not necessarily so preventively focused in nature.
Senator Gold: What I was looking for your comments on, if you’re able to provide them, is that even in a case like that it may be easier to prosecute just for the commission of the offence. There may be aggravating circumstances in sentencing, but there’s less to prove if you can establish the actual actus reus, the elements of the offence, rather than having to layer onto it “for the purposes of a terrorist activity.”
Mr. Breithaupt: It’s up to the independent police and prosecutors. In particular, the prosecutor decides, given the law and the available evidence, the reasonable prospect of conviction, the public interest, which offence to apply in a given case. It may be that they decide to charge the person with murder, for example, rather than murder for the benefit of a terrorist group.
There are those availabilities. The prosecutor can decide amongst the array of offences which is most appropriate, given the particulars of the case, the availability of the evidence and the other grounds that I mentioned.
Senator Gold: Thank you.
Senator Dagenais: I have a supplementary question. As I was listening to my colleague Senator Gold, with all due respect, I got the impression that we were moving away from Bill C-59 and sitting in on a legal argument between the witness and the senator. I have no doubt about the excellent work that the national security services are doing. However, I am very surprised that, with all the investigative work that has been done, there have been charges, but no one has been convicted. That seems troubling to me, I must confess. I just wanted to mention that to you. I did not want to start a legal argument about how to lay a charge. I know how it has to be done.
I am concerned by the fact that Australia has laid 60 charges. I grant you that there may have been more acts of terrorism in Australia, but I cannot believe that, in Canada, there has not been a single charge. However, I don’t want to make this into a debate or a legal argument. I know there are a lot of lawyers around the table. It’s just a comment I wanted to make.
Mr. Davies: I’ve had a few more numbers given to me. Since 2013, twelve individuals have been charged and three convicted, two terrorism peace bonds have been imposed, four outstanding warrants, two people are awaiting trial and in one case charges have been withdrawn. In terms of your question on convictions, there have been three convictions since 2013.
Mr. Breithaupt: As we had indicated previously, there have been 27 convictions as of December 11, 2018.
Senator Dagenais: At least we have found some.
The Chair: Seeing no other questions, let me express out thanks on behalf of the committee to officials for being here.
Just a reminder to all senators that if you have amendments, consult with the law clerk and to share them with our clerk so he can properly prepare.
Senators, clause-by-clause consideration will take place at 1:00 on Monday, and we will begin study of Bill C-77 at 11:45 on Wednesday.
(The committee adjourned.)