Raise Your ‘Intelligence’ About C-59

September 11, 2017

 

National security is full of acronyms, jargon, and legal language. There are many agencies with long or uninformative names, and sometimes words that you think you know from regular life are ever so slightly different when talking about the unique world of national security.

If you find yourself in doubt about a term, check CCLA’s handy list which includes the ‘intelligence’ you need to make sense of Bill C-59.

Accountability

When we talk about accountability in the national security context, we usually talk about three things: oversight, review and control. It is important to recognize the difference between them, because we need all three.

Oversight takes place all the time, as actions take place and operations unfold. It is a real time, on the ground, safeguard to make sure that the plan is good, the operation will work, and that the law is followed during planning and executing activities.  

Review is an after the fact process, which may involve an investigation into the way activities were planned, authorized, and executed in the past. It finds mistakes or identifies problems after they have happened, and sometimes involves making recommendations to ensure those issues are properly addressed.

Control refers to an independent and objective entity that must approve the activities of an agency before the agency can carry them out. In most contexts, the independent and objective entity that controls the activities of an agency is a judge. In the national security context, government officials (such as a Minister) have historically been relied upon in Canada to impose some control. However, many have argued that this kind of control is insufficient to prevent abuse or overreach. Another type of control entity often used in the national security context is a tribunal or a certain type of Commissioner. These entities are more independent than a Minister and can operate similarly to a court.

CBSA: The Canada Border Services Agency

CBSA stands for the Canada Border Services Agency. The CBSA manages land-border crossings and airport, rail, and shipping port entries of peoples and goods into Canada. They have a range of powers and responsibilities, but are also heavily responsible for national security at border crossings and airports as well as for immigration and refugee admission, denial or detention. They conduct investigations and can search and/or arrest individuals, detain them, and seize their goods and electronic devices.

CSE:  The Communications Security Establishment

The Communications Security Establishment (formerly “CSEC,” Communications Security Establishment Canada) is the primary Canadian agency responsible for collecting foreign signals intelligence (SIGINT). In other words, they are Canada’s digital spies. The CSE is also responsible for protecting the Canadian government’s information and communication networks through its cybersecurity mandate, and is empowered to provide technical assistance to other Canadian intelligence and law enforcement agencies. Bill C-59 reorganized CSE’s information technology mandate into three parts: information assurance, defensive cyber operations and active (offensive) cyber operations—the last of these referring to state-sponsored hacking.

Though the CSE has existed since the Second World War, the Establishment’s existence was not mentioned in any law until the National Defence Act was amended to include it in the Anti-Terrorism Act, 2001. Bill C-59 proposes the creation of a brand new CSE Act, with far more details about how the CSE is meant to operate.

CSE Commissioner

The Commissioner of the Canadian Security Establishment is the current review body for the CSE—but if Bill C-59 becomes law, the CSE Commissioner’s duties would be taken over by the Intelligence Commissioner, who will have far broader reach.

Currently, the duties of the CSE Commissioner are contained in the National Defense Act (section 273.63), and are as follows:

  • to review the activities of the CSE to ensure that they are in compliance with the law;
  • in response to a complaint, to undertake any investigation that the Commissioner considers necessary; and
  • to inform the Minister and the Attorney General of Canada of any activity of the CSE that the Commissioner believes may not be in compliance with the law.

The Commissioner must also submit an annual report to the Minister on the Commissioner’s activities and findings, which shall be provided to both houses of Parliament. The Commissioner is allowed to  enter into and access public offices or institutions, examine any relevant documents or records belonging to such an office or institution, summon witnesses and compel evidence, and administer oaths or affirmations.

Like SIRC (described below), the CSE Commissioner is confined to reviewing only the activities of a single agency, the CSE, even when the CSE works in conjunction with other agencies, as it often does.

The role of the Commissioner is filled by a supernumerary judge (one who is eligible for retirement but chooses to work part-time) or a retired judge of a Superior Court, appointed by Cabinet. The CSE Commissioner is appointed for one term of not more than five years.

CSIS: the Canadian Security and Intelligence Service

Headquartered in Ottawa, the Canadian Security and Intelligence Service (CSIS) operates domestically and internationally, and is responsible for conducting national security investigations, collecting intelligence, and advising the Government on threats including terrorism and foreign espionage. It is the organization in Canada with primary responsibility for the collection and analysis of human intelligence (HUMINT). Its mandate and actions are governed by the Canadian Security and Intelligence Agency Act (CSIS Act).

CSIS was formed in 1984, in the wake of a variety of scandalous actions by the Security Service within the RCMP. A Royal Commission resulted, and after extensive study the McDonald Commission issued recommendations to separate intelligence from law enforcement functions in Canada’s national security bodies. This is why we now have a security service (CSIS) that does intelligence work, and operates independently of our national police (the RCMP), that is responsible for law enforcement.

However just a few years ago, the duties and function of CSIS were dramatically altered. Bill C-51 (which became the Anti-Terror Act) contained a number of extensions to the agency’s mandate, including provisions which allow  CSIS to “take measures within and outside of Canada” to disrupt threats (i.e., powers like law enforcement). Shortly after, another amendment to the CSIS Act gave CSIS additional powers,  authorizing the agency to conduct activities within and outside Canada, whether or not these activities comply with the laws of any foreign jurisdiction or international law; to provide additional protection for ‘human sources.’ This was despite the findings of the Air India Federal Commission of Inquiry, that providing informer privilege to CSIS sources would threaten terrorist prosecutions.

At this time, Bill C-59 seeks to impose some limits on CSIS’s its “threat reduction” powers, and to create a new regime for the collection, use, management and retention of datasets.

Dataset

Bill C-59 defines a dataset as “a collection of information stored as an electronic record and characterized by a common subject matter.” A dataset could include a collection of just about any imaginable form of information, but the CSIS Act divides them into three different categories, with three different sets of legal protections: “publicly available” datasets, Canadian datasets, and foreign datasets. For example, a dataset might be a database from Statistics Canada, a list of names associated with a given group on social media, or a list of IP addresses which have visited a type of website. C-59 amends the CSIS Act to create a new regime for the collection, use, management and retention of datasets.

Department of National Defence

The Department of National Defence (DND) and the Canadian Armed Forces (CAF) advise and support  the Minister of National Defence, and implement government decisions regarding the defence of Canadian interests inside and outside Canada.

Designated Judges

In Canada the Federal Court has jurisdiction over many matters related to national security, including security certificate proceedings and proceedings dealing with claims of national security privilege. A small number of security-cleared judges of the Federal Court are designated by the Chief Justice to preside over such matters: the government is not involved in their selection in any way.

Ex Parte

Normally, parties affected by a legal proceeding are notified, present and represented at the proceeding, with an opportunity to speak and respond. A Latin legal term, ex parte refers to those proceedings where the affected party does not receive notice, and is neither present nor represented in a court of law. For example, where the government is seeking a warrant to engage in surveillance activities, like a wiretap, the application is done ex parte.

Five Eyes

The Five Eyes is a group of intelligence agencies (including defence, security, human and signals intelligence) from five member states: Canada, the United States, Australia, New Zealand, and the United Kingdom. This group cooperates and shares intelligence and counterterrorism information. Canadian agencies involved in the Five Eyes include CSIS, the CSE, and the Canadian Forces Intelligence Command (CFINTCOM). While very little information is officially available regarding the Five Eyes, we know from the Snowden revelations in 2013 that they cooperate on a number of mass surveillance programs. The Five Eyes alliance, which has been criticized as a mechanism that allows member states to “outsource” illegal surveillance of their citizens to foreign countries. A Canadian Federal Court decision related to CSIS’ efforts to monitor electronic communications abroad also criticized this practice.

Global Information Infrastructure

The “global information infrastructure” is the CSE’s playing field:  the CSE conducts its operations, across all mandates, on the global information infrastructure. The new CSE Act in C-59 defines it as including “electromagnetic emissions, any equipment producing such emissions, communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those emissions, that equipment, those systems or those networks.” In other words, that’s everything from e-mails, radio broadcasts and phone calls to heat signals, light and microwaves.

Human Intelligence (HUMINT)

Human intelligence is derived from information collected and provided by human sources. Such sources, as listed on the CSIS website, include:

  • members of the public
  • foreign governments
  • human sources
  • technical interception of telecommunications
  • open sources including newspapers, periodicals, academic journals, foreign and domestic broadcasts, official documents, and other published material.

In camera

In camera is a Latin term that translates roughly as “in chambers.” Hearings or meetings that are held privately and exclude the public are referred to as in camera. This is often the case where sensitive evidence or information related to national security is involved.

Intelligence Commissioner (IC)

The Intelligence Commissioner is a new position, created in Part 2 of Bill C-59 by the Intelligence Commissioner Act.

The IC will be responsible for reviewing the conclusions underlying certain CSIS and CSE authorizations, and determining whether these authorizations are reasonable. The IC’s oversight will extend to foreign intelligence authorizations, cybersecurity authorizations, and how Canadian datasets are classed and retained, among other things. This is an important improvement over the current state of affairs, in which CSIS and CSE are largely responsible for interpreting the laws and authorizations which govern their own actions, and they do so in secret. This has caused problems of over-reach and resulted in situations where the Federal Court has found CSIS to be in violation of its duty of candour 2013 and 2016.

He or she will be a retired judge of a Superior Court, appointed for no more than two five-year terms. The IC will be a part-time position, with a rank and powers equivalent to a deputy head of a government department.

Metadata

Metadata is data generated when a person uses technology, and an electronic or digital record is created. In other words, metadata is data “about” other data. Metadata is created when you use certain devices (your computer, your smartphone, your tablet and otherwise) – to access online services (email, social media networks, shopping sites, search engines, and other websites visited, etc). Analyzing your metadata can provide insight about how you are using those devices or services, where you are using them, and with whom you are interacting. Metadata can provide a lot of information about a person. As well, the line between metadata and the actual content of a communication can be difficult to draw and might depend on how the data is accessed.  Sometimes, metadata can tell you more than the actual communication itself. Also, because metadata is structured, it is much easier to collect and analyze in immense amounts. Patterns in metadata can be very revealing; for example, a great deal can be learned by analyzing all of a person’s movement patterns as well as those of the individuals with whom they have interacted; or by analyzing someone’s Internet usage.

Some examples of metadata might include:

  • With respect to telephone calls and text messages, any interaction may reveal: ‘who’ (the sender and recipient); ‘what’ (type of call or text made with which service provider); ‘when’ (date, time and length of interaction); ‘where’ (location of the sender and recipient); and sometimes ‘why’ (for example, it can easily be inferred that a call to a crisis hotline likely relates to a crisis situation);
  • IP addresses, e-mail addresses and server transfer information when you send an email;
  • URLs (addresses) of websites or even specific web pages visited, search queries, documents downloaded, videos viewed, songs streamed, your GPS coordinates from your mobile phone;
  • The author of a document, the username of a Facebook or other online account, a list of all the applications you are using on your mobile device.

In a national security context, security agencies sometimes refer to metadata as though it is just “envelope information” that is not personal and doesn’t require privacy protections. However, in reality, most agencies recognize that this data is highly revealing of the activities of people, and for this reason, security agencies seek to collect it in large volumes. Given how private and revealing and highly personal even one item of metadata can be (ie identifying the owner of an IP address), we need to consider how to use such data proportionately and with appropriate consideration for privacy. The Office of the Privacy Commissioner of Canada has a helpful infographic to help learn more about metadata.

Ministerial Directive

A Ministerial Directive or Direction in the national security context is a set of directions from the  responsible Minister (typically National Defence or Public Safety) to the head of CSE, CSIS, or other agencies engaged in security.. Unlike other similar legal instruments, Ministerial Directives and Directions are typically developed, assessed and approved in secret and only become public if obtained through a freedom to information demand.

While a Ministerial Directive cannot expand an agency’s authorities beyond those contained in law, it may be used to permit or limit actions, or to require measures for accountability such as the reporting of specific information to the Minister.

An example of a Ministerial Directive that was made public a few years ago is the directive to CSIS on Information Sharing with Foreign Entities, which critics suggested was worded in a way to condone torture. This particular Directive is an ideal example of how such documents can have severe impact, even going to far as to implicitly condone torture in some circumstances.

National Security and Intelligence Committee of Parliamentarians (NSICP)

The National Security and Intelligence Committee of Parliamentarians (NSICP) was created by Bill C-22, An Act to establish the National Security and Intelligence Committee of Parliamentarians and to make consequential amendments to certain Acts, which received royal assent on June 22, 2017.

The law creates a committee (NSICP) which has a wide mandate to scrutinize national security matters, including the operations and actions of CSE, CSIS, and the CBSA, as well as other agencies and departments with national security roles. It may review ongoing operations, as well as conduct strategic, systematic reviews of the legislative, regulatory, policy, expenditure and administrative frameworks under which intelligence activities are conducted.

Before this Committee was created, Canada was the only member of the Five Eyes alliance without parliamentary oversight of its national security agencies. While the creation of the Committee fills an important accountability gap, there are limits on its powers which may prove problematic. In particular, the government’s power to halt Committee investigations, redact their reports to Parliament, and to strictly control what information the Committee can access, all leave questions about the ability of the Committee to provide strong, informed, and effective review.

The Committee can consist of up to 9 members, 2 from the Senate and 7 from the House of Commons, with representation from all official political parties. Members of the Committee are appointed on recommendation of the Prime Minister, and are required to obtain a security clearance.

National Security and Intelligence Review Agency (NSIRA)

The National Security and Intelligence Review Agency (NSIRA) is a new, integrated review body that will be created by Bill C-59, if passed. This new Agency will fill a long-standing gap in national security review in Canada, as it will have an across-the-board mandate to review all national security-related activities, and investigate complaints.

NSIRA will take the place of both the Security Intelligence Review Committee (SIRC), which currently (pre-C-59) is the body responsible for reviewing CSIS’s activities, and the CSE Commissioner, the office currently responsible for reviewing the CSE.

SIRC and the CSE Commissioner are separate bodies, unable to conduct joint reviews. This is a problem, since CSIS and CSE often work together, as well as with numerous other Canadians agencies that deal with national security matters but have separate review bodies or no oversight at all.

The new Agency will have a Chair and between three to six members, appointed by the Governor in Council on the recommendation of the Prime Minister. The Prime Minister, before making appointments, will be required to consult with other party leaders in the Senate and House of Commons.

RCMP

The Royal Canadian Mounted Police (“RCMP”) is Canada’s national law enforcement service, and operates under Public Safety Canada. The RCMP is unique in that it is a national, federal, provincial and municipal policing body.

The RCMP has a number of national security-related responsibilities as part of its mandate to “detect, deny and respond to criminal activity” considered a threat to the security of Canada.  These include: national security criminal investigations, protective policing, border integrity, critical infrastructure protection, marine security, air carrier protection, critical incident management and other support services.

The RCMP is organised under the authority of the Royal Canadian Mounted Police Act, and receive its mandate from section 18 of that Act.

Security Certificate

Security certificates are used to deport a permanent resident or foreign national — in all cases a person without Canadian citizenship), deemed inadmissible to Canada on the grounds that they pose a risk to national security, might have committed violations of human or international rights, or may be involved in serious or organized criminality.  Security certificates allow the arrest and detention of non-Canadians pending deportation proceedings.

Since 2001, security certificates are administered under the Immigration Refugee and Protection Act, 2001 (IRPA).  Security certificates have existed in Canada since 1978, operating under the immigration laws that were in effect at each time period up to the present.

Office of the Communications Security Establishment Commissioner  (OCSEC)

See CSE Commissioner.

Signals Intelligence (SIGINT)

The CSE defines SIGINT as “the interception and analysis of communications and other electronic signals.” Signals intelligence can include any form of electronic communications or signals, from phone calls, text messages and web traffic to satellite signals. The CSE’s SIGINT mandate is “to acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities.”

SIRC: Security Intelligence Review Committee

SIRC is the current review body for CSIS, which will be replaced by NSIRA if Bill C-59 passes. SIRC’s mandate is to review and report on CSIS’s activities to Parliament.

SIRC has a fairly comprehensive ability to review CSIS’s work, including the ability:

  • to review directions issued to the Director of CSIS by the Minister;
  • to review arrangements entered into by the Service with provincial governments or police forces;
  • to review suspected or demonstrated unlawful conduct on behalf of CSIS employees;
  • to monitor any requests made by the Minister of National Defence or Foreign Affairs to collect information relating to the capabilities, intentions or activities of any foreign state, individual, or corporation;
  • to review the regulations issued according to the CSIS Act, and
  • to compile and analyze statistics on the operational activities of the Service.

However, SIRC cannot review the activities of any other national security agency, which has become increasingly problematic because CSIS often works with other agencies including the CSE, RCMP, and CBSA.

SIRC reviews can include non-binding findings or recommendations, which the CSIS may (or may not) choose to follow. SIRC also issues an annual report, edited to protect operational secrecy and personal privacy, which is tabled in Parliament, usually in October.  

SIRC was established under section 34 of the CSIS Act in 1984 as a review body. It consists of a Chairman and two to four other members, all of whom must be members of the Queen’s Privy Council for Canada and must not be members of the Senate or the House of Commons. Committee members are appointed by the Governor in Council, after consultation by the Prime Minister of Canada with the Leader of the Opposition in the House of Commons and the leader in the House of Commons of each party having at least twelve members in the House. Committee members are eligible to hold office for a maximum of two five-year terms.

Special Advocate

Special Advocates are lawyers who have undergone extensive security clearance, permitting them access to sensitive national security information. Special Advocates are allowed to attend hearings, and are expected to represent the interests of the individual at the hearings by accessing and testing the information and evidence.  Special Advocates are permitted to address the substantive issues at hand, and also to challenge government ministers’ claims that disclosure of the evidence to the individual would be injurious to national security. They are also authorized to cross-examine witnesses.

The special advocate program was created (in the Immigration and Refugee Protection Act) following a Supreme Court decision in a case known as Charkaoui.  In this case, the Court ruled that a security certificate hearing process where an individual is not permitted to attend secret proceedings, not given any opportunity to know the evidence against him or her, and not able to challenge the evidence, is unconstitutional. In their unanimous decision, the Court said that the security certificate process (as it existed in 2007 when the case was heard) violated the principles of fundamental justice because an individual could not know the case against him or her, and could not make full answer and defence.  The Court further stated that individuals subject to security certificate proceedings are entitled to the protections of section 7 of the Charter, and noted that the national security context cannot be used to “erode the essence of the section 7 protection”, which is to provide “meaningful and substantial protection” and due process.

The Parliamentary solution to this issue was the creation of the special advocate system, which provided representation for named individuals in security certificate processes. While it is possible to question the necessity of secret hearings in some or all cases, the special advocate system provides a vital protection for due process rights when such hearings take place. Bill C-51 limited the ability of special advocates to access all information pertaining to a case, which CCLA took issue with in our constitutional challenge.

Warrant

A warrant is a document issued by a legal official (in the national security context, by a Federal Court judge)  authorizing a public safety or national security agency (RCMP or other policing body, CSIS, CSE) to make an arrest, conduct a search (of a physical space or an electronic device, like a computer), or carry out some other action relating to the administration of justice.

More terms and information coming soon! Check back for the following definitions, and more, in the next few weeks.

  • Recognizance with Conditions
  • Judicial Review
  • Intelligence
  • Evidence
  • National Security
  • Communications Data
  • Threats to the Security of Canada
  • No Fly List
  • Terrorist Entities List
  • National Security and Intelligence Advisor to the Prime Minister
  • Canadian Armed Forces
  • Department of Public Safety
  • Immunity
  • Cyber Operations

 
 

Visit our Bill C-59: Get it Right! Campaign home page

 

Support CCLA’s C-59: Get It Right! Campaign