What does bill C-59 do with the bill C-51 speech crime?
The Meng extradition proceeding will clearly test one area of Canadian law: extradition law. (See here). It will also now probe another: constitutional rights at the border. Ms Meng’s lawyers filed a civil action suing officials (and especially the CBSA) for detaining Ms Meng at the border. There (plaintiffs allege) officials conducted pretextual border detention, questioning and searches (including of her electronic devices, for which she provided the passcode) in aid of US authorities, not in support of Ms Meng’s arrest for extradition purposes. The statement of claim is posted here. There have been questions about the legal niceties of this case. We offer a few quick observations.
Today is reportedly the deadline for the Minister of Justice to issue an “authority to proceed” in the extradition committal hearing in the Meng (Huawei) case. Because there has been much attention lately to the functions of Minister of Justice (MoJ) and AG and much confusion, I have sat down and compiled some observations on extradition proceedings. (This was initially prepared as a tweet string, last night, but I messed that up. I'd add that I have become a student of extradition law these last few months and do not claim a deep-seated expertise. But still, it might be helpful in this blog to codify what I have learned, and what has occurred to me as I have).
I post this morning on the issue of: the role of the Attorney General in criminal prosecutions. The context: the Globe and Mail reported on Thursday, February 7. This post discusses the constitutional convention governing prosecutorial independence and also the now-famous “Shawcross” principle.
Two thousand and nineteen will, of course, produce a new Parliament -- Canada's 43rd. It will, therefore, be the season of transition preparation in the public service -- and a good time for taking stock (and for filing access to information requests for all those informative ministerial briefing books).
It will also bring a bumper crop of Canadian national security scholarship. Stephanie Carvin, Thomas Juneau and I look forward to the publication of our book on the Canadian security & intelligence community. Stephanie and Thomas have other joint and separate projects that will produce excellent new resources on Canadian national security practices. And with Leah West, I look forward to publishing the long-delayed second edition of the book that justified this blog site: National Security Law (Irwin Law). (The timing of that book depends on the fate of bill C-59.)
With that task accomplished, it will be time to consider the future of Canadian national security blogging. The Canadian academic national security space now has grown -- albeit modestly -- since this blog began in 2007. And other platforms -- such as Twitter -- and forums -- such as our Podcast Called INTREPID -- now consume time and attention. Postings on this site have become more infrequent.
On the other hand, I have considerable evidence from structured conversations that blogging remains the single best means of "knowledge mobilization" in the public policy and law space. Contrary to the views of others, I do not think blogging is dead.
But it should change. The "my musings and commentary" style of blog has probably seen its day, replaced by Twitter. There is still room, however, for the research and analysis blog. In the United States, Lawfare and Just Security point the way. They share these qualities: (1) collaborative, with postings by academics and practitioners; (2) timely, responding to current events and helping shape "hot takes" in a direction helpful to the reality-based community; (3) robust but not inaccessible, written for generalist audience but helpful to a specialist cadre; (4) curated, if not truly peer-reviewed, ensuring quality-control. Unlike this blog platform (a product of Me Myself & I LLP) they are also resourced (which helps reduce the frequency of typos).
I *think* four things now make it possible to replicate this model in Canada. First, the scholarly community willing and able to engage in public-facing discussions may now have enough members to make such a platform sustainable. Second, sensible academic units now acknowledge the significance of a public-facing presence. Not so long ago, writing for a policy or general audience was (in some places) prejudicial to academic advancement. That conceit now seems more muted. Third, the government and the security & intelligence services are much more attuned to public discussions than they were in the near past. The illusion that we benefit from siloed cloisters may now be evaporating. That shift could turn on a dime, especially if 2019 marks a reversion to a more closed government. But I am inclined to think practitioners (present and past) might engage on and with a platform with the four above-noted qualities. Four, other collaborative academic blogs exist, but they are often stovepiped by institutional affiliations and are broad, rather than deep, in subject matter focus. Our experience with A Podcast Called INTREPID is that there is an audience for detailed national security obscurity and geekery.
That leaves the issue of resources. I am not interested in being an editor -- nor, given my inability to proof-read, am I qualified to be one. Everything then depends on helping hands.
I have begun approaching bodies who might be interested in providing an editorial foundation for a collaborative Canadian national security law and policy blog -- which I hereby entitle "A Blog Called INTREPID". The editorial approach would be modeled on that of student-edited law reviews. And the idea would be to twin a dynamic Lawfare/Just Security-style content, with our existing podcast. The platform would also consolidate various collateral products, such as my Secret Law Gazette and the various instructional videos that Leah West and I anticipate producing as the online feature for our National Security Law book. I also need a home for the database of state self-defence justifications prepared by my research assistant Peter Knowlton as a project related to my Destroying the Caroline book. And I know other scholars may be on the hunt for a similar depository.
Put in other words: by 2020, this space may have its own transition. Stay tuned.
Once more unto the breach...
Bill C-59 will hopefully, finally, soon (?) inch its way to the senate committee, after second reading (still underway) in the senate. I confess, I am looking at the parliamentary calendar and starting to feel a bit nervous. As readers of this blog or listerners to "A Podcast Called INTREPID" will know, I do not embrace every aspect of C-59. But I think it a vital bill -- and a vast improvement on the status quo -- measured on both accountability and security grounds. And in its absence, that status quo will oblige a number of public interest groups to reignite their various court challenges. (If I were the government, I'd be worried about at least some of those challenges.) And watchdog entities like SIRC will have to continue issuing reports saying CSIS is in non-compliance with its current laws (in relation to datasets) and the CSE commissioner will be obliged to continue its decade-long complaints about statutory ambiguities. None of this is sustainable. And meanwhile, our security services would have all the powers and competencies necessary for the analog era. So this is an important law project.
But it is also important for people to understand what is in this complicated bill. I have reached my 20th year as a lawyer, and I continue to believe the most important thing I ever learned in law school is how to reduce a complicated area of law to a decision-tree flow chart. Unless you can make those boxes in the flow chart connect, you are missing something, or the law is missing something. So I continue to make such charts and devices, usually for my personal understanding.
In the event, however, that my labours are useful to others, I post my revised and expanded bill C-59 flowcharts. These now do two things: 1. They outline how CSE's new mandate powers will operate, and the checks and balances on those. 2. They show how CSIS's security intelligence, threat reduction, foreign intelligence and "dataset" (bulk data collection and retention) regimes will work (and the checks and balances on those), if C-59 becomes law.
I have done my best *not* to make mistakes, and have shared these charts with knowledgeable people who have made helpful comments. But caveat emptor -- there will be glitches. Also, there are areas where provisions may be interpreted differently. I have tried to flag those areas where I know others have a different take -- that provides evidence either that I am idiosyncratic or that the provision in question is ambiguous. And then I have also flagged areas where I have concerns that I know I am not alone in having. (Those are in the red boxes.) Here, I feel danger lies, as these uncertainties could be tomorrow's controversies.
If anyone spies any errors, please let me know.
Revised C-59 Flow Charts:
This blog space has been quiet since summer. As Leah West and I work on a second edition of the "National Security Law" treatise that was the springboard for this project, we are discussing how this blog space could be repurposed. For instance, would there be interest, demand and enough fresh copy for a Canadian "Lawfare" blog? So stay tuned, and if there are people who thinks this is possible or interesting, feel free to let me know.
In the meantime, Stephanie Carvin and I continue to have fun with a different medium -- A Podcast Called INTREPID. We're into our second season (and have posted 53 episodes). We continue to welcome current and former members of Canada's security and intelligence community as guests, as well as discussing issues of national security law and policy that emerge in the policy space. You can find us on iTunes, Google Play and on the podcast feeders that piggyback on these platforms. And our main website is: www.intrepidpodcast.com
The recent flare-up in relations between Canada and the Kingdom of Saudi Arabia (KSA) places into sudden relief the challenges in Canada's foreign intelligence architecture. It follows hard on the heels of a Federal Court decision affirming the Canadian Security Intelligence Service (CSIS) can only collect foreign intelligence "within Canada". That case is discussed at length here and on Episode 48 of A Podcast Called INTREPID.
Just to be clear: CSIS may investigate threats to the security of Canada anywhere. "Threats to the security of Canada" are espionage, sabotage, foreign influenced activity (within or relating to Canada, and detrimental to Canada), terrorism and (in principle) subversion (in practice, CSIS has not run a counter-subversion program since the 1980s).
"Security intelligence" is *not* intelligence on the foreign, economic or defence policy or posture of another country, unless it falls within one of the categories listed above. Rather, these broader classes of information are "foreign intelligence" (defined, obliquely, in the CSIS Act as: "intelligence relating to the capabilities, intentions or activities of [foreigners or foreign states or groups]").
Canada's electronic intelligence service, the Communications Security Establishment (CSE), has the mandate to collect foreign intelligence, anywhere. But it does so electronically, through the "global information infrastructure" (defined in the National Defence Act as including "electromagnetic emissions, communications systems, information technology systems and networks, and any data or technical information carried on, contained in or relating to those emissions, systems or networks"). CSE does not collect HUMINT (intelligence from human sources).
For its part, Global Affairs Canada does collect diplomatic information, but is not per se an intelligence service. The scope of its collection activities is not well-documented and murky to an outsider like me. It is my understanding that GAC's Associate Deputy Minister for “International Security” manages a “threat assessment and intelligence services division” and that GAC possesses a Global Security Reporting Program (GSRP). My assumption, though, is that GAC will not run confidential sources, for a host of reasons.
In its reported form, the KSA spat is not a security intelligence matter -- unless you count that terrible, threatening tweet picturing an Air Canada jet flying toward the Toronto skyline. But understanding what is going on in KSA is clearly of foreign intelligence interest.
I would assume Global Affairs is feeding diplomatic intelligence into the decision-making process. I assume CSE is involved in signals intelligence. But beyond what Global Affairs is doing through its diplomatic networks, no Canadian intelligence agency can collect information from confidential sources outside of Canada on "the capabilities, intentions or activities of" the KSA.
This is a different sort of "gap" than the one at issue in the recent Federal Court case (which seemingly dealt with footloose communications, not extraterritorial confidential human sources). And it is a gap of longstanding duration, regularly discussed every decade or so.
We have muddled through so far with no human foreign intelligence service because of our minor footprint in foreign relations and because of close, allied relations.
But those allied relations are not what they used to be. I have precisely zero confidence that non-security intelligence sharing with the United Kingdom or the United States on a matter like the KSA is done in Canada's interest, rather than the interests of the UK and US. And that means intelligence-sharing may be selective. And even if it is not currently selective, it could well be selective in the future. We do not control the spigots.
Creating an enhanced human foreign intelligence capacity is no small thing. In the past, I expressed considerable skepticism it was worth the risk, or that we could pull it off without starving more important activities of resources.
But the geopolitical situation is more complicated now than at any time since the Second World War, with a move toward multipolarity rather than the near-unipolarity of the post-Cold War and the bipolarity of the Cold War. States may realign in keeping with Viscount Palmerston's old adage that a state has no permanent friends or permanent enemies, just permanent interests.
It is not clear to me that Canada knows what its permanent interests are -- even (what for me is the unambiguous) need to remain a permanent friend of the United States is under strain among the commenting class.
But we may also not have the tools to preserve those permanent interests, anyway. If revisionist states see Canada as the runt of the Western litter and as a low-cost place for target-practice, a better understanding of the world seems wise. I am, therefore, no longer sure that building an enhanced foreign intelligence capacity is just one of those shiny baubles, distracting from more important things.
How to do this is another question. (It would be useful to know, for example, what exactly GAC does in this space rather than treat it as a black box.)
These are all questions now worth serious study.
With INTREPID Podcast on vacation, I'm going old-school and engaging in thought expermients via blog. Except for everyone who (quite properly) threw their phones into the lake, most people are likely aware of the sudden contretemps between Canada and Saudi Arabia. I am in no position to evaluate the foreign relations dimension of this. The people you need to follow on this are @thomasjuneau and @b_momani. However, there was one development in this spat that caught my (academic) lawyer's eye:
1. Terrorist Promotion and Advocacy
A twitter account reportedly with some sort of affiliation with the Saudi government tweeted (then deleted, modified and apologized for) an image of a large Air Canada plane flying low toward the Toronto skyline, with the CN Tower straight ahead. It was captioned: "Sticking one's nose where it doesn't belong! As the Arabic saying goes: 'He who interferes with what doesn't concern him finds what doesn't please him.'". Not surprisingly, given that 15 of the 19 9/11 hijackers were Saudi nationals, the (predictable and perhaps intended) reaction in Canada was that this image alluded 9/11, in a threatening manner. (For more on this tweet, see here). Saudi tweeters asserted (in response) they simply meant to signify the return home to Toronto (500 or so km from the capital) of Canada's expelled ambassador to the Kingdom.
I do not need here to discuss the (de)merits of twitter diplomacy, and the downside of inflaming public sentiment. I instead find this an opportune time to conduct a legal thought experiment: would a tweet like this be prosecutable under the Criminal Code?
At first blush, this is a silly question. Indeed, it is a silly question at second blush. It is, however, a question that must be posed, given the speech crime introduced by Bill C-51 to the Criminal Code in 2015:
83.221 (1) Every person who, by communicating statements, knowingly advocates or promotes the commission of terrorism offences in general — other than an offence under this section — while knowing that any of those offences will be committed or being reckless as to whether any of those offences may be committed, as a result of such communication, is guilty of an indictable offence and is liable to imprisonment for a term of not more than five years.
2. A Doubtful Law
Elsewhere, Kent Roach and I condemn this excessive offence as unnecessarily uncertain and (in our view) constitutionally doubtful. The Harper government chose to draft this crime without the features of the hate speech provisions in s.319 of the Criminal Code that allowed the latter to survive (barely) constitutional challenge in cases like Keegstra. Specifically, the "wilful promotion of hate" offence depends on the promotion being "wilful" (not just knowing) and then there are defences (for things like public interest). The Supreme Court accepted an interpretation of "wilful" requiring that the accused subjectively "desires promotion of hatred or foresees such a consequence as certain or substantially certain to result from an act done in order to achieve some other purpose". Put another way, they need to want the pernicious outcome, or be essentially certain it will come about.
The s.83.221 speech crime requires mere "knowing", not "wilful". I can know that I am promoting a bad thing, without desiring that this bad thing come about. For example, as a classroom reading, I may knowingly promote Frantz Fanon's writings about the necessity of violence in anti-colonial struggles. I may not wish that this violence ensue -- I am not willfully promoting it, in other words. But I intend to promote (encourage) consideration of the content, even if only for pedagogical purposes. I am knowingly promoting it. And maybe I think that he's right, and that anti-colonial type struggles (say in apartheid South Africa) do require violence to be successful and I say it. Arguably, that gets me promoting the "commission". And I don't know who is sitting in my classrooms, with malevolent designs, or reading whatever book I have written reproducing Fanon's passage. (Which we actually did, in False Security, in describing this same problem of uncertainty and overbreadth.) So I am surely reckless. Added to which: no one really understands what "terrorism offences in general" mean. But I am pretty sure that some of Frantz Fanon's writings would fall within the uncertain limits of this concept and are about the commission of terrorism offences in general. And I have no defences, as I would if I were (merely) promoting hatred. So a pedagogical motive isn't going to help me.
This hypothetical may be a reach, but it's easy to come up with others that would be more directly implicated by this offence and still be a long way away from actual violence or threats of violence -- the sort of thing that is not protected speech.
This is not, in other words, an offence that follows the sort of pattern for speech crimes that have been found constitutional. It seems likely a court would give it the narrowest possible read if it were ever used. But even so, it sits on the books blinking red, occasionally justifying wiretap warrants. Not a great look.
I have never been entirely sure what sort of truly bad speech the new crime is intended to capture that isn't captured by the many other terror and non-terror crimes that can penalize speech of various sorts. But whatever that bad speech might be, the provision surely captures a lot of speech that is constitutionally protected because very remote from actual violence or threats of violence. (I shouldn't have to worry about assigning Frantz Fanon to my students. Not that I do. I teach law.)
But maybe they wanted to go after this kind of tweet?
3. Would the Law Reach the Tweet?
I and others have urged that the unworkable provision needs to be rolled back. And that is what bill C-59 does, converting the crime from a promotion offence into a (perhaps redundant) version of a counselling offence. But that is another story. For our purposes here, would a tweet like the Saudi tweet violate the law, as it stands at present?
Sure, in theory. The offence does reach imagery. If (like many Canadians) a court were to see the image, with its caption, as "promoting" (encouraging) the commission of "terrorism offences in general", then it also seems likely that tweeting it to the world in a highly politicized dispute with Canada is "reckless as to whether any of those offences may be committed". All that is left is whether the promotion was "knowing"? It doesn't matter if the tweeters didn't want a terror attack. All that matters: Would the twitters know (subjectively) that what they were doing was promoting terrorism offences in general. Well, I guess not if they really believed that all they were doing was portraying the premature landing of the ambassador's airplane in downtown Toronto. Perhaps they did not know that Billy Bishop airport can't handle big jets?
You can see why this would get silly. But still, in principle, I see no reason why, on the letter of the law, the crime could not reach the tweet.
4. Would the Law Reach These Tweeters?
Now, it is true that on the facts of this case -- involving foreign authors -- things get even more complicated. Terrorism offences are extraterritorial, but they are not so sweepingly extraterritorial as to reach conduct by a non-national with no connection to Canada. Still, it is not necessarily clear to me how to define the territoriality of a tweet. Part of the actus reus surely reaches Canada, which may be enough to create the real and substantial link which the Supreme Court discusses in Libman. Not that I'd want to be the prosecutor to have to argue all these complexities.
But that is neither here nor there. Because of course, this is an academic question. No Canadian police officer will ever lay hands on the authors of the tweet -- its not like they'll be an extradition granted even if it were possible to seek one. And if those authors were government officials, and this tweet was construed as an official act of state, it would enjoy state immunity under international law (though not under the State Immunity Act, which does not apply to criminal law).
I guess another interesting subset of this question: could the Charter free speech protections extend to limit the application to those who speak abroad, of what (as I believe) is a constitutionally-excessive law? Foreigners overseas are not likely to have Charter free speech protections. Still, it would be the height of absurdity to apply a law that is unconstitutional to the prosecution in Canada of persons who are not themselves protected by the Charter because of where they uttered the communication for which they are being prosecuted. We have long settled that even corporations can challenge laws under Charter rights reserved to human beings, where the law is equally capable of capturing both human beings and corporations. The same logic would apply here.
As I say, this is all academic. Still, it is pretty stupid that we have a law that could put a person into jail for 5 years for nothing more than an offensive tweet. You may not like the tweet. I don't. It made my mild-mannered blood boil. And you'd be right to condemn it. But to have an offence that would jail someone for it? That would be...a little bit like Saudi Arabia putting a blogger and his relatives into prison.
I have been continuing a slow-motion effort to learn more about cognitive biases, and trying to imagine how to integrate cognitive bias awareness training into how I teach law. (For a fascinating recent primer cognitive bias, see Ben Yagoda's recent article.) On a separate track, I have been watching the contestation of political differences spun-up in various jurisdictions as legal claims, especially of a constitutional sort. In truth, some governments do embark on constitutionally doubtful paths.
But there is another issue as well: non-mainstream views about the constitution attracting the support of partisans that, if deployed in the hands of the other partisans they oppose, would be characterized as a coup d'etat. The various proposals for "court packing" in the United States fall into this camp, as well as puzzling arguments circulating online suggesting that the Lieutenant Governor of Ontario may choose to refuse royal assent to a Ford government bill duly enacted in the legislature. (There was also a bit of this at the federal level in 2015's debate on bill C-51.)
A lot of this is the sort of debate you often see in Twitter Law School, and so it is hard to guage how seriously anyone takes this. But it might be useful, nevertheless, to spell out why it is wrong.
The argument about a Governor General or Lt Governor denying royal assent requires a reading of the Constitution Act, 1867, shorn of any consideration of "constitutional conventions". These conventions often get short shrift in the public mind, because they are not written down and, at least in theory, are not justiciable in court. For some, that seems to make them less real, the equivalent of discretionary normative principles rather than binding, positive norms. In fact, they are binding on the political branches of government, and in further fact, they are the norms that have many of the good things we value about our democracy in them. The Constitution Act, 1867, reads like an instrument creating an absolutist monarchy. It does not actually work that way, entirely because of conventions.
The way it really works takes a lot of explaining, and our constitutional law is guilty of length and ambiguity, even on things that require neither length nor ambiguity. Some things we teach in law schools must be complicated, because they deal with complicated problems. Constitutional law is often complicated because it is more like DNA than a car engine: it is a product of evolution (not rational design), with the haphazard genetic material of historical-deadends still embedded in its substance.
On the particular question of royal assent, the bottom line is this: no regal figure (be they the Queen, or her representatives, the Governor General or the Lieutenant Governors) can now deny royal assent as the final stage of converting a bill into a statute. Royal assent is a nominal process, and has been for a very long time.
The last time someone tried to litigate this issue, they were correctly tossed from court. And the Federal Court, properly, observed:
The provenance of the power to grant or withhold assent lies in the royal prerogative, but that power is now embedded in section 55 of the Constitution Act, 1867, and how that prerogative is exercised is constrained by constitutional convention. As Professor Hogg observes, in granting assent, the Governor General “plays no discretionary role whatever”; rather, the Governor General is bound by the conventions of responsible government and “...must always give the royal assent to a bill which has passed both Houses of Parliament” (Hogg at 9-22). There is “no circumstance” which would justify refusal of assent, as the obligation is that of a constitutional convention (Hogg at 9-22).
Even the Lieutenant Governor of Ontario denies having this power to deny royal assent, on her own website:
Can Royal Assent be withheld?
There is now undoubtedly a constitutional convention that the Lieutenant Governor will grant Royal Assent to bills that have been passed by the Legislative Assembly.
What is reservation?
According to the Constitution Act, 1867, the Lieutenant Governor may reserve bills instead of granting Royal Assent. Reserved bills may be assented to by the Governor General in Council (the Governor General acting on the advice of the federal Cabinet) within one year, or else they do not become law.
With the full establishment of responsible government and the development of the court system, there is now a constitutional convention that reservation will not be exercised.
Only two bills have ever been reserved in Ontario. The Hon. Sir William Howland, second Lieutenant Governor of Ontario (1868-1873), reserved two bills in 1873 on advice of the Premier. Ultimately, these bills were not given Royal Assent by the Governor General in Council and did not become law.
There are those who wish to resuscitate the "disallowance" powers in the Constitution Act, 1867, in response to a bill they dislike. We are seeing this now in the debate over the Ford government's bill reducing Toronto's city council. But be wary of the "Make Disallowance Great Again" movement, not just because money spent in support of a court challenge will show a very poor return on investment. Be worried about it also because what is good for your disallowance goose will be good for other folks' disallowance gander.
As Adam Dodek alluded to on Twitter over the weekend, the last time a Lt Governor tried (unsuccessfully) to usurp the legislature through disallowance was in relation to a CCF bill in Saskatchewan. The Lt Gov in 1961 was a prominent conservative lawyer (and Diefenbaker appointee to the office) who had worked for the oil industry. The CCF (predecessor to the NDP) passed a bill allowing one-sided contracts between farmers and oil companies to be adjusted. The fall-out from the Lt Gov decision to deny royal assent was considerable, especially since the Diefenbaker government had no idea the Lt Gov was planning to reserve on the bill. Concerned it would be perceived as meddling in provincial jurisdiction, the Defienbaker government introduced its own order-in-council, effectively giving royal assent to the bill, and ending the crisis. (A good summary of this case is here.)
The assumption and practice ever since (as the Lt Governor of Ontario's website makes clear) is that disallowance is obsolescent, even though it still exists on paper.
But let me suggest: Assuming it was even possible to "Make the Disallowance Power Great Again" and everyone who has concluded that the power is now obsolete is wrong, the Saskatchewan story, alone, should signal "be careful what you wish for". In the final analysis, the legislature (even when commanded by a majority with whom you disagree) is the only truly democratic aspect of our provincial and federal governments (and even at the federal level, an exception must be made for the senate). Everyone else (and that includes the Prime Minister in their role as Prime Minister) owes their office to something other than direct election to their post.
Governors General and Lieutenant Governors are appointed. The GG is appointed nominally by the Queen on the advice (which must be followed because of those pesky conventions) of (ultimately) the PM. The Lt Governors are appointed by the GG, again on the (mandatory) advice of (ultimately) the PM. If the PM chose their former gym teacher, that would decide the matter.
Now you want to empower that vice-regal appointee to choose not to give to assent to a bill? Maybe the Lt Governor does not believe in climate change, because appointed by a prior federal government opposed to carbon taxes. Maybe the Lt Governor does not like the idea of proportional representation. Maybe the Lt Governor does not like whatever [enter something you care about]. He or she is not accountable to you. You didn't vote for him or her. At best, you voted for a candidate of a federal party that won enough seats to command the confidence of the House of Commons and therefore (again by those pesky conventions) its leader was appointed prime minister by the GG. And that leader (maybe now long since departed the scene) decided the identity of the Lt Gov. That's a lot of attenuation in the accountability system.
Ah, but the Lt Gov serves at pleasure and therefore her security of tenure might be truncated. So the PM could advise (order) their removal by the GG. So that is a check, surely. And so we can have a disallowance power after all! But let's be clear here: you would then prefer a system in which the PM (through the Lt Gov appointment and dismissal process) can decide what provincial bills become laws, and which do not.
If that's your choice, you've abandoned federalism. You have a unitary system dressed up as federalism, with all power now concentrated in one person, the PM. That sort of constitutional arrangement would be a very bad thing, and nothing but mischief would result.
Some people may wonder, therefore, what is the point of the GG or the Lt Gov, and that is a fair question to ask. Personally, I think these offices perform several important state and legal functions -- although royal assent is not one of them. If we didn't have them, we'd have to invent them. I will not belabour that point here, and can only refer you to my podcast lectures on constitutional and public law and my various writings, including The Laws of Government: The Legal Foundations of Canadian Democracy.
My key takeaways from this post, however, are more straightforward. I shall amplify Andrew Potter's interesting synthesis of partisan blinders and warn (in relation to his first marker): Beware of the cognitive bias of "partisan constitutional nearsightedness". Always ask yourself: Would I be happy if the people I disagree with had the same powers to stymie the, um, "will of the people" the next time they are out of office?
And always be conscious of these facts:
- Yes, some do, but not every stupid thing a government does violates the constitution.
- If you want the constitution (and probably be extension, judges and lawyers) to do all the heavy-lifting in your society, you are asking for a technocracy, not a democracy.
- If you oppose stupid things the government does, your tools are very often the ballot box, a free press, free speech and association and an engaged citizenry, not the Lt Gov.
The Federal Court this week released a lengthy decision that, unusually, dealt with CSIS’s s.16 “foreign intelligence” mandate. In so doing, it proved, once again, that an Act mostly left fallow for a generation spits up weeds.
The decision is deeply redacted, and we know precisely nothing about the target, subject-matter issue or investigative technique at issue. And that means there is no way for me judge whether I think the Court “got it right”. But the underlying storyline is easy enough to imagine, even if the precise specifics are secret. And the policy issues can be surfaced with a hypothetical.
Who Was the Target?
The target was a foreigner physically in Canada. They could not be Canadian (or a Canadian permanent resident) – CSIS cannot investigate a Canadian or Canadian permanent resident under its s.16 mandate. And they had to be in Canada. This was a warrant application. A warrant would only be required, constitutionally, if the foreigner was in Canada. And besides, if the foreigner was overseas, CSE could have targeted him or her under its foreign intelligence mandate, Mandate A. But CSE cannot direct its foreign intelligence activities at any person in Canada. So bottom line: the person was in Canada.
What was the Foreigner in Canada in Doing?
We do not know what our foreigner in Canada – who we shall call Bob – was doing. We do know what Bob was not doing. He was not involved in terrorism, espionage, sabotage or foreign-influenced activities (at least not foreign-influenced activities within Canada or related to Canada, while detrimental to the interests of Canada). And I suppose for the sake of completeness, I should add Bob was not involved in subversion of the Canadian government. Because if Bob was involved in any of these things, he would pose a “threat to the security of Canada” and this would have been a s.12 CSIS “security intelligence” investigation.
But it was a s.16 investigation. Which means that Bob was being investigated to collect information or intelligence relating to the capabilities, intentions or activities of any foreign state or group of foreign states or some foreign person. This is what is called “foreign intelligence”. Basically, that means anything other than security intelligence.
Bob from Mordor
So, because all the good parts in the decision are redacted, let’s make up our hypothetical: Bob was a diplomat from the Embassy of Mordor, who was in fact from the Mordor Acquisition and Liaison Intelligence Collation Entity (MALICE). And while in Canada, Bob was part of an intelligence operation designed to influence the Government of Isengard, in a manner advantageous to Mordor.
Global Affairs Canada, which has an obvious interest in developments in Isengard, wants to get a handle on this foreign influence campaign. And so, it turns to CSIS. There is no clear way an investigation into this influence op falls within a “threat to the security of Canada”. (I suppose in some cases, it would be so egregious as to be “detrimental to the interests of Canada”, even though directed at a third state, but you can only bend that language so far.)
So, under s.16, the Minister of Foreign Affairs requests, and the Minister of Public Safety agrees, that CSIS will conduct a foreign intelligence investigation. But s.16 also says that CSIS may only engage in foreign intelligence collection “within Canada”.
Alice of Isengard
That works fine, to a point. Bob is in Canada. But his chief asset in Isengard is Alice, someone who has influential contacts in the National Repressive Ring Association (NRRA). And Alice is not in Canada. And moreover, Bob and Alice have 1990s style operational security. When they communicate, they do so by logging into Gondor Mail (G-Mail), an email service in Gondor. And they modify draft emails in an email account to which they both have access, housed on G-Mail’s Gondor-based servers.
The Warrant on Bob
CSIS wants to monitor Bob’s communications in Canada. Now Bob is a foreigner, but as noted, he has Charter s.8 rights. And so CSIS needs a warrant. And CSIS wants, with that warrant, to wiretap not just Bob’s phone but also access his email communications. But, nuts, the G-Mail servers are overseas. And CSIS is no position to somehow insert keystroke logging on Bob’s embassy computer. And so, the only way (I shall assume, because I am not a tech-guy) to access the G-Mail draft folder is by hacking into the Gondor-based servers.
Now, pursuant to Mandate C, CSE can provide the technical wherewithal to do this. But CSIS needs to have lawful authority to seek this CSE assistance, meaning if CSIS needs a warrant, CSIS has to have one.
Whether CSIS needs a warrant may be a close call. If the communication is outside Canada, then perhaps the Charter does not apply because it generally does not apply extraterritorially. After all, if Bob were physically outside Canada, he would enjoy no Charter rights. (The Hape exception would apply only if Canada were in violation of its international human rights obligations -- not clear cut here – and, says earlier Federal Court jurisprudence, where the victim was a Canadian – not true here.).
So, is it too much to say that CSIS's intercept of Bob’s Gondor communications doesn’t require a warrant? Hmmm. Maybe. But this might still be a “private communication” under the Criminal Code (and I could easily change the facts so that it would be). And if so, the fact that one side of this communication starts in Canada is enough to require a judicial authorization process. So not much relief there. And besides, CSIS remembers the infamous Re X case and decides it is better to go to court now, to avoid a train wreck later.
So CSIS does the appropriate thing and concludes it probably needs a warrant. And more than that, it might also reasonably argue that on our facts (communication commences in Canada, travelling overseas through Canada etc) the collection really was “within Canada, enough”, and thus squares with s.16 of the Act. (A view that would be consistent with: the assumption that the Charter applies to Bob’s transiting communications, and the concept of private communication in the Criminal Code, and arguably the concept of territoriality in cases like R. v. Libman.)
But there is also another view: the content of what CSIS is intercepting is not in Canada. It can only be accessed by reaching out electronically across Canadian borders to Gondor, all the way over in Middle Earth.
So, what’s the answer? How do we read “within Canada” in s.16? Well, obviously it means “within Canada”, but what does that mean for footloose-communications? The redactions are thick in this case, and we really don’t know what sort of extraterritorial activity was at issue. But after a lengthy and seemingly exhaustive statutory interpretation exercise, the Federal Court says: this [REDACTED FOR PAGES] extraterritorial CSIS intrusive investigative activity was not within Canada.
Let's assume that hacking into Bob's Gondor Mail would also exceed whatever threshold of impermissible extraterritoriality was at issue in the Federal Court case. That is, it too would not be "within Canada". So, CSIS, in our story, you are out of luck. Maybe you should just ask Gondor to collect and share the Gondor Mail communications itself? But do you want to rely on Denethor II, son of Echtelion II, Steward of Gondor? In The Two Towers, he struck me as a bit unhinged, to be honest. And perhaps he was a little too inclined to appeasement to Mordor.
The CSE Knock-On Effect
Ok, then. Open Door Number 2: if the communication is not “within Canada”, then that must mean that CSE can, in fact, collect under Mandate A (foreign intelligence). Surely, if the communication being targeted is not within Canada (and involves no one, but foreigners), then CSE collection activities are not being “directed at Canadians or any person in Canada” (the quoted phrase being a stipulation that limits what CSE can do under Mandate A). But hold that “surely”. It is a bit disingenuous to say: “so we are investigating Bob, who is a person in Canada, and we are specifically interested in Bob, and that is why we are doing this collection activity, but when we go after this particular communication, we are not directing collection at Bob, the person in Canada”. That seems too clever by half.
And anyway, the Federal Court has a collateral discussion in this case with knock-on implications that will make life for CSE very difficult. Basically, intrusive activity overseas of the sort at issue in the case (whatever they may be) constitute an extraterritorial exercise of enforcement jurisdiction. Done without the consent of the territorial state, this violates international law. And Canadian statutes will be read to comply with international law, unless they explicitly derogate from it. And neither the CSIS Act (for s.16, but not for s.12) nor the current National Defence Act (for CSE) nor the proposed Bill C-59 CSE Act derogate from international law. (On the latter issue, see my discussion here.)
So CSE, you have no legislative jurisdiction to engage in extraterritorial activities of (at minimum) the same degree or more intrusive than the ones at issue in this Federal Court case. Which means you can kiss Mandate A and B goodbye under the current National Defence Act, to the extent they exceed this threshold (which, reading between the redactions, is quite low). And unless you amend bill C-59, you can also kiss those defensive and active cyber powers away. Unless, that is, you just want to plow ahead and see what the Intelligence Commissioner, the new National Security and Intelligence Review Agency, and the National Security and Intelligence Committee of Parliamentarians have to say about this issue. This, in my view, would be insane, since a quick flick of the legislative pen could cure this problem for you, CSE.
Fixing the CSIS Act
As for CSIS, well, you could roll the dice and appeal. Or you too could fix this by legislative amendment (which is what happened to the s.12 power when this same issue arose a decade ago, and was resolved by 2015’s C-44).
But let’s be clear here: if you want CSIS to have its current extraterritorial security intelligence functions (plus its post-2015 threat reductions powers) and now extraterritorial foreign intelligence functions, you are creating, essentially, a blended MI5/MI6. And until recently, it was considered a bad idea to put security intelligence and a full foreign intelligence function in the same agency: rule-of-law security intelligence should be kept segregated from somewhat-less-than-rule-of-law James Bond.
So, we might wish, finally, to do some serious thinking about design issues, accountability issues, resource issues, training issues, etc, before we knee-jerk amend the CSIS Act (yet again). So, enter a ponderous process of deliberation. On the other hand, this is not a situation you want to leave hanging. Because in my story, Bob from MALICE is still out there, swanning away on Gondor Mail. (In truth, I don’t know how important that prospect is – it took to 2018 before this issue got to court, and yet presumably the technological dilemma I describe here could have arisen decades ago. So maybe this case won’t have much practical effect.)
But bottom line: sometimes national security law is hard. And perhaps it is sometimes harder than it has to be. I think it’s often hard because we don’t update the statute law enough. But that’s just me.
Becuase I am a patriot, and wasn't available to sell my country out today in Finland, I have written yet another paper on intelligence-to-evidence. This one tries to straddle the distance between "accessible for non-lawyers" and "technical enough for lawyers". I try hard in this paper to lay out what intelligence-to-evidence is, in my view. Most importantly, I propose what I call "moneyball" solutions to this problem, expanding and refining those I have suggested elsewhere and supplementing the solutions that have been raised by others (which as mostly complementary). I have spent a lot of time talking to people about this, and nothing I have heard has persuaded me things can't be done better. It is not quite a Gordian a knot as many seem to assume. On the other hand, there is no "home run" solution. A lot of players will need to come to the table with renewed determination. The paper is intended as a draft working paper. I welcome comments and feedback. It may be downloaded here.
The paper's abstract is as follows:
This article canvasses the “intelligence-to-evidence” dilemma in Canadian anti-terrorism. It reviews the concept of “evidence”, “intelligence” and “intelligence-to-evidence” (I2E). It points to the legal context in which I2E arises in Canada. Specifically, it examines Canadian rules around disclosure to the defence: the Stinchcombe and O’Connor standards and the related issues of Garofoli challenges. With a focus on CSIS/police relations, the article discusses the consequences of an unwieldy I2E system, using the device of a hypothetical terrorism investigation. It concludes disclosure risk for CSIS in an anti-terrorism investigation can be managed, in a manner that threads the needle between fair trials, legitimate confidentiality concerns and public safety. This management system rests on three legs:
- Manage the relevance “tear-line” so that crimes less intrusive on CSIS information holdings are preferred over ones that are more intrusive. This strategy requires applying a prosecutorial insight to those investigations and planning their conduct to not prejudice trials. I bundle this concept within the category of “collecting to evidential standards” and “managing witnesses”.
- Legislate standards to create certainty from the murk of evidence law. Here, two innovations stand out: legislate O’Connor style third-party status for CSIS where: CSIS’s investigation is a bona fide security intelligence investigation; CSIS and police do not have full, unmediated access to each other’s files; and, CSIS does not take an active role in the police investigation. But do not build this legislated third-party status around rigid barriers on information-sharing. Second, legislate ex parte, in camera procedures for Garofoli challenges of CSIS warrants in which special advocates are substituted for public defence counsel.
- Manage the public safety risk by creating a fusion centre able to receive investigative information from all-of-government and fully apprised of the public safety risks associated with an ongoing investigation (or parallel investigations). Ensure it includes representatives from all the services with legal powers to respond to threats. The fusion centre would not itself be an investigative body, and would have O’Connor-style third-party status, something that would not require legislation but which might benefit from it.
Over at Global, Stewart Bell has a series of excellent stories on the “targeting” of Canadians in the armed conflict in Syria and Iraq. For the context, I recommend readers first review those stories here and here.
A few years back, Leah West and I memorialized our understanding the laws governing the overseas killing of Canadians. Much of this focus was on armed conflict situations, where killing of combatants is, for the most part, lawful. In Stewart’s most recent article, he cites me proposing the new National Security and Intelligence Committee of Parliamentarians (NSICoP) take up this issue, as its UK counterpart did in 2015. In our article, Leah and I urge:
Transparency on the legal basis of targeted killings by those states that engage in it has been modest, giving rise to the fear that such killings amount simply to expedient assassinations. Should the Canadian government embark on the path of targeted killings of Canadian nationals abroad (and, indeed, the extraterritorial use of force at all outside conventional “hot” armed conflicts), it should aim to meet a higher standard of accountability. The UK parliamentary committee studying the United Kingdom’s 2015 targeted killings made repeated observations about the indefiniteness of the UK government’s legal positions on key issues, a sobering assessment. It also observed, correctly, that
for the Government’s policy to command public confidence, and to make it more likely that decisions pursuant to it do not lead to breaches of the right to life, the decision-making process must be robust, with sufficient challenge built into the process, rigorous testing of intelligence to minimise the risk of mistakes, and access to the requisite advice including legal advice at the appropriate stages in the process.
After all, targeted killing both presumes guilt and applies the sternest sanction any state could impose. It follows that for the sake of its credibility — and to preserve its personnel from legal exposure — the Canadian government should make its choices on the difficult legal conundrums raised in this article now rather than in the midst of a crisis. What is more, the government should articulate and debate those positions openly since these questions demand difficult policy choices that are not, in many instances, preordained by clear, existing law.
The bottom line is that we know next to nothing about the Canadian government’s legal thinking on targeted killing. The basic international humanitarian law issues are plain. But within those issues are a series of decisions on matters of legal interpretation that, to the best of my knowledge, have never been articulated by the government. And so if I were the NSICoP, I would want answers to these questions:
- As a “jus ad bellum” matter, the government’s theory for lawful use of force in Syria is predicated on an “unwilling or unable” theory of self-defence, which it argues brings it into compliance with the UN Charter’s framework. What is the outer limit of that theory? Now that Syria has demonstrated a greater willingness and ableness, does the self-defence justification abate? This is the major problem with “unwilling or unable”: is it a one-way ratchet?
- The government clearly believes there is an armed conflict in Syria/Iraq, which triggers the “jus in bello” of international humanitarian law (or the law of armed conflict, LOAC). At what point does the degree of violence with the remnants of ISIS fall below the threshold for a non-international armed conflict, requiring thereafter full application of human rights law rather than LOAC? Put another way, once an armed conflict is triggered, does it ever turn off? (This is a real issue since 9/11).
- Where LOAC applies, combatants may be targeted. And “civilians” who directly participate in hostilities (DPH) lose protected status and may be targeted. What does the government see as the threshold for DPH? Is it the International Committee of the Red Cross (ICRC) standard, which permits targeting only while the civilian is en route, partaking and returning from hostilities, or is does it follow the US view: once a civilian DPHs, they remain targetable until they permanently abandon participation in hostilities. Alternatively, would Canada consider that anyone who journeyed to join ISIS was in a continuous combat function and targetable, and therefore take a position that would surely exceed how the ICRC defines this concept? I suspect that Canada simply follows the US on this, since we are simply participating in US target packaging. Would we continue to follow them if the US takes the view that the “armed conflict” against ISIS extends beyond the hot theatre of Iraq and Syria and extends to wherever ISIS affiliates may be found? That would be very controversial, as it means the places where you can lawfully kill becomes, potentially, the whole world.
- Does the government agree that the Charter applies to its extraterritorial targeting of Canadians, to the extent that Canada’s international obligations apply to the extraterritorial targeting of Canadians? I do not see how they could contest this point, given the Hape and Khadr line of cases.
- Does the government agree that Canada’s international obligations (under LOAC) do extend to the extraterritorial targeting of Canadians? Again, I cannot see how the government could argue that LOAC does not apply to Canada in Syria and Iraq.
- Does the government take the view that compliance with LOAC complies with the Charter? But if so, then it becomes even more important to resolve the LOAC issues raised in points 2 and 3 above.
- Does the government believe that the “international obligations” that serve at the litmus test for the extraterritorial application of the Charter are confined to those international law principles that protect the person (such as LOAC and human rights law)? What would the government say about the possibility that the Charter may also be engaged where other international law issues are in play, such as the jus ad bellum issues in point 1 above? Personally, I think it fair to conclude that the Charter is only engaged by person-protecting rules in international law and not state sovereignty-protecting rules, but the issue is undecided.
Other countries have pronounced on these issues (or at least some of the international ones). I think it is dangerous that Canada is clearly prepared to kill Canadians without explaining in any real way how it does so lawfully. For one, that creates confusion even at the political level, with debates over “extrajudicial executions”. For another, when Canada applies a principled legal approach to the use of hard power, actually spelling out those principles distinguishes us from countries (say Russia) who are less fastidious. But the public might be forgiven for failing to see the difference between Russian bombing and Canadian bombing if Canada doesn’t bother with the explanations.
 Joint Committee on Human Rights, supra note 1 at para 4.24. See also ISC, supra note 11 at para 72, expressing related process concerns.
An exchange this evening prompts me to add a caveat: it is unclear from the memo released under ATIP whether Canada itself targeted the three Canadians who had been killed (as of 2015) as part of the Coalition mission. But it also seems clear that Canada has been willing to participate in a targeting process that *can* produce that outcome. That inference seems to follow naturally from what is left of the redacted memo. Either way, I believe the questions I raise are acute ones.
I am pleased to announce that my latest book, Destroying the Caroline: The Frontier Raid That Reshaped the Right to War, is now in stock and available directly from the publisher, Irwin Law.
(I imagine it will also now make its way to Amazon and Chapters etc, in the fulness of time -- but don't believe them if they say "only available in X weeks", because *actually* available now from Irwin. So writes the frustrated author of many books that appear to be less available than they are).
I really enjoyed writing this book -- hundreds of hours in archives turning every stone to figure out what happened on the Niagara River on the night of December 29, 1837. And then as much time tracing how the diplomatic settlement of the Caroline raid shaped international law on the use of force, and specifically the "inherent right of self-defence". This isn't going away -- Google "John Bolton" and "Caroline" and "Korea" for the new US National Security Advisor's recent oped in the Wall Street Journal.
So it's an important time to revist this events of 180 years ago. I hope my enthusiasm for this fascinating back-to-the-future tale is captured in the writing and others find the story as rewarding as I did.
With the teaching term winding down, I am preparing more formal papers, stitching together pieces memorialized as blogs on this site. My first effort is here. Abstract:
Canada's Bill C-59 responds to quandaries common to democracies in the early part of the 21st century. Among these challenges: How broad a remit should intelligence services have to build pools of data in which to fish for threats? And how best can a liberal democracy structure its oversight and review institutions to guard against improper conduct by security and intelligence services in this new data-rich environment? This paper examines how C-59 proposes re-shaping the activities of both the Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) in fashions responding to these dilemmas. Specifically, it highlights C-59’s proposed changes to CSIS’s capacity to collect bulk data as part of its intelligence mandates, and also the new oversight system proposed for CSE’s foreign intelligence and cybersecurity regimes. The paper examines the objectives motivating both sets of changes, and suggests that in its architecture, C-59 tries to web together the challenges of intelligence in a technologically-sophisticated, information-rich environment, with privacy protections derived from a simpler age but updated to meet new demands.
Stephanie Carvin (NPSIA) and I have now reached the 30 episode point in our podcast series on Canadian national security law and policy. The direct URL is here. And listeners can subscribe on iTunes, Google Play and through most other podcast apps. To be honest, we started this as an experiment and it's become the equivalent (in terms of workload and logistics) of teaching another class. We seem to have around 2,300 daily subscribers and almost 7,000 monthly subscribers (or at least that's what our ISP estimates). And we're especially excited about past and present guests on the show. So we'll keep it up, sabbaticals notwithstanding. But if you think it's a useful addition to the national security studies space in Canada, feel free to let us know through iTunes review, Twitter or email.
Speaking Notes (February 2018)
(Posted with permission)
“Caught between the Scylla and Charybdis…
- Sting, “Wrapped Around Your Finger”
What I’ve been asked to do is step back and imagine how intelligence intersects with evidence, producing swords and shields in Canadian law.
Let me start with two, high-level observations, providing a working definition of “evidence” and of “intelligence”. First, evidence is legally-cognizable information material to the exercise of law enforcement powers and judicial decision-making. Intelligence, in comparison, is a more fluid category of information, designed to “extract certainty from uncertainty and to facilitate coherent decision in an incoherent environment.”
Intelligence may include evidence, but it will also include information that is not evidence. There are two obvious reasons for this fact.
First, intelligence may cover matters that cannot be the subject matter of a legal proceeding, and therefore there need never be consideration of its evidential value. I would hazard that this is the traditional view of intelligence.
But second, increasingly, there are instances where the information collected as intelligence is probative of matters amenable to legal proceedings, but other things stand in the way of it being evidence.
For one thing, “intelligence” is a diffuse concept that can sit poorly with the concept of “evidence”. As the Ontario Court of Appeal noted, discussing intelligence supplied by foreign services, intelligence is often “unsourced, uncircumstanced,” and its provenance “unknown”.[i] But not always.
And so I will focus mostly on this issue of how different sorts of intelligence overlay the concept of evidence and produce intelligence-to-evidence dilemmas.
Intelligence-to-Evidence, or I2E, is the inelegant phrase we use to describe several discrete types of issues. This first is the movement of intelligence procured by intelligence services to police, to support law enforcement investigations. I shall call this the actionable-intelligence issue.
Ample actionable-intelligence is an ingredient of successful security – a point made in the 2010 Air India inquiry, by the 9/11 commission and recently affirmed in the UK context by David Anderson’s study of security services’ performance in relation to the 2017 terror attacks in that country.
But actionable-intelligence sharing is closely linked to a second, closely-related component of I2E: something that I shall call the evidentiary-intelligence issue. And evidentiary-intelligence has two aspects. This first I will call the evidentiary-intelligence sword. The evidentiary-intelligence sword problem relates to the use of intelligence in legal proceedings, to justify state action. The second, much better-canvassed issue in Canada is the evidentiary-intelligence shield problem. And here, I am talking about legal tools used to block disclosure of intelligence in court proceedings.
Typology of Intelligence
Before exploring this triumvirate of issues more fully, though, I need to propose a more detailed breakdown of intelligence.
1. Direct Surveillance or Raw Intelligence
Some raw intelligence should be easily cognizable as evidence, in principle. Communications metadata collected under a CSIS warrant should, in principle, be no different than that obtained by police under a transmission data order.
Still, even conventionally-collected intelligence may be difficult to use as evidence, not because of its nature but rather because of what its disclosure or deployment in a legal proceeding would do to the sources, means and methods used to collect it.
A second use issue may stem from the complicated provenance of some raw intelligence. For example, raw intelligence may be secured from the battlefield in Syria or Iraq. That information may be relevant and material to the participation of an accused in Daesh, as it has been in the UK. But use of records acquired through unorthodox intelligence channels raises issues of reliability, and especially concerns about whether they are genuine or not.
2. Confidential Source Intelligence
Intelligence may be procured from confidential sources, including informants. Intelligence services balk at sources appearing in court and so some legal proceedings permit indirect use of confidential source intelligence.
In the immigration security certificate context, CSIS has used information acquired through confidential sources, communicated through the proxy of an intelligence officer. Even so, the Federal Court has affirmed it (and special advocates) must nevertheless be able “to effectively test the credibility and reliability of that information” and source.[ii]
3. Processed Analytical Intelligence
Some intelligence stems from the application of analytical judgment. An intelligence report may not include raw intercepts, but rather summaries of them. Or it may piece together different sources of raw information to draw intelligence conclusions.
Whether with primary materials referenced or conclusions left to stand on their own and omitting these primary sources, analytical workproduct of this sort may be very hard to use as evidence of the facts it asserts. It necessarily raises concerns about probative value, opinion evidence and hearsay.
This is especially true if the processed intelligence amounts to stacked hearsay: a report summarizing information supplied in other, shared reports (especially by another service), that in turn summarize information supplied in other reports, and so on.
Use of this sort of information is permissible in some legal proceedings. For example, the affidavits sworn to obtain both CSIS and Criminal Code warrants may include hearsay,[iii] including intelligence-based allegations.[iv]
Hearsay may also be used in immigration security certificate proceedings, if the Federal Court judge regards it as “reliable and appropriate”.[v] But even in administrative proceedings, hearsay may diminish the weight given to this processed analytical intelligence, and raise questions about procedural fairness.[vi]
4. Torture Intelligence
Whether in raw or processed form, it is not possible to use as evidence in any proceeding over which Parliament has jurisdiction “any statement obtained as a result” of torture criminalized in section 269.1 of the Criminal Code.[vii] The Charter, international law and ministerial directions issued to CSIS and other security and intelligence services also preclude such use.
5. Caveated Intelligence
Intelligence shared between services include caveats, limiting the use to which the shared intelligence can be put. Honouring these caveats often means declining to disclose it, including disclose it in legal proceedings. Caveats are not a legal rule, but are an essential intelligence practice, and therefore are frequently at issue in evidentiary-intelligence shield disputes.
Caveats are especially important as between foreign partners, because of the risk that failure to honour a caveat will jeopardize future information-sharing.
All this brings me to the practical I2E dilemmas. The short version: CSIS is acutely concerned that disclosure in judicial proceedings of its intelligence will prejudice its sources, means and methods and impair its intelligence-sharing relationship with foreign partners. The government responds in three manners, two legal and one operational.
1. Legal Swords in Closed Courts
As suggested above, intelligence may be used as evidence in special, closed-court proceedings. And that list may expand: the government has proposed the use of classified information in closed civil proceedings, modelled on the UK system devised in the Justice and Security Act, 2013.
2. Legal Shields in Open Courts
Legally, the evidentiary-intelligence shield problem drives special procedures used to protect intelligence from disclosure in legal proceedings, most notably section 38 of the Canada Evidence Act. Section 38 questions concern sensitive intelligence that might be subject to disclosure in proceedings, if not for successful invocation of this national security privilege.
3. Operational Shields
Operationally, the evidentiary-intelligence shield issue provokes complicated choreography between police and CSIS, designed to minimize the prospect that CSIS will be subjected to full Stinchcombe disclosure in any trial, and/or will need to resort to the Canada Evidence Act. To this end, CSIS stays at arm’s length from police investigations, taking advantage of O’Connor third-party status rules. It also meters out the intelligence it shares with police, using carefully-crafted disclosure and advisory letters. This minimizes disclosure risk, but at the cost of close inter-agency collaboration and potentially nimble responses to terrorism risks.
In this manner, evidentiary-intelligence shield problems are in acute tension with the needs of actionable intelligence sharing. They reinforce a relationship between police and CSIS that strives to maintain investigative arm’s-length, dependent on separate, parallel investigations touching gently through deconfliction protocols.
This is dangerous security. Kent Roach at the University of Toronto and I have argued that safeguards provoked by evidentiary-intelligence shield concerns are suboptimal in terms of ensuring actionable-intelligence sharing, and therefore public safety.
One response, detailed in a forthcoming paper by Leah West Sherriff, is to minimize the amount of intelligence that needs to be shielded. In its consultation document, the government proposed codifying an O’Connor process for a CSIS third party status. The would provide legislative certainty and predictability. But of course, it can only be done constitutionally if CSIS remains a third party. And so, the effect would be to entrench the parallel investigation, with its consequences for actionable-intelligence sharing.
Maintaining third-party status becomes less essential if CSIS is more comfortable with disclosure. And so on the operational side, in my paper, I have pointed to MI5’s practice in the United Kingdom to urge CSIS should be collecting intelligence to “evidential standards” in counter-terrorism investigations.
The core idea behind “collection to evidential standards” is not to convert CSIS into the police, whose purpose becomes law enforcement. “Collection to evidential standards” should instead be regarded as short-hand for “collection of intelligence in a manner that facilitates actionable-intelligence sharing and minimizes reliance on evidentiary-intelligence shields”.
I am engaged in a slow motion thought experiment about what this might mean in practice, one that is terribly disconnected from the real world because I have no access to classified information. And I have also started working through a list of more particular I2E solutions responsive to different policy challenges in a longer paper.
For my purposes today, I shall end my initial remarks with the simple observations: collecting to evidential standards obliges careful, forward-thinking choreography so that pursuing intelligence objectives does not end up trenching on the evidential prospects in the case. That is an organizational challenge, and the degree to which it is being met is something I cannot judge from the outside. My sense is, however, that most recognize it as an unresolved challenge.
 Richard Betts, Enemies of Intelligence: Knowledge and Power in American National Security (Columbia, NY: Columbia University Press, 2007) at 30.
[i] France v. Diab, 2014 ONCA 374 at para. 205.
[ii] Harkat (Re), 2009 FC 1050 at para 48. See also Canada (Citizenship and Immigration) v. Harkat, 2014 SCC 37 at para. 88 (“The Minister has no obligation to produce CSIS human sources as witnesses, although the failure to do so may weaken the probative value of his evidence”) and para. 90 (noting that “the designated judge's weighing of the relevant [source] evidence took into account the fact that it was hearsay”).
[iii] See Eccles v Bourque,  2 SCR 739 at 746 (“That this information was hearsay does not exclude it from establishing probable cause”, in an arrest context); R. v. Morris (1999), 134 C.C.C. (3d) 539 at 549 (NS CA) (“Hearsay statements of an informant can provide reasonable and probable grounds to justify a search.”; R. v. Philpott, 2002 CanLII 25164 (ON SC) at para. 40 (“The [warrant] issuing court may consider hearsay evidence obtained by the affiant from other officers or informants.”).
[iv] For instance, the CSIS affidavit sworn as Federal Court file CSIS 15-12 (sworn in relation to Raed Jasser) specifies at para 6: “The information in this affidavit has been conveyed to me by employees of the Service who are, or were, involved in the Service’s investigation of international Islamist terrorism and through a review of relevant records maintained by the Service. The information was obtained through various sources including government agencies, open information, as well as [redacted] associated with international Islamist terrorism.” (The affidavit is supported by exhibits, fully redacted.) Likewise, the affidavit PPSC Number 1-12-073 (concerning Raed Jaser) relies on information conveyed in, e.g., letters from the FBI.
[v] IRPA, s. 83(1)(h). Almrei (Re), 2009 FC 3 at para. 53 (This section “permits the reception of hearsay evidence such as that which may be provided by a confidential informant or a foreign intelligence service.”). See also Harkat, 2014 SCC 37 at para. 75.
[vi] See, eg, Harkat, 2014 SCC 37 at paras 76 and 235 (suggesting judges are able under the security certificate process to “exclude not only evidence that he or she finds, after a searching review, to be unreliable, but also evidence whose probative value is outweighed by its prejudicial effect against the named person.”); Mahjoub (Re), 2013 FC 1097 at para. 130 et seq. (concluding that hearsay evidence may be admissible in security certificates, but must be tested for reliability and appropriateness); Zundel (Re), 2004 CF 1308 at para. 25 (indicating in a security certificate context that “hearsay evidence is given less weight”).
[vii] Criminal Code, s.269.1(4). This requirement is supplemented in the immigration security certificate context: “reliable and appropriate evidence does not include information that is believed on reasonable grounds to have been obtained as a result of the use of torture within the meaning of section 269.1 of the Criminal Code, or cruel, inhuman or degrading treatment or punishment within the meaning of the Convention Against Torture.” IRPA, s. 83(1.1).
Personal Speaking Notes (February 2018)
(posted publicly with permission)
I have been asked to reflect on common trans-Atlantic intelligence dilemmas, and then a variation on our traditional trans-Atlantic search for solutions. To that end, I’ll say a few words about both the UK Investigatory Powers Act and some of the proposed aspects of bill C-59.
In some large measure, both the UK IPA (Investigatory Powers Act) and C-59 constitute what former CSIS director Jim Judd once called “the judicialization of intelligence”. Mr Judd raised concerns about this development. Intelligence has traditionally operated in a manner obliquely governed by law, if at all. There is a disconnect between a covert intelligence function – and its requirements – and the more overt culture of law and lawyers and judges. Intelligence needs are fluid. Law is rigid. Intelligence needs are immediate and exigent. Law can be laborious.
But law has inevitably encroached on intelligence. An academic colleague – Dennis Molinero – has uncovered a trove of documents from the 1950s. At that time, these documents show, national security domestic intercept warrants were issued by Prime Minister Louis St Laurent as an exercise of discretionary power under something called the Emergency Powers Act. There was the vaguest of statutory imprimaturs, and certainly no independent judicial oversight in the form of preauthorization.
We abandoned that approach in 1974, and the original iteration of the what is now Part VI of the Criminal Code. And in 1984, we built CSIS search and seizure around a judicial warrant process – and the next year, the Supreme Court decided Hunter v Southam. Since then, in cases like the Federal Court of Appeal’s decision in Atwal, through to Justice Crompton’s recent decision in the In the Matter of Islamist Terrorism case, the domestic intelligence search and seizure expectations have been placed on a constitutional footing largely indistinguishable from that of criminal law.
In the IPA, the UK has moved considerably closer to our model than had been the case before. Once the purview of ministers, executive warrantry is now supplemented by review by judicial commissioners. The shorthand is: double-lock (executive approval of a warrant supplemented by judicial review, prior to execution).
But in Canada, we have yet to address two dilemmas also at issue in the IPA. Both fall in the realm of what in the UK context is called “bulk powers”. And since in bill C-59 we moving in this area, and judicializing, it is on this topic I wish to focus a few remarks.
So first, let me define bulk powers: a bulk power is one that allows intelligence agencies access to a large quantity of data, most of which is not associated with existing targets of investigation. It is the mass access, in other words, to data from a population not itself suspected of threat-related activity. The commonplace example, since Snowden, is internet or telephony metadata for entire populations of communications users. But bulk powers can also involve content, and not just the metadata surrounding that content.
Bulk powers are controversial – they are the heart of the post-Snowden preoccupations. They inevitably raise new questions around privacy, and in the Canadian context, Charter rights. Not least: bulk powers are irreconcilable with the requirements of classic warrants. There is no specificity. By definition, bulk powers are not targeted; they are indiscriminate.
In the IPA context, the world of bulk powers can be divided into bulk interception; bulk equipment interference; bulk acquisition; and bulk personal datasets. Of these, I want to focus on bulk interception and bulk personal datasets.
Bulk interception is what is sounds like: the collection of transiting communications passing through communications providers or otherwise through the ether.
Canadian law permits bulk collection by the Communications Security Established, our signals intelligence service. It is subject to the caveat that acting under its foreign intelligence or cyber security mandate, CSE may not direct its activities at Canadians or persons in Canada. But in practice, bulk interception cannot be limited to foreigners, even if the objective is foreign intelligence. The way communications transit the internet and other communications systems creates a certainty that bulk intercept directed outside the country will intercept the communications of Canadians and persons in Canada. This is known as incidental collection.
In Canada, we have struggled with this issue. Part of the answer is in Part VI Criminal Code. As you know, it outlaws unauthorized intercept of private communications. A private communication is one with at least one end in Canada. Since in bulk interception, at least some private communications would be captured in a manner meeting this definition of intercept in Part VI, CSE must be exempted from its reach. And that is what the National Defence Act does, where CSE acquires a defence minister authorization in advance for at least the class of foreign intelligence or cybersecurity activities that might capture this private communication.
The constitutional issue is more fraught. Not least, the defence minister is not the independent judicial officer invoked as the gold standard under Hunter v Southam for Charter section 8. The consequence has been the constitutional lawsuit brought against CSE by the BCCLA associations and now efforts at refinement in C-59. And specifically, C-59 anticipates a quasi-judicial intelligence commissioner who will review the ministerial authorization before its execution. This past week, representatives of the CSE testifying before the Commons committee accepted the underlying constitutional expectation: They said under C-59, CSE will seek ministerial authorization (which in term triggers review by the intelligence commissioner) for any activity that would interfere with the reasonable expectation of privacy of a Canadian or a person in Canada, or contravene an Act of Parliament.
I am hoping that signals a willingness to amend the bill to say just that, on its face, but for our part my key point is this: C-59 clearly accepts the underlying premise: judicialization of bulk intelligence interception. In this respect, C-59 emulates the IPA.
But I wish to be clear, again: this is not a warrant. It will lack specificity. It will be issued for classes of activities, not specific activities or operations. It is review on reasonableness of a ministerial authorization, not the more hands-on warrant process. Does that meet Hunter’s standards? I am inclined to suggest, yes, because the warrant cookie cutter cannot possibly apply to a form of bulk intercept in which intercept of s.8 rights-bearer communications is entirely incidental, and not targeted.
Before leaving CSE, I will say a word about another C-59 change.
We have also gone one step further than the IPA in giving CSE a specific offensive cyber mandate – called active cyber. This could and almost certainly would implicate equipment interference, but interference untied to information acquisition and instead done “on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.”
At present, there is considerable debate in Parliament about whether the intelligence commissioner should have advance oversight responsibilities in relation to this mandate. Currently, he or she will not. I am of two views on whether judicialization in this area would be wise or not.
Turning to domestic-facing bulk powers, I need to switch agencies and talk about CSIS. And here we have drawn clear inspiration from the IPA in the area of bulk personal datasets. The UK understanding of this expression is an apt descriptor of what is now also in play in Canada:
"A bulk personal dataset includes personal data relating to a number of individuals, and the nature of that set is such that the majority of individuals contained within it are not, and are unlikely to become, of interest to the intelligence services in the exercise of their statutory functions. Typically these datasets are very large, and of a size which means they cannot be processed manually."
Why have such things? The C-59 changes are a response, yes, to the Federal Court’s 2016 decision on what was known as ODAC. But it also responds to a broader concern about the ambit of the Service’s threat investigation mandate. That mandate is anchored in s.12 of the CSIS Act. As interpreted by the courts, it permits the Service to collect, and analyse and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada, to the extent strictly necessary. As Justice Noel and Justice Crampton concluded in both the ODAC case and the more recent In the Matter of Islamist Terrorism decision, this is a significant fetter on CSIS. It ties information collection, retention and analysis to a narrow band of threat investigations. It also makes it difficult for CSIS to change the frequency of its fish radar and expand its reach to search other parts of the ocean for fish that have not already come to its attention.
A spy service fishing in more ocean is, in some eyes, the stuff of Big Brother and nightmares. On the other hand, an intelligence service that cannot have access to the ocean in performing its function is also likely unable to perform its functions very well. And there is a lot of ocean out there in the digital era. So how can we reconcile oceans full of data generated by innocents with the intelligence function of clearing the fog of uncertainty and revealing not just the known threats but also the unknown threats?
The solution in both the UK and Canadian context is to judicialize the fish detecting radar. And the model is again a double lock: ministerial approval for ingestion of datasets and judicial commissioner approval.
The result, in the Canadian context, is enormous complexity. Broadly speaking, there are a set of legislated rules in C-59 for the ingestion of datasets, and then a more demanding set of rules for the digestion. (I credit a Department of Justice lawyer for this ingestion/digestion analogy, which is quite apt). So for Canadian datasets – datasets primarily comprising Canadian information – there is approval of classes of datasets that may be ingested by CSIS by both the minister and the quasi-judicial intelligence commissioner. Once ingested, there is a limited vetting by CSIS. And then any subsequent retention for actual use – that is digestion -- must be approved by the Federal Court, which is empowered to impose conditions on that subsequent use. There is also a requirement that querying generally be done only where strictly necessary in performance of CSIS’s mandates.
Those charts show why some intelligence operators complain that C-59 is a gift to lawyers. I suppose it is no surprise, then, that I think this is a clever regime. Not least, it short circuits inevitable frontier s.8 issues; to wit, does s.8 attach to the big data analysis of information, the individual bits of which triggers no reasonable expectation of privacy. It seems almost certain that the jurisprudence will get there. C-59 heads this issue off at the pass by superimposing independent judicial authorization guiding and conditioning that big data analysis.
So, on that happy note, I shall end there.
This is a third quick posting on some of issues I have been wondering about in the CSE Act, proposed by bill C-59. I have not reviewed all the submissions to the Commons national security committee (which have been often excellent and thoughtful). But I am not aware of any discussion so far on today’s topic: lining the CSE Act up with international law.
Here, my preoccupation is with active and defensive cyber operations, and not foreign intelligence collection. The latter raises arguably similar international law issues, but I have canvassed those elsewhere, in other contexts. (See here and here). (On this issue, I am in receipt of a new article from European colleagues examining this same question – which I look very much forward to reading.)
Nor do my remarks relate to CSE’s (cyber) participation in an armed conflict. Such involvement would, I assume, arise in an exercise of the CSE’s assistance mandate, in relation to the Canadian Armed Forces. There, an obvious concern is with CSE’s direct participation in hostilities, while an unprivileged belligerent (that is, something other than an armed force). This prospect raises real concerns under the laws of armed conflict. Not least: participating CSE employees could be targeted and prosecuted for their conduct, enjoying neither protected status or combatant’s immunity. But I hope to able to point readers to an excellent digest of those issues by a more expert analyst soon.
My focus here is on CSE’s autonomous active/defensive cyber mandate, anticipated in sections 19 and 20 of the proposed Act. And so, active cyber may involve activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
That is a vast mandate, constrained by a caveat that the activities be outward facing from Canada and not cause (intentionally or by criminal negligence) death or bodily harm or willfully attempt in any manner to obstruct, pervert or defeat the course of justice or democracy.
CSE is exempted from a narrow range of law
Cyber ops must be authorized by the defence minister (in the case of active cyber, blessed or requested by the foreign affairs minister). But the activity itself need not comply with “any other Act of Parliament or of any foreign state” (s.31; 30). As far as I can tell, this is the only carve-out pertaining to other legal regimes applicable to cyber ops. (If I am missing something, happy to be disabused.)
And the modest scope of this carve-out is what gives me pause. If it enacts this provision, Parliament authorizes violations of federal and foreign “Acts”, something it is free to do in a system based on parliamentary sovereignty.
CSE is not exempted from international law
Parliament is also free to authorize violations of Canada’s international law obligations. This does not relieve Canada of state responsibility in international law for such violations. But it does make it legally possible in domestic law to violate international law. But herein lies the rub. The Supreme Court has made it abundantly clear that Parliament is assumed to legislate in compliance with Canada’s international obligations, and that deviations from this presumption cannot be presumed. Instead, there must be “unequivocal legislative intent to default on an international obligation”. See Hape, para. 53.
This was the exact issue that ensnarled CSIS in the Re X decision on extraterritorial invasive surveillance. Parliament corrected that problem in bill C-44 (2015), by permitting the Federal Court to authorize warrants even in violation of foreign or “other” law. “Other” in the context might reasonably be construed as “international”, although it might be argued otherwise.
Strangely, the CSE Act does not do this. It does not replicate the CSIS bill C-44 formula of “foreign and other laws”. It reaches, at best, foreign “Acts” (that is, primary legislation). I do not see how this reference to “Acts” can be read to empower CSE to violate international law. (Indeed, I do not see it as unambiguously authorizing violations of other possible sources of foreign law – for instance, constitutional, common law or regulations or equivalents. But the international law issue is the big question, since it binds Canada). There is much international law indisputably applicable to Canada that is not codified or covered in foreign “Acts”. Indeed, it would be incongruous, indeed patently ridiculous, to assert that foreign “Acts” constitute the sum total of international obligations binding on Canada.
International law precludes extraterritorial exercise of enforcement jurisdiction
Accordingly, were I giving legal advice in relation to an active cyber operation, I would conclude that CSE cannot act, unless that cyber operation complies with international law. And that raises the big issue: international law precludes the exercise by a state of “enforcement jurisdiction” on the territory of another states, without its consent or some other permissive rule of international law. I have discussed here the application of the “enforcement jurisdiction” in a cyber context. Where it might exist will be debated, on the margins. But the more kinetic the impact of the active cyber, the more likely the violation of this norm.
(And I’d add that the permission to breach “Acts of Parliament” offers no different answer on this question. As Hape notes, customary international law – of which the bar on extraterritorial enforcement jurisdiction is a part – is considered part of the common law of Canada – and that is only displaced by statute. The CSE Act does not displace it. It does not displace any Canadian law other than “Acts of Parliament”.)
The result should be a real and significant fetter on exactly what sort of activity CSE can perform as part of its unilateral active/defensive cyber mandate.
I have no real issue with this as a policy choice – by disposition I am not tremendously keen on a state doing an end-run around established doctrines of international law using data streams where it cannot use corporeal bodies.
Was this a policy choice or a drafting issue?
My concern is, however, that the government may not have fully turned its mind to this issue in designing the CSE Act. Put another way, it may have drafted an outcome it does not intend to honour. If it really does think it has exempted CSE from the considerable strictures of international law, and CSE acts accordingly, CSE may have its own Re X moment. If its policy objective is a muscular cyber ops capacity, the government may wish to have Parliament speak on the international law issue in an amendment – because silence retains the full international law fetter.
(And if that weren’t enough, we need to look over our shoulders at this throw-away line from the Supreme Court in Hape: “Neither Parliament nor the provincial legislatures have the power to authorize the enforcement of Canada’s laws over matters in the exclusive territorial jurisdiction of another state.” We’ll assume that the Supreme Court did not mean to suggest that Parliament lacks jurisdiction – period – to authorize invasions of a foreign state’s sovereignty.)
It is true this kind of esoteric legal issue may never be adjudicated. But people have been saying things like that for years. I am still waiting for it to be true.
As noted in my prior post, there are a number of really interesting briefs prepared by various stakeholders, going into the next round of House of Commons legislative hearings on bill C-59. Many seek to ratchet tighter the accountability structures in the bill, especially for CSE and CSIS (where they don’t call for the outright abandonment of these agencies’ proposed new powers).
I haven’t had chance to review all the specific ideas, but two of these sets of recommendations stand out for me in this area. In my last post, I addressed the question of “publicly available information”. In this one, I want to noodle through the extremely complex question of whether the Intelligence Commissioner should have oversight jurisdiction to vet and approve, in advance, and on a reasonableness standard CSE’s proposed active and defensive operations (“cyber ops”).
Citizen Lab and the current CSE commissioner have both urged this role for the new Intelligence Commissioner, supplementing that official’s responsibility to vet ministerial authorizations issued for foreign intelligence (FI) and cybersecurity (CS). (As an aside: for my part, I have suggested that the ministerial authorizations for FI and CS do not meet constitutional standards, because they are only required where CSE violates an “Act” through its collection. So if at issue was “private communication”, intercept without authorization would violate the Criminal Code. But the government has argued that private communication does not include metadata. In fact, there is no Act of Parliament violated by the foreign collection of metadata, including the incidental collection of Canadian metadata -- if there was, CSE would have been violating it for years. And so, under the current drafting of C-59, there is no requirement to seek a ministerial authorization vetted by the IC. And yet, there is a clear constitutional privacy interest in that metadata. There is *nothing* in either the current CSE law or the proposed CSE Act that meets the standards in the jurisprudence permitting “warrantless” intercepts -- or could meet that standard, in my view, given the nature of CSE’s bulk activities. End result: a new constitutional lawsuit, scandal, acrimony, disaster. Please, please fix this! Make sure the authorization process is triggered by all collection activities or classes of activities that engage information in which a Canadian or person in Canada has a reasonable expectation of privacy.)
The CSE Act Structures Cyber Ops MAs and FI/CS MAs Differently
But back to the proposal to extend the IC function to cyber-ops. First observation: for cyber-ops, ministerial authorizations are required for all cyber-ops (s. 23(2)(b)). This isn’t like FI and CS, where there is a trigger obliging some activities to go for approval and not others (s.23(3) and (4)). In my comment above, I suggest the FI/CS MA trigger is too narrow. I *want* to steer FI and CS activities that implicate Charter rights into the MA and then the IC process. But I am not proposing steering those that *do not* otherwise violate Canadian law through this process. I do not think, for instance, that a CSE targeted intercept that collected the telephone call of a foreign person in a foreign state, with no prospect of any nexus to Canada, attracts Charter rights. Without embarking in a discussion of the Supreme Court’s (unclear) Hape decision, it would be unlikely that the Charter applies, and that the target has any section 8 rights. And I am not among those inclined to think international law imposes meaningful privacy obligations on Canada in these circumstances – and certainly not a judicial pre-authorization requirement. I do think there could be extraterritorial enforcement jurisdiction violations in international law, but in the area of spying it is a close call; international law is, as I have said, creatively ambiguous in this area. So I would not embark on the “judicialization of intelligence” in such a manner, again assuming there was no prospect of a Canadian nexus. I make these sorts of points in greater detail in this article.
So my initial point: To simply superimpose IC oversight on cyber ops MA means, under the current architecture, asking the IC to approve all CSE cyber ops activities. (ss. 30 and 31).
Would this be a good thing?
That may sound like a good idea right out of the gate. But I have been going around in circles because I find it complex. I thought I’d memorialize my struggles.
- First, cyber ops should not, if the Act is applied properly, implicate the collection of information, except as properly authorized by a FI/CS authorization (s.35(4)). Right away, this makes it unlawful under the statute to use cyber ops as a stalking horse for some sort of autonomous information collection activity (on top of likely unconstitutional to the extent that information collected does attract s.8 protections). So the privacy issues should be muted here, even if the activities authorized by the cyber op authorization may involve some of the same techniques/practices.
- Second, some cyber ops may implicate other Charter rights and Canadian law. At first blush, this may be rare (even very rare) because those rights and laws are usually confined to the territory of Canada. That said, the “real and substantial connection” test may make things like criminal mischief commenced here and remotely conducted against a foreign computer a crime with a sufficient nexus to Canada. But I am not sure that superimposing the IC into the approval process for such actions is an *obligation*. We do allow our security services to break statute law in pursuing aspects of their mandate and we don’t always require pre-authorization by a judicial officer. For example, Criminal Code, s.25.1 for the police allows law-breaking through administrative approvals within the police services. On the other hand, CSIS threat reduction power does oblige judicial pre-authorization for breaches of Canadian law, which would presumably include overseas conduct that, on a real and substantial connection to Canada basis, violates Canadian law (or in some other manner where the Canadian law applies extraterritorially). The CSE Commissioner, in his brief, points to this CSIS precedent to justify his view that cyber ops should be subjected to IC oversight. It is hard to argue against this parallel.
- Third, international law may be breached by cyber ops. (And indeed, international law is likely breached by CSIS extraterritorial threat reduction and perhaps intrusive surveillance done in violation of a foreign state’s laws, and thus its sovereignty. That is a violation in the area of extraterritorial enforcement jurisdiction. I have argued that this international law breach would require pre-authorization by the Federal Court, under the current CSIS Act. See here.) Invasive cyber conduct and international law is an issue I have discussed here, in the context of covert action.
This third argument is a strong justification for an IC involvement in cyber op authorizations. But it depends on a final supposition: that either international law or domestic law or good policy is served by having an independent judicial officer scrutinize Canada’s international conduct and bless (or not) breaches of it. There are many, many areas where Canada’s international obligations are engaged where we do not involve pre-vetting by judges. The overseas conduct of the Canadian Armed Forces is an example. When the Canadian Armed Forces chooses to bombard an enemy, say in Afghanistan, it is reviewed for legality under international law, most notably by the JAG team. But they do not seek the blessing of a judge. Our system expects (and under the terms of the Baker decision of the Supreme Court, I would argue, obliges) members of the executive to observe Canada’s international obligations in exercising their discretion. But we do not then submit that judgment to advance approval by a judge – indeed, it is near impossible to subject it to any form of judicial review, as many of these matters are considered non-justiciable (if they do not raise Charter issues, which as suggested above they rarely do).
CSE cyber ops are the sort of activity that would typically be considered an exercise of defence or foreign policy, and absent some statutory displacement, governed by the royal prerogative. That is why the military could hack away and turn off lights and never need to meet a statutorily-prescribed approval regime. But because CSE only has statutory powers (since 2001), it must look to its statute to find the power for cyber ops. Hence, C-59. So the question is: because CSE is a statutory creature, should the once relatively unfettered powers to engage in defence and international affairs now implicate judicial pre-authorization?
This provokes additional questions: would we be best served by an IC looking at all cyber ops to establish the reasonableness of them? If so, would the IC be empowered to assess the inevitable political dimension of the minister’s authorization – his or her judgment, for example, that the security risk posed by a malignant server justifies CSE reaching out and turning it off? Or would we craft language confining the role of the IC to indisputably legal issues? If so, would the IC be better equipped to assess Canada’s compliance with international law than the executive? Which raises a question: then why stop with IC involvement in the cyber world? Should the artillery officer's orders also be pre-vetted by a Combat Commissioner for compliance with IHL (international humanitarian law)?
The bottom line: I am torn on this issue. I worry about giving the IC too global a role in areas of high policy where he or she would not be equipped to apply rules, but rather second guess political judgment. For one thing: the IC then ends up wearing whatever they approve. And if they dispute, without clear legal standards to ground that dispute, then we have a clash of responsibilities. Who should be responsible for these decisions of high policy: a minister accountable to Parliament or an appointed quasi-judicial officer?
On the other hand, if you agree that judicial pre-authorization is required for extraterritorial CSIS threat reduction (at minimum), what’s good for CSIS under threat reduction should probably also be good for CSE under cyber ops. I must say, in both cases, I wonder a lot about what a court (or the IC, if its remit is extended) would say in response to an op that violates, say, the sovereignty interest of a foreign state. This is a whole lot of novel territory. Which makes it interesting, but also worthy of close consideration.
I am probably missing much and wrong on other issue, but heck, it’s my blog. This is probably one of this entries that will soon be supplemented with a lot of supplemental additions.
As predicted, edits already. Edited to correct the suggestion that classes of activity/activities disctinction didn't matter in the cyber op world.