In my last post titled Informal Coalition Opposes Canada’s Anti-Terrorism Bill dated March 22, 2015, I reviewed the criticism of the government’s position on Bill C-51 and the attendant decline in public support. I will focus here on two aspects of the bill that have been denounced by the critics: (1) information sharing without adequate oversight; and, (2) warrants authorizing breaches of the Charter of Rights.

On March 23, 2015, The Intercept broke a story about the cyberweapon capabilities of Canada’s Communications Security Establishment (CSE) that operates in the shadows with little oversight. In an article titled Documents Reveal Canada’s Secret Hacking Tactics, Ryan Gallagher wrote:

“According to documents obtained by The Intercept from National Security Agency whistleblower Edward Snowdon, CSE has a wide range of powerful tools to perform ‘computer network exploitation’ and ‘computer network attack’ operations. These involve hacking into networks to either gather intelligence or to damage adversaries’ infrastructure, potentially including electricity, transportation or banking systems. The most well-known example of a state-sponsored ‘attack’ operation involved the use of Stuxnet, a computer worm that was reportedly developed by the United States and Israel to sabotage Iranian nuclear facilities.

One document from CSE, dated from 2011, outlines the range of methods the Canadian agency has at its disposal as part of a ‘cyber activity spectrum’ to both defend against hacking attacks and to perpetuate them. CSE says in the document that it can ‘disable adversary infrastructure,’ ‘control adversary infrastructure,’ or ‘destroy adversary infrastructure’ using the attack techniques. It can also insert malware ‘implants’ on computers to steal data.

The document suggests CSE has access to a series of sophisticated malware tools developed by the NSA as part of a program known as QUANTUM. As The Intercept has previously reported, the QUANTUM malware can be used for a range of purposes – such as to infect a computer and copy data stored on its hard drive, to block targets from accessing certain websites, or to disrupt their file downloads. Some of the QUANTUM techniques rely on redirecting a targeted person’s internet browser to a malicious version of a popular website, such as Facebook, that then covertly infects their computer with the malware.

According to one top-secret NSA briefing paper, dated from 2013, Canada is considered an important player in global hacking operations.”

Since then, Bill C-51 progressed through committee hearings that received testimony from various witnesses as the media reported that the government itself would propose amendments to scale back some of the provisions in the wake of public concern about the bill’s impact on the privacy rights of all Canadians. In a post titled A Conversation About Bill C-51: How the Anti-Terrorism Bill Undermines Canadian Privacy dated March 24, 2015, Professor Michael Geist put it this way:

“The Snowdon revelations have made it abundantly clear that given the capability, intelligence agencies and law enforcement will monitor and gather everything they can and then disseminate and data mine that information in every conceivable way. This means tracking everything. Indeed, it is why the nearly weekly reports about an NSA or CSE or GCHQ initiative to gather all internet communications or hack into private systems no longer shocks. For example, we know that Canadian agencies grab tens of millions of downloads every day from users around the world. We know that Canadian Internet communications pass through routers that collect the metadata on all communications. These are our agencies working on concert with others, yet the activities merit barely a mention.

This is the current reality. I would prefer – in fact, I think we desperately need – far stronger limits on data collection, which is currently indistinguishable from mass surveillance. We also need stronger safeguards on its dissemination, disclosure, and use. And we need far better oversight to ensure that this massive data collection does not run afoul of the law and is not misused.”

Professor Geist focused on the failure of the bill to provide adequate oversight of the information sharing provisions – what has been called total information awareness – that also received criticism from the Canadian Bar Association as reported by Justin Ling in an article titled C-51 and privacy rights in the CBA National issue of March 26, 2015:

“Testifying before the Public Safety committee…representatives from the Canadian Bar Association also underlined issues with the information-sharing provisions.

Peter Edelmann, an executive member of the CBA National Immigration Law Section, said he was unsure of what impact the Privacy Act would have on the bill. ‘How does this bill interact with the Privacy Act‘ he said. ‘Does it supersede the Privacy Act? Is it subject to the Privacy Act? Few of the bodies listed in Schedule 3 have built-in review processes, Edelmann added. ‘The [Canadian Border Services Agency] is an agency with no independent civilian oversight,’ he noted.

In a separate schedule of bodies that can receive the information, C-51 includes the Office of the Communications Security Establishment Commissioner, but no others. Specifically missing are review bodies for CSIS and the RCMP. And, as the Privacy Commissioner pointed out in his submission on C-51, the Privacy Act forbids bodies like this from sharing personal data with other review agencies, meaning it would be quite difficult to detect possible breaches under SCISA (Security of Canada Information Sharing Act). Indeed, the fact that CSE is on this list seems to ignore the body’s very mandate, which specifically precludes it from receiving information about Canadians, unless it has received  judicial authorization to do so.

In a submission to the committee, the CBA concluded that ‘there are insufficient checks and balances in SCISA, and no safeguards to ensure that shared information is reliable…While SCISA is theoretically subordinate to the Privacy Act, the latter explicitly allows disclosure as authorized by any other Act of Parliament, so would in turn permit any disclosure under the proposed SCISA that might otherwise be prohibited’.”

Then, a new opponent of the bill emerged: The Firefox web browser. In an article titled Bill C-51 A Threat To Safety Of Internet Users, Firefox Maker Mozilla Says published by The Huffington Post Canada on March 26, 2015, Daniel Tencer reported:

“The Mozilla project, the open-source software community behind the Firefox browser, has issued a statement urging the federal government not to go ahead with Bill C-51.

The bill’s move to broadly expand information sharing between governments and give new powers to Canada’s intel agencies will ‘undermine user trust, threaten the openness of the Web, and reduce the security of the Internet and its users,’ Mozilla internet policy director Jochai Ben-Avie said in a statement published on the Mozilla blog.

‘C-51 is sweeping in scope, including granting Canadian intelligence agencies CSIS and CSE new authority for offensive online attacks, as well as allowing these agencies to obtain significant amounts of information held by the Canadian government,’ Ben-Avie wrote.

He argued the broad nature of information-sharing between government agencies would erode trust in government, and described the Canadian bill as ‘even more concerning’ than the controversial CISA bill (Cybersecurity Information Sharing Act) making its way through the U.S. Congress.”

On March 29, 2015, Professor Kent Roach and Professor Craig Forcese responded to the government’s proposed amendments to the bill in an article in The Globe and Mail titled The government has not made its case for C-51. They wrote:

“First the good: it is helpful that the proposed changes will now exclude from the national security information sharing regime protests of all sort, and not just protest complying with each and every regulatory law. The amendments will also temper language that might have authorized further sharing of information to ‘anyone’, including in disregard of security caveats attached to that information.

But in all other respects the government has disregarded warnings of the Privacy Commissioner (and many others) about the reach and potentially ungovernable nature of this vast privacy-limiting power. Downstream sharing can still take place so long as it is ‘in accordance with law’, which include many exceptions to privacy.

Even more distressingly, the government refuses to redress in any intelligible way concerns with proposed new CSIS (Canadian Security Intelligence Service) powers. Instead, its amendments seem to offer a simple proviso that CSIS shall not have ‘law enforcement powers’.

But that expression, a colloquial one rarely used in Canadian law, raises new interpretive headaches. We assume it means that CSIS will not have Criminal Code powers of arrest. We never thought it did. But arrest does not exhaust all the forms of detention exercised by state agencies.

If CSIS wishes to detain or interrogate, it will do so for threat disruption purposes, not ‘law enforcement’. The government’s peculiar language does precisely nothing to dispel concerns about a system of CSIS ‘security detention’ or ‘detention for security interrogation.’ Given the disturbing experience in other jurisdictions after Sept. 11, 2001, the absence of an express, emphatic bar on detention is alarming.”

On March 31, 2015, Professor Forcese continued his attack on the Charter breach provision following the appearances of Justice Minister Peter MacKay and Public Safety Minister Steven Blaney before the Senate committee. In an article in iPolitics titled The selling of C-51: Something old, something new…and a lot just plain missing, he wrote:

“The single most puzzling legal position taken by both ministers relates to the now-infamous provision anticipating Charter breaches by CSIS, where permitted by Federal Court warrant. Both ministers urged that such warrants are commonplace – ‘nothing new under the sky’ in Minister Blaney’s words.

This is an astonishing category error. As Professor Kent Roach and I have argued…we have never had Charter breach warrants before. Analogies to search warrants, or arrest warrants, or various procedures in criminal trials closed to the public (but not the accused) are false – equivalent to pointing to the existence of a bushel of apples to defend the slicing of an orange. Nor (as we have argued) can it be persuasively asserted that s. 25.1 of the Criminal Code is somehow any useful precedent – the minister’s position.

If Minister Blaney wishes to question the qualifications of the Canadian Bar Association for condemning this warrant aspect of C-51 – as he did at the committee – he had better add a few more sheets of paper to his rogue’s gallery of everyone who agrees with the CBA. In asserting ‘nothing new here, move along,’ the government stands apart from what appears to be most of the legal world.”

Also on March 31, 2015, Professor Geist posted a telling piece titled We Can’t Hear You: The Shameful Review of Bill C-51 By the Numbers. I will let some of the numbers speak for themselves:

• 25: Number of times a Conservative MP asked a substantive question about a Bill-51 provision
• 3: Number of times a Conservative MP asked a critic a substantive question about a Bill C-51 provision
• 12: Number of Canadian privacy commissioners who have publicly criticized Bill C-51
• 0: Number of appearances by the Privacy Commissioner of Canada
• 0: Number of appearances by any Canadian (federal or provincial) privacy commissioner
• 3: Number of U.S. groups with no Canadian connections who appeared as witnesses
• 135: Number of pages Professors Craig Forcese and Kent Roach wrote in four background papers on Bill C-51
• 3: Number of questions posed directly to Forcese and/or Roach by Conservative MPs

At the same time that Bill C-51 was being criticized for an absence of increased oversight regarding CSIS, inadequacies in the present system received exposure in an article titled Canadian spy agency’s overseer can’t really oversee: documents by Alex Boutilier in the Toronto Star edition of April 1, 2015:

“CSIS’s review body admits it can only review a ‘small number’ of the spy agency’s actions each year, as the government continues to resist calls for oversight into Canada’s intelligence agencies.

The Security Intelligence Review Committee (SIRC) warned that continued vacancies on the five-person board, the inability to investigate CSIS operations with other agencies, and delays in CSIS providing required information are ‘key risks’ to its mandate.

‘Currently, SIRC reviews still lack the ability to follow the thread of a CSIS investigation if it involves another government department or agency,’ the SIRC wrote in documents tabled in Parliament on Tuesday.

SIRC’s effectiveness is dependent on (CSIS’s) timely provision of information. In those cases where there are delays in receiving information, SIRC is at risk of being unable to complete its reviews and investigations in a timely manner.”

Yet, as the committee concluded its clause-by-clause review of the bill, the government MPs refused every opposition amendment. The Conservatives continued to ignore concerns over inadequate funding for the present system of SIRC oversight and attempted to deflect public protest about the need for Parliamentary oversight of CSIS’s new powers by proposing four minor amendments to the bill. The amendments include a loosening of the type of activity deemed to undermine security to exclude unlawful but peaceful protest and a clarification that CSIS agents do not have arrest powers.

Also on April 1, 2015, Professor Forcese posted a lengthy exploration of what emerged from the committee process on his National Security Law Blog titled Bill C-51: What Did We Learn About The Government’s Intentions From The Clause-By-Clause. His analysis of the provision that will allow CSIS to breach the Charter with warrant follows:

“At issue is proposed s. 12.1(3): ‘The Service shall not take measures to reduce a threat to the security of Canada if those measures will contravene a right or freedom guaranteed by the Canadian Charter of Rights and Freedoms or will be contrary to other Canadian law, unless the Service is authorized to take them by a warrant issued under section 21.1‘ (emphasis added).

Basically, this has been read by almost every lawyer outside government whose opinion I have access to as ‘the Service can violate the Charter — and potentially any Charter right — if it has a warrant.’

• This is very different from search and seizure warrants — those are tied to Charter rights that have qualifying language in the right itself (Section 8 of the Charter only guards against unreasonable searches and seizures. Section 9 only protects against arbitrary detention). A search or an arrest warrant satisfies this qualifying language, and therefore a government acting under such a warrant does not breach the Charter.
• Most other Charter rights are not imbued with built in qualifying language. There is no concept of permissible free speech, or arbitrary cruel and unusual treatment, or appropriate mobility rights to enter or leave the country or limited habeas corpus.
• Such rights can only be trumped under s. 1 of the Charter (or if the government uses the s. 33 notwithstanding clause, which it is not doing in C-51). Section 1 reads: ‘The Canadian Charter of Rights and Freedoms guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.’
• But s. 1 issues simply aren’t dealt with through the peculiar mechanism of a warrant — as noted below, procedurally to do so is avery concerning approach.

But, not surprisingly, the government now asserts that s. 1 is exactly what they have in mind.”

It appears that Bill C-51 is destined to pass without further amendment. It is a certainty that the constitutionality of the new law will be determined by the courts at great social and economic cost to all Canadians. I can only reiterate what Professor Forcese said on Twitter yesterday: “Didn’t have to be this way.”