Notes for remarks to the House of Commons Standing Committee on Public Safety and National Security

The Honourable Jean-Pierre Plouffe - Communications Security Establishment Commissioner

January 30, 2018

Check Against Delivery

Chair, honourable members, I am pleased to appear before this committee on the subject of Bill C-59. I am accompanied by Bill Galbraith, the Executive Director of my office and by Gérard Normand, Special Legal Advisor.

I have been the Communications Security Establishment Commissioner for over four years, responsible for reviewing the activities of CSE to determine whether they complied with the law, including protecting the privacy of Canadians and persons in Canada. I am a retired judge of the Superior Court of Québec and of the Court Martial Appeal Court of Canada. The law requires the CSE Commissioner be a supernumerary or a retired judge of a superior court. My current term expires in mid-October this year.

However, once Bill C-59 receives Royal Assent and Part 2 enters into force, my role will change into a completely new function for intelligence accountability in Canada.  

Indeed, the CSE Commissioner will no longer perform after the fact review of CSE's activities. The Intelligence Commissioner, however, will have a quasi-judicial role of reviewing and approving authorizations issued by Ministers for certain activities of CSE and CSIS, before those activities can be conducted.

This specific role will be to determine whether the minister's conclusions to authorize the activity were reasonable. In essence, this is similar to the function performed by a court of law when undertaking a Judicial Review. This is a critical role, intended to provide a quasi-judicial review of intelligence agency activities that may have Charter and/or privacy implications.

Part 2 of Bill C-59, the Intelligence Commissioner Act, expressly provides for the transition of the CSE Commissioner into the role of Intelligence Commissioner. The functions of post-facto review of CSE activities that I now perform will be assumed by the new National Security and Intelligence Review Agency, also proposed in Bill C-59.

I would add that this Bill also requires the Intelligence Commissioner to be a retired judge of a superior court, which is appropriate given the quasi-judicial function of this new position. However, this Bill does not include the possibility of appointing a supernumerary judge, as is the case now with the National Defence Act for the CSE Commissioner. I believe this Bill should retain the possibility of a supernumerary judge, in part to ensure a broader pool of potential candidates. I was a supernumerary judge when appointed CSE Commissioner, and a short time after, fully retired from the bench.

I submitted previously to this committee a written copy of substantive proposals for amendments to Bill C-59. I am also submitting today lists containing additional substantive and technical proposals that I sent to Ministers Goodale and Sajjan. I will highlight a number of these in my remarks.    

The importance of the process the government has chosen to follow for this bill is, as stated by Minister Goodale, to allow new ideas and alternative suggestions to be presented before Second Reading.

In this context, I will speak to changes I am proposing for three parts of this Bill: Part 2, the Intelligence Commissioner Act; Part 3, the CSE Act; and Part 4, amendments to the CSIS Act.

While I am of the view that the proposed legislation is generally sound, and that it addresses many of the recommendations made by me and my predecessors to amend Part V.1 of the National Defence Act, I am also of the view, following in-depth analysis and discussions with officials and agencies directly involved, that certain amendments should be proposed.

Among my substantive proposals I will describe seven that I consider the most important.

1. First, I believe the Intelligence Commissioner should be involved in approving authorizations for CSE active cyber and defensive cyber operations which may also implicate privacy interests. Some commentators have remarked that this is a new and very broad mandate for CSE and is too permissive. By comparison, the CSIS Act requires CSIS to go before a Federal Court judge, in some instances, to have a warrant issued for similar activities.
   
   
2. Second, as the Bill is written currently, the IC does not approve the Minister's decision to extend the validity of a CSE foreign intelligence or cyber security authorization for an additional year. I believe the Commissioner should be involved, given that he was involved in approving the initial authorization. Otherwise, in effect, the authorization would be for two years.
   
   
3. Third, “emergency authorizations” for CSE issued by the Minister for purposes of foreign intelligence or cybersecurity should also be reviewed by the Commissioner immediately after they have been issued. This would be similar to the approach that exists in the Investigatory Powers Act in the United Kingdom. Under the UK legislation, the period of validity for these emergency authorizations is five days, the same validity period as in Bill C-59; however, the UK Judicial Commissioner must review and approve these authorizations within that timeframe.
   
   Similar to the “emergency authorizations”, the proposed CSIS provisions of Bill C-59 provide that the Director of CSIS may authorize the searching of datasets in “exigent circumstances”. However, even in those instances, the proposed provisions require the Intelligence Commissioner to review and approve the Director's authorization.
   
   
4. Fourth, I also believe that the Commissioner should have the authority, when engaged in the review and approval process, to request clarifications about the information provided to him that was considered by the Minister in making a decision. Without this ability, the Commissioner, if not clear on some of the information, may well have no option but to determine that the minister's conclusion to authorize an activity was not reasonable. Being able to seek clarification could add a degree of flexibility and efficiency to the process.
   
   
5. Fifth, I believe the Commissioner should be able to conditionally approve an authorization, subject to the Minister agreeing to incorporate a condition identified by the Commissioner, short of which the test of reasonableness could not be reached. This would add flexibility and efficiency to the process.
   
   
6. Sixth, the Intelligence Commissioner should prepare a public annual report to the Prime Minister, to be tabled in both chambers of Parliament. This would emphasize the independence of the Commissioner, and help enhance transparency and public trust.
   
   
7. Finally, I believe a regulation-making authority should be inserted in the proposed Intelligence Commissioner Act for carrying out the purposes and provisions of the Act.

Let me now highlight a few technical proposals.

1. The IC Act should be clarified to specify what is included in “all information that was before [the Minister]”, that is to be provided to the Commissioner for his review. I believe that this type of detail could be in a regulation.
  
2. The IC Act provides that the Intelligence Commissioner can receive from CSE, CSIS, or their respective Ministers, information that is not directly related to a specific review being conducted by the Commissioner but that would help the Commissioner understand agency activities and properly exercise his role. The provision of this information to the Commissioner by the agencies or Ministers is currently discretionary. I believe that if the Commissioner makes a specific request for this type of information, it must be provided to him.
   
   
3. The CSIS Act (s. 11.03(2)) states that the Minister may determine that a class of datasets can be collected if the Minister concludes that the querying of any dataset “could lead to results” relevant to the CSIS mandate. However, the terms in the English and French versions are different: the English is “could lead to results” which is very broad and low, but in any case conditional; whereas the French version is certain – “will allow producing results” – “permettra de générer des résultats”. Which one is intended? 
   
   Apart from this language difference, I would propose using for the English version, a higher threshold such as “is likely to assist”…the mandate of CSIS.
   
   
4. The title of the Intelligence Commissioner should be modified to better reflect the function and help public understanding of the role; for example, “Judicial Commissioner for Intelligence” or “Judicial Intelligence Commissioner”.
   
   
5. Finally, in the CSE Act, because of the sensitive nature of active and defensive cyber operations, there is a case for lowering the period of validity for such authorizations (subsections 30(1) and 31(1)) from the proposed one year to six months. Both the United Kingdom and Australian legislation in this area of the law provide for a six month validity period for these types of authorizations, and the new CSIS provisions contemplate a three month period for threat reduction measures issued by the Federal Court.

We have continued our assessment of the Bill and will submit a number of additional proposals for amendments, including some related to the administrative provisions of the Intelligence Commissioner Act, as well as a list of comments and questions on certain parts of Bill C-59 for your consideration.

Thank you for this opportunity to appear before you today. We would be pleased to answer your questions.