Last month, Canada’s Standing Senate Committee on National Security and Defence held a public hearing on Bill C-59, “An Act Respecting National Security Matters.” The bill is a piece of omnibus legislation that would introduce the most far-reaching reforms to Canada’s intelligence community in recent decades. Most significantly, C-59 strikes a healthy balance between facing up to new cyber-threats on the one hand and ensuring accountability and oversight on the other.  

First introduced by the Liberal government in June 2017, the measure has been with the Senate since summer 2018. April’s committee meeting seemingly indicates that the Senate, after months of delay, has regained the momentum to pass the Bill, hopefully well in advance of October’s federal election.

Bill C-59 is in part a response to the Anti-Terrorism Act of 2015, which then-Prime Minister Stephen Harper’s government passed in the aftermath of the 2014 Parliament Hill shootings. Press pundits, civil liberties associations, and law professors criticized various provisions of the 2015 Act as vague and as granting the Canadian Security Intelligence Service (CSIS) in particular an overbroad mandate.

Bill C-59, which clocks in at a daunting 150 pages, addresses many of those issues, but also goes beyond reactive amendments to articulate a new and necessary, if somewhat incomplete, vision of Canadian intelligence. From a national security standpoint, C-59 accomplishes two important goals: (1) increasing the intelligence community’s internal and external accountability; and (2) granting intelligence agencies new tools while simultaneously articulating standards for the use of those tools.

C-59’s Internal and External Accountability Features

Harold Hongju Koh, former Legal Advisor of the U.S. Department of State, argues in his book The National Security Constitution that the U.S. Congress has a primary responsibility of “strengthening the internal and external accountability mechanisms for the oversight of intelligence activities.” The same might be said of Canada’s Parliament. Bill C-59 articulates a number of oversight mechanisms that would strengthen both types of accountability.

Part I of the bill would create a National Security and Intelligence Review Agency, which would have a mandate to review any activity carried out by CSIS or the Communications Security Establishment (CSE), Canada’s signals intelligence agency. Under the current system, CSE and CSIS both have their own, siloed review committees. The new Review Agency could also review the activities of other departments, so long as those activities relate to national security or intelligence. The hope is that a new, centralized review mechanism will better incentivize individual agencies to comply with the Cabinet’s intelligence priorities, rather than merely focus on intra-agency goals.

Part II of the bill creates the role of the Intelligence Commissioner. The Commissioner would approve, amend, or reject requests by CSIS and CSE to carry out activities such as the collection and retention of datasets. Under the Emergency Authorizations provision of the Act, CSE can circumvent Commissioner approval in urgent situations, though CSE agents still have to notify the Commissioner on a post hoc basis. The Commissioner would be a retired superior court judge and as Craig Forcese notes, would thus represent a “quasi-judicial control…on collection of certain sorts of information.”

Both the Commissioner and Review Agency would strengthen internal, Executive branch accountability for intelligence activities. C-59 also builds inter-branch scrutiny–external accountability–by obligating both the Commissioner and the Agency to submit yearly reports to the Prime Minister, who in turn tables the reports before Parliament.

Moreover, Bill C-59 is but one example of the government’s larger campaign to publicly define the objectives and capabilities of the country’s intelligence community. Most significantly, in 2017, Parliament created the National Security and Intelligence Committee of Parliamentarians, an all-party, bicameral body with the mandate of reviewing the “legislative, regulatory, policy, administrative, and financial framework for national security and intelligence.” The Committee released its 2018 report in April. In addition to listing and describing the agencies and departments that comprise the “security and intelligence community”–in itself a helpful exercise in transparency–the Committee also conducted an in-depth review of the Department of National Defence’s intelligence capabilities. The Parliamentary Committee and the oversight bodies established by C-59 have slightly different, and ultimately complementary, functions.

Putting Intelligence and Surveillance Operations on Stronger Legal Footing

The second main national security accomplishment of C-59 is to better define the operations that both CSIS and CSE may conduct, while also placing restrictions on those operations. The bill expands CSE’s mandate by authorizing defensive, and more controversially, active cyber operations. Section 19 of the bill’s CSE Act would allow the CSE to “degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions, or activities of a foreign individual, state, organization, or terrorist group as they relate to international affairs, defence, or security.”

The bill also places several safeguards on CSE data operations. The Minister of Foreign Affairs, for example, must request or consent to active operations. Furthermore, Section 32 of Bill C-59’s CSE Act stipulates that these operations must not cause, “intentionally or by criminal negligence, death or bodily harm to an individual” or “willfully attempt…to obstruct, pervert or defeat the course of justice or democracy.” Still, some critics have argued that the Bill does not set out enough “explicit limits” on CSE’s defensive and offensive operations.

The bill also grants CSIS new tools, while placing existing CSIS activities on firmer statutory ground. Notably, CSIS would gain the ability to collect certain classes of “Canadian datasets,” defined as datasets that “predominantly [relate] to individuals within Canada or Canadians.” Forcese colourfully likens CSIS with its current authorities to a “fishing craft that must use a sonar with limited range and scope.” The bill would relax certain limitations and permit “the netting of more data.” The Minister of Public Safety would designate which classes of Canadian datasets CSIS is authorized to collect and would inform the Intelligence Commissioner accordingly. The Bill also provides statutory authorization for agents to engage in covert duties that would “otherwise constitute offences,” so long as the Minister of Public Safety has approved of such activities and notified the Commissioner.

An Imperfect Bill that Should become Law

The bill is an imperfect piece of legislation. Although it does establish important restrictions and safeguards on the intelligence community–most notably by creating new oversight bodies–it has continued to attract criticism. The Canadian Civil Liberties Association has decried the bill as allowing CSE “to engage in secret and largely unconstrained state-sponsored hacking and disruption.” A report by the Munk School of Global Affairs cast both the Review Agency and the Intelligence Commissioner’s mandates as insufficient.

Even the National Security and Intelligence Committee of Parliamentarians, which on the whole commended C-59, urged increased oversight over defence intelligence activities–that is, intelligence acts under the purview of the Department of National Defence. Indeed, while the new Review Agency and the Intelligence Commissioner that would be established by C-59 have discretion to investigate defence intelligence operations, their main focus is clearly on CSE and CSIS. Of course, organizations like the Canadian Forces Intelligence Command, Chief of Defence Intelligence, and Canadian Forces Information Operations Group already provide a commendable measure of internal review, but creating more statutory safeguards will only increase transparency.

In addition, although the Civil Liberties Association’s fears of Canadian cyber-operations run amuck may be exaggerated, the Bill does not sufficiently articulate the conditions under which offensive CSE operations would be justified. Separate and apart from C-59, CSE would do well to more clearly lay out its views on acceptable uses of force in the cyber realm, just as the U.S. Department of Defence did in its 2018 “Defend Forward” strategy.

Yet with election season fast approaching, the Senate’s main focus ought to be on passing the bill. Further reforms can come after enactment and would not necessarily require legislative fixes. Indeed, much of the bill’s lasting legacy will depend on how agencies like CSE and CSIS respond culturally to the new provisions. Will agencies fully cooperate with the new oversight bodies? Will the new review bodies act robustly or be too deferential  to the agencies? Culture cannot always be legislated. Of course, should Bill C-59’s institutional safeguards prove too weak to overcome opposition from the agencies, a future Parliament may well need to introduce statutory improvements.

Critically, however, if the current Senate gets bogged down in amendments and passage consequently becomes a partisan issue, then the country could revert to the intelligence regime established by the 2015 Anti-Terrorism Act. That would mean thrusting Canada’s intelligence community back into the shadows and leaving the hard work of building transparency entirely to the Parliamentary Committee. Surely not even the critics of C-59 would want that. C-59 is far from perfect. But it does articulate a new framework that will allow Canada’s national security agencies to respond responsibly to 21st century cyber threats and deserves to become law.

IMAGE: Canadian flags line the walkway in front of the Parliament in Ottawa, Ontario, October 2, 2017.