The Book





This blog comments on Canadian (and occasionally comparative) national security law to update my National Security Law textbook and now also my 2015 book, False Security: The Radicalization of Anti-terrorism, co-authored with Kent Roach.

Please also see for Bill C-51-related analyses by Craig Forcese and Kent Roach.

For narrated lectures on various topics in national security law, please visit my 2017 "national security nutshell" series, available through iTunes.

Please also visit my archive of "secret law" in the security area.

By Craig Forcese

Full Professor
Faculty of Law

Email: cforcese[at]

Twitter: @cforcese


Subscribe to National Security Law Blog
National Security Law Blog Search

Best Law School/
Law Professor Blog Award


Most Recent Blog Postings

A Law for New Seasons: Bill C-59 from the "Big Picture" Perspective of National Security Reform

Over the next few months, I will try to post thoughts on Bill C-59, the government’s massive national security overhaul package. Kent Roach and I have posted two quick assessments: an oped in Maclean’s and a longer piece at the Institute for Research on Public Policy website. I also provided reactions to the media in various placed, including on The House here and Power & Politics here.

(We always worry about pushing out analyses of such complex legislation on an insta-response basis, and qualify what we say with an open invitation to point out errors and omissions. Like most people, I learn best when I write, reflect, discuss, revise.)

In this space, I want to meditate on two issues emerging in the discussion.  First, that C-59 is about correcting C-51, creating the impression (fanned by some politicians) that C-59 rolls back security powers.  Second, the resource and burden issue.


C-59: Reforming without subtracting

A word of warning: Kent and I always took the view that C-51 was dealing (mostly) with real problems, but the solutions were so festooned with their own shortcomings that they didn’t solve the problems, but did create a host of new ones.  (The speech crime was the exception: it was always a solution in search of an invented problem).

I won’t repeat our analysis here. (We set out our conclusions in the 600 pages of False Security.)

This is by way of saying: I was never in the “repeal and return to the prior status quo” camp.  Because that status quo meant returning to a security law system that creaked with age and inadequacy.


Fixing the Problematic Parts

If we expect the state to protect us, we need to give it tools.  In part, this is because I believe the civil liberties implications of the day after a security failure are always worse than the civil liberties challenges raised during a calm, premeditated effort to give security services reasonable tools to prevent that incident. (After some bomb goes off, everyone assumes that it stems from a failure of law, and that we need fewer rights.  Usually, the reason is more complex: sometimes it is operational. And sometimes it is simply a manifestation of the old IRA slogan about security services needing to successful all the time, and terrorists only once. Those impossible odds mean something will always happen.  And so you need social resilience, not a stampede to turn your society into North Korea.)

When we do security law and policy reform properly, the questions always are: which tools, are they proportional, and are they compatible with a liberal democracy (and avoid the “burning villages to save them” problem).  And for anti-terror tools, focused on a threat embedded in a civil population, “overclocking” on your tools may precipitate the very threat you intend to stave-off.  (Witness the nonsense discussion on the margins of the internet last month, after the UK incidents, raising the prospect of mass internment. Setting aside the egregious rights violations, this is out past Pluto in terms of security: people need to spend more time examining the blowback consequences of mass internment. It’s a pretty good way to turn a difficult security environment into a 100-year war.)

C-59 is about correcting C-51’s (unnecessary, probably-never-actually-wanted-by-the-security-services) excess, and I think it generally does a good job here (with the real remaining concern being the light-touch amendments to the Security of Canada Information Sharing Act, renamed and tempered, but still vast).  For instance, I doubt CSIS ever wanted to be in the detention and rendition business – so why create a law that made that a legal possibility?

For more on these fixes, see our IRPP piece, linked above.


Dealing with (Some) of the Puzzling Omissions

But C-59 is also about giving new powers to the security services.  Four things stand out. First, by placing CSIS threat disruption powers on a more plausible (although surely still novel) constitutional foundation, it makes those actually usable.  (CSIS has clearly not been prepared to use threat reduction that raised constitutional issues under C-51, probably appreciating that the C-51 formula was an invitation for controversy in the courts and out).

Not everyone will think we’ve hit the sweet spot.  See Michael Nesbitt’s excellent analysis.  But we are way closer than with C-51 – with that bill’s formula, it was really hard to find a constitutional lawyer (not taking instruction from government) who thought we were even in the ballmark.  And whatever we might conclude about how carefully drafted some of the new “closed list” powers are, I simply cannot think of any other way to square the constitution with some of the more potent threat reduction powers I believe are quite properly on the table (e.g., interfering with a suspected terrorist’s communications). 

Second, I had not quite appreciated the extent to which CSIS was on the cusp on being paralyzed by its old law. For one thing, the limitations in its Act on retaining information – most dramatically illustrated by the Fall 2016 Federal Court decision on the CSIS ODAC initiative (see a write up here) -- must be deeply constrictive of CSIS deploying big data analytics – or even basic Boolean searching – on information…that they cannot have.  There are, of course, all sorts of privacy concerns – which is where close study is required of both the revamped collection and retention rules and their checks and balances. But at some point, one must concede that if you are to have an intelligence service, it needs to be able to collect, retain and analyze intelligence. (Privacy protections have always has been about checks and balances, from their inception in the early common law through to the present day).

For another thing, I had not quite appreciated how dramatically changes in the concept of Crown immunity – and doubts about its application to CSIS operations – must be crimping operations. It may not be too much of an exaggeration to say, with all the new terrorism crimes introduced since 2001, that every CSIS officer and source covertly infiltrating a terror plot is at risk of prosecution. CSIS recruiting must go something like: “Thank you for your service. As soon as you participate with this group, you are a criminal. But we’ll put in a good word with the prosecutor – assuming we’re prepared to cough up our secret op details. Hopefully things will be ok.”  The response must be something like: “No way.” Or: “Ok, give me $8 million.”

I have no way to know if the problem is that dramatic. But legally, it may be. And if so, together the limit on CSIS data retention and the crimp on human source immunity is pretty serious.  It might mean that Canada risks not having a real security intelligence service. 

Unless you think the world is much safer than I think it is, that is an unhappy prospect.  It is actually astonishing that this was not fixed a long time ago.  So the issue is: are you happy with the C-59 solutions?  And in responding, the first thing I look for it: checks and balances.  So far as I work through the details, I think they measure up quite well – indeed, potentially very well, measured against international comparisons.

Third, the Communications Security Establishment has been burdened with too little law, and too narrow a mandate. On law, we have known since it was first given statutory footing in 2001 that the issue of Canadian-origin information intercepts raised constitutional issues. People have been writing about it for a long time. But it was one of those questions that were, um, academic, until Snowden.  After that, it became a matter of public controversy, and litigation.  Fixing this was never that hard – and I am very pleased to see that C-59 proposes what I think is a viable and even elegant approach.  (Although there is a bug in the drafting, I think, that may leave the problem unfixed.  That requires more explaining, and I will blog on that soon.)

On mandate, CSE’s cybersecurity mandate basically reaches: get into a defensive crouch, protecting your core and vital organs, while the North Koreans, Russians, Chinese, hackers etc pummel you. But the world has changed since 2001. The new “active” and “defensive” cyber operations powers, and the broadening of the traditional cybersecurity mandate make a lot of sense.  Again, that assumes you agree that the world presents real security challenges that require viable responses.  If you do, then the remaining question is: are you happy with the checks and balances?

Four, tempering C-51, and adding a whole host of checks and balances is actually security-affirming.  In a democracy, the activities of the security service depend on consent and cooperation. Security powers that validate a lot of conspiracy theories erode that “social license”. 

C-51 took a lot of conspiracy theories from “plausible only if you assume everyone is a legal rogue and ethically unhinged”, to “legally possible, even if still doubtful in practice because the people involved are not venal and unethical”.  (Our various commissions of inquiry criticized the services, but did not suggest wrongdoing was ill-intentioned – with the exception of the poisonous leaks someone released to smear Maher Arar.)  But as anyone who has spent more than 5 minutes working in a human institution knows, people and institutions make mistakes – sometimes enormous mistakes. Silos, group think, cognitive bias, habit, incompetence, laziness, inattention, petty jealousies.  All the vices of the human form. Law, guidelines, protocols, oversight, review and checks and balances are what we use to minimize the prospect of systems failing, especially where the consequences of failure are significant.

C-59 puts the law back in play as a code of conduct, in a way that C-51 relaxed too much.  I think that is important. One might expect this of a law professor. But I cannot really think of any examples of where “the gloves are coming off” approach to security law and policy in a democracy has worked well.  It tends to produce outcomes that some future political leader needs to apologize for, after a commission of inquiry, disastrous court losses, public acrimony and a general erosion of public trust.


Administrative Burden: Better than the alternative

And that brings me to the administrative burden conversation.  C-59 will amp up the checks and balances in national security law considerably.  So considerably that Canada may well be back to where it was in 1984: a leader in this area.  Predictably, there will be anxiety that this will shackle responses, drain resources and infuse lawyers and overseers into the nitty-gritty of security work.  C-59 is, in some respects, the judicialization of intelligence that former CSIS director Jim Judd disliked a decade or so ago.

It is also consistent with developments in other Five Eye states, and even the French have new law in the area of intelligence. (The French, famously, have had little).  It is inevitable: as soon as you focus on security threat emanating from your civil society, intelligence starts to drift closer to police work.  And so, it needs to abide by at least some of those standards that guard police work (many of which echo those announced by Robert Peel in establishing the first police force in the 19th century).

The new systems could be impossibly bureaucratic.  Or they could be elegant and effective.  Much will turn on design, resourcing, staffing. Inattention on these issues will produce disasters: impairing necessary security conduct, done by cautious, risk-adverse services; and/or overpromising on accountability without delivering.

But I will say this: they are the quid pro quo to accomplishing that security expansion noted in the first four points of this blog.  C-59 should establish a regularized, professionalized system of checks and balances.  And whatever burden they impose, that would be dwarfed by the burden imposed by a creaky, inadequately constructed security system that lurches from scandal to commission of inquiry to judicial slap-down; with powers uncertain, planning interrupted by public controversy and all your staff-time devoted to appeasing a disgruntled Parliament, judge or commissioner.  In other words: the 2000s. I don’t know anyone (in any walk of life) that wants to go back to the scandal/response system of national security policy-making. That would be bad for security and rights.



In sum, C-59 is probably in, or near, the Goldilocks space between too hot and too cold. Which is not to say it is perfect, or that it fixes everything, or will please everyone.  For instance, the SCISA is not falling. (The author chuckles to himself.) And it isn’t to say we won’t suddenly discover a new concern in the 150 page document.

But based on about 5 readings of the full text and some deep dives on some of the more complex parts, it appears to be more carefully crafted than anything we’ve seen in this area in a long time – probably the 1988 Emergencies Act, and before that the 1984 CSIS Act.  That’s a good place to be, going into the parliamentary process.


Agenda for National Security Law Day

Today, the government will introduce the blandly titled "Act respecting national security matters" in the House of Commons. Kent Roach and I have cleared the decks in order to provide prompt analysis. None of that analysis will spring fully formed, and will require weeks of careful contemplation, revision, rethink. But we have long since overcome the academic resistance to "hot takes", probably to our considerable peril. (There will be typos). So this is our plan:

  • The early arrivals will probably be government backgrounders. I generally do not like backgrounders, since they tend to be written in happy-face emoticons. It's all about the legislation. Legislation is the "doors and corners where they get you" that Miller warns about in The Expanse (excellent series streaming on CraveTV, by the way. Great books for scifi fans). But I will start tweeting out initial reactions to the backgrounders in an effort to "take the temperature" on this new legislation. My twitter account is @cforcese.
  • Once we have eyes on legislation, we will do a quick diagnostic.  First out the gate, we shall post a short oped-style piece. Maclean's has generously reached out to offer to work with us.
  • Along the way, I may jot down some issue-specific provisional comments via this blog space.
  • I shall be doing some media -- right now CBC Power & Politics has invited me on this evening's program for a quick analysis.
  • By tomorrow morning, Kent and I hope to have a longer "report card" style assessment, juxtaposing the new legislation against that which ails Canadian national security law, post bill C-51. Our jump-off point in preparing this assessment are the recommendations contained in our book False Security and those made in our response to the government's Green Paper consultation on national security. The IRRP has kindly agreed to work with us on this piece.
  • We have also sketched out the template for a longer, issue-specific working paper. As has been our pattern, we will post that on our SSRN website, and announce it here and on twitter. This longer piece may take a few days to produce -- much hinges on what is in (or missing from) the new law.
  • Since I imagine the new law proposal will have something or other in it requiring me to modify my teaching materials for the uOttawa National Security Law course this Fall, I will prepare some short video primers on aspects of the new bill periodically over the summer. As is my practice, these will be posted open access on my Vimeo videoblog feed. I will provide an organizational table of contents on this blog space.
  • Finally, this bill will probably be the impetus for Stephanie Carvin (NPSIA) and I finally to pull together a national security and policy podcast show, inspired by Lawfare's podcast, and that done by Bobby Chesney and Steve Vladeck. We shall not be able to compete in terms of quality or quantity (they have unusual presidential material to work with!). But there really is limited Canadian content on national security in the Canadian podcast space, so we figure it's worth a try. I am the law person, Stephanie the policy person. She'll be interesting. I'll be boring. We'll be calling on a lot of our friends in academia and (to the extent they are able) government to be guests.  You've all been warned.  When the time comes, we will trumpet how to subscribe and listen. (This will be different from the more doctrinal podcasted summaries of national security law posted here, though I suppose I will eventually need to update those as well.)
  • Very soon, I will be disappearing into the summer writing cave and archives here and far yonder to finish my book on the 1837 destruction of the steamboat Caroline on the Niagara River. (If you want to understand how, legally, the US and its coalition partners can be fighting Daesh in Syria, the Caroline incident is your starting point. This book has been a fascinating deep dive into a terrifically interesting clash, with repercussions that echo to our present day. The facts of the Caroline have often been misunderstood, so it's also an incredible "cold case". I hope for a massive readership and a Netflix series.)

See you on the flipside.


Enhancing the National Security and Intelligence Committee of Parliamentarians: Reduxed and Reduced

My part of the joint submission that Kent Roach and I made yesterday to the Senate SECD committee, studying bill C-22, is posted here (just after the earlier Commons testimony).  C-22 creates a National Security and Intelligence Committee of Parliamentarians -- one that would be security-cleared and entitled to see (at least some) classified information.

Also included in my document is an updated table comparing the C-22 proposal to parliamentary review bodies in the United Kingdom, Australia and New Zealand.

Discerning readers will note that Kent Roach and I have, as the saying goes, "put water in the wine" relative to our position at the Commons. There, we called for full C-22 committee access to classified information. But we live in the real world: having had a kick at the can, it is clear that this level of access is not going to happen.

So at the senate, we proposed some modest compromise positions that we think might bridge the distance between the government and opposition. Such a bridge is unusually important here, with a body whose members will be those same parliamentarians. There needs to be a shared commitment and confidence in the body, or it will suffer from a failure to thrive. (See my discussion here. I really hope that rumours of an opposition boycott once the committee starts-up are exaggerated -- this is not a body so anemic in its powers that it should attract that treatment. Nor should any party use national security to triangulate on partisan advantage. That way, madness lies.)

There is now also a measure of urgency. This bill has been in Parliament almost a year. I have little doubt that the government could get a delayed bill through after a rumoured prorogation. But we are running down the parliamentary calendar. Not only will other matters compete for attention, but also it takes considerable time to stand-up a new review body. For instance, even with existing national security review bodies, training a new reviewer takes roughly a year. Starting from scratch means, among other things: determining & security-clearing the membership, finalizing the budget, hiring an executive director, hiring staff (and the body must be well staffed), security-clearing the staff, acquiring secure facilities, putting in place document handling safeguards, establishing protocols for information-sharing by the security agencies (and existing review bodies), establishing internal rules of procedure (including regulations governing that), setting review priorities and...starting actually to fulfil the committee's mandate.

We are talking years before this body is fully operational. We have two years until the next election. Doing all this in an election year would be a very bad idea. And then, during the election the committee ceases to exist, and after the election, its composition will change.

The current C-22 proposal isn't perfect. But even on first reading, it was better than the earlier government bill under the Martin government. After the Commons process, it is much better. It also compares favourably to the systems in other Westminster democracies.

The glass is three-quarters full. Perhaps three-quarters full of watered wine. But at least there is wine. Indeed, at least there is a glass.  Even water. The alternative is: vacuum.

Let's get this done.