By Craig Forcese

Full Professor
Faculty of Law
(Common Law Section)
University of Ottawa

Twitter: @cforcese

Subscribe to National Security Law Blog
National Security Law Blog Search
Most Recent Blog Postings

Please also see for Bill C-51-related analyses by Craig Forcese and Kent Roach.


Thinking Through Reform: Communications Security Establishment

Green Papers, consultations, discussions, workshops, roundtables, hearings. There is a risk of overdose for a national security law and policy reform enthusiast. And an aching fear that all this is sound and fury that, in the end, will signify precisely nothing. For all the goodwill in the world, reform in this area (even more than most) is course-correcting an oil tanker. But I'm not sure that all of it has to be hard. A few thoughts on the Communications Security Establishment (CSE) and the post-Snowden concerns about oversight:

The Problem

Put simply, the issue is this: CSE acquires information that enjoys constitutional protection, without going through the process (or anything approximating the process) that the constitution requires before the state acquires this information. That is, at core, the issue in the BCCLA's constitutional challenge. (In the interest of full disclosure: on behalf of BCCLA, I provided factual background information for use by the court in that proceeding).

At issue is information acquired as part of CSE's Mandate A (foreign intelligence) or Mandate B (information technology security) functions. In neither instance can CSE direct its activities at Canadians or persons inside Canada. But in truth, Canadian origin information will be swept up in its activities, simply because of the nature of electronic communications.

But our constitutional standards for search and seizure do not say you are "protected against unreasonable search and seizures, except when the search and seizure is simply a predictable, foreseen accident stemming from other activities". Put another way, the fact that information in which Canadians have a reasonable expectation of privacy is incidentally but forseeably (rather than intentionally) collected by the state should not abrogate the constitutional right (although I accept it may shape the precise protections that the Charter will then require, see below). 

Perhaps the closest analogy: under a conventional wiretap warrant, a court would be expected to take into account the prospect of inadvertent police collection of communications conducted by third-party members of the public (that is, non-targets). See, e.g., R. v. Thomson. Members of the public have a reasonable expectation of privacy, even when they are not the target of the state. Likewise, all Canadians and all persons in Canada have a reasonable expectation of privacy in relation to their private communications and related information that may be inadvertently acquired by CSE.

More than this, the incidentally-collected information is then placed in circulation by CSE internationally and domestically. Canadian identifying information is "minimized" (redacted), but the redactions can be lifted on request from a partner (and, unfortunately, some has been shared without minimization because of technical glitches).

The legal standards for this lifting are unclear. I have reviewed transcripts and reviewed the CSE Commissioner reports. From the information on the record that I have seen, it sounds like they are lifted when there is a Privacy Act justification for doing so. It is still not clear (to me), however, whether the lifting done for CSIS or federal law enforcement is prefaced by a warrant. In the result, CSE may be administratively sharing information that other agencies could only themselves collect pursuant to a warrant.

We have been down this constitutional path before and the Supreme Court has regarded this (in essence) end-run around the constitution as itself unconstitutional. (See Cole and Colarusso).

For the video version on all this, see here.

To be clear, there is no malice in any of this. There is no intent to do an end-run. There is no dastardly plot. What has happened is that the technology has outstripped rules and procedures designed for a simpler technological era, and a different threat environment.

The Promise

In its 2015 election platform, the Liberal Party promised to "limit Communications Security Establishment’s powers by requiring a warrant to engage in the surveillance of Canadians". Now, this was an awkwardly worded promise. CSE does not surveille Canadians per se under Mandate A or B: it incidentally sucks up Canadian information. But that nuance aside, the Liberal promise does suggest something will be done about the problem above.

Except: there has been no follow up. The issue is absent from the government's national security consultation Green Paper.

The Solution

But this issue is not going to go away. Not least: the more integrated the security services, the more likely that the practices of one will be a poison pill to another. 

Say, for instance, the seed for RCMP criminal charges in a terrorism case is information-sharing from CSE based on its metadata program, done under its "Mandate A" foreign intelligence activities. And the trial court learns that CSE's collection of Canadian metadata, although done incidentally, was never authorized by a court (it never is, at present). And more than that, the subsequent de-minimization of the Canadian identifying information by CSE was done on request of the RCMP pursuant to a Privacy Act exception. That is, all this information ends up with the RCMP administratively, and not supported by a warrant. Because this does not line up constitutionally, these practices could collapse the criminal trial, and a dangerous person could walk free. 

So cleaning up the procedure should be a priority for public safety as much as for principled constitutional reasons.

The most straightforward solution is to look to how the Americans have reformed their Foreign Intelligence Surveillance Court. Advance judicial authorization, overseeing potentially quite general search activities by a signals intelligence service, is doable. 

In Canada, we know from the Atwal case ([1988] 1 F.C. 107), that the Charter does not require cookie cutter warrants for all forms of search and seizure. As the Federal Court of Appeal decided (in applying different criteria to a CSIS warrant than to a police wiretap): "To conclude, as Hunter v Southam anticipated, that a different standard should apply where national security is involved is not necessarily to apply a lower standard but rather one which takes account of reality" (emphasis mine). And so in that case, it made no sense to require CSIS to show it was investigating a criminal offence -- its mandate is to investigate threats to the security of Canada.

So there is at least some flexibility in design, so long as we preserve the core essentials of the section 8 jurisprudence: advance authorization by an independent judicial officer. To some large degree, that was what Joyce Murray's private member's bill, C-622, was trying to do.

In truth, that bill conceded the classic concept that searches could only be authorized on reasonable and probable grounds -- but that seemed a defensible concession since CSE was not being authorized to search for Canadian origin information, just directed by a judge on what to do about incidental acquisition. Put another way, this is roughly analogous to the process a judge must undertake in issuing a police wiretap authorization to minimize and control the intercept of third-party communications.

Adding that sort of judicial supervision is, in my view, much more likely than the status quo to bring CSE into the constitutional tent. And I remain unpersuaded that this would degrade CSE's role or functions. Again, this issue has been managed in the United States.

On the other hand, a government determined to defend the status quo on the basis that "CSE's national security function is constitutionally special" risks losing that argument in court. It's a foolish game trying to predict court rulings. But much like the Supreme Court's Spencer decision did with basic subscriber data, the terms of a court loss may shackle the government's range of options.

And so, it makes much more sense for the government to legislate a fix first, rather than to run the risk of a court imposing a fix developed in the narrow confines of adversarial litigation. 

At the very least, the present situation creates uncertainty, and also prolongs the lingering after-effects of the Snowden revelations. CSE remains subject to civil society doubts (which then trickle over to private sector service providers in too close proximity to CSE). And it does this at a time when we badly need a widely-credible CSE to help spearhead cyber-security.

And so, in all the sound and fury of changing Canadians security laws, this change should be low hanging fruit.


Secret Law and Canadian National Security

A recurring issue in national security law, especially since 9/11, is the proliferation of what I (and many others) now call "secret law". A recent report from the Brennan Center at NYU School of Law traces this development in the United States, supplementing earlier critiques.

Canada also labours with the problem of secret law in national security. In our case, it comes in different guises:

  • As reported, the last government issued secret orders-in-council.
  • Ministers issue directives under various statutory authorities that are not proactively disclosed. Copies obtained under access to information are sometimes heavily redacted. For instance, it is more than ironic that the 2015 ministerial directive to CSIS on accountability is mostly censored. These directives are cardinal aspects of Canadian national security law: they can amount to the nuts and bolts rules that govern how vague, open-textured statutory powers are exercised. They matter, in other words, and by any reasonable definition amount to law.
  • Justice Canada legal opinions construing the scope of vague, open-textured statutory powers have the de facto effect of legislating the practical reach of those powers. These opinions are clothed in solicitor-client privilege -- with the end effect of allowing a tool permitting frank advice between lawyer and client to be used to deny the public access to a true understanding of how the government interprets its legal powers. That may happen also in other areas, but in this one, the Justice Canada legal advice often is the last say: the covert nature of national security activities means that no one may be aware of how these powers are being used, and in a position to adjudicate the true scope of the law in front of an impartial magistrate. In the hot-house of internal government deliberations, legal positions that might not withstand a thorough vetting become sacrosanct. And subsequent construals of powers build on earlier, undisclosed legal positions, producing outcomes that are very difficult to understand. Just two recent examples are: a conclusion that the actual physical amalgamation of information does not amount to collection in a legal sense (CSIS; and possibly also CSE); a conclusion that the compilation and analysis of metadata from travellers at a Canadian airport is not (as a legal matter) "acquisition and use" of information in a manner "directed" at Canadians or any person in Canada (CSE).
  • Secret or quasi-secret Federal Court caselaw involving issues of public law importance, with much credit to the court for doing its utmost to publish public (albeit redacted) versions of its decisions.

Last Spring, a talented JD student at uOttawa compiled all the ministerial directives we could get a-hold of under access to information. I have struggled to find time to post her workproduct into a viable on-line database (that won't cost me a fortune). But it is still on my task list. Less clear to me is why it is on our task list, and not the government's. And even less clear to me is whether the scope of claimed redactions to these documents can withstand close scrutiny.

Similarly, it surprises me that the government does not waive solicitor-client on some of the legal construals that drive its national security powers.

In both instances, there are clear rule of law issues. Sooner or later this will end up in court. I think it's only a matter of time, for instance, before these matters go up through an access to information appeal in which someone tests the true meaning of the Supreme Court's s.2 Charter holding in the Canadian Lawyers Association case, garnished with a rule of law argument.

But secret law also ends up creating train wrecks in other ways, with serious operational significance. Indeed, that's precisely what happened with Justice Canada's construal of the CSIS Act at issue in the Re X saga.

And the even graver risk is that bumping along using untested legal views will end up in court as a collateral issue in a criminal matter. Say, for instance, the seed for RCMP charges is information-sharing from CSE based on its metadata program, done under its "Mandate A" foreign intelligence activities. And the trial court learns that CSE's collection of Canadian metadata, although done incidentally, was never authorized by a court (it never is, at present). And more than that, the subsequent de-minimization of the Canadian identifying information by CSE was done on request of the RCMP pursuant to a Privacy Act exception. That is, all this information ends up with the RCMP administratively, and not supported by a warrant. Does this happen? I don't really know (because of the secret law problem). but extrapolating from hints about the secret law governing the workings of the CSE de-minimization process, I think it may.

We know from the caselaw that courts have treated this kind of thing as an end-run around the Charter (see Cole and Colarusso).

Surely it would be better to know the government's legal theory now (we can infer much of it anyway) and point out the risks before it becomes a central issue collapsing a criminal trial.

Better yet, change law and practice to bring it into alignment with a necessary concomittant of the rule of law in a democratic state: that we have actual notice of what the law is so that we know what we are authorizing our security services to do in our name.


Righting Security: A Contextual and Critical Analysis and Response to Canada's 2016 National Security Green Paper

Kent Roach and I have posted a review copy of our response to the government's consultation paper on national security & bill C-51. It can be downloaded here. The abstract reads:

This article responds to the Canadian government’s 2016 consultation on national security law and policy. It outlines a series of concerns, both with laws enacted in 2015 (and especially bill C-51) and some interpretations of C-51 and other laws in the consultation documents. It urges the need for a systematic and contextual understanding of the many issues raised in the consultation. For example, information sharing and increased investigative powers should not be discussed without attention to inadequate review and accountability structures. Similarly CSIS’s new disruption powers need to be understood in the context of the intelligence and evidence relationship. The article proposes concrete and significant changes to the current legal and policy regime motivated both by civil liberties and security-based concerns.