By Craig Forcese

Full Professor
Faculty of Law
(Common Law Section)
University of Ottawa

Twitter: @cforcese

National Security Law Blog Search
Subscribe to National Security Law Blog
Most Recent Blog Postings

Please also see www.antiterrorlaw.ca for Bill C-51-related analyses by Craig Forcese and Kent Roach.

Friday
Dec092016

Stronger Bill C-22 (National Security Committee of Parliamentarians) Goes Back to the House

The Standing Committee on Public Safety and National Security has now reported its amendments to bill C-22, the bill that would create a national security committee of parliamentarians. A number of these amendments are quite significant, but most significant: the amendments greatly constrain the capacity of the government to deny the C-22 committee access to classified information.

This is an important development. As introduced to the House by the government, bill C-22 placed what I have been calling a triple lock on the C-22 committee's access to information. This was a matter of concern, since access to information will be essential for the C-22 committee to perform its functions. There were a number of justifications for this triple-lock, a constraint that does not exist for Canada's two chief expert national security review bodies (SIRC and the CSE commissioner). But basically the justification for the C-22 committee's more limited information access boils down to this: parliamentarians needed to show they could be trusted with classified information.

Even if this suspicion is warranted (and I am suspicious of the suspicion), the triple lock was excessive. This is especially true given that C-22 committee members will be surrendering their parliamentary privileges and will be persons permanently bound by secrecy under the Security of Information Act (and therefore subject to criminal sanction for violating secrecy rules). 

The rolling back of the triple lock so that it, in essence, no longer exists and the C-22 committee is now on a common footing in terms of access to information with SIRC and the CSE commissioner I regard as a good thing, as not only does it remove the prospect of serious and debilitating bun fights over C-22 committee access to information, but it also makes coordination and collaboration with the expert review bodies much easier, at least in principle.  All are now equally into the secrecy tent. 

Still, that rolling back seems to have occurred through a puzzling procedure in the standing committee clause-by-clause review. I fear that some of the amendments may, therefore, be defeated by the government on report stage.

Let me suggest, however, that the government should be content with this standing committee outcome and should now appreciate that they retain a "nuclear" option in terms of controlling access to the secrets it really does not want shared with the C-22 committee: the Canada Evidence Act, s.38.

Among the amendments made by the standing committee is an emphatic power to compel production of information. I think it is even clearer, therefore, that investigations by the C-22 committee are "proceedings" under s.38 of the Canada Evidence Act.  And that means that the government could fight disclosure to the C-22 committee of information prejudicial to national security, defence or international relations in Federal Court.  More than that: it also could issue an Attorney General's certificate to block this disclosure to the C-22 committee should any body, including the Federal Court or the committee itself, order its disclosure.

This certificate constitutes a sweeping power, subject to only rudimentary appeal in the Federal Court of Appeal.  It was controversial when created in 2001 because of its reach.  And it certainly could be used to deny truly sensitive information to the C-22 committee (indeed I think it has fewer checks and balances than ideal).

Bottom line: the government lost its triple-lock on C-22 committee access to information, but it gained its nuclear bomb.

Thus, to suggest that the standing committee amendments went too far would be, in my view, an exaggerated concern.  I hope therefore that the amended C-22 passes muster at report stage.

 

Thursday
Nov172016

Streamlined Anti-terror Investigations: Quick Notes on the UK Experience

In the spirit of constructive input, I have prepared two (admittedly lengthy) blog entries on how to make anti-terror investigations more seamless than they are at present in Canada. In this blog, I articulate the key challenges and then look at how the UK has addressed these matters.  In a subsequent blog, I offer “lessons learned” for Canada and propose a path forward.

The Challenge

As Stephen Grey notes in his fascinating new book, modern intelligence (with a core focus on anti-terrorism) blurs the lines between espionage and covert action and (I would add) criminal justice.  In his words:

“When an agent works inside a group plotting murder, the focus of effort by intelligence services has to be to defeat or disrupt those plots. There are great incentives to intervene, whether because an agency may be legally bound to prevent a known terrorist attack or because of political pressure to avoid the slightest risk of an attack succeeding. Ideally, an agent can pass information to a secret service, which can then use other means (for example, an arrest operation) to foil a plot. But it may not be so simple. An agent may be the only person able to intervene (for example, by planting a tracking device) to stop the attack.

The drawback of these successful counterterrorist operations is that so many are short-term in objective, tactical in scope and always designed to minimize risk. Secret services can intervene to disrupt a plot or scheme, but they rarely have the time or agent in place long enough to develop a broader understanding of the target. In fighting the terrorist, they have become one component in a global action-orientated secret police dedicated to catching or eliminating the ‘bad guy’. The risk is that, while successfully stopping one potential attack after another, they do little to prevent these attacks from recurring."

And as Grey goes on to note, another challenge is

“the ‘action effect’, by which I mean that the use of intelligence tends to undermine its collection. This is because, consciously or unconsciously, an enemy will begin to notice when his secrets are turned against him. To take an extreme example, if an agent passes on details of a terrorist’s murderous plot and that plot is defeated, the terrorist may then suspect the agent of betrayal, tell him no more secrets or even kill him. As the British Army demonstrated in its handling of the agent Steak Knife in the IRA, there are many clever ways to muddy the waters and misdirect suspicions about who leaked information. But it cannot always be done. And even when no one knows who the traitor is, over the long term, by an evolutionary process, those who are more security-conscious and do not leak secrets to the agent are likely to rise in importance. The result of all this is that secret services, even when they have very good agents and good information, tend to be very cautious about encouraging anyone to make use of that information."

Reflecting on his anti-terror policing experience in Northern Ireland, Philip Wright adds this additional comment of relevance to this post:

Disruption [of terror plots]…is a short term policy and can be a dangerous tactic. In Northern Ireland it was employed in various circumstances. First, as often is the case, in some instances, the intelligence picture is incomplete. It may have been interpreted that some activity was taking place but the exact nature of the activity or the destination of an explosive device being transported was unknown or unclear. Second, it may have been necessary to disrupt an activity to assist an informant who may be getting entangled in the actual execution of operation. Third, it could have been that as a result of covert interference in weaponry or explosives, or for national security reasons the normal ‘take down’ could not occur because of disclosure difficulties that would follow. Alternatively, it simply may be necessary to stimulate certain activity. Nevertheless the danger with disruption is that once the disruption has taken place, and the immediate threat is diverted, there may be insufficient intelligence coverage to follow the actors to the next attempt. This can have catastrophic consequences.[1]

Put another way, unless there is a criminal justice “off ramp”, disruption is a temporary solution.

Canada's Issue

These passages reflect what I see to be two key challenges for Canadian anti-terrorism:

  • First, how do we ensure that threat reduction by CSIS does not turn into indefinite whack-a-mole, as terrorist plots are disrupted, but their perpetrators are not incarcerated?
  • Second, in the interest of avoiding that whack-a-mole, how can we ensure that intelligence collected by intelligence service can be mobilized as evidence to put the perpetrators in jail?

One way to ensure that neither of these challenges are met is: learn nothing from the Air India bombing experience (and ignore the resulting inquiry’s recommendations), and then give CSIS threat reduction powers without webbing it more closely into criminal justice solutions. 

And yet that is exactly what Bill C-51 did. And this fact goes a considerable distance in explaining one part of the critique that Kent Roach and I have mounted to that bill. Canada has persisted with its classic “parallel” police and CSIS investigations model, linking spies and law enforcement only very bureaucratically by a “One Vision” information-sharing protocol that compels no sharing by an historically close-lipped CSIS.  And then, we have authorized CSIS to go-it-alone with threat reduction, constrained in practice only by the bureaucratic “One Vision 2.0” (a matter to which I will return in my next blog entry). 

This is a supreme celebration of tactics over strategy. We have empowered silos and then joined them with bridges comprising vines and some wood slats. This is, at best, a sub-optimal arrangement. As Wright has written,

“[p]arallel investigations using de-confliction processes to ensure that one organisation does not trample over the other only serve to inculcate the competition between the organisations who will fish in the same pond…[T]his model has made it necessary for the RCMP to employ an intelligence capability that encroaches into the mandate given to CSIS and under the guise of evidence collection. It runs the risk of two organisations pursing their different mandates in a proliferation of antagonistic operational behaviours.”[2]

At worst, the system of parallel investigations is a security disaster should we confront a fast-moving, competent adversary: we are unable to move nimbly if critical information is horded and carefully parcelled out, creating an artificial fog of war that makes it impossible to predict events. 

What I report here stems from review of material on the public record and a few Chatham House conversations. Understanding the UK environment remains, however, a work in progress, and a priority area for me over the next few years.  The reason for that: the close MI5/police relationship has sometimes been credited with the United Kingdom’s comparative success since 7/7 in staving off major terror attacks.

UK Background

After the 7/7 attacks in 2005, the UK services realized that siloed anti-terrorism and reactive policing – chasing crimes once they were committed – were unworkable.  As I understand the present structure, British domestic anti-terrorism is built around four agency pillars:

  1. MI5 (the Security Service) (CSIS’s closest UK counterpart);
  2. Special Branches in all 56 UK police forces (whose anti-terror elements are now organized into Regional Counter Terrorism Units) that work in tandem with MI5 in anti-terror investigations within their local policing areas;
  3. The Metropolitan Police Service Counter Terrorism Command (CTC), headed by the National Coordinator of Terrorist Investigations (National Coordinator) and which is charged with coordinating national police responses to terrorism intelligence and overseeing the collection of evidence for prosecutorial purposes; and,
  4. The Crown Prosecution Service (CPS), which includes a specialized group of terrorism case lawyers that reviews the police evidence and represents the Crown in prosecutions.
  5. [3]

The UK authorities have emphasized “partnership” between these entities, especially since 7/7. In 2007, the then-National Co-ordinator noted

“There can be no doubt that the most important change in counterterrorism in the United Kingdom in recent years has been the development of the relationship between the police and the Security Service. It is no exaggeration to say that the joint working between the police and MI5 has become recognised as a beacon of good practice. Colleagues from across the globe, in law enforcement and intelligence, look to the United Kingdom as a model and many of them are, quite frankly, envious.”[4]

It is worth noting that the UK Parliament adjusted MI5’s legislative mandate in 1996 (and 2013) to include the following statement: “It shall also be the function of the Service to act in support of the activities of police forces the National Crime Agency and other law enforcement agencies in the prevention and detection of serious crime.[5]  This presumably also tightened relations between MI5 and the police.

It is also worth noting that the UK has codified its rules on disclosure in the criminal law context, through the Criminal Procedure and Investigations Act 1996. While the obligation to disclose is not as broad as in the Canadian context, the real importance of this Act may be to create certainty as to the disclosure obligations. This then becomes a platform on which MI5 and police expectations can be managed, and may have facilitated the movement to blended investigations.[6]  Put another way, it is easier to collect to evidential standards if you have reduced the evidentiary rules to plain text.  You do not need to parse several hundred pages of Supreme Court jurisprudence to figure out what the Court had in mind.

Blended Investigations

In the present system, MI5 and the police conduct blended (not parallel) investigations. MI5 and police investigative units are co-located and personnel are embedded.  Thus, CTC and MI5 now co-locate officers in four Regional Offices capable of supporting local forces in anti-terrorism investigations.[7]

Special Branch officers are the entry into local policing networks and information resources. The 6,000 (or so) Special Branch officers are trained by MI5 in anti-terrorism.  And under the direction on MI5, Special Branch officers gather intelligence in their regions to assist national security investigations, and are security cleared to a level ensuring complete participation.[8] (This can, however, be a delicate relationship to manage. One person with experience in the UK system noted that there is a risk Special Branch officers may perceive themselves as an arm of MI5 rather than as part of the police service).

When MI5 or police authorities uncover a terrorist plot while collecting intelligence, they consult with the police CTC. The National Coordinator of Terrorist Investigations at the CTC then overseas operational coordination between the UK police forces, and the development of the evidential record against the suspects. That same National Coordinator decides if a police intervention is required, weighing public threat and intelligence considerations. If he or she judges an arrest appropriate, police arrest and the Crown Prosecution Service then leads the prosecution.[9]

During an ongoing investigation, operational command is organized under the leadership of the National Coordinator in what is known as the Executive Liaison Group (ELG). The ELG provides operational command, and determines the investigation’s trajectory.

One of my interlocutors urged that the team will need to decide whether to pursue the matter for intelligence purposes or as part of a prosecutorial or disrupt investigation.  Early intervention through disruption or arrests may have the effect of involuntarily identifying the source who has penetrated the plot, or the means by which knowledge of the plot comes to the authorities. So time may be required to, in the words of one of my interlocutors, “allow the circle of knowledge to increase and decrease risk to the agent”.

Presumably, the relative importance of intelligence/disrupt/prosecute objectives, and the focus of an operation, may change as facts on the ground evolve.

The ELG also considers and coordinates intelligence and evidential issues. Managing evidential issues, discussed further below, can be complex. A core preoccupation is avoiding the contamination of the evidential material with intelligence that may be of mixed reliability and different degrees of sensitivity.

As one of my interlocutors noted, information will need to be interpreted, especially when intercepted material uses innuendo or coded language. Human sources may lie, withhold or embellish information, or simply be misunderstood. Deciding what among this mix of information – and supporting analysis, interpretation or interpolation -- can and must be disclosed as part of the evidentiary process can raise dilemmas.  Authorities will also be cognizant of issues such as the “mosaic effect”; the dribble of seemingly innocuous information that may be amalgamated by a talented adversary to reveal patterns prejudicial to future investigations.

The ELG’s meetings are attended by MI5 officers who brief the group on the operation’s current intelligence status and provide an assessment of anticipated developments. Also present is the CTC Senior Investigation Officer (SIO), charged with gathering evidence to support criminal charges and any senior regional police force commanders implicated by the location of the investigation.  ELG meetings may occur 2-3 times daily during the later stages of a major operation.[10]

As described by Wright,

"This format with key stakeholders around a table, making strategic decisions on what targets should be pursued, decisions around the different phases of the investigation, who has primacy and to what standard of collection of information, provides an effective and efficient platform. This platform also allows for an exchange of information and advice with the expertise from both dimensions of national security investigations. It aids in the identification of early disclosure problems and the development of a plan that enables those involved in the investigations to keep one ‘eye’ and one ‘ear’ on emergent disclosure impediments."[11]

Meanwhile, at the tactical level, operations involve a Joint Operational Team (JOT) located at the police headquarters of the police force in whose jurisdiction the operation is occurring.[12]

Operations may span a few days to 6-8 weeks.[13]

During those operations, surveillance teams are interoperable between police and MI5. There has been a common system of warranty for intrusive investigations, under the RIPA (Regulation of Investigatory Powers Act, 1996). Police on the blended investigative teams can access police databases and records, and (my assumption is) MI5 officers on the team can do the same on their side. 

The move to blended investigations has facilitated culture shifts.  Conversations are franker and freer without worries about information retention on a service-by-service basis. And relations between the services are easier to cultivate, in part because of an enhanced sense of shared mission.

Disclosure Issues

Moving to blended investigations still obliges careful management of disclosure issues. There are air -gaps between the blended investigative team and a police evidentiary team.  But passage of information across this firewall is eased.  First, while MI5 sources (although not officers) stay out of court, MI5 does everything else to evidential standards, a practice that is presumably facilitated by the presence of police officers with criminal justice experience on the blended investigative teams.

“Evidential” in this context means “can be used in court”. In general terms, it means information that is properly recorded. There is continuity and integrity in the information, in the sense that it can be sourced, explained and addressed in testimony. Physical items seized as part of the investigation will need to be properly logged, and chain of custody preserved. Surveillance teams will need to be trained on how to present evidence, prepare logs and make witness statements.

Other aspects of collection to evidential standards may vary.  For instance, having a single system of warrants for investigations (and simplified relative to the Canadian practice) reduces any concerns about admissibility of information.

In many instances, I suspect conducting operations to evidential standards means acting in a manner that does not “poison pill” a subsequent prosecution.  For instance, collecting information in such a manner that the substance of it is irremediably muddled with source identity, or sensitive methods or techniques, means that the use of it would present the difficult dilemma: use the information in court and risk disclosure of these sensitive issues; or do not use this information and risk a dangerous person walking free. (This is exactly the dilemma that seems to confound discussions of more closely coordinated CSIS and RCMP investigations in Canada.)

And so one banal example of a practice diminishing this risk would be: when you video record a covert interaction between a source (or officer) and a target, make sure that the source or officer’s back is to the camera and that they cannot otherwise be identified. 

More systemically, other obvious practices would be to limit the evidential importance of sources (a point Stephen Grey also makes in his book). A source may be the basis for an initial tip-off, but if you wish to avoid source identity from contaminating the evidentiary record, evidence should then be collected by someone else.  For instance, the source may suggest which phones or emails to track, but the source should not be the origin of the substantive information then used for evidentiary purposes in a trial. (In the Canadian system, this source information would be the basis for wiretap warrant, and the basis for that warrant would be disclosable.  But the source is still several steps removed from the evidence then used for prosecutorial purposes, and would surely be protected by the now extremely robust source identity protection rules. “Innocence at stake” is a basis to pierce this source protection.  But it is very unlikely innocence of the accused would turn on that identity, if the source was a tip-off and not the actual source of inculpatory information.  It would be much more likely that innocence would turn on identity if the source was the actual provider of the substantive inculpatory information used in the prosecution.)  So in other words: use sources to seed investigations, not bring them to trial.  This requires careful, forward-thinking choreography so that pursuing intelligence objectives does not end up trenching on the evidential prospects in the case.

Second, MI5 is confident that truly sensitive information on techniques will be protected by “public interest immunity” standards in the courts.  This process is much less complex than in the Canadian context, requiring none of the bifurcated Federal Court/trial court choreography that exists here.

Certainly, there are instances where the public interest immunity case will go against the government.  Still, in part because of their long experience with terrorism and terror investigations and prosecutions, the judiciary has an informed understanding on these matters. And the volume of terrorism prosecutions has built up expertise and knowledge in the Crown Prosecution Service, smoothing relations.  As noted, there is a specialized Counter Terrorism division in the Crown Prosecution Service, and those prosecutors are often closely involved at the outset of an investigation.

Third party information shared by foreign intelligence services on a caveated basis does constitute a thorny issue, as it does everywhere. It is not clear that anyone has the perfect solution on this issue, especially if originating states remain insistent on caveats limiting the use of the information for evidential purposes.  In the UK, third party intelligence is shared on a need to know basis, under different processes for the investigative team conducting operations and the evidentiary team.  In practice, the British have found it useful to frame information sharing around agency mandates. And so to the extent possible, police services share with foreign police services (and presumably vice versa). Since this information is presumably prepared in anticipation of criminal justice needs, the disclosure issues are less acute than if the sharing is intelligence agency to foreign police service (or vice versa).

Threat Disruption in the UK Context

Presumably because of their blended investigations, “disruption” in the UK context means something quite different from the “threat reduction” CSIS is now empowered to do under Bill C-51.

MI5 uses the term “disruption” to describe “actions we take to manage risks posed by [Subjects of Interest] or networks.”[14] These take the form of “short term tactical disruptions (e.g., prosecution for road tax evasion) to major covert operational activities aimed at arresting and imprisoning an individual”.[15] It can also involve tactics as banal as a police traffic stop, or an overt police patrol all the way through to the substitution of explosive chemicals with inert materials. The actual nature of the disruption “will be based on consideration of opportunity, the risk posed by the [Subject of Interest], the likely impact on their activity by the disruption, and the proportionality of the resourcing required to effect it”.[16]

All this means that disruption is often closely linked to law enforcement:

"MI5 and the police work closely together when considering potential disruption opportunities. Usually MI5 will request that the police provide support through appointing a Senior Investigating Officer (SIO) who will assist in the management of the investigation, lead the police interaction and develop a joint tactical strategy with MI5. This management process is then usually formalized through a Joint Operational Team (JOT), comprising an MI5 lead, police SIO and specialists from MI5, the police or any other relevant agency."[17]

Put another way, disruption for MI5 means working closely with police and disrupting security threats often through use of the law, especially criminal justice.  MI5 disruption is done in consultation with the police, and with sign-off from the police Senior Investigative Officer. And in fact, most, although not all, disruption takes place within this police/criminal justice space.  My sense is that disruptions outside of this space may have been more common in the past, but now the restructured relationship with police and the criminal justice system has enabled more use of criminal justice tools.  Still, one of my interlocutors observed that whoever does the disruption must do so with an overall “gameplan” in mind, including a full risk assessment.  An agency can lose control of a disruption situation, increasing the risk to public safety.

Implications for Canada

It is important not to idealize the UK system. The UK Intelligence and Security Committee has pointed to ways it can be improved.[18] But the UK system has clearly grappled with the dilemmas with which I began this post in a manner that is not even close to being matched in Canada. In my next blog, I will trace what I think Canada can learn from the UK experience.  And I will propose a few steps designed to move us in the UK direction.

 


[1]                 Philip Wright, “Symbiosis or Vassalage? National Security Investigations and the Impediments to Success,” in Craig Forcese and François Crépeau (eds), Terrorism, Law and Democracy: 10 Years after 9/11 (Montreal: Canadian Institute for the Administration of Justice, 2012).

[2]                 Wright, supra.

[3]                 Paul Smith, Counterterrorism in the United Kingdom, https://www.chds.us/coursefiles/comp/lectures/comp_CT_in_the_UK_mod03_ss_stryln/script.pdf

[4]                 Smith, supra

[5]                 Security Service Act 1989, c.5, s.1(4).

[6]                 Joe Fogarty, former UK security liaison to Canada, Evidence, Standing Senate Committee on National Security and Defence (Apr 2, 2015), http://www.parl.gc.ca/content/sen/committee/412/SECD/52037-E.HTM.

[7]                 Smith, supra.

[8]                 Ibid.

[9]                 Ibid.

[10]               Ibid.

[11]               Wright, supra.

[12]               Smith, supra.

[13]               Ibid.

[14]               UK Intelligence and Security Committee, Report on the intelligence related to the murder of Fusilier Lee Rigby (25 November 2014) at 47, online: http://isc.independent.gov.uk/files/20141125_ISC_Woolwich_Report(website).pdf.

[15]               Ibid.

[16]               Ibid.

[17]               Ibid.

[18]               Ibid.

Saturday
Nov122016

Analysis and Proposals: Security of Canada Information Sharing Act

This short paper prepared as a brief to the House of Commons Standing Committee on Access to Information and Privacy and Ethics outlines the weaknesses of the Security of Canada Information Sharing Act (SoCISA), enacted as part of Bill C-51 in 2015. It proposes a wholesale renovation of national security information-sharing laws. Short of this, the paper proposes a number of detailed amendments to the SoCISA adding precision, coherence and more meaningful privacy protections to this awkwardly drafted instrument.