September 19, 2017 — Today, a joint public letter was sent to the federal government concerning Bill C-59 (An Act respecting national security matters). Bill C-59 was introduced following last year’s National Security Consultation, and seeks both to respond to Bill C-51 (the former government’s controversial anti-terrorism law) and to other longstanding issues in Canadian national security policy. The public letter presents the concerns of more than 40 organizations and individual experts from across Canadian civil society.
Four Citizen Lab members are amongst the signatories, including Director Dr. Ronald Deibert, Research Associate Dr. Christopher Parsons, and Research Fellows Bill Robinson and Lex Gill. These individuals are members of an internal Citizen Lab working group on signals intelligence which has studied the proposed legislation in detail. Bill C-59 was also the subject of a full-day workshop hosted at the Citizen Lab Summer Institute in July 2017, which convened experts from across Canada to discuss the proposed law’s implications for national security and human rights.
Citizen Lab researchers reiterate their support for the concerns raised in the joint letter. In particular, they highlight Bill C-59’s troubling implications for cybersecurity and human rights as they pertain to Canada’s signals intelligence activities, which are undertaken by the Communications Security Establishment (CSE), and Canada’s human intelligence activities, which are undertaken by the Canadian Security Intelligence Service (CSIS). Their concerns are linked with:
Mass surveillance: Provisions in the new CSE Act, which explicitly authorize mass surveillance, and amendments to the CSIS Act, which pertain to the collection of foreign intelligence, are neither necessary nor proportionate. Though the CSE Act introduces reasonableness and proportionality limitations for some of CSE’s surveillance activities, the measures to protect the privacy rights of Canadians and other persons in Canada are insufficient. Furthermore, the permissive exceptions for “publicly available” information—including about Canadians and persons in Canada—offer inadequate human rights protection. As drafted, the bill incentivizes the creation of new markets to capture personal information to subsequently sell it to the government of Canada.
State-sponsored hacking: The active cyber operations mandate contained in the new CSE Act (and parallel retention of CSIS disruption powers) represents a wholesale endorsement of state-sponsored hacking. This mandate is accompanied by limited safeguards to ensure that Charter-guaranteed and internationally recognized human rights (including privacy, freedom of opinion and expression, security, and rights to democratic participation) are protected. The new CSE mandate could also permit unchecked interference with rights-protecting technologies, such as encryption and anonymity tools. Over a decade of Citizen Lab research has demonstrated that putting offensive hacking powers into the hands of intelligence agencies contributes to the insecurity of global networks, opens the door to exploitation by malicious third-party actors, and disproportionately impacts human rights defenders and civil society organizations.
Oversight, review, and control: The creation of the CSE Act is a positive step toward ensuring greater legal clarity with regard to the Establishment’s activities and operations. Other parts of Bill C-59—including the creation of the National Security and Intelligence Review Agency and an independent, quasi-judicial Intelligence Commissioner—may improve the oversight, review, and control of Canada’s intelligence agencies. Unfortunately, these entities will continue to operate almost entirely in secret, with no adversarial process and in the complete absence of fully-informed, independent technical experts. Disappointingly, the currently drafted legislation does not establish independent offices to evaluate the civil liberties impacts of intelligence operations, nor does it contain mandatory reporting formats that would help legislators and the public more generally to understand the range and impacts of CSE’s national and international activities.
As Parliament returns to work this week, Citizen Lab researchers will continue to collaborate with other organizations, including the Canadian Internet Policy and Public Interest Clinic, to produce critical analysis and conduct strategic engagement on the bill.
Read the full letter in English and French.
For previous work on these issues by Citizen Lab researchers, consult:
Parsons, C. (2015-Present). Canadian SIGINT Summaries. https://christopher-parsons.com/writings/cse-summaries/
Robinson, Bill (2017, August 4). CSE and Bill C-59 overview. Lux Ex Umbra blog. https://luxexumbra.blogspot.ca/2017/08/cse-and-bill-c-59-overview.html
Robinson, Bill (2017, July 3). Bill C-59: New dogs for new tricks. Lux Ex Umbra blog. https://luxexumbra.blogspot.ca/2017/07/bill-c-59-new-dogs-for-new-tricks.html
Robinson, Bill (2017, June 24). CSE to get foreign cyber operations mandate. Lux Ex Umbra blog. https://luxexumbra.blogspot.ca/2017/06/cse-to-get-foreign-cyber-operations.html
Israel, T. and Parsons, C. (2016). Why We Need to reevaluate How we Share Intelligence Data With Allies. https://www.justsecurity.org/29138/reevaluate-share-intelligence-data-allies/
Deibert, R. (2015, March 27). Who Knows What Evils Lurk in the Shadows? OpenCanada.org. https://www.opencanada.org/features/c-51-who-knows-what-evils-lurk-in-the-shadows/
Deibert, R. (2015, May 21). When it comes to cyberspace, should national security trump user security?. The Globe and Mail. http://www.theglobeandmail.com/opinion/when-it-comes-to-browsers-user-security-trumps-surveillance/article24547582/
Gogolek, V., Israel, T., Mazign, M., Parsons, C., Pillay, S., Tribe, L, and Vonn, M. (2015). “Capacity to Intrude,” Globe and Mail (Editorial), https://www.theglobeandmail.com/opinion/letters/nov-27-refugee-bias-and-other-letters-to-the-editor/article27502123/?arc404=true
Parsons, C. (2015). “‘Defending the Core’ of the Network: Canadian vs American Approaches,” Technology, Thoughts, and Trinkets. https://christopher-parsons.com/defending-the-core-of-the-network-canadian-vs-american-approaches/
Parsons, Christopher. (2015). “Beyond Privacy: Articulating the Broader Harms of Pervasive Mass Surveillance,” Media and Communication 3(3).
Parsons, Christopher. (2015). “Restoring Accountability For Telecommunications Surveillance In Canada,” The Mackenzie Institute, August 2015.
Parsons, Christopher. (2015). “Canadian Signals Intelligence Requires Parliamentary Review,” The Mackenzie Institute, May 2015.
Parsons, Christopher. (2015). “Canada has a spy problem,” National Post, May 2015.
Parsons, Christopher. (2015). “Raising the Digital Curtain: Spotlight Needed on Canada’s Surveillance Culture,” Canadian Dimension 49(2).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.<
Deibert, R. (2014, November 25). The Cyber Security Syndrome. OpenCanada.org.
https://opencanada.org/features/the-cyber-security-syndrome/
Deibert, R. (2014, January 31). Now we know Ottawa can snoop on any Canadian. What are we going to do? The Globe and Mail. http://www.theglobeandmail.com/opinion/now-we-know-ottawa-can-snoop-on-any-canadian-what-are-we-going-to-do/article16625310/
Deibert, R. (2013, September 16). To Protect Canadian’s Privacy, Telcos Must Shut the Back Door. The Globe and Mail. http://www.theglobeandmail.com/globe-debate/to-protect-canadians-privacy-telcos-must-shut-the-backdoor/article14333544/
Deibert, R., Cavourkian, A, Clement, A, Des Rosiers, N. (2013, September 16). Real Privacy Means Oversight. The Globe and Mail. http://www.theglobeandmail.com/globe-debate/real-privacy-means-oversight/article14332825/
Deibert, R. (2013, June 12). Why NSA Spying Scares the World. CNN. http://www.cnn.com/2013/06/12/opinion/deibert-nsa-surveillance/
Deibert, R. (2013, June 10). Spy Agencies Have Turned our Digital Lives Inside Out. We need to watch them. The Globe and Mail. http://www.theglobeandmail.com/opinion/spy-agencies-have-turned-our-digital-lives-inside-out-we-need-to-watch-them/article12455029/
Deibert, R., and McKune, S. (2013, March 13). Canadians Need to Understand the Scale of the Digital Arms Trade. Ottawa Citizen. http://www.ottawacitizen.com/opinion/op-ed/Canadians+need+understand+scale+digital+arms+trade/8093193/story.html