Joyce Murray

Your member of parliament for

Vancouver Quadra

Joyce Murray

Your member of parliament for

Vancouver Quadra


MP Joyce Murray on Private Member’s Bill C-622 – CSEC Accountability and Transparency

Mr. Speaker, It is indeed a pleasure to rise today to speak on my private members bill C-622, the CSEC Accountability and Transparency Act.

This legislation takes an important step forward in updating the framework for accountability and transparency for Canada’s signals intelligence agency; and it tasks the public’s representatives, that is, Canadian Parliamentarians, with the responsibility to review and report on the intelligence and national security activities of our government.

In wake of the recent deadly attacks on our soldiers and on Parliament itself, all Party Leaders confirmed their commitment to protect the rights, freedoms and civil liberties of Canadians, even as security measures are analyzed and strengthened. Indeed Canadians expect these fundamental aspects of the very democracy being guarded, to be respected. And that is the underlying intention of this bill. I invite members of all Parties to support sending it to Committee for further examination, and signal the authenticity of their commitment to these democratic freedoms.

Canada does have important guardians of our privacy rights, both in the law, and in our provincial and federal privacy and information officers. We have in general strong privacy protections in Canada, although these must contend with the fast pace of technological change. Where they can be weak is in scrutiny of the activities of intelligence and security agencies like Communications Security Establishment of Canada, or CSE, and my bill aims to ensure sufficient privacy protections for CSE operations on the multiple fronts of its mandate, both abroad and at home. As the Federal and Provincial Privacy commissioners stated in a recent communique: “Canadians both expect and are entitled to equal protection for their privacy and access rights and for their security. We must uphold these fundamental rights that lie at the heart of Canada’s democracy”

In fact, effective protection of individual privacy, and effective delivery of national security measures are not a dichotomy or a trade-off; they are complementary … and both are necessary.

The United States Department of Homeland Security for example considers safeguarding civil rights and civil liberties to be critical to their work to protect their nation from the many threats they face.

This third largest Department of the U.S. Government now explicitly embeds and enforces privacy protections and transparency in all the Department’s systems, programs and activities. Deputy Secretary Mayorkas confirmed in a recent speech that not only is this is an integral part of the DHS mission and crucial to maintaining the public’s trust, but it has resulted in Homeland Security becoming a stronger and more effective Department.
Bill C-622 reflects that very philosophy.

Now, for some information about the Communication Security Establishment of Canada. CSE is our national cryptology and signals intelligence agency. It functions within a global alliance of partner signals intelligence agencies in the US, the UK, Australia and New Zealand, known as the Five Eyes. CSE intercepts and decodes foreign communication signals; it is the lead agency for cyber security for the federal government, and it uses its technological capacities and expertise to assist domestic law enforcement and intelligence agencies. As this three-part mandate suggests, CSE is an important and powerful contributor to Canadian national security and we want it to become a stronger and more effective Department.

Much of CSE’s work today focuses on Internet and mobile phone communications between foreigners who might pose a threat to Canada. CSE does not have the mandate to spy on Canadians, except when it is assisting other federal security and law enforcement agencies who have the appropriate permissions such as a warrant. However, its powers were extended in 2001 to allow it to “inadvertently” collect Canadian communications when it is targeting a foreign entity or conducting cyber security operations.

Here’s the challenge. The capability of information and communications technologies has sky-rocketed over the past 13 years. However, the laws governing CSE have not changed once in that time. That means, whether they are being used or not, CSE now has much greater powers to intrude into the privacy of people’s personal lives and communications, unimpeded by the law.
It’s time to update the law in this new environment of cloud computing and the “internet of everything”.

Ce projet de loi laisse en place tous les outils importants que nos organismes de sécurité ont à leur disposition pour protéger les Canadiens. Le CST a des pouvoirs intrusifs qui sont le plus souvent absolument nécessaires. Mais les Canadiens veulent qu’on les assure que leur vie privée, et notamment la confidentialité de leurs communications ne fera pas l’objet de violations, violations qui n’auraient même pas été technologiquement possibles il y a quelques années à peine.

One key concern of Canadians is government’s access to their “metadata,” that is, their communication activities. It includes, for example, records of connections between your electronic devices and the devices of others. On the surface, intercepting metadata might not seem terribly intrusive.

But metadata is the how, when, where and with whom you communicate electronically. As Ontario’s Information & Privacy Commissioner, Dr. Ann Cavoukian, notes “It has been said that the collection of meta-data is far more intrusive than reading someone’s diary because not everything gets written down in a diary.”

Last January, Canadians learned that CSE collected, tracked and analyzed the metadata of unsuspecting passengers who logged into the WiFi at a Canadian airport. Because the law is so outdated, this was probably legal, but certainly not respectful of privacy rights!

Both CSIS and the RCMP are required to get court approval to enlist CSE’s help in wiretapping a phone, but no such approval is needed to collect metadata.

In June of this year the Supreme Court ruling R vs Spencer was a strong endorsement of Internet privacy, including the privacy of metadata.

Another concern is the Defence Minister’s quasi-judicial power to issue blanket approvals for CSE operations that will likely capture private communications of Canadians — without needing to explain his or her reasoning to anyone. These ill-defined and overly-broad ministerial authorizations have been criticized by CSE Commissioners for almost a decade.

A further concern is the absence of accountability or reporting regarding information sharing between CSE and other security and intelligence agencies. In a 2014 ruling, Federal Court Justice Richard Mosley found that CSIS and CSE kept the court in the dark about how they were enlisting foreign intelligence agencies to help spy on Canadians. He noted that the information CSE had shared – without legal authorization – put two Canadians at risk while they were traveling abroad. Justice Mosley’s findings underscore the need to reinforce CSE’s accountability, not only the Courts, but also to the Minister, to Parliament, and to Canadians.

And finally, the grab-bag of different kinds of oversight of various Canadian security and intelligence agencies including CSE, and the absence of Parliamentary oversight or review, puts us off-side with Canada’s main intelligence partners.

So, how to support CSE, and our other security functions, by embedding better democratic accountability, clarity, reporting and review – an update to bring us in line with our Five-Eyes allies?

First, Bill C-622 strengthens judicial oversight by replacing Ministerial authorization for the interception of Canadians’ protected information, with authorization by an independent judge of the Federal Court. This is consistent with the process used by the National Security Agency, CSE’s American counterpart. In addition, metadata is included in the new definition of protected information.

Second, the Bill strengthens Ministerial oversight. It requires the Chief of CSE to inform the Minister of sensitive matters likely to have a significant impact on public or international affairs… and any national security or policy issues. The Chief must also inform the Minister and the CSE Commissioner of any operational incidents that may have an impact on the privacy of Canadians. Each fiscal year a detailed report will be provided to the Minister, and the National Security Advisor to the Prime Minister on the activities carried out by CSE during the fiscal year, including requests to share information with other Canadian security agencies.

Troisièmement, le Bureau du commissaire du CST sera renforcé. Le premier ministre sera tenu de consulter les chefs de l’opposition avant de procéder au choix du commissaire. Le processus de nomination gagnera donc en indépendance. Le commissaire devra vérifier que les activités du CST sont non seulement conformes à la loi, mais aussi raisonnables et nécessaires. Et il aura l’obligation de déposer des rapports publics suffisamment détaillés pour que le Parlement et la population soient informés adéquatement sur les enjeux d’intérêt public. Seuls pourront en être exclus les renseignements confidentiels relatifs aux affaires internationales, à la défense ou à la sécurité.

Fourth, the Bill provides for oversight that is accountable to the public for all Canada’s security and intelligence agencies. This integrated overview of the functioning of these sometimes silo -ed agencies will bring new solutions to strengthen security measures, and privacy protections alike. The specific mechanism is a multi-Party committee of security-cleared Parliamentarians—The Intelligence and Security Committee of Parliament.

The mandate of this Committee is to review the framework for intelligence and national security in Canada; to review the activities of federal departments and agencies in relation to intelligence and national security; and to issue an annual unclassified report which the Prime Minister will submit to Parliament.

Former CSE Chief John Adams supports such a review Committee, noting that people are more likely to trust an MP saying Canada’s spy agencies aren’t violating their privacy, than to trust the heads of the spy agencies saying the same thing.

I want to thank my Liberal colleague from Malpec, and retired Conservative Senator Hugh Segal, for their hard work writing legislation to customize a successful British Parliamentary oversight model… for our unique Canadian needs.

Les pouvoirs et le champ de surveillance du CST se sont élargis; sa responsabilité à l’égard du public a donc augmenté d’autant. Le système actuel est dépassé et lacunaire. Le Parlement ne peut pas remplir son devoir de supervision, et le ministre de la Défense nationale dispose d’une latitude excessive pour autoriser le CST à surveiller les communications des Canadiens. En adoptant mon projet de loi, le Parlement rehaussera la responsabilité du CST et accordera aux Canadiens des protections de la vie privée plus proches de celles que les Américains et les Britanniques tiennent pour acquises.

In essence, Bill C-622 seeks to modernize outdated laws and embed individual privacy rights within the framework of security and intelligence. Its accountability and transparency measures will restore Canadians’ freedom to communicate with each other and with the world …without the fear of unlawful or unethical access to their communications.

It seeks to ensure that Canadians can have confidence in the work of CSE, and can trust that government’s intelligence and security activities are held to account by the Parliament of Canada, whose duty it is to ensure that Canadian democratic rights and interests are properly protected.

Public trust. Trust that our civil liberties are respected, trust that our rights and freedoms are embedded. These are key ingredients in the strength and effectiveness of the critical work security and intelligence agencies do, to protect the safety and security of all Canadians.

I would like to express my gratitude for the help and support of some of Canada’s top experts in privacy, security, and intelligence, notably Prof Wesley Ward of U of Ottawa and Stephen McCammon of the Ontario Privacy Commissioner’s Office, and the many others who helped me develop this essential step forward in protecting fundamental Canadian securities and freedoms.