The federal watchdog charged with keeping Canada’s spy agencies in check is calling for changes to Ottawa’s lawful access bill to ensure it has a greater oversight role, and is proactively granted access to classified information.
The National Security and Intelligence Review Agency (NSIRA) has drafted proposed amendments to Bill C-22, which “will enhance accountability and reinforce public trust in Canada’s national security framework” it told a committee of MPs scrutinizing the bill.
It is the first time the watchdog, since it was established in 2019, has proposed amendments to a government bill, NSIRA vice-chair Craig Forcese said in an interview.
“Under our current mandate and our current powers, we have an entitlement, a legal right to all information in the control and possession of those government bodies engaged in national security or intelligence,” he said.
U.S. Congress warns Ottawa’s lawful-access bill could weaken defences against hackers
Bill C-22 would require telecoms, internet companies and other digital service providers operating in Canada to adjust their systems to give surveillance and monitoring capabilities to police services and the Canadian Security Intelligence Service.
It would allow the Minister for Public Safety to issue secret orders requiring compliance by electronic service providers. They are expected to include tech companies, social media platforms, cloud backup providers and messaging apps, which could enable tracking and surveillance capabilities. The Intelligence Commissioner would be provided with all the background relating to such an order and would have to approve it first.
NSIRA, which reviews national security and intelligence activities for compliance with the law, would not automatically be given such information.
Appearing before the committee last week, NSIRA chair Marie Deschamps said “given the scope of new powers in this bill, timely and effective, independent review is essential.”
She said NSIRA provides independent assurance to Canadians that intelligence activities are complying with the law, and the Charter of Rights and Freedoms. With Bill C-22, “given the breadth of these new powers, NSIRA anticipated a review role that would provide timely and direct visibility into how these authorities are used.”
As drafted, the bill wouldn’t give NSIRA the same information as the Intelligence Commissioner.
In a submission to the Commons public safety committee, which is scrutinizing the bill and likely to try to amend it, NSIRA said it had “anticipated a commensurate role within the act to ensure ongoing visibility over such activities, as required to fulfill its mandate.”
It said the absence of provisions requiring the watchdog to automatically be given such documentation is inconsistent with its role under other Canadian intelligence laws. Other laws require information relating to several types of activities – including those conducted following ministerial authorizations – to be passed to NSIRA for scrutiny.
“The absence of a defined role for NSIRA ... is also inconsistent with comparable legislation among Canada’s Five Eyes partners,” it added in its submission to the committee, citing Australia as an example.
In its submission, the watchdog said Bill C-22 “fundamentally alters the reach of government by extending the exercise of its powers to Electronic Service Providers.”
Minister faces calls from MPs to amend lawful access bill to prevent compromising encryption
The watchdog would get an unredacted copy of the Ministerial Annual Report, which would include activities carried out under any new lawful access regime. However, by the time the report is handed over the activities could be up to 19 months old, Mr. Forcese said.
“We want a more contemporaneous understanding of what the minister’s activities are under the bill.”
NSIRA is proposing that MPs consider two amendments including new powers proactively giving it access to information used to inform classified ministerial orders, as well as the orders themselves.
It is also recommending a change to the bill requiring the Public Safety Minister notify NSIRA about any additional orders if the minister thinks a specific company is not complying with the lawful access law.
Mr. Forcese said NSIRA’s budget had been cut by the government, putting a strain on resources, and an efficient review system is in everyone’s interest.
“It will be much more consumptive of everyone’s resources if we’re obliged to periodically tap the departments and say, ‘Please, now we need this information,’ as opposed to it being automatically pushed to us.”
Simon Lafortune, a spokesperson for Public Safety Minister Gary Anandasangaree, said in a statement that the committee’s Bill C-22 study is “an important part of the parliamentary process, and we welcome the thoughtful contributions made by NSIRA, which plays a vital role in Canada’s national security framework.”
Opinion: Canada’s playing catch-up on digital lawful access
“As with all legislation, the study of this bill in committee gives us the opportunity to consider potential improvements, including amendments that may enhance transparency, accountability, and efficiency,” he added.
A recent study by Carleton University professor Stephanie Carvin and University of Ottawa professor Thomas Juneau, concluded that NSIRA has adopted what the authors described as a “lemon-sucker” posture. This is seen as an attitude that presumes the worst of the organizations it reviews.
Tamir Israel, director of the privacy, surveillance & technology program at the Canadian Civil Liberties Association, a non-profit human rights organization, said the courts should have primary responsibility for authorizing the powers in the bill.
“The government has chosen to use a regime highly insulated from judicial scrutiny,” he said. “So at the very least NSIRA should have an expansive role in actively reviewing implementation of this regime.”