The Anti-Terrorism Act

The Anti-terrorism Act is a major piece of legislation with numerous elements affecting many areas of government activity. Despite concerns expressed about the haste with which the legislation was drafted and debated, I know with certainty that those parts of the legislation that deal with CSE and the CSE Commissioner benefited from years of discussion within government long before September 11.

More than a decade of debate

As long ago as 1990, the House of Commons Special Committee on the Review of the Canadian Security Intelligence Service Act and the Security Offences Act recommended that Parliament establish CSE by statute. Although the government chose not to act on the recommendation at that time, it did indicate that it was "considering providing the Minister of National Defence with some additional capacity for review of CSE." This ultimately led to my appointment in 1996 as the first Commissioner of CSE.

The issue of legislation for CSE arose again in 1996 when the Privacy Commissioner completed his examination of CSE. He concluded that, to the extent it could be established through his audit, CSE operated in compliance with the Privacy Act and the principles of fair information practices. However, he too recommended the enactment of enabling legislation for CSE.

Later that year, the Auditor General of Canada tabled a report on the Canadian intelligence community in which he called on the government to consider the advantages of an appropriate legislative framework for CSE. He reiterated this view in a short 1998 follow-up report.

Similarly, in 1999, the Senate Committee on Security and Intelligence, chaired by former Senator William Kelly, recommended that CSE have its own Act of Parliament and that the legislation provide for a permanent and separate review body for CSE.

In four of my annual reports, I raised the matter of legislation for CSE. I expressed the view, in these reports and elsewhere, that legislation would be an appropriate development that would put CSE on a firm footing by articulating its mandate and powers and its relationships with Parliament, the government, and the Minister of National Defence.

Suddenly and unexpectedly, what had been discussed for many years became a reality. The government accepted the advice of its independent observers and agreed that, in the context of the omnibus Bill C-36, the time was right to introduce legislation for CSE and the CSE Commissioner.

In my view, the passage of legislation dealing with CSE and the Commissioner is a welcome development. Moreover, I believe the legislation appropriately takes into account the critical balance between the needs of the state to collect information to protect its citizens and the individual rights of those citizens to privacy.

The parts of the Act that relate to CSE and the Commissioner are described below.

Communications Security Establishment mandate

The Anti-terrorism Act provides a legislative base for CSE by amending the National Defence Act. The new section 273.64 of the National Defence Act states:

1. The mandate of the Communications Security Establishment is

   1. to acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities;

   2. to provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada; and

   3. to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.

2. Activities carried out under paragraphs (1)(a) and (b)

   1. shall not be directed at Canadians or any person in Canada; and

   2. shall be subject to measures to protect the privacy of Canadians in the use and retention of intercepted information.

These provisions have the effect of enshrining in legislation the historical activities of CSE.

Ministerial authorization

The National Defence Act also allows the Minister of National Defence to authorize CSE to intercept private communications in specific circumstances, by issuing a written Ministerial authorization. The Minister may, for the sole purpose of obtaining foreign intelligence, issue an authorization if satisfied that:

1. the interception will be directed at foreign entities located outside Canada;

2. the information to be obtained could not reasonably be obtained by other means;

3. the expected foreign intelligence value of the information that would be derived from the interception justifies it; and

4. satisfactory measures are in place to protect the privacy of Canadians and to ensure that private communications will only be used or retained if they are essential to international affairs, defence or security.

In the past, CSE was prohibited from intercepting any communication in which one of the participants in the communication was in Canada – even if the target of the interception was outside Canada. This new provision allows the Minister of National Defence to authorize such interceptions in circumstances defined in the authorization. An example might be a communication in which a person of foreign intelligence interest in another country contacts a counterpart in Canada.

The new legislation also allows the Minister to issue authorizations to intercept private communications "for the sole purpose of protecting the computer systems or networks of the Government of Canada from mischief, unauthorized use or interference." Section 273.65 (4) of the National Defence Act sets out the conditions for such an authorization:

1. the interception is necessary to identify, isolate or prevent harm to Government of Canada computer systems or networks;

2. the information to be obtained could not reasonably be obtained by other means;

3. the consent of persons whose private communications may be intercepted cannot reasonably be obtained;

4. satisfactory measures are in place to ensure that only information that is essential to identify, isolate or prevent harm to Government of Canada computer systems or networks will be used or retained; and

5. satisfactory measures are in place to protect the privacy of Canadians in the use or retention of that information.

The legislation directs the CSE Commissioner to review the activities carried out under Ministerial authorizations to ensure they are authorized and to report annually to the Minister on the review.

The Commissioner's mandate

In addition to assigning responsibility for reviewing CSE's activities under Ministerial authorizations, the National Defence Act now sets out the duties of the Commissioner's office as follows:

1. to review the activities of the [CSE] to ensure that they are in compliance with the law;

2. in response to a complaint, to undertake any investigation that the Commissioner considers necessary; and

3. to inform the Minister [of National Defence] and the Attorney General of Canada of any activity of the [CSE] that the Commissioner believes may not be in compliance with the law.

In effect, the mandate I have been fulfilling since 1996 by Order in Council is now entrenched in law.

Public interest defence

The Anti-terrorism Act also made significant changes in the former Official Secrets Act, now called the Security of Information Act. The Act now prohibits people bound by secrecy from communicating or confirming "special operational information", which is defined to include information about the kinds of activities CSE lawfully undertakes.

A person would not be found guilty of an offence under this part of the Act, however, if that person could establish that he or she acted in the public interest by communicating or confirming special operational information. The Act states that a person acts in the public interest if the person's purpose is to disclose "an offence under an Act of Parliament that he or she reasonably believes has been, is being or is about to be committed by another person in the purported performance of that person's duties and functions for, or on behalf of, the Government of Canada." The public interest in disclosure must outweigh the public interest in non-disclosure. This is why it is called a public interest defence.

A judge or court can consider a public interest defence only if the person involved, before disclosing special operational information, brought his or her concerns to the attention of the institution's deputy head or the Deputy Attorney General of Canada. If a person with a concern about CSE's activities does not receive a response from the deputy head or Deputy Attorney General within a reasonable time, he or she must then bring the concern to the CSE Commissioner and must allow a reasonable time for the Commissioner to respond. Failure to do so precludes that person from using the public interest defence.

Implications for the Commissioner

It will take some time to fully assess the implications of the Anti-terrorism Act for my work. The responsibility of reviewing CSE activities under Ministerial authorizations is a significant one. These authorizations will extend CSE's activities into new areas, and I will want to ensure that CSE has appropriate policies and procedures in place, and that it applies them, to protect the privacy of Canadians as it implements this expanded mandate.

The Commissioner's role in public interest defence cases is comparable in some ways to my continuing responsibility to consider complaints about CSE, and I anticipate that the measures I have in place to address complaints will allow me to respond quickly and appropriately to any concerns raised about CSE's activities under the Security of Information Act. Very few complaints about CSE have been brought to me since I took office in 1996. It remains to be seen whether the new public interest defence provisions will generate additional activity.

With the Commissioner's mandate now clearly established in law, I will no longer need to debate the theoretical merits of one arrangement for reviewing CSE over another. However, the Commissioner's new status as an ongoing institution of government raises a host of practical administrative issues that must now be addressed. For one thing, I will need to ensure my Office is sufficiently resourced to review CSE's expanded activities. Other issues, such as the Office's place in government, must also be explored in coming months.