ETHI Committee Report

The Privacy Impacts of the Security of Canada Information Sharing Act: A Premature Review

Introduction

1. On June 18, 2015, the 41^st Parliament of Canada passed former Bill C-51, the Anti-Terrorism Act 2015. Included in this Act were new information sharing provisions for Canada’s national security organizations. These provisions formed Canada’s Security of Canada Information Sharing Act (SCISA).
2. During deliberations of the Standing Committee on Public safety and National Security, various witnesses testified as to the necessity of these new information sharing tools and potential privacy concerns that may arise from their application. Given that these new tools were not yet in place during the initial review of the draft legislation, these concerns were based on theory and presumption, not fact.
3. On 18 October 2016, the House of Commons Standing Committee on Access toInformation, Privacy and Ethics (“the Committee”) adopted the following motion:
   • That the Committee undertake a study of the Security of Canada Information Sharing Act, its impacts on privacy since its implementation, and whether there are any changes that should be proposed in the course of the Government’s national security consultation and review.
4. The scope of this current review was not to re-examine potential privacy concerns of SCISA. Instead, the committee’s mandate was to review the concrete privacy impacts that SCISA has had since it came into force less than two years ago.
5. This committee heard from many of the same witnesses that appeared before the Standing Committee on Public Safety and National Security during its review of Bill C-51[1]. Although the Conservative Caucus appreciates the time and efforts of these witnesses, the testimony on the potential privacy concerns of SCISA was, again, largely based on theory and presumption.
6. In order to fulfill the mandate of this current study, the committee required factual testimony on how the new information sharing tools in SCISA are impacting the privacy rights of Canadians. To this end, the committee heard from Canada’s national security organizations who have been using these new tools, the Canadian national security oversight bodies who review the application of these new tools, and the Privacy Commissioner who assess any impacts of new legislation on the privacy rights of Canadians.
   • The Application of SCISA by Canada’s National Security Organizations
7. The overarching goal of SCISA was to allow Canada’s national security organizations to effectively protect Canadians. As indicated in section 3.1 of the majority report, this tool plays an important role in Canada’s national security:
   • A number of officials from federal institutions described the benefits of SCISA and asserted that it gives them an important new tool for sharing information effectively and improves national security.
8. In addition to protecting Canadians, a vital goal of SCISA is to achieve this protection while also ensuring the privacy rights of Canadians. Determining whether this balance is being achieved is the central element of this current study. Although Canada’s national security organizations agree that SCISA will help ensure our country’s national security, it is difficult to concretely determine the privacy impact of these tools due to the short time the law has been enacted.
9. Indeed, although many of these national security organizations stated that there has been no abuse or misuse of these new information sharing provisions[2], they also stated that SCISA is relatively new legislation, and as a result, they have not yet had the opportunity to fully determine its effects and impacts[3]. Given the testimony received from Canada’s national security organizations, it our view that it is currently impossible to determine whether the application of the new information sharing laws has inappropriately impacted the privacy of Canadians.
   • The Review of SCISA’s Application by Canada’s National Security Oversight Bodies
10. In order for this committee to determine the concrete impacts of SCISA on the privacy of Canadians, it is essential to examine the testimony of Canada’s national security oversight bodies.
11. The committee heard from Mr. Jean-Pierre Plouffe, Commissioner for the Office of the Communications Security Establishment Commissioner. During his appearance, Mr. Plouffe indicated that, although he reviews the important work of the Communications Security Establishment (CSE), it is unlikely that CSE will share or receive any information under SCISA.[4]
12. In addition, the committee heard from both the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police and the Security Intelligence Review Committee for the Canadian Security Intelligence Service. Both of these oversight bodies indicated to the committee that they are currently undertaking their first reviews of the application and use of the new information sharing provisions in SCISA. [5]
13. Given the testimony received from Canada’s national oversight bodies with regards to their on-going reviews of the application SCISA, it is impossible to determine whether there have been any concrete impacts to the privacy rights of Canadians since the enactment of SCISA.
    • The Review of Privacy Impact by the Office of the Privacy Commissioner of Canada
14. The Office of the Privacy Commissioner of Canada plays a critical role in determining the privacy impacts of SCISA. To this end, the Privacy Commissioner informed the committee that his office undertook a survey of Government of Canada institutions on the application and implementation of SCISA in the first six months since its coming into force, that is, from 1 August 2015 to 31 January 2016.
15. The Commissioner also informed the committee that his office will be conducting the second phase of his audit to further determine the impacts of SCISA on the privacy of Canadians.[6] Given that the Privacy Commissioner’s audit is still on-going, the committee is not in a position to fully determine the concrete impacts of SCISA’s provisions on the privacy rights of Canadians.
    • Conclusion
16. The Conservative members of the Standing Committee on Access to Information, Privacy and Ethics believe that there is no priority more important than protecting the safety and security of Canadians. Providing our national security organizations with the tools they required to achieve this and to allow them to work alongside our allies is critical. We also believe that it is important to ensure that our national security is balanced with the right to privacy of Canadians. Therefore, we believe that the mandate of this study – to review the concrete privacy impacts of the new information sharing tools in SCISA - is extremely important.
17. Although some witnesses have expressed concerns relating to SCISA, these views are the exact same ones shared during the review of Bill C-51 and are based on theory and presumption. The 41st Parliament considered the merits of these concerns and voted to enact Bill C-51 and the information sharing tools which now form SCISA. The mandate of our committee during this study was not to discuss whether SCISA should have been enacted. Our mandate was to determine: Have there been any impacts on the privacy rights of Canadians since SCISA has been enacted?
18. The testimony received from witnesses unfortunately does not allow the committee to answer this question. Given the relatively recent enactment of SCISA, Canada’s national security organizations have not had the opportunity to fully utilize these new tools. Furthermore, Canada’s national security oversight bodies and Canada’s Privacy Commissioner have on-going reviews of the impacts of these new information tools.
19. For this reason, the Conservative members believe that it is premature and imprudent for this committee to suggest substantive amendments to SCISA.
20. To this effect, we recommend:

Recommendation 1: That the Standing Committee on Access to Information, Privacy and Ethics undertake a study of the Security of Canada Information Sharing Act and its impacts on privacy since its implementation in 3 years.