Canada’s Long-Needed Improvements Intelligence Information-Sharing Require More Work
Canada is in the midst of a comprehensive—and long-overdue—reform of its national security institutions and legal authorities.
Published by The Lawfare Institute
in Cooperation With
Canada is in the midst of a comprehensive—and long-overdue—reform of its national security institutions and legal authorities. The reform will produce new security initiatives, new authorities, and even new institutions. But much like a problem that the U.S. intelligence community faced in the wake of 9/11, Canadian national security agencies often operate in “silos” of information: Within the government, departments don’t always share vital intelligence with one another when it counts. If Canada’s national security apparatus does not find a better way to share information, the broader reforms will be squandered.
That is where the Security of Canada Information Sharing Act comes into play. The legislation reforms and controls how information is shared between government departments “in order to protect against … activities that undermine the security of Canada.”
The Need for Better Information Sharing
The Security of Canada Information Sharing Act was actually first passed in 2015. However, in 2017 Parliament introduced Bill C-59, its national security reform bill. Part of bill C-59 will further reform the Security of Canada Information Sharing Act to clean up some procedural irregularities, and will rename it the “Security of Canada Information Disclosure Act.” Parliament has not yet passed these subsequent reforms, though that should be expected within the year.
The impetus for first introducing the information-sharing legislation in 2015 was simple: In the past, the way Canadian government departments shared sensitive information was often confusing and uncertain. Even to those within government, the process was at times unclear and subject to the whims of senior officials. The concern, both inside and outside of government, was that one government department might have had the information that another agency needed to keep Canadians safe, but they did not share it. At the same time, too much of the wrong information—like highly personal healthcare information that has little to do with national security—might be shared inappropriately and without proper restrictions and oversight. We were, on this view, getting it wrong on all counts.
And there was evidence to suggest that this was a bigger problem than many let on. In 2010, Canada’s analog to the 9/11 Commission Report was published in the form of a Parliamentary-mandated Commission of Inquiry Report into the worst terrorist attack in Canadian history, the 1985 Air India Flight 182 bombing, which killed 329 people. While a welcome development, the Air India report was a sign of how slowly things were moving on information sharing in Canada: It was not until 2006, 21 years after the Air India bombing, that Parliament mandated an investigative commission, and its report was not issued until 25 years after the attack. When the report was finally released, it confirmed what many already knew to be true: A “cascading series of errors” (Page 21), including a failure of coordination and information sharing, contributed to Canada’s failure to prevent the bombing. So Canada has known for some time that information sharing within the government needs improvement.
First Steps Toward a Remedy
As Kent Roach and Craig Forcese noted in their “report card” on the Bill C-59 amendments to the information-sharing law, the legislative response needed work: Roach and Forcese initially gave it a failing grade. While some of their criticisms may still stand, it appears that many of the most serious will, thankfully, be addressed. In an unusual move, immediately after introducing Bill C-59, Canada’s House of Commons sent the bill to the Standing Committee on Public Safety and National Security to study the bill, hear expert testimony, and, in theory, to propose broad, substantive changes to be subsequently considered by the House. On May 3, the committee released its proposed amendments to all parts of bill, including the information-sharing provisions. Right now, the best bet would be that most or all of these amendments will indeed pass through the House, possibly in short order.
Surely not everyone will be happy with the amended legislation, even if all of the committee’s recommendations win Parliament’s support. But one large problem still looms, and it parallels the concerns about undersharing vital national security information when it matters and oversharing other information without appropriate process.
On the one hand, the amended law provides for too little guidance about information-sharing limits. In particular, it allows the sharing of personal information so long as it relates to an “activity that undermines the security of Canada,” which itself is defined in Section 2 of the information-sharing bill in a fairly broad and nebulous manner. What is striking is that there is a fairly simple solution here: Replace this definition with the still (fairly) broad but well understood term “threats to the security of Canada” as defined in Section 2 of the Canadian Security Intelligence Service Act.
On the other hand, the information-sharing language remains voluntary—it grants permission, but does not require action. This legislative approach to encouraging information sharing is blind to how security agencies actually share information; that is, they don’t. Security agencies are restricted both when they cannot share information due to legal or policy constraints as well as when one agency has the authority to share information with another department that’s in need, but still does not do so. Any effective legislative initiative should address both, the can and the will. Without mandatory language—coupled with greater interdepartmental collaboration and training, neither of which seem to be on the government’s radar—permissive language like that in the legislation solves half the equation at best.
Admittedly, this latter concern is a theoretical problem and, over time, it may be that a cultural reset does more to change this behavior than any mandatory language would. Recognizing this, Section 3 of the proposed bill explicitly states that the information-sharing bill’s “purpose” is “to encourage and facilitate the sharing of information among Government of Canada Institutions.”
But whereas since 2004, the U.S. has had an Office of the Director of National Intelligence to improve intelligence integration and build “a community that delivers the most insightful intelligence possible,” there is no comparable effort to integrate the intelligence community and promote information sharing in Canada. Canadians are left to hope that merely permitting information exchange does the trick.
Under the existing voluntary information-sharing model, the results have been predictable. According to the a 2017 report by the Privacy Commissioner, there were relatively few disclosures in the first year under the Security of Canada Information Sharing Act as it already exists in law. Of the few that occured, most involved only five agencies, recordkeeping was sporadic, and there were no formal structures in place to monitor the exchange of information. (The Standing Committee on Public Safety and National Security has recommended information-retention and reporting-compliance amendments that would presumably fix the latter two problems.)
But even if the culture slowly shifts and information sharing becomes more common, the concern about excessive sharing of inappropriate information will persist because, as mentioned, the information-sharing act’s definition of “activity that undermines the security of Canada” remains extremely broad. From a civil liberties perspective, this is a serious concern because personal information could be unnecessarily circulated across government with little legislative limit. From a national security perspective, this is also concerning because departments could become overwhelmed with trite information and, of course, when all information is treated as important, none of it is.
Fortunately, the national security committee has proposed an amendment that would ensure that all departments sharing information or even receiving shared information report, on a yearly basis, to a new “National Security and Intelligence Review Agency”—a separate reform initiative found in Bill C-59 that provides for review of national security-related practices across government. This is a positive development, though clearly a lot will rise and fall on the quality of reporting that takes place within government and the quality of review by the new agency.
***
The efforts to (finally) address the limits of Canadian interdepartmental information-sharing is a long-overdue step in the right direction—of that there is little doubt. But the current project is not without its flaws and, as Canada reviews its national security laws, it will remain the subject of some criticism. Canada needs better information sharing between government departments, and surely our allies—foremost the U.S.—will be heartened to see that we are finally taking the issue seriously. But over a decade after the U.S. created the Office of the Director of National Intelligence, and now almost eight years after Canada’s own Air India report’s call to action, Canadian government departments have yet to prove whether they are sharing between themselves enough information, and the right information. For the time being, there is reason to be skeptical.
