Threat Intelligence

10:15 AM
Bruce Cowper
Bruce Cowper
Connect Directly
E-Mail vvv

What's Next For Canadas Surveillance Landscape?

Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau government's next move in the country's complex privacy and security debate.

Edward Snowden’s 2013 revelations of massive state surveillance shocked the world and made it more aware of electronic privacy issues, but north of the border, Canada continues to struggle with its own.

Just over a year ago, the former Conservative Canadian government, led by Stephen Harper, enacted a piece of legislation that enraged privacy advocates. Bill C-51 extended the powers of Canada’s intelligence services, prompting an open letter from over 100 Canadian academics imploring the government to rethink it. Even the federal Privacy Commissioner complained about it.

A year later, we have a new government that has promised to overhaul things. What has been done, and where does Canada’s complex debate over privacy and national security sit now?

C-51 angered privacy advocates by increasing information-sharing powers between 17 government agencies. The Canadian Security Intelligence Service (CSIS), which is Canada’s domestic intelligence agency, can now obtain the tax records of anyone perceived to be a national security threat, for example. The bill also permitted the disclosure of information shared between government agencies to others.

C-51 gave new powers to CSIS. They included the "disruption" mandate, which lets it take measures to reduce threats when it believes they pose a threat to the security of Canada. Legal experts have questioned the wording here, worrying that CSIS gets to determine what constitutes a threat and suggesting that it can legitimize a slew of activities including electronic surveillance without the need for the agency to ask for a warrant.

All of this dismayed Snowden, who has specifically referenced Canada when warning against passing anti-terror laws that curtail civil liberties.

Edward Snowden will be speaking via video link at the SecTor security conference in Toronto at 9 am on Tuesday October 18, and will be taking questions from Dark Reading readers. If you have relevant questions you would like to ask, let the SecTor team know by posting them in the comments section at the bottom of this article. SecTor will be selecting the best to be addressed at the event.

Politically, the Conservative Harper government naturally supported the bill, having introduced it in the first place, while the left-leaning National Democratic Party (NDP) strongly opposed it. The moderate Liberal party, which ended up winning last year’s federal election, came down in the middle, supporting the bill but with some caveats.

Trudeau: Broader oversight, narrower scope
Liberal leader and now-Prime Minister Justin Trudeau voted for the bill but vowed to temper it a little in two broad areas.

The first focal point was oversight. The Liberal government would create a multi-party oversight committee to ensure that CSIS was acting appropriately. Snowden himself criticized Canada for poor spying oversight back in May 2015, not long before the Bill became law.

CSIS hasn’t been entirely without oversight in the past. Traditionally, the body responsible for overseeing CSIS has been the Security Intelligence Review Committee (SIRC). This body typically reviewed a sample of CSIS warrant applications, but in its annual report for 2014-15, it explained that it would have to broaden its review activities to cope with the new powers granted to CSIS under C-51. The Harper Government had already earmarked additional funding to help with this in its 2015 Economic Action Plan.

SIRC explained that it had broadened its scope to cover CSIS’ use of metadata, and had found it wanting in areas including training, policy and procedure, investigative thresholds, and recording its decision-making. SIRC had made some key recommendations in this area that CSIS had not taken up, the report said.

The Trudeau’s concern was that SIRC described itself as a review body, examining past activities, rather than an oversight body, monitoring CSIS operations in real-time.

The Liberal leader vowed to alter this and started to make good on this promise in early 2016. His public safety minister Ralph Goodale has now introduced Bill C-22, which would create a cross-party oversight committee that would oversee almost 20 agencies related to national security.

Mandatory review period
The second problem that Trudeau had with C-51 was with the bill’s scope. He promised to refine some of its language to omit legal protests and advocacy from definition as terrorist activities, and said that he would introduce a mandatory review period for the legislation.

He hasn’t taken these steps at the time of writing, and privacy advocates are awaiting the government’s next move. In the interim, Trudeau has been shuffling. One notable political action was his appointment of a new national security advisor, Daniel Jean, in May this year. Jean replaces former Harper government National Security Advisor Richard Fadden, an ex-director of CSIS, who recently retired.

Jean doesn’t come from the spy community, moving up instead from his role as deputy minister of foreign affairs. Before that, he served in Heritage Canada and the Treasury Board. That may point to a more international intelligence focus at the top and a move away from more hardline domestic intelligence policies. It could be taken as an indicator that the Trudeau government intends to calibrate Bill C-51 to bring it more in line with its new focus.

All this will still be guesswork until Trudeau actually takes steps to change the legislation. An attempt at proper oversight may appease privacy advocates a little, but we still don’t know what will happen to the government’s electronic surveillance powers until a minister stands up in parliament with a proposed amendment.

Even when that happens, it’s unlikely to satisfy privacy advocates who have always called for the repeal of C-51, but they’re unlikely to get much more. After all, the Trudeau government never promised to do away with the thing altogether.

Don’t forget, Edward Snowden will be speaking via video link at the SecTor security conference on October 18, so post your questions in the comments section below.

Related Content:

Bruce Cowper is a founding member of the Security Education Conference Toronto (SecTor), the Toronto Area Security Klatch (TASK), the Ottawa Area Security Klatch (OASK) and an active member of numerous organizations across North America. In his day job, Bruce works for ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
10/17/2016 | 10:50:18 AM
Re: Snowden Keynote
The keynote is currently only being broadcast at the event, both in the keynote hall and expo theatre. You can register for the expo at
User Rank: Apprentice
10/17/2016 | 10:28:21 AM
Snowden Keynote
Will Snowden's session tomorrow morning be streamed live or released later online?
User Rank: Apprentice
10/4/2016 | 11:23:13 AM
Question for Snowden
The Secure Exchange of Encrypted Data (SEED) Protocol is a recently patented cybersecurity invention (U.S. Patent Nos. 9,378,380 and 9,390,228) that uses individualized asymmetric encryption in combination with a distributed, interlocking design to secure confidential data that must be shared between organizations. (More info is available online.) The question for Mr. Snowden: Would the SEED Protocol have prevented you from being able to access and leak the NSA documents?
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda Networks,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
PUBLISHED: 2018-10-16
Z-BlogPHP (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.