Calling For More Eyes On Our Cyber Spies

Two weeks ago, Glenn Greenwald, an American journalist based in Brazil, revealed that Canada’s signals intelligence agency, the Communications Security Establishment (CSEC), is involved in economic espionage aimed at the Brazilian government. The report, which is just the latest based on a series of leaks by former American intelligence contractor Edward Snowden, follows news earlier this summer that CSEC is involved in the National Security Agency’s controversial “metadata” collection program. These revelations have triggered calls for increased parliamentary scrutiny for CSEC from both the Liberals and New Democrats, but perhaps more surprisingly, from former CSEC head John Adams.

These calls are well intentioned, considering the limited role that Parliament has played with regard to CSEC since its predecessor agency, then part of the National Research Council, was uncovered by investigative journalists at the CBC in 1974. Even after CSEC was put on more solid legal footing through the Anti-terrorism Act passed in the wake of the September 11th attacks, parliamentary engagement with CSEC has, in most years, been limited to occasional exchanges in Question Period. The result is that recent moves to increase CSEC’s independence from the Department of National Defence and bolster its cybersecurity responsibilities have been left largely unexamined.

What parliamentary involvement there is tends to be crisis-driven, which prevents parliamentarians, especially in the House of Commons, from developing much expertise in this area. The possibility for effective parliamentary scrutiny is further undermined by the fact that CSEC falls within the national defence committee’s jurisdiction, rather than the public safety and national security committee. The defence committee’s time tends to be taken up by higher profile military issues, and it has little ability to examine CSEC’s increasingly close and important cooperation with the Department of Public Safety and the agencies it supervises, especially the Canadian Security Intelligence Service (CSIS).

The Liberals have proposed reviving the Martin government’s ill-fated 2005 proposal to create a “committee of parliamentarians” to scrutinize the intelligence and security community, including CSEC. The committee, which would be composed of MPs and Senators and located in the executive branch, would be an important step in the right direction. However, it would lack sufficient independence to effectively fulfill its mandate. A better model would be Britain’s Intelligence and Security Committee, which following reforms brought about by the Cameron government earlier this year, is a nine member joint parliamentary committee empowered to scrutinize the budgets, operations and policies of the British intelligence agencies.

Parliamentary scrutiny alone, however improved, is not enough to ensure the efficacy and propriety of CSEC’s activities. Even in countries with fully-fledged parliamentary national security committees, these committees tend to focus on broad, structural issues, rather than providing day-to-day accountability. Fortunately, CSEC is subject to external scrutiny by the CSEC Commissioner, a position held by a former federal or provincial judge, which was established by the Chrétien government in 1996 in response to a recommendation to that effect by the Privacy Commissioner. The Commissioner is empowered to hear complaints against CSEC and conduct preventive reviews of the policies and practices that govern its activities.

The CSEC Commissioner has not been without its problems in recent years. Charles Gonthier was named Commissioner in August 2006 and died in office in July 2009. His successor, Peter Cory was not named until December 2009, but abruptly resigned in March 2010. Cory’s successor, Robert Décary, served a full three-year term, but has declined reappointment. This kind of turnover disrupts the work of the Commissioner’s office. The Harper government did well by not delaying the appointment of Décary’s successor, Jean-Pierre Plouffe, a former Quebec judge, but must make an effort to further reduce turnover, ideally by replacing the Commissioner with a multi-member review body, as exists for both CSIS and the RCMP.

The CSEC Commissioner’s powers have not kept pace with CSEC’s evolving role. Despite the agency’s increasingly close cooperation with CSIS and the RCMP on counterterrorism and cybersecurity, the Commissioner lacks the authority to collaborate with their review bodies on joint investigations. As was recommended by the Commissioner in his most recent annual report, the Harper government should revisit the Arar Commission’s 2006 proposal for the creation of “statutory gateways” between these review bodies in order to ensure that joint operations are subject to an appropriate degree of scrutiny.

Parliament has a necessary, but not sufficient, role to play in providing enhanced accountability for CSEC’s activities. The CSEC Commissioner’s role is also crucial, given its office’s expertise and its ability to conduct preventive, rather than crisis-driven scrutiny of CSEC. If Prime Minister Harper truly is “very concerned” about allegations of CSEC’s involvement in economic espionage targeted at Brazil, then he must take seriously the call for increased accountability for Canada’s cyber spies, both within Parliament and outside it.