How do you create a foreign influence registry and modernise national security legislation?
Or, Ambition vs. reality (hint, ambition loses out)
Dear Reader:
Preamble…
The Public Safety Minister, Dominic LeBlanc, indicated on Friday, May 3, the same day that the Public Inquiry into Foreign Interference tabled its first report, that new national security legislation to combat foreign interference would be tabled imminently. And so it was, making its way to Parliament for introduction on Monday, May 6. I have taken time to digest the new legislative proposals (I am a slow reader of legislative bills). I also wanted to take advantage of a by-invitation expert briefing on Tuesday, May 7. I have used the phrase ‘senior officials’ in the column below and this is the term of art we were asked to utilise following the expert briefing…
The government has recently announced new legislation (Bill C-70) to counter foreign interference as a national security threat. [1] The legislation follows on three separate courses of public and stakeholder consultations—one devoted to the creation of a foreign influence transparency registry, which took place in 2023, and two more recent efforts, earlier in 2024, devoted to amendments to the CSIS Act and to other pieces of national security legislation. These latter consultations were run separately for some reason by Public Safety and the Department of Justice. The new proposed legislation falls hard on the heels of the first report from the Public Inquiry into Foreign Interference, issued on May 3. While legislation takes significant time to draft, the same day announcement was probably not coincidental.
Before diving into some of the details of Bill C-70 it might be worthwhile to ask some framing questions—how does a government revise national security legislation and why is it hard?
On the how, it is important to recognise that the existing state of national security legislation in Canada is a baggy monster, with individual pieces of statute created in vastly different time frames in response to vastly different threat environments. There is no ring that binds them (other than the Charter) and no comprehensive instrument. Definitions go missing, including for national security and for intelligence. There is no regular scheme in place for updating the legislation as a whole. Some pieces of legislation date back decades (for example the CSIS Act, from 1984, and sabotage provisions in the Criminal Code, from 1951). RCMP legislation relating to its national security law enforcement powers is minimalist. There are big gaps, filled by crown prerogative, especially for the national security and intelligence-related activities of Global Affairs Canada, the Department of National Defence/Canadian Armed Forces and the Privy Council Office. For some members of the dispersed national security and intelligence community, such as the Canada Border Services Agency, there is a reliance on a multiplicity of different pieces of legislation, some of which, such as the Immigration and Refugee Protection Act, are over-due for their own modernisation. On the other hand, some pieces of legislation, including the CSE Act and provisions for new independent review bodies, are very recent (dating between 2017 and 2019).
A historically piece-meal construction of national security legislation inevitably drives piece-meal efforts at modernisation. Anything more ambitious and comprehensive faces huge challenges imposed on both political leaders and government officials. Ambition can easily go out the door. This is especially so for a government in a minority situation in Parliament.
The simplest answer to the ‘why is it hard’ question is to understand that for any national security legislation reform, governments need a political hook. After all, there are no votes otherwise in what can be a very arcane field. The Stephen Harper government thought it had found one in advancing new anti-terrorism legislation in 2015 (C-51), allegedly in response to the terrorist attacks of the previous Fall on Parliament Hill and in Quebec. The Justin Trudeau government devised its own hook between 2017 and 2019, while in a majority government scenario, in passing legislation to create, first, the National Security and Intelligence Committee of Parliamentarians (Bill C-44) and then, two years later, a major national security framework bill (C-59). These elements were orchestrated by the astute leadership of then-Public Safety Minister, Ralph Goodale. These Liberal Government efforts delivered on a 2015 election campaign promise to fix the so-called “problematic” elements of previous Conservative government legislation, so as to ensure greater accountability and review, and better protect democratic rights. Bill C-59 also included the new CSE Act, with an expanded and powerful mandate to conduct active and defensive cyber operations, to meet challenges in the global world of cyber aggression. The hook in this case was fixing alleged Conservative messes and doing better for the Canadian public.
The political “hook” for the new legislation, Bill C-70, “An Act Respecting Countering Foreign Interference,” is, yes, the intense political and public debate on foreign interference, often driven by media reporting based on leaks of classified intelligence. With Bill C-70, overseen by the new Public Safety Minister, Dominic LeBlanc, the government is trying to move away from a reactive posture that often saw it on a scattered defensive in the face of opposition party criticisms of its responses to foreign interference from the People’s Republic of China, and to a steady stream of media stories. It is also trying to get ahead of whatever may emerge from the second phase of work by the Public Inquiry on Foreign Interference, which will hold hearings in the Fall and deliver its final report in December 2024. Waiting in the wings are forthcoming reports on aspects of the government’s handling of foreign interference threats, from the National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians. To the extent these reports are critical, the Government will want to have ammunition to respond in the form of new legislation.
While foreign interference is the overarching theme of the new legislation, it actually responds to some long pent-up problems, particularly in terms of the CSIS Act amendments and new definitions of a very old sabotage provision in the Criminal Code. Other parts of the Bill are directly related to foreign interference, including new criminal sanctions under the Security of Information Act and the long-awaited foreign influence transparency registry.
But, just to underline a point, this is piecemeal legal reform and in its overall conception it lacks ambition.
Bill C-70 is divided into four individual components. The piecemeal is piece-mealed.
I will take these in order.
Part 1 proposes detailed amendments to the CSIS Act. These changes respond in many respects to pleas, both public and private, that CSIS has been making for a number of years. I suspect the Service will be pleased by the package. It includes tinkering with the very complex “dataset” regime, which is of recent vintage and allows the Service to engage in data mining and surveillance of different classes of digital records—public; Canadian; and foreign. It also tinkers with an original element of the 1984 CSIS act, the section that spells out what CSIS can do to collect “foreign intelligence.” S16 of the original Act limits CSIS’s collection of “foreign intelligence” to targets within Canada. The original intention was to give CSIS a mandate to spy on foreign embassies and consulates. That remains the mandate but has grown challenging with the storage of data abroad or in the borderless “cloud.” This is to be fixed, but no thought was given to a more fundamental overhaul of the CSIS Act to remove s16 altogether and abolish the artificial and now stale distinction embedded in the original act between security intelligence (which CSIS can collect anywhere in the world) and foreign intelligence (only ”within” Canada). There are new provisions to address the problem of ensuring that CSIS can, in the performance of its mandate, acquire necessary information from third parties like telecommunications companies. These are called preservation order and production orders—essentially to ensure that needed information doesn’t vanish and can be acquired. CSIS warrant application procedures are to be streamlined.
The measures in the Act that might mean most to Canadians include a new ability for CSIS to share threat intelligence with other levels of government beyond Ottawa, including indigenous governance bodies, especially important in the context of a promised pivot to Arctic security, and with private sector entities and the University community. Its good to see this being done, although it was, as a legislative fix, low-hanging fruit. The real challenge will lie after the passage of the legislation, when CSIS and its new partners will have to figure out how best to share intelligence and how to ensure that sharing bad intelligence doesn’t get a foothold. This will require new procedures, likely including more distributed security clearances, a new culture around intelligence sharing, and a real effort on the part of non-traditional partners to understand intelligence and its strengths and limitations.
There is also a promise to ensure that legislation does not sit on the shelf for too long without review and modernisation. This promise does not extend to the entirety of national security legislation and all its moving parts, but at least there will be a statutory requirement for Parliament to review the CSIS Act after every five years. The last five-year review of the CSIS act concluded in 1990!
But many elements of the CSIS Act remain untouched, including s2 definitions of threats to the security of Canada, the wording of the CSIS mandate at s12, and, as mentioned, the peculiar provisions around foreign intelligence in s16. This is not, to quote one former senior intelligence official, a real opening of the hood. Maybe a re-charging of the battery.
Part 2 of the new legislation amends the little-known “Security of Information Act” (SOIA). SOIA dates back to 2001 and the passage of the original anti-terrorism legislation, and has roots way back to the early Twentieth Century in its modelling on UK Official Secrets Acts. It slipped onto the books in 2001 with little Parliamentary or public attention and has not been updated over the past two decades. Had the hood really been opened on SOIA there is much work that could have been done, including modernising the “harms” section (s3), updating the economic espionage provisions, even re-considering the ill-considered concept of secrets that are eternal (persons “permanently pledged to secrecy”).
The particular SOIA amendments, bless them, will offer clear cut criminal sanctions against clandestine foreign interference designed to benefit a foreign start actor in actions against the Canadian state, its interests, or the exercise of democratic rights. These sanctions sever a previous 2001 association with terrorism offences (the concern de jour) or threats of direct violence. They also make laying charges potentially more easy by removing a tricky legal requirement to prove that the offense would do harm to Canadian interests. That may open the way to actually laying foreign interference charges in Canada, distinct from espionage offences, which we haven’t seen done to date. But this will depend on factors beyond the law itself including law enforcement capabilities, intelligence capabilities and a willingness to overcome any risk aversion when it comes to decisions on prosecution.
A third important dimension of the Bill concerns updating the sabotage provisions in the criminal code. These provisions have been untouched since 1951—ouch. They are now to be deployed more clearly to protect critical infrastructure, referred to as “essential infrastructure” in the bill. Senior officials said they wanted to make a “fresh start” by using the term, but the underlying problem is that we are still waiting for a promised Critical Infrastructure Strategy, to update the one dating back to 2009.
The protection for “essential infrastructure” is designed to involve criminal sanctions, and related deterrence, for both cyber interference (which could include cyber probes or reconnaissance, cyber espionage, as well as ransomware attacks) and physical threats. Senior officials, when discussing the proposed legislation, argued that it is not designed as a response to the Freedom Convoy, with one official averring that foreign interference was not an issue during the Convoy, despite public statements in support made by some US politicians (including Donald Trump) and the evidence of massive financial and web based support for the Freedom Convoy protest from US, and some overseas sources.
There are protections built into the legislation on sabotage designed to ensure worker rights and union bargaining, as well as supporting the right to “advocacy, protest or dissent.” But the challenge here is that advocacy, protest and dissent do not become protected if they interfere with essential infrastructure in various proscribed ways, including endangering “the safety, security or defence of Canada;” endangering the safety of the armed forces; or endangering any persons who are internationally protected or acting in a diplomatic capacity under international law in Canada. The real point of friction in the legislation may arise with determinations around advocacy, protest or dissent that “cause a serious risk to the health or safety of the public or any segment of the public.” As can be seen, exemption to the civil liberties protections are painted with a broad definitional brush.
Interestingly, there is nothing in the new sabotage provisions that speaks directly to threats to economic security, a key determinant for the government in invoking the Emergencies Act in response to the Freedom Convoy protests. There is where a complementary overhauling of provisions in the SOIA might have helped.
Part three of the legislation takes a deep dive into the Canada Evidence Act, and I will leave that one to legal experts. All I will say, stemming from experience with the now seemingly-abandoned security certificate procedures under the Immigration and Refugee Protection Act, is that the use of special counsel to represent parties to Canada Evidence Act proceedings, where the government is trying to prevent the disclosure of sensitive intelligence in a court proceeding, is not an entirely satisfactory tool. But the government needed to do something to amend the law to avoid future fiascos of the sort that led to a stay in proceedings over the espionage offences case of Mr. Qin Quentin Huang. His case, which involved allegations of an effort he made to provide safeguarded information on naval shipbuilding programs to the Chinese Embassy, was halted because of procedural delays partly caused by the defence effort to open up the details of a CSIS warrant that permitted the Service to eavesdrop on communications with the Chinese Embassy. Never going to happen.
The final part of the legislation is the one most likely to generate public attention--the creation of a foreign influence transparency registry through the “Foreign Influence Transparency and Accountability Act” (FITAA). This legislation has long been in the making. It was promised by Marco Mendicino, when he served as Public Safety Minister, in December 2022. Public consultations and expert stakeholder meetings took place in the Spring of 2023 and a “What We Heard” summary report of these engagements was issued in September, 2023. The long gestation of this Act may reflect the complexities of legislating a transparency registry, the need for intensive consultations with allies whose own schemes are in flux (Australia, the US, the UK), or political distraction, or indeed all of the above.
The purpose of the Act is described as four-fold:
To create transparency around efforts to engage in political influence operations;
To deter use of more clandestine means;
To raise public awareness;
To strengthen national security.
I must confess to being a skeptic about some of these aims. Raising public awareness, if achieved, would be valuable. Transparency around a specialised lobbying registry may face the question of who really cares? The transparency registry may have some limited, and difficult-to-measure, deterrent effect. It may also boomerang by driving more influence operations underground and making them more difficult to detect. These purpose definitions look to be cut and paste from the Australian scheme, which is currently undergoing Parliamentary committee review and has faced a variety of criticisms for its overbreadth and lack of enforcement.
The officials who devised the Canadian legislation are no doubt sincere about these purposes but I think it would be misleading Canadians to suggest that the foreign influence registry would fundamentally strengthen Canadian national security. Although, it might help Canada’s standing among its Five Eyes partners.
Whether you agree with these purpose definitions or not, the real matter comes in the design of the Act. The design is an amalgam of existing Allied practices, with heaviest borrowing from the Australian model and a deliberate and puzzling (to me) decision not to mirror new UK legislation.
The Canadian legislation has three inter-locking components.
The first is the definition of what is called a “foreign principal”--the guiding, hidden hand behind a political influence operation. The concept of foreign principals is drawn from a different statute (SOIA) but refer to states, state-owned enterprises, and persons acting on behalf of a state. So far, so good.
The guiding hand is then linked to an influence activity, which is broadly defined to include communication with a public office holder, public communications, and provisions of services, including finances. I think deep trouble lies in including public communications in this part of the triggering legislation. That trouble lies variously in potential Charter right infringements, in significant challenges in attributing public communications, including through social media, back along the chain to a foreign principal guiding hand, and the potential for creating a chill in public discourse.
What might save the over-reach of the concept of influence activity is the way it is tied to specified targets of an influence campaign, which are focused on political or governmental processes. This narrows the scheme to efforts at influencing political decision-making at any level of government, influencing elections, and attempting to affect candidate nominations. Where the idea balloons out again is the inclusion of “the development of an electoral platform by a political party.” Campaign platform development is typically a tightly held process by trusted party insiders, but can also be informed by wide-ranging informal consultations with individuals and civil society groups. To conceive of the inside job that is a party election campaign platform as a likely target for foreign state-sponsored influence operations verges on the conspiratorial and plays too fast and loose with Cold War notions of ‘agents of influence.’
To trigger an obligation on the part of a person to register in the foreign influence transparency registry (or face penalties for failing to do so) requires that all three components be met. But as I have indicated the components themselves are a mixed bag, some sensible, some involving overreach, some problematic.
Another key and troubling element of the FITAA is the determination by Canadian officials to maintain a “country-agnostic” approach rather than to target the scheme against foreign state actors of known concern. There are provisions in the legislation that would provide for regulations issued by the Government to expand the scope of exemptions under the Act, and these, in theory, could be used to narrow the state targeting scope of the legislation. But senior officials are adamant that they won’t use regulations in that way. The phrase often heard is that the government does not want to create a ”black list.” But the problem is that this is precisely what the public, and especially targeted diaspora communities, will expect a foreign influence transparency registry to be –a black list of authoritarian states known to engage in serious foreign interference operations in Canada, with China, and now perhaps India, to the fore.
Maintaining a country agnostic approach not only threatens to create a resource-intensive and burdensome bureaucratic machinery to ‘catch good guys,’ it also moves a foreign influence transparency registry close to the territory of security ‘theatre.’
The UK, in its final rendering of its own foreign influence scheme, came up with what seems to me an elegant solution—a two-tiered approach to influence operations which provides a Government Minister with the power to determine a list of foreign states and actors of greatest concern. This lessens the overt impact of a foreign influence registry in terms of its potential to sour diplomatic relations and economic ties between states or create xenophobic impulses towards any particular diaspora community, but it maintains, behind a veil of regulation, a power to designate certain foreign state actors and, through regulation, to keep such a list evergreen in the face of an evolving interference threat landscape. Why Canada, surely with the benefit of discussions with UK counterparts, did not adopt a similar approach is something that I find hard to understand.
I can only imagine that aspects of the foreign influence transparency and accountability act will face close scrutiny from opposition parties in Parliament. This may be especially so for the Conservative Party, which has an ownership stake in the concept of such a registry, and may want to steer the legislation away from a country-agnostic approach. What will emerge from this process will undoubtedly be some form of foreign influence registry, but perhaps a transformed one. Parliament should also weigh up the resources needed for a foreign influence transparency registry against the need for enhanced counter-intelligence and law enforcement capabilities, so as to be able to use the new foreign interference provisions in the proposed changes to the security of information act.
It may even be, given the time it takes Parliament these days to pass significant national security legislation (Bill C-59 took two years), that the process may die on the order paper before the next election is called. While I am on this subject, a reminder that Parliamentary statutory review of Bills C-44 (that created the National Security and Intelligence Committee of Parliamentarians) and Bill C-59 (which gave us, among other things, the National Security and Intelligence Review Agency and the CSE Act) are now long overdue.
In the case of slow progress with the proposed foreign interference provisions, look to party election campaign platforms (and don’t worry too much that they will be subverted by foreign influence campaigns).
Bottom line verdict. Piecemeal reform of national security legislation can provide for useful incremental change. But it cannot holistically address weaknesses and gaps across the entirety of national security legislation. For that, more ambition is needed and a more pro-active, as opposed to reactive, approach. Ideally, we might even abandon the need for a political hook. This is the value of mandatory, cyclical reviews such as is being proposed, singularly, for the CSIS Act.
There will be civil liberties concerns, rightly in a democracy, about elements of the new legislation, including the reach of the Foreign Influence Transparency Registry and the implications in the new sabotage offences for the right to protest. There will be a continued need to re-think concepts of privacy and privacy protections. Any new national security legislation will have to be combined with a strong effort at public engagement.
From my perspective, the jury remains out on the efficacy and construction of a foreign influence transparency registry, especially one that tries to reach into the realm of public communications (including social media!) and tries to maintain a country-agnostic stance. These issues will, I hope, be thoroughly tested during Parliamentary committee study. Whatever final shape the legislation takes, Canadians will have to come to understand that a foreign influence transparency registry, especially one that spends its resources on ‘catching good guys,’ is not a panacea for combatting the foreign interference threat.
[1] https://www.canada.ca/en/public-safety-canada/news/2024/05/government-introduces-legislation-to-counter-foreign-interference.html#
An excellent overview.
I would have liked to see s.16 given a proper burial but it would only resurrect the perennial foreign intelligence service debate at the wrong time. Ambition has its limitations.
Thank you, Sir; well done as is always the case with your analyses.
I can only imagine just how mind numbing a week it has been for you having dive into this stuff!