Information sharing is a critical aspect of national security. However, information sharing can have consequences for the rights and freedoms of Canadians, especially in regards to privacy. The Committee therefore took a particular interest in the privacy impacts of information sharing under SCISA. The evidence gathered shows that there are a variety of opinions on the effects of SCISA, the scope of information sharing it permits, and the balance it strikes between national security and privacy.

2.1 Importance of Finding the Right Balance Between National Security and Privacy

Above all, multiple witnesses emphasized the importance of information sharing to national security.[8] Mr. Kent Roach, Professor at the University of Toronto, provided the following illustration:

With the Arar saga we see the dangers of sharing information that is not reliable and is not strictly necessary for the mandate of a receiving institution. … Just as importantly, however, the Air India commission showed the dangers of not sharing enough information.[9]

At the same time, a number of witnesses underscored the need to find the right balance between national security and privacy.[10] Mr. Jean-Pierre Plouffe, Commissioner, Office of the Communications Security Establishment (CSE) Commissioner, argued that security measures are vital to our country, but should not “be detrimental to privacy rights.”[11] Ms. Sukanya Pillay of the Canadian Civil Liberties Association (CCLA) emphasized the fact that “we can only have effective security when we ensure that our civil liberties are there.”[12] Mr. David Elder of the Canadian Bar Association (CBA) stated that his organization

supports information sharing for the purpose of national security when that sharing is necessary, proportionate, and accompanied by adequate measures against potential abuse. However, sharing too much information or sharing information for unrestricted purposes can lead to harmful consequences. Moreover, such oversharing is contrary to the principles underlying privacy laws in Canada.[13]

On the one hand, some witnesses said that SCISA does not strike the right balance between national security and privacy and this should be corrected.[14] On the other hand, several witnesses noted that there are situations in which national security trumps privacy.[15] Still, according to Ms. Micheal Vonn of the British Columbia Civil Liberties Association (BCCLA), the main concern with SCISA is, “does SCISA provide us with the constitutional protection that we require to be protected against what is unreasonable – not what is justifiable and reasonable, but what is unreasonable?”[16]

2.2 Concerns Regarding the Security of Canada Information Sharing Act

A number of witnesses asserted that the lack of balance between privacy and national security in SCISA is the result of several factors, including the scope of the disclosure authorities granted by SCISA.

A number of witnesses stated that SCISA’s provisions are extremely broad and could have an impact on Canadians’ privacy. In particular, some witnesses were concerned by the fact that bulk information sharing could be authorized under SCISA, given that the Act does not stipulate that information sharing must be in relation to specific individuals.

2.2.1 Scope of Sharing Under the Act

Multiple witnesses found the scope of the information sharing that SCISA allows and its impact on the privacy of Canadians worrisome. In fact, a number of witnesses pointed out that SCISA extends the information-sharing authorities of federal institutions, but offers little privacy protection.

Mr. Ziyaad Mia of the Canadian Muslim Lawyers Association (CMLA) argued that SCISA is “overly broad, unbounded information sharing.”[17] According to Mr. Craig Forcese, Professor at the University of Ottawa, the definition of an “activity that undermines the security of Canada” is “so sweeping that it encompasses things that aren’t bona fide national security issues. Essentially, privacy then becomes superseded by more extraneous considerations.”[18]

Mr. Elder of the CBA noted that SCISA “has significantly expanded intragovernmental information sharing for national security purposes in Canada, including the sharing of potentially sensitive personal information, without precise definitions, basic privacy protections, or clear limitations on the purposes for sharing.”[19] The result, according to Mr. Elder, is that “there are a number of material concerns with the law as it's currently enacted and that there's potential for abuse. There's potential for information sharing that I think threatens the privacy of Canadians.”[20]

Ms. Laura Tribe of OpenMedia maintained that SCISA “contributes to an alarming privacy deficit that makes all Canadians less secure. This privacy deficit is dangerous and will have lasting consequences for the health of our democracy, for our liberty, and for our daily lives.”[21]

Lawyer David Fraser called SCISA “a privacy disaster.”[22] He said that, in the past, Canadians’ information was stored in silos and could be disclosed only in accordance with specific rules. Now, however, “we have a system whereby CSIS [the Canadian Security Intelligence Service] can ask any government department for virtually any data, as long as they think it's relevant to their task.”[23]

Mr. Mia of the CMLA pointed out that the scope of the information sharing could result in agencies having too much information: “[I]f we're trying to catch terrorists, it's like finding a needle in a haystack. SCISA is adding a couple of trailer loads of hay to that pile.”[24]

Finally, Ms. Vonn of the BCCLA argued that there is a crisis of public confidence in national security agencies and the organizations responsible for protecting the rights of Canadians.[25]

2.2.1.1 Bulk Information Sharing

A number of witnesses claimed that SCISA poses risks relating to bulk information sharing. Ms. Vonn of the BCCLA noted “not only that SCISA has no requirement for individualized grounds for data collection and can facilitate the sharing of entire databases but that it also seems likely that it was enacted precisely for the purpose of bulk data acquisition.”[26] She further stated, “There is a grave concern about the dragnet of bulk information gathering and how it will prejudice people in the ordinary course of their participating in democratic governance.”[27]

Ms. Lisa Austin, Professor at the University of Toronto, echoed Ms. Vonn’s statements. She pointed to the assumption that, under SCISA, “government institutions will decide to share information about specific individuals at discrete points in time rather than share institutionally held data sets for the purpose of more sophisticated analytics, including automated data processing. However, many believe that the latter is precisely what SCISA at least enables, even if it's not being done now – I don't know – and this raises additional privacy concerns.”[28] Ms. Tribe of OpenMedia made similar arguments to those of Ms. Vonn regarding the potential for bulk collection under SCISA.[29]

Nevertheless, a number of representatives of federal institutions argued that SCISA does not expand the scope of their information collection authorities.[30] Mr. Stephen Burt of the Department of National Defence (DND) explained that “SCISA does not affect collection mandates whatsoever, so there is no net effect of SCISA on collection of any kind, bulk or otherwise.”[31] Mr. Dominic Rochon of the CSE added that he has “no reason to believe that SCISA somehow now facilitates bulk sharing. It doesn't create any new authorities.”[32]