Leah West
Leah West spoke 10 times across 1 day of testimony.
-
Leah West, Prof. (International Affairs – Carleton University)
Good morning, Commissioner. I'm Dr. Leah West. I'm an assistant professor at the Norman Patterson School of International Affairs where I teach national security law, international law and counterterrorism. I'm a former DOJ lawyer. My client was CSIS. And I'm the co-author, along with Craig Foreces, of National Security Law. I'd like to begin by acknowledging that the premise of this panel is seemingly that what occurred in Canada in January and February of this year was a national security threat, at least as we understand them in the law. For this reason, we've been asked to consider the definition of threats to the security of Canada, the challenges of security intelligence and the rise of IMV. With the greatest of respect, I'm not certain that this underlying presumption is accurate. I do not question the impacts the protests had on citizens in Ottawa, Windsor, Coutts or elsewhere, nor do I question the economic impact the blockades and the borders and the capital had on this country. But as we typically understand it, did these activities or their impacts constitute a national security threat; namely, one of terrorism. If we take a step back and look at what happened, we should ask ourselves whether unlawful and even violent protests typically give rise to what we call a national security threat under the law in this country. Did we label the G8 and G20 protests in Toronto a national security or terrorist threat? Would we have said the same thing about the violent protests in the United States in the summer of 2020? Threats to public order and public safety, no doubt, but we have never labelled violence against police officers attempting to disrupt a protest terrorism. Moreover, the fact that individuals who hold extremist beliefs would seek to co-opt a political protest to advance their agenda is not a new phenomenon. We do not label entire protest movements terrorist because some amongst the protesters are looking for an opportunity to create violence. Again, I'd point to the history of G8 and G20 protests and even the Summit of the Americas in Quebec City in 2001. Similarly, we have never labelled blockades and other non-violent but illegal means of obstructing critical infrastructure as terrorism. This country has a long history of protests along rail corridors and ports. While certainly these activities threaten trade and Canada's economic interests, they do not fall within section 2(c) of the CSIS Act, no matter how broadly one interprets it. It is the -- is it then the combination of these types of activities that made them rise to a national security threat in February of this year? Perhaps. Or were they perhaps labelled a national security threat because that is what is currently required to unlock federal authorities that were necessary to bring these activities and their impacts to an end. If there is a chance that it is the latter, I urge restraint in broadening our understanding of national security, and in turn expanding the powers and authorities of our national security agencies like CSIS. While I wholeheartedly agree the CSIS Act requires modernisation, I do not believe this Commission or the Freedom Convoy should form the factual basis for those reforms. Instead, we should ask whether Cabinet should have the authority to use executive action to end unlawful protests and obstruction of critical infrastructure that rises to the level of a national emergency and, if we do, then the solution, in my opinion, is to explicitly define the trigger for that type of emergency and narrowly tailor the available powers to bring those activities to an end. Thank you.
-
Leah West, Prof. (International Affairs – Carleton University)
Thanks. I’m going to focus on the specific question of gaps on sharing intelligence with law enforcement, and Kent already alluded to a lot of this. And I’m taking a big-picture lens here. So I think it’s important to really take away is that in Canada, domestic intelligence sharing, at least at the operational and tactical level, only routinely flows one way; it flows from law enforcement to CSIS, not the other way around. You heard from representatives at CSIS that they became aware of the Hendon report through the Integrated National Security Enforcement Team, so the INSETs. And through these teams, intelligence from law enforcement related to CSIS’s mandate is fed back to CSIS, and when necessary, information from CSIS regarding INSET investigations can be shared with law enforcement, but it’s through a highly centralized, strategic- level process, and what’s known as the One Vision 2.0 Policy. So lots of information flowing to CSIS from law enforcement, but only trickles of intelligence from CSIS to police. And generally; I’m not, again, narrowly focusing here on the convoy. But I do think in one sense this makes sense. CSIS’s investigative mandate, at least when it comes to national security threats, is far wider than law enforcement. CSIS’s job is to advise the government about threats, realized and potential; and it’s not to lay criminal charges. And you only have to look at the definition of terrorist activity in the Criminal Code, for example, versus the definition of what captures terrorism in the CSIS Act to get a sense of how much wider CSIS’s mandate actually is. And I do want to pause here and emphasize one point; the scope of political violence captured by the CSIS Act is actually quite broad, although I totally agree that how CSIS chooses to focus its activities can be much narrower than what the law allows for. And I think we have to remember that CSIS’s activities are necessarily proactive, other than law enforcement activities that tends to be reactive. A CSIS investigation needs not be tied to a well- identified threat actor or well-defined group. Moreover, CSIS can take numerous investigative steps to investigate threats before they need a warrant, which is something you heard a lot about. The threshold for obtaining a warrant is significantly more demanding than the threshold to start a section 12 investigation into threats into the security of Canada, and one only needs to look at reports of review bodies to understand that the number of warrants CSIS obtains is nowhere near the number of investigations the Service undertakes in a given year. And that’s precisely how the Act is set up to work. Kind of digressing, but my point is that the flow of intelligence between CSIS and law enforcement is far more restricted than the other way around, and while that is to be expected there can be instances where CSIS does not share intelligence relevant to criminal investigations for fear that its intelligence will cede criminal investigations and be subject to disclosure and testing in criminal proceedings, and this fear is often shorthanded as the intelligence to evidence dilemma. What’s the basis for this fear? Kent alluded to it; as a security intelligence service, every action taken by CSIS, regardless of the threat under investigation, is governed by what I consider to be three preoccupations, which is that security intelligence has national and international dimensions; the threat actors, the influences, the consequences, and the theatres of operations demand liaison and information-sharing with foreign and domestic partners of all types, and often under a demand for secrecy, and as a net importer of intelligence, maintaining strong relationships of trust with these partners is vital to CSIS’s success. Second, the constant fear of penetration by a foreign agency or threat actor demands unrelenting vigilance and creates, I would say, an obsessive need to safeguard employees, sources, and investigative techniques. And, third, the ultimate aim of security intelligence organization is not public recognition for its successes or to provide a sense of security to citizens; the aim is the collection of information about people and organizations who seek to obscure their true intent, which necessitates the careful use by CSIS of deceit, manipulation, intrusive technology, all without violating the rights and freedoms the Agency has been established to protect. So disclosing CSIS information in open court threatens all of that, and quite frankly, our evidence law is not well structured to balance those concerns against the rights of the accused. And so numerous proposals have been put forward over the years, starting with the Air India Commission and moving forward in an attempt to remedy that issue to allow for greater information flowing between CSIS and law enforcement. But, again, I would say that there’s a lack of political will to tackle this problem. And if a finding of this Commission is that there is greater need for intelligence sharing between federal and provincial agencies and municipal police forces, this problem is going to need to be addressed. And until it is, the reality is that intelligence between law enforcement and CSIS will continue to largely flow one way. Thank you.
-
Leah West, Prof. (International Affairs – Carleton University)
Sorry; I’m going to focus on open source, because that’s what I was asked to focus on. And so we know open source is derived from information publicly available; not readily publicly available, but publicly available, regardless of the type of medium. And in the testimony you heard from intelligence officials, no-one can convert -- excuse me; conveyed concern about the ability to collect, share, and analyze newspaper articles -- sorry -- or YouTube videos. The pressing question is about the ability to collect, share, analyze information shared on social media platforms. Moreover, I don’t think anyone would suggest that CSIS couldn’t follow its targets on Twitter or TikTok, or that it’s inappropriate to read pages on Reddit that are very clearly tied to the Agency’s mandate. And the same could be said for law enforcement investigating a criminal suspect. My understanding, based on many conversations with officials and the testimony you heard, is that what’s currently lacking within Canada’s national security and intelligence community is the ability to monitor social media for trends that could pose a threat to national security. They want to be able to understand social movements, and narratives and the motivations and intentions of those participating and promoting them. Doing this requires taking a very large lens to observe and analyze social media activity that is not immediately and may never become threat-related. It can also, depending on the technique used, require the collection and analysis of vast quantities of personally identifying information, which would trigger, you know, the Privacy Act, and potentially the Charter, but there’s still an area of legal uncertainty. So despite there being numerous private entities with these capabilities, there is no federal agency in Canada with a mandate or the legal authorities to conduct this type of OSINT. The closest thing that exists, and you heard a bit about this, was the Canadian Rapid Response Mechanism, the RRM, but the RRM monitors the digital information environment for foreign state-sponsored disinformation and provides the Government of Canada and its international RRM partners with open-source -- open primary-source data analytics about threats specifically to democracy. So the question troubling the intelligence community in Canada is; if we need this similar capability -- and I suggest that it would be worthwhile -- where should that capability reside? CSIS, I suspect, would be the first one to tell you that it’s not their job, and that they don’t want to be seen to be monitoring the population. Alternatively, you could think Public Safety, but Public Safety is not a collection agency; it’s primarily a coordination, and sets priorities and policy. So too for PCO; not a collection -- intelligence collector but does serve a coordinating function. One alternative I’m going to throw out there, but I think it is a little bit beyond your mandate, is the promise of establishing an arm’s length public-facing body that could publicly identify social trends and defamation as a form of warning and information to Canadians writ large, civic education. But there are pros and cons to that -- that proposal as well, and because I have limited time, I’m going to stop there.
-
Leah West, Prof. (International Affairs – Carleton University)
Sure. So on the should the threat of the security of Canada be changed, as I mentioned in my Opening Statement, I'm uncertain that what happened qualifies as threat to the security, as defined in the CSIS Act, and so to suggest that it did, by definition, as it's clearly written in the CSIS Act is inadequate. To (inaudible) activities I would argue is to accept that perhaps the legal threshold wasn't met. I think the question of whether the CSIS Act ought to be modernised is the important one, and I would tend to agree that it does, but like I said earlier, I don't think the facts of what took place this year or the Commission is the place for that discussion. I think the role of this Commission is to honestly assess what went wrong, and respectfully, I don't think the cause of prolonged blockades in Ottawa or at our borders was because the CSIS Act doesn't adequately capture those activities. In my opinion, the Commission should identify the reasons why protesters were able to establish blockades, what challenges law enforcement had in ending them, and make recommendations according to that, rather than suggest ways to make it easier for the Executive to invoke the Emergencies Act. On the second question, of should the definition of Public Order Emergency be tied to the CSIS Act, yes and no. Currently, as Dick mentioned, what currently falls under the heading of a Public Order Emergency is an emergency caused by a national security threat actor, it doesn't really capture public order disturbances. So if Parliament is of the view that what we want to be able -- we want to be able to invoke the Emergencies Act to respond to Public Order Emergencies caused by unlawful protest, blockades, and interference with critical infrastructure, then I believe the entire section of that Act needs to be rewritten for that specific purpose. Not only do we need to change the triggers, but the powers and authorities available to the Executive once a public emergency is invoked. Alternatively, the Government could introduce separate legislation to create new offences and new police powers and prevention orders related to the protection of critical infrastructure and the maintenance of public order. The UK Government has recently introduced a piece of legislation that does just that, it's the Public Order Bill, and it's currently committee in the House of Lords. That said, I suspect Parliament will still want to ensure that emergencies arising from threats of terrorism, espionage, sabotage, foreign interference and subversion can be addressed through the Emergencies Act, and in that case, I would not recommend decoupling the definition from the CSIS Act. These threats are already difficult for the public to assess, let alone identify. Canadians can see the effects of a flood, a pandemic and a blockade in a war. Images and stories of those impacts fly across the country in real time. But espionage, covert efforts to overthrow the Government or influence our democratic processes, terrorist -- foiled terrorist plots? Often the only one that has the knowledge of those threats will be Canada's intelligence and law enforcement agencies. Moreover, the target of these threats is in most cases is going to be the Government itself. So we have potential for an unseen threat against those with the power to invoke the Act, coupled with the fact that any such decision to invoke it will be given significant deference, and the intelligence used as the basis for that decision can be withheld on Cabinet and national security privilege grounds, although not in this case. But this section of the Emergencies Act, and if we want to protect emergencies from them, is already ripe for abuse. Tying the invocation of the emergencies, of the emergency, excuse me, tying the invocation of an emergency caused from those types of threats to the CSIS Act in my opinion creates some level of objectivity to the legal test. The definition there is one that is routinely applied, understood, and subject to lots of review, as we've heard, and the whole point of including it in the EA was to eliminate questions about what does and does not amount to a national security threat that could trigger the EA, and I'm talking about threats from terrorism, subversion, espionage, et cetera. Using some novel or wider definition that would capture those threats, I think would render essentially a legal threshold meaningless. Thank you.
-
Leah West, Prof. (International Affairs – Carleton University)
Okay. Well I wasn’t expecting that. I’m going to take this opportunity to be nerdy about the Emergencies Act law for a minute, if you indulge me, Commissioner. So Roberts v Canada, a decision in 1989 of the Supreme Court of Canada interpreted the phrase “any other law of Canada” as it’s used in section 101 of the Constitution, and held that it includes either federal statute or federal common- law. Typically federal legislation uses the term “any other law of Canada, or a province, or any other law”, if it’s used to denote wider application than just federal statute and common-law. And I would say that we’ve heard different types of interpretations of that phrase put before you and since the Act was invoked. And I would say that this more narrow reading of that is actually more consistent with the definition of national emergency in the Emergencies Act. And if you look to Part A, it already stipulates that an emergency has to be beyond the authority of a province, and it would be redundant to require that an emergency be both beyond the authority of province, and also require that it not be effectively dealt with under any law of a province. And as you’re aware, and your counsel is aware, there is an interpretative presumption against redundancy. And Part B of the definition already considers matters that fall outside of provincial jurisdiction, so it wouldn’t be subject to resolution through provincial law in the first place. So once Cabinet has determined that there is a national emergency under A or B, and it’s so therefore beyond the authority of a province, the question is simply whether there are federal legislative authorities that it can rely on to deal with the emergency. Now, I don’t think this actually changes the facts that Cabinet needs to establish in order to meet the legal threshold, but I do think that there’s been a lack of clarity around this element of the definition, and I wanted to take this opportunity to try to clear it up.
-
Leah West, Prof. (International Affairs – Carleton University)
Well, that is the million dollar question, I think. And I -- as someone coming from a -- someone with a strong civil libertarian streak in me, I would like to see it be an organisation that is not directly tied into security intelligence because of the power of social media monitoring and assessment. And what we're looking at, when you think about what you're looking at when you're assessing social media is not necessarily reality. There are a lot of augmentation, there's a lot of, you know, bots pushing things, there's a lot of people saying things that they would never act on or ever really say out loud in public. And so as a real strong source of intelligence that's credible and reliable, there is, you know, inherent difficulties in anything that you're just getting when you look, at a broad sense, at social media. But it is important to get a sense of political movements and political grievances and, you know, the scope of anger around certain issues and whether that has the possibility to, you know, be unleashed as violence, you know, and to get a sense of the social concerns of Canadians, especially when they may pose a risk to public order and national security. So I think there is a good use for it, but it is a very different type of intelligence than what I think, you know, we want CSIS to be relying on, but it can help narrow the focus of our security intelligence agencies on potential areas of concern. So I think there’s a use for it, but because of the concerns about it, and because of the sheer fact that you really are monitoring people’s conversations, right, their free expression and their exercise of that online, we have to be really careful about who has the responsibility for monitoring that. And so that’s why I think a public facing organization that is not a security or intelligence organization, but is an organization that is responsible for understanding public discourse and potential threats to -- threats arising from disinformation or understanding trends that are happening online, and then sharing that publicly with Canadians, rather than just simply sharing it with CSIS, right, would be very helpful. Clearly if an organization like that were to come across very highly threat related type of analysis, you know, we already have capacity for information sharing between agencies of that kind under the Privacy Act and under SCIA. So I would envelop it under that. But I think it’s more important that Canadians have an understanding of what’s happening, because we do get such a siloed interpretation of what’s happening. So having some sort of arm’s length public facing body that can take a scan of the pulse of Canada and talk about these really important issues, or at least put them forward and then identify where there’s some disinformation happening could also be a really useful tool. And so maybe that’s a place for something associated with Heritage Canada, because it’s taking up that mantle. But I just -- I do have a hesitancy to say that that type of intelligence analysis should be resident within a solely public safety or one of its portfolio agencies.
-
Leah West, Prof. (International Affairs – Carleton University)
Well I think the history of why we have CSIS exemplifies that risk, is understanding the difference between potential threats to the security of Canada and actual criminal offences, and where the line to be drawn is when you’re collecting intelligence. Again, obviously there is some level of proactive police -- law enforcement intelligence; right? But for the most part, it should be reactive. You can be proactive in assessing past trends; right? So if you are thinking about where crime is most likely to occur, you can look at past trends and think proactively about where you might see crime into the future. But it shouldn’t be about crimes that have yet to manifest entirely, and potential individuals who have not yet started to take the action towards criminal offences. And so figuring out that line when you’re talking about ideologically motivated extremism versus ideologically motivated violent extremism is particularly challenging. One is illegal. The other one is not. And so I have strong concerns about downloading that responsibility to law enforcement, whose job it is to investigate crime with an eye towards criminal prosecutions, not advise the Government of Canada about potential threats. And I think especially with IMVE, figuring out where that line is is really challenging and I hesitate that we wouldn’t get into a situation where we err on the side of caution when collecting intelligence about potential IMVE actors.
-
Leah West, Prof. (International Affairs – Carleton University)
I don’t think NSIRA should have a role here, and I -- I’ll step back and say I tend to agree that in terms of whether or not Canadians accept the position put forward by the Government of Canada, Parliament has already had to speak on that issue and I don’t know that having a detailed analysis of the actual legal opinion by a separate body will really advance anything. I think this Commission has its own purposes and it’ll do its work and it should be left to do its work and not have a separate agency doing something on the side. I will, however, push back on -- and also, NSIRA’s just not really structurally set up for that. NSICOP, I agree with all of the benefits of NSICOP be the ones to conduct the Parliamentary review. However, there are serious deficits with it as it is currently structured as a body of Parliamentarians and not a Parliamentary Committee, for example, the inability to compel witnesses or evidence before it. It does not have that capacity. And Ministers, for example, can say, “I’m not going to testify or provide you with that information that you want right now because it continues to be operationally relevant”, which I think when you’re dealing with an ongoing emergency, which is one of their tasks, would be really problematic for the committee. So if we wanted to give it to NSICOP, we would need to make it a full-fledged committee of Parliament, it could not do that function as a committee of Parliamentarians.
-
Leah West, Prof. (International Affairs – Carleton University)
So I would agree that I -- from what I’ve seen, to me, didn’t seem to be an intelligence failure, but a failure to act on that intelligence. And what we really had was a federalism failure. The Emergencies Act is based on the premise of everyone doing their jobs at the municipal, provincial, and federal levels.
-
Leah West, Prof. (International Affairs – Carleton University)
And that didn’t happen. I think, to me, that is the biggest failure that we need to take away from this.