Source text

Canadian Security Intelligence Service Act (CA) (Re)
Court (s) Database
Federal Court Decisions
Date
2022-10-21
Neutral citation
2022 FC 1444
Notes
A correction was made on June 23, 2023
Decision Content
TOP SECRET
Date: 20221021
Docket: CSIS-1-21
Citation: 2022 FC 1444
Ottawa, Ontario, October 21, 2022
PRESENT: THE CHIEF JUSTICE
BETWEEN:
IN THE MATTER OF AN APPLICATION BY [_..._] FOR WARRANTS PURSUANT TO SECTIONS 12 AND 21 OF THE CANADIAN SECURITY INTELLIGENCE SERVICE ACT, RSC 1985, c C-23 AND IN THE MATTER OF [_..._] THREAT-RELATED ACTIVITIES
JUDGMENT AND REASONS
I. Introduction [1] As the art of tradecraft for clandestine domestic and international activities continues to evolve, the public interest requires the Canadian Security Intelligence Service [CSIS or the Service] to keep pace. However, it must do so within the bounds of the law.
[2] There are two principal issues in this proceeding. The first is whether CSIS may deploy a particular new technology [the Technology] within Canada in four specific ways without a warrant, in the course of investigations pursuant to section 12 of the Canadian Security Intelligence Service Act, RSC 1985, c C-23 [the CSIS Act]. Three of those proposed uses of the Technology would be solely within Canada, while the fourth would be both within and outside Canada.
[3] The Attorney General of Canada [AGC] concedes that the utilization of the Technology solely within Canada in each of those four proposed ways would constitute a “search,” within the meaning of section 8 of the Canadian Charter of Rights and Freedoms, Part I of the Constitution Act, 1982, being Schedule B to the Canada Act 1982 (UK), 1982, c 11 [the Charter]. However, the AGC maintains that those ways of deploying the Technology would not be “unreasonable,” as contemplated by section 8. This is because (i) they would be “minimally intrusive”, and therefore authorized by section 12 of the CSIS Act; (ii) section 12 is a reasonable law; and (iii) the “searches” would be carried out in a reasonable manner.
[4] For the reasons that follow, I agree. The Technology may be deployed within Canada in the four specific ways that CSIS has proposed, without a warrant, provided that such uses of the Technology are consistent with the reasons set forth below, particularly paragraphs 62, 88, 116–117, 126–127 and 141.
[5] The second principal issue in this proceeding is whether CSIS may utilize the Technology outside Canada against foreign nationals with no recognized nexus to Canada, without a warrant. This use of the Technology would be more than minimally intrusive. However, for the reasons provided below, I have concluded that CSIS would not require a warrant before deploying the Technology outside Canada in the ways that it has identified.
[6] In brief, foreign nationals with no recognized nexus to Canada do not benefit from the protections afforded by section 8. This includes the requirement for pre-authorization of a search by an entirely neutral and impartial arbiter who is capable of acting judicially in balancing the interests of the state against those of the individual, in certain circumstances: Hunter et al v Southam Inc, [1984] 2 SCR 145, at 160–162 and 168–9 [Hunter]. The Court’s attention was not directed towards any principle of international law that would prevent CSIS from deploying the Technology outside Canada in the manner it has identified, without a warrant and against such individuals.
[7] Given the confidential nature of the Technology, my detailed description of it is provided in Appendix I to these reasons, which will remain classified. The more basic description of the Technology set forth in the main body below is provided in a manner that will permit the public to understand the issues raised in this proceeding, despite the fact that redactions will nonetheless be necessary in the public version of this decision, for national security reasons.
II. Background A. Principal Uses of the Technology and Procedural History [8] In December 2021, the Court received a supplemental warrant application in which CSIS sought warrant powers to deploy a new technological tool against existing targets of an investigation being conducted pursuant to section 12 of the CSIS Act. The new tool is a [_..._] technology [_..._] that has [_..._] capabilities. These include the ability to identify [_..._] [a Device] [_..._]. They also include the ability [_..._] a Device. Such [_..._] information can be obtained by identifying [_..._] associated with a Device.[1]
[9] At the present time, [_..._] in respect of which such information [_..._] may be obtained ranges from [_..._] with the Technology.
[10] [_..._] Such information can assist CSIS to make inferences about the [_..._] of those individuals, so as to advance investigational goals. The amount of information that can be obtained about a subject of investigation will depend on [_..._].
[11] CSIS is also able to use the Technology to identify [_..._] and to learn about [_..._]. In addition, the Technology can assist CSIS to identify [_..._], as well as to [_..._]. Other potential uses of the technology are briefly described in Appendix I below.
[12] In written submissions, counsel for the AGC submits that the Technology can be deployed within Canada in four specific ways that are minimally intrusive, such that those uses would be authorized under section 12 of the CSIS Act, without the need for a warrant. The first three of those ways would be solely within Canada, whereas the fourth would involve collecting [_..._] information from a Device [ both within and outside Canada ]. An important aspect of the AGC’s position in this regard is its assertion that the four methods of utilizing the Technology in Canada without a warrant would not involve the [_..._].
[13] The AGC further submits that foreign nationals abroad who have no nexus to Canada do not benefit from the protections afforded by section 8 of the Charter. Therefore, the AGC asserts that CSIS may deploy the Technology against such persons in more intrusive ways, without a warrant. Such more intrusive ways include [_..._].
[14] Notwithstanding the foregoing, CSIS sought a Provisional [_..._] Warrant [Provisional Warrant] to enable it to obtain the [_..._] of several named subjects within Canada, for the purposes of [_..._] to those persons. In its initial correspondence to the Court in relation to that warrant, the AGC explained that the requested powers “could be justified as minimally intrusive under s. 12 of the CSIS Act, without the need for a warrant.” However, the warrant was being sought out of an abundance of caution, to avoid inadvertently violating the Charter while (i) CSIS gained a better understanding of the data that would be returned through the [_Technology_], and (ii) the Court considered whether that particular use of [_..._] data could be authorized under s. 12 of the Canadian Security Intelligence Service Act alone. The AGC reserved the right to return to the Court at a later date to argue that the requested powers do not require a warrant, for the reason explained above.
[15] During the hearing of the Provisional Warrant Application on January 25, 2022, I raised initial concerns regarding the potential for [_..._] data of Devices of third parties to be incidentally obtained in the course of exercising the warranted powers. To substantially reduce the scope for this to occur, I insisted that the warrant be amended to provide the authority to obtain [_..._] identified in the warrant, for each of the named subjects of investigation. After unsuccessfully endeavouring with counsel to identify a similar limiting mechanism for other provisions of the requested warrant, those other provisions were deleted.
[16] On the same date that the Provisional Warrant was issued, I issued a second warrant, described as [_..._] Warrant. That warrant authorized CSIS to deploy the Technology in a manner that CSIS acknowledged was more than minimally intrusive, including [_..._] of the Devices of the same named subjects of investigation who were identified in the Provisional Warrant.
[17] Each of the two above-mentioned warrants expired on February 26, 2022. However, new warrants with some amendments that are not relevant for the present purposes were issued by Justice Norris on February 24, 2022. Those warrants were issued on the understanding that CSIS would bring an application to cancel or amend the extended Provisional Warrant based on the present decision.
[18] To assist the Court in addressing the legal issues raised by this application, I appointed Mr. Gib van Ert as amicus curiae [the Amicus].
B. CSIS’s Pilot Project and NSIRA’s Review [19] CSIS first used the Technology on a pilot basis for several months in 2018. During that period, it was used without a warrant approximately [_..._] times against Canadian and non-Canadian subjects of investigation located in Canada and abroad. A total of [_..._] operational reports [_..._] resulted from those uses of the Technology. However, after privacy issues were raised internally, the pilot project was terminated in July 2018. After that time, use of the Technology was confined to investigative activities in relation to (i) foreign nationals located outside Canada without a nexus to Canada, and (ii) [_..._]. In July 2020, CSIS suspended all use of the Technology until it obtained further clarity about the application of section 8 of the Charter to its collection activities against foreign nationals with no nexus to Canada.
[20] In mid-to-late 2018, the Security Intelligence Review Committee [SIRC] initiated a review of CSIS’s use of the Technology earlier that year, during the above-mentioned pilot period. That review was ultimately completed by SIRC’s successor, the National Security and Intelligence Review Committee [NSIRA], which issued a report entitled Review of CSIS’s Use of [_..._] – a Geolocation Data Collection Tool (NSIRA Study 2018-05) [NSIRA Report]. That report was “communicated” to the Minister of Public Safety and Emergency Preparedness in August 2019.
[21] Among other things, NSIRA found that the use of the Technology [_..._] constituted a “search” for the purposes of section 8 of the Charter. NSIRA added that “there was a risk that CSIS breached section 8 of the Charter during the trial period in which it used [the Technology] without a warrant”: NSIRA Report, at 11. NSIRA proceeded to recommend as follows:
“ … that CSIS review its use of [the Technology] to date and make a determination as to which of the operational reports generated through the use of [the Technology] were in breach of section 8 of the Charter. These operational reports and/or any documents related to those results should be purged from its systems.”
NSIRA Report, at 12.
[22] According to CSIS’s technical affiant [Affiant 1], CSIS ultimately determined that the [_..._] above-mentioned operational reports needed to be retained in order to meet CSIS’s legal obligations. Those reports and their attachments have been sequestered so as to ensure that the information contained therein does not inform or contribute to other CSIS investigations.
C. CSIS’s Delay in Informing the Court of its Use of the Technology Against Subjects of the Court’s Warrants [23] I pause to observe that CSIS or the AGC ought to have informed the Court about the forthcoming NSIRA Report well before that report was released in August 2019. Their failure to do so before the present Application was filed more than two years later, in December 2021, was inconsistent with (i) a commitment made to the Court in 2016 by CSIS’s Director, and (ii) the elevated duty of utmost good faith that applies in ex parte proceedings, particularly pursuant to the CSIS Act: Canadian Security Intelligence Services Act (CA) (Re), 2021 FCA 92, at para 126 [CSIS Act (Re) 2021 FCA].
[24] Specifically, CSIS’s Director of the day Mr. Michel Coulombe committed to advise the Court “as soon as an issue comes up” in a review by the Security Intelligence Review Committee relating to matters involving this Court’s warrants, “even if the report is not finalized”: En Banc Hearing, June 10, 2016, Transcript at 18 and 55. This was on the understanding that the final report and recommendations might be different from the initial information that had been communicated to the Court. In 2018, CSIS’s current Director reiterated a commitment to abide by the spirit of this undertaking.
[25] The AGC’s explanations for the failure to inform the Court about the NSIRA Report prior to the present proceeding do not withstand scrutiny. To begin, the AGC maintained that (i) the warrants involved individuals who were, or later became, either warranted subjects of investigation or the subject of a warranted collection, and (ii) that the warrants were obtained and expired prior to the release of the NSIRA Report. However, this does not provide a basis for relieving CSIS from its commitment, or its elevated duty of candour.
[26] Of the warranted individuals discussed in the NSIRA report, [_..._]. [_..._] warrants issued against [_..._] were [_..._] during the period covered by NSIRA’s review and [_..._] issued for a one-year period in July 2018. Another was renewed in June 2018 and expired in June 2019. Given that the NSIRA Report was released in August 2019, it is reasonable to infer that the issues it addressed had sufficiently ripened to have fallen within the scope of both the Director’s above-discussed commitment to the Court and the elevated duty of good faith disclosure well before that date.
[27] As for the [_..._], the Technology was deployed against them outside Canada. Warrants against [_..._] of those individuals were sought in mid-2019, [_..._]. The warrant against the [_..._] individual was sought [_..._] the application in the present proceeding was filed. Yet, the use of the Technology against these [_..._] individuals and the [_..._] described above was not disclosed prior to May 18, 2022. Indeed, the Court may never have been made aware of the uses of the Technology against these individuals had I not issued a Direction requiring the AGC and the Service to advise as to whether the Technology had ever been used or directed against any target who either was, or is, the subject of warrants issued by this Court.
[28] The AGC further explained that the Court was not informed about the use of the Technology against the above-mentioned individuals because none of the information collected was ever relied upon in an application for warrants. However, as the AGC and CSIS have been repeatedly advised in the past, information concerning the techniques that have been used against subjects of investigation in respect of whom a warrant application has been made, or is being made, is relevant to both the exercise of the Court’s discretion and its oversight of its outstanding warrants.
[29] As long as the information may be considered to be relevant to the Court’s exercise of discretion to issue or revisit an outstanding warrant, it must be disclosed: CSIS Act (Re) 2021 FCA, at para 127. The duty of utmost good faith and transparency requires no less.
[30] This is so even if the information is or was not relied upon in the warrant application.
[31] For greater certainty, this remains true even if CSIS’s affiant has determined that the information does not fall within the scope of the matters to be specified in an application for a warrant, as set forth in paragraphs 21(2)(a) and (b) of the CSIS Act: CSIS Act (Re) 2021 FCA, at para 133. This is so for two reasons. First, the information might well be relevant to the exercise of the Court’s discretion. Second, the Court may well disagree with the determination of CSIS’s affiant regarding the scope and applicability of paragraphs 21(2)(a) and (b).
[32] As a result of this Court’s decision in X (Re), 2020 FC 616, and general principles subsequently articulated in CSIS Act (Re) 2021 FCA, at paras 120–133, the AGC and CSIS now recognize that the elevated duty of candour requires the disclosure of all information that may be relevant to the determinations this Court must make in deciding whether to issue a warrant, and if so, on what terms. This includes information that may not have been relied on in support of a warrant application. The AGC and CSIS also accept that NSIRA’s finding that there was a risk of a breach of section 8 of the Charter in relation to CSIS’s use of the Technology within Canada fell within the scope of the elevated duty of full and frank disclosure. They further acknowledge that the Court retains discretion, when informed of matters that fall within the scope of that duty, to rescind the ongoing validity of active warrants, to refuse to issue new warrants, or to order other relief.
III. Issues [33] There are two principal issues in this proceeding. They are as follows:
1. Does section 12 of the CSIS Act authorize CSIS to utilize the Technology within Canada in the four ways CSIS has identified, without a warrant?
2. Does section 12 of the CSIS Act authorize CSIS to utilize the Technology outside Canada against foreign nationals with no nexus to Canada, and in the more intrusive ways it has identified, without a warrant?
IV. Assessment of the proposed uses within Canada (Issue #1) A. Summary of the Four Proposed Uses and Introduction [34] As previously noted, three of the proposed methods of deploying the Technology would be solely within Canada. They are as follows:
i)Against known targets of CSIS investigations, [_..._] within Canada [_..._].
ii)Against known targets of CSIS investigations, [_..._] within Canada, [_..._].
iii)[_..._] within Canada [_..._].
[35] The fourth proposed use of the Technology [_..._] would involve collecting [_..._] data from Devices [both within and outside Canada][2].
[36] The general legal principles applicable to CSIS’s use of new technology to obtain information about the mobile communications devices of subjects of investigation were extensively reviewed in X (Re), 2017 FC 1047 [IMSI]. There, the Court applied the jurisprudence pertaining to what constitutes a “search” and what constitutes an “unreasonable” search, within the meaning of section 8 of the Charter. Like the present proceeding, IMSI involved an application pursuant to sections 12 and 21 of the CSIS Act.
[37] There, the Court determined that CSIS’s use of a cellular-site simulator [CSS] to capture the identifying characteristics of a subject of investigation’s mobile communications devices in Canada without a warrant constituted a “search,” but not an “unreasonable” one. Those identifying characteristics consisted of the International Mobile Subscriber Identity and International Mobile Equipment Identity numbers that were emitted by the subject’s devices at certain times.
[38] In Canadian Security Intelligence Services Act (CA) (Re), 2020 FC 697 [CSIS_2020], the Court made similar findings regarding the use of (i) CSS technology to capture the same information that was at issue in IMSI [_..._]. However, it proceeded to find that CSIS requires a warrant to [_..._] obtain information about individuals [_..._], which reveals much more personal information about the user of a communications device: [CSIS_2020], at paras 118–125, 166–169 and 176–181. Those findings were made in the context of an application under sections 16 and 21 of the CSIS Act.
[39] In IMSI, the Court’s conclusion that the capture of the identifying characteristics of the target’s mobile device did not constitute an “unreasonable” search was based on three principal findings: (i) the “search” was authorized by law, namely, section 12 of the CSIS Act, (ii) that law is reasonable, and (iii) the searches would be carried out in a reasonable manner: IMSI, at paras 198–201, 236 and 238–243.
[40] Section 12 states as follows:
Collection, analysis and retention
Informations et renseignements
12 (1) The Service shall collect, by investigation or otherwise, to the extent that it is strictly necessary, and analyse and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada and, in relation thereto, shall report to and advise the Government of Canada.
12 (1) Le Service recueille, au moyen d’enquêtes ou autrement, dans la mesure strictement nécessaire, et analyse et conserve les informations et renseignements sur les activités dont il existe des motifs raisonnables de soupçonner qu’elles constituent des menaces envers la sécurité du Canada; il en fait rapport au gouvernement du Canada et le conseille à cet égard.
No territorial limit
Aucune limite territoriale
(2) For greater certainty, the Service may perform its duties and functions under subsection (1) within or outside Canada.
(2) Il est entendu que le Service peut exercer les fonctions que le paragraphe (1) lui confère même à l’extérieur du Canada.
[41] In the course of assessing the authority provided by section 12, the Court in IMSI noted the following:
[196] The plain language of section 12 requires CSIS to collect, by investigation or otherwise, to the extent that it is strictly necessary, and to analyse and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada. This provides CSIS with the explicit authority to investigate such threats in those circumstances.
[42] The Court proceeded to observe that section 12 authorizes CSIS to collect, analyse and retain information that ranges from non-intrusive to highly intrusive. However, once CSIS “moves beyond minimally invasive collection activities, it will require a warrant”: IMSI, above, at para 219. It is important to keep in mind that this statement was made in the context of the Court’s assessment of the application of section 8 of the Charter to intrusive activity in which CSIS had engaged within Canada. In that context, and given the provisions of section 21 pertaining to warrants, it could be inferred that Parliament implicitly contemplated that CSIS would require judicial preauthorization before engaging in collection activities that were more than minimally intrusive: IMSI, above, at para 219.
[43] It is common ground between the AGC and the Amicus that the Court’s decision in IMSI provides an appropriate point of departure for the analysis of some of the important issues in the present proceeding.
[44] In conducting the assessment below, I will remain mindful of the need to adopt “a purposive approach to section 8 that emphasizes the protection of privacy as a prerequisite to individual security, self-fulfilment and autonomy as well as to the maintenance of a thriving democratic society”: R v Spencer, 2014 SCC 43, at para 15.
B. Would the proposed uses of the Technology within Canada constitute a “search”? [45] In IMSI, the Court found that the target had a reasonable expectation of privacy [REP] in respect of the identifying characteristics of his mobile devices: IMSI, above, at paras 140, 177 and 189. This REP existed because of the nature of the information that CSIS was able to begin learning about his private activities, upon obtaining those numeric identifiers from his devices. CSIS’s intrusion on this REP constituted a “search” within the meaning of section 8 and therefore “engaged” the privacy interests protected therein: IMSI, above, at paras 111, 149 and 247.
[46] In the present proceeding, it is common ground between the AGC and the Amicus that each of the four ways in which CSIS proposes to utilize the Technology within Canada would constitute a “search” within the meaning of section 8. This is because individuals in Canada have an REP in the [_..._] data [_..._] that are accessible through the Technology. However, the AGC and the Amicus disagree about whether the use of the Technology outside Canada in relation to foreigners who have no nexus to Canada, would constitute such a “search”. This will be discussed in part IV.C. (3)(d) below.
C. Would the Proposed Uses of the Technology Within Canada Constitute an “Unreasonable” Search? [47] Warrantless searches such as those proposed in the present proceeding are presumptively unreasonable. However, that presumption may be rebutted by demonstrating that: (i) the searches are authorized by law, (ii) the law is reasonable, and (iii) the searches will be carried out in a reasonable manner: Spencer, at para 68.
(1) Are the proposed searches authorized by law? [48] It is common ground between the AGC and the Amicus that the four proposed uses of the Technology within Canada would be authorised by section 12 of the CSIS Act, so long as they are only minimally intrusive in nature. The Amicus maintains that this would be the case only if CSIS abides by certain conditions that are discussed in section IV.C. (3) below, which addresses the reasonableness of the proposed searches.
(2) Is the authorizing law reasonable? [49] The AGC and the Amicus agree that section 12 is a reasonable law. However, the Amicus maintains that the analysis of this second prong of the tripartite test for assessing the reasonableness of the proposed searches should not end there. Instead, the Amicus submits that the Court’s assessment should include a review of the [_..._] as well as the [_..._].
[50] With respect to the [_..._], the Amicus submits that they do not reasonably contemplate the use of [_..._] data for national security purposes.
[51] In support of this position, the Amicus notes that the NSIRA Report made the following observation at page 6:
[_..._].
[52] The Amicus further notes that similar observations were made in several of the [_..._] that were attached to one of the affidavits sworn by Affiant 1. In this regard, the Amicus quoted the following statement regarding the data available through the Technology: [_..._][3]
[53] [This paragraph describes a legal argument put forward by the Amicus as to whether an instrument, other than an act or regulation, must be considered in addition to s.12 of the CSIS Act in assessing whether the deployment of the tool is authorized by law. Amicus submits that consideration of the instrument supports a conclusion of unreasonableness for the purposes of the Court’s inquiry under section 8 of the Charter.]
[54] In reply, the AGC submits that, for the purposes of section 8, [_..._] are only potentially relevant to the assessment of whether intrusive investigative activity constitutes a “search.” They are not relevant to the assessment of whether a “search” is unreasonable, unless there is evidence of unlawful activity. The AGC observes that, in the case at hand, there is no such evidence — either in respect of the acquisition of [_..._] data [_..._]. Indeed, to the extent that there is any relevant evidence in this regard, it points in the opposite direction. In particular, a document [_..._] entitled [_..._] states: “all data collection is done legally [_..._][4].
[55] The AGC maintains that the Amicus’ position on this issue confuses lack of waiver of a REP with reasonable lawful authority to intrude upon a REP. The latter does not depend on a user consenting to or reasonably expecting such an intrusion. The AGC contends that if there was no REP, there would be no “search” and therefore no need to assess the reasonableness of the authorizing law.
[56] In support of this position, the AGC notes that in IMSI this Court found that the interception of mobile device identifiers without a warrant was lawful, even though [_..._]. In other words, [_..._] were not relevant to the assessment of [_..._].
[57] The AGC further observes that, in the criminal law context, the Supreme Court of Canada [SCC] has acknowledged that police “may employ creativity and subterfuge” and “resort to tricks or other forms of deceit” in conducting their investigations: R v Mills, 2019 SCC 22, at para 43; Rothman v The Queen, [1981] 1 SCR 640, at 697.
[58] [This paragraph describes the Court’s finding that the instrument was relevant to the assessment of whether a device user has an REP in their data but was not relevant to the assessment of whether CSIS proposed intrusions on any REP are authorized by a reasonable law.]
[59] Given the foregoing, and given the Amicus’ acknowledgment that section 12 of the CSIS Act is a reasonable law, it follows that the law authorizing the proposed “searches” is reasonable.
(3) Would the searches be carried out in a reasonable manner? (a) The First Proposed Use of the Technology Within Canada (i) Subjects of Investigation [60] In this scenario, the Technology would be used against known targets of CSIS investigations, by [_..._].
[61] This proposed warrantless use of the Technology is the same as that which was before me in respect of the Provisional Warrant, discussed at paragraphs 14-15 above. As discussed, CSIS sought that warrant out of an abundance of caution, to ensure that it did not inadvertently violate the Charter while (i) it gained a better understanding of the data that would be returned through the [_Technology_], and (ii) the Court considered whether that particular use of [_..._] data could be authorized under s. 12 of the Canadian Security Intelligence Service Act alone. At that time, CSIS also explicitly reserved its right to return to the Court to argue that this use of the Technology was minimally intrusive and therefore did not require a warrant.
[62] For many of the same reasons discussed in IMSI and [CSIS_2020] this proposed manner of utilizing the Technology (i) is minimally intrusive of the informational and territorial privacy interests of CSIS’s subjects of investigation, and (ii) would not give rise to an “unreasonable” search within the meaning of section 8 of the Charter: IMSI, above, at paras 161–163 and 187–189; [CSIS_2020], above, at 124–125 and 166–168. Consequently, this use would be authorized under section 12 of the CSIS Act, without the need for a warrant. This is subject to the requirement to destroy information that is incidentally collected from non-threat-related third parties quickly, and before assessing that information in any manner whatsoever. I will return to this point in the next section below.
[63] When utilizing the Technology in the manner contemplated by this first proposed use within Canada, CSIS would be seeking information about known subjects of investigation [_..._] CSIS could then seek a warrant [_..._].
[64] In the absence of such a warrant, the [_..._] data obtained by CSIS through the Technology would be very limited. At most, it could consist of [_..._]. While CSIS’s access to this [_..._] data would intrude upon the target’s reasonable expectation of privacy in data [_..._] from [_..._] such intrusion would be minimal in nature [_..._].
[65] As in IMSI, CSIS would not be able to access any communications made with the Devices, or any information stored on or accessible through the Devices. Moreover, this proposed use of the Technology would not reveal anything about the activities of CSIS’s subjects of investigation. [_..._] there would be no impact on the target’s experience when using the Devices in question.
[66] It bears underscoring that the AGC acknowledges that CSIS would not be able to use the Technology to [_..._] without a warrant. [_..._]. Consequently, use of the Technology for such purposes would require a warrant.
[67] I recognize that CSIS’s linking of [_..._] a target’s [_..._] Device may well assist CSIS to begin putting together a personal “profile” of the target, or to add to any profile that it may have already begun to build. However, it is difficult to see how the inferences it may be able to draw regarding the target’s personal activities would be particularly strong or invasive: IMSI, above, at paras 163 and 189; [CSIS_2020], above, at paras 123–125 and 166–168. I am satisfied that any such inferences would not extend to “core” biographical information about the target. [_..._].
[68] As in IMSI and [CSIS_2020], the fact that this proposed use of the Technology is minimally intrusive, highly accurate and narrowly focused, significantly assists to support a finding that the “search” is not unreasonable: IMSI, above, at paras 7, 207, 209 and 236(i); [CSIS_2020], above, at paras 123–125, 161 and 166–168. This high accuracy and narrow focus includes the information obtained by CSIS [_..._] which is further circumscribed by the [_..._] criteria that would be specified in utilizing the Technology to obtain the desired results.
[69] I will pause to add that I do not place great significance on the fact that the [_..._] data accessible through the Technology is [_..._]. This is so for two reasons. First, that information [_..._]. Second, the nature of the information obtained is such that its (minimal) degree of its intrusiveness does not materially change by virtue of the fact that it is [_..._]. In other words, there is nothing about the nature of a Device [_..._]. In both cases, the capture is equally intrusive, albeit minimally so.
(ii) Non-threat-related Third Parties [70] One of the unfortunate costs of certain legitimate investigative techniques is that private information of “innocent” third parties may be unavoidably captured: R v Thompson, [1990] 2 SCR 1111, at 1143–44 [Thompson]. Consequently, in warrant applications under the CSIS Act, this Court has steadfastly endeavoured to minimize such incidental intrusions on the privacy interests of third parties. Stated differently, the Court has sought to ensure that the incidental collection of third party information is not more intrusive or more broad than what is reasonably required to achieve CSIS’s legitimate investigative objectives: IMSI, above, at para 253.
[71] In some cases involving the investigation of data pertaining to mobile communications devices, courts have recognized that it may be reasonably necessary to authorize the capture of a small amount of minimally intrusive data pertaining to a very large number of third parties: IMSI, above, at paras 66–67; R v Baskaran, 2020 ONCA 25, at paras 18 and 21–23 [Baskaran]; R v Brewster, 2016 ONSC 4133, at paras 60–62 [Brewster].
[72] This acceptance of the practical necessity of broad capture of minimally intrusive information at the authorization stage has been counterbalanced by ensuring that information pertaining to non-threat-related third parties is quickly destroyed and, where reasonably possible, not subjected to any analysis whatsoever: IMSI, above, at paras 5, 156 and 252–254; [_..._] [CSIS_2020] above, at paras 17 and 168; X (Re), 2016 FC 1105 at paras 186–188; Sections 12 and 21 of the Canadian Security Intelligence Service Act, RSC 1985, c C-23 (Re), 2019 FC 141, at paras 32 and 37–39 [CSIS Act (Re) 2019].
[73] In this context, “non-threat-related third parties” means individuals who are not involved in threats to the security of Canada, as defined in section 2 of the CSIS Act.
[74] In the case at hand, each of the four proposed uses of the Technology within Canada is likely to result in the incidental collection of [_..._] data pertaining to Devices of non-threat-related third parties. An exception would be where the Technology is deployed in relation to [_..._].
[75] Fortunately, CSIS has a strong incentive to deploy the Technology in a manner that minimizes the [_..._] data is collected. [_..._].
[76] Moreover, in certain situations, third party [_..._] data can be readily identified and quickly destroyed without any adverse impact on CSIS’s investigation. [_..._]. As in IMSI [_..._] IMSI, above [_..._].
[77] For this reason, in considering the Provisional Warrant that I granted on January 25, 2022 (see paras 14-15 above), I insisted on the insertion of [_..._] requirement. In brief, the authorization to utilize the Technology was limited to situations in which [_..._] data could be obtained in relation to [_..._] identified in the warrant, for each named subject of investigation. As in IMSI, the data obtained [_..._] would then be quickly destroyed pursuant to one of the conditions in the warrant, without being subjected to any analysis whatsoever: IMSI, above, at paras 5, 7, 156, 236(i), 242 and 253.
[78] Subsequent to the issuance of the Provisional Warrant, the AGC filed additional submissions. Among other things, those submissions maintained that restricting the use of the Technology to [_..._] would create unacceptable investigative blind spots and would stymie CSIS’s investigation. In this regard, the AGC cited the following passage from R v Vu, 2013 SCC 60, at para 57:
In short, attempts to impose search protocols during the authorization process risk creating blind spots in an investigation, undermining the legitimate goals of law enforcement that are recognized in the preauthorization process. These problems are magnified by rapid and constant technological change.
[79] The AGC noted that similar observations were made in R v Latimer, 2020 BCSC 2173, at para 101.
[80] In further support of its position, the AGC gave two examples. The first concerned an investigation of [_..._]. In this situation, the AGC asserted that it would be entirely possible that CSIS would [_..._]. In the second example, the AGC posited [_..._]. The clear implication was that innocent lives could be at stake in the meantime.
[81] Based on the foregoing, and upon further consideration, I agree that it would not be appropriate to impose a [_..._] requirement in connection with the first of the proposed uses of the Technology, or indeed with respect to any of the three other proposed uses, within Canada. I will note for the record that the Amicus expressed the same view.
[82] I am satisfied that the nature of the Technology is such that CSIS will be highly incentivized to use [_..._] whenever reasonably possible. This is because that manner of proceeding would enable CSIS to rapidly identify the [_..._] data of its subjects of investigation [_..._]. When [_..._] data pertaining to Devices of third parties can be readily identified and quickly destroyed, without the need for any analysis whatsoever. In these circumstances, any intrusions upon the privacy rights of third parties would be temporary and limited [_..._].
[83] This very small intrusion into the privacy rights of third parties would not be unreasonable. This is because it would be outweighed by the value of the intelligence that the Technology would enable CSIS to obtain: IMSI, above, at para 211. Moreover, the [_..._] parameters that would be used when deploying the Technology would collectively serve to minimize the extent to which [_..._] data is even temporarily collected. As in IMSI, such narrow targeting, combined with the highly accurate and minimally intrusive nature of the proposed uses of the Technology, weigh in favour of concluding that they would not unreasonably intrude upon the privacy rights of third parties.
[84] A further factor that will assist to ensure that such intrusions are not unreasonable is that the Technology can only be deployed when the requirements of section 12 of the CSIS Act are satisfied. These include the necessity for CSIS to have “reasonable grounds to suspect” and the requirement that the use of the Technology be “strictly necessary.” In addition, [_..._] would have direct access to the [_..._] results obtained through the Technology. In this regard, Affiant 1 testified that [_..._] individuals within CSIS currently have the [_..._] necessary to use the Technology: February 9, 2021 Hearing Transcript at 95; see also Brewster, above, at paras 60–62. He added that only those individuals would [_..._] collected [_..._] in deploying the Technology for the first of the uses that CSIS has proposed in this proceeding. Likewise, they are the only persons who would assess whether [_..._] collected in the second and third scenarios discussed below were threat-related [_..._] for retention purposes, although

Source text

Canadian Security Intelligence Service Act (CA) (Re) Court (s) Database Federal Court Decisions Date 2022-10-21 Neutral citation 2022 FC 1444 Notes A correction was made on June 23, 2023 Decision Content TOP SECRET Date: 20221021 Docket: CSIS-1-21 Citation: 2022 FC 1444 Ottawa, Ontario, October 21, 2022 PRESENT: THE CHIEF JUSTICE BETWEEN: IN THE MATTER OF AN APPLICATION BY [_..._] FOR WARRANTS PURSUANT TO SECTIONS 12 AND 21 OF THE CANADIAN SECURITY INTELLIGENCE SERVICE ACT, RSC 1985, c C-23 AND IN THE MATTER OF [_..._] THREAT-RELATED ACTIVITIES JUDGMENT AND REASONS I. Introduction [1] As the art of tradecraft for clandestine domestic and international activities continues to evolve, the public interest requires the Canadian Security Intelligence Service [CSIS or the Service] to keep pace. However, it must do so within the bounds of the law. [2] There are two principal issues in this proceeding. The first is whether CSIS may deploy a particular new technology [the Technology] within Canada in four specific ways without a warrant, in the course of investigations pursuant to section 12 of the Canadian Security Intelligence Service Act, RSC 1985, c C-23 [the CSIS Act]. Three of those proposed uses of the Technology would be solely within Canada, while the fourth would be both within and outside Canada. [3] The Attorney General of Canada [AGC] concedes that the utilization of the Technology solely within Canada in each of those four proposed ways would constitute a “search,” within the meaning of section 8 of the Canadian Charter of Rights and Freedoms, Part I of the Constitution Act, 1982, being Schedule B to the Canada Act 1982 (UK), 1982, c 11 [the Charter]. However, the AGC maintains that those ways of deploying the Technology would not be “unreasonable,” as contemplated by section 8. This is because (i) they would be “minimally intrusive”, and therefore authorized by section 12 of the CSIS Act; (ii) section 12 is a reasonable law; and (iii) the “searches” would be carried out in a reasonable manner. [4] For the reasons that follow, I agree. The Technology may be deployed within Canada in the four specific ways that CSIS has proposed, without a warrant, provided that such uses of the Technology are consistent with the reasons set forth below, particularly paragraphs 62, 88, 116–117, 126–127 and 141. [5] The second principal issue in this proceeding is whether CSIS may utilize the Technology outside Canada against foreign nationals with no recognized nexus to Canada, without a warrant. This use of the Technology would be more than minimally intrusive. However, for the reasons provided below, I have concluded that CSIS would not require a warrant before deploying the Technology outside Canada in the ways that it has identified. [6] In brief, foreign nationals with no recognized nexus to Canada do not benefit from the protections afforded by section 8. This includes the requirement for pre-authorization of a search by an entirely neutral and impartial arbiter who is capable of acting judicially in balancing the interests of the state against those of the individual, in certain circumstances: Hunter et al v Southam Inc, [1984] 2 SCR 145, at 160–162 and 168–9 [Hunter]. The Court’s attention was not directed towards any principle of international law that would prevent CSIS from deploying the Technology outside Canada in the manner it has identified, without a warrant and against such individuals. [7] Given the confidential nature of the Technology, my detailed description of it is provided in Appendix I to these reasons, which will remain classified. The more basic description of the Technology set forth in the main body below is provided in a manner that will permit the public to understand the issues raised in this proceeding, despite the fact that redactions will nonetheless be necessary in the public version of this decision, for national security reasons. II. Background A. Principal Uses of the Technology and Procedural History [8] In December 2021, the Court received a supplemental warrant application in which CSIS sought warrant powers to deploy a new technological tool against existing targets of an investigation being conducted pursuant to section 12 of the CSIS Act. The new tool is a [_..._] technology [_..._] that has [_..._] capabilities. These include the ability to identify [_..._] [a Device] [_..._]. They also include the ability [_..._] a Device. Such [_..._] information can be obtained by identifying [_..._] associated with a Device.[1] [9] At the present time, [_..._] in respect of which such information [_..._] may be obtained ranges from [_..._] with the Technology. [10] [_..._] Such information can assist CSIS to make inferences about the [_..._] of those individuals, so as to advance investigational goals. The amount of information that can be obtained about a subject of investigation will depend on [_..._]. [11] CSIS is also able to use the Technology to identify [_..._] and to learn about [_..._]. In addition, the Technology can assist CSIS to identify [_..._], as well as to [_..._]. Other potential uses of the technology are briefly described in Appendix I below. [12] In written submissions, counsel for the AGC submits that the Technology can be deployed within Canada in four specific ways that are minimally intrusive, such that those uses would be authorized under section 12 of the CSIS Act, without the need for a warrant. The first three of those ways would be solely within Canada, whereas the fourth would involve collecting [_..._] information from a Device [ both within and outside Canada ]. An important aspect of the AGC’s position in this regard is its assertion that the four methods of utilizing the Technology in Canada without a warrant would not involve the [_..._]. [13] The AGC further submits that foreign nationals abroad who have no nexus to Canada do not benefit from the protections afforded by section 8 of the Charter. Therefore, the AGC asserts that CSIS may deploy the Technology against such persons in more intrusive ways, without a warrant. Such more intrusive ways include [_..._]. [14] Notwithstanding the foregoing, CSIS sought a Provisional [_..._] Warrant [Provisional Warrant] to enable it to obtain the [_..._] of several named subjects within Canada, for the purposes of [_..._] to those persons. In its initial correspondence to the Court in relation to that warrant, the AGC explained that the requested powers “could be justified as minimally intrusive under s. 12 of the CSIS Act, without the need for a warrant.” However, the warrant was being sought out of an abundance of caution, to avoid inadvertently violating the Charter while (i) CSIS gained a better understanding of the data that would be returned through the [_Technology_], and (ii) the Court considered whether that particular use of [_..._] data could be authorized under s. 12 of the Canadian Security Intelligence Service Act alone. The AGC reserved the right to return to the Court at a later date to argue that the requested powers do not require a warrant, for the reason explained above. [15] During the hearing of the Provisional Warrant Application on January 25, 2022, I raised initial concerns regarding the potential for [_..._] data of Devices of third parties to be incidentally obtained in the course of exercising the warranted powers. To substantially reduce the scope for this to occur, I insisted that the warrant be amended to provide the authority to obtain [_..._] identified in the warrant, for each of the named subjects of investigation. After unsuccessfully endeavouring with counsel to identify a similar limiting mechanism for other provisions of the requested warrant, those other provisions were deleted. [16] On the same date that the Provisional Warrant was issued, I issued a second warrant, described as [_..._] Warrant. That warrant authorized CSIS to deploy the Technology in a manner that CSIS acknowledged was more than minimally intrusive, including [_..._] of the Devices of the same named subjects of investigation who were identified in the Provisional Warrant. [17] Each of the two above-mentioned warrants expired on February 26, 2022. However, new warrants with some amendments that are not relevant for the present purposes were issued by Justice Norris on February 24, 2022. Those warrants were issued on the understanding that CSIS would bring an application to cancel or amend the extended Provisional Warrant based on the present decision. [18] To assist the Court in addressing the legal issues raised by this application, I appointed Mr. Gib van Ert as amicus curiae [the Amicus]. B. CSIS’s Pilot Project and NSIRA’s Review [19] CSIS first used the Technology on a pilot basis for several months in 2018. During that period, it was used without a warrant approximately [_..._] times against Canadian and non-Canadian subjects of investigation located in Canada and abroad. A total of [_..._] operational reports [_..._] resulted from those uses of the Technology. However, after privacy issues were raised internally, the pilot project was terminated in July 2018. After that time, use of the Technology was confined to investigative activities in relation to (i) foreign nationals located outside Canada without a nexus to Canada, and (ii) [_..._]. In July 2020, CSIS suspended all use of the Technology until it obtained further clarity about the application of section 8 of the Charter to its collection activities against foreign nationals with no nexus to Canada. [20] In mid-to-late 2018, the Security Intelligence Review Committee [SIRC] initiated a review of CSIS’s use of the Technology earlier that year, during the above-mentioned pilot period. That review was ultimately completed by SIRC’s successor, the National Security and Intelligence Review Committee [NSIRA], which issued a report entitled Review of CSIS’s Use of [_..._] – a Geolocation Data Collection Tool (NSIRA Study 2018-05) [NSIRA Report]. That report was “communicated” to the Minister of Public Safety and Emergency Preparedness in August 2019. [21] Among other things, NSIRA found that the use of the Technology [_..._] constituted a “search” for the purposes of section 8 of the Charter. NSIRA added that “there was a risk that CSIS breached section 8 of the Charter during the trial period in which it used [the Technology] without a warrant”: NSIRA Report, at 11. NSIRA proceeded to recommend as follows: “ … that CSIS review its use of [the Technology] to date and make a determination as to which of the operational reports generated through the use of [the Technology] were in breach of section 8 of the Charter. These operational reports and/or any documents related to those results should be purged from its systems.” NSIRA Report, at 12. [22] According to CSIS’s technical affiant [Affiant 1], CSIS ultimately determined that the [_..._] above-mentioned operational reports needed to be retained in order to meet CSIS’s legal obligations. Those reports and their attachments have been sequestered so as to ensure that the information contained therein does not inform or contribute to other CSIS investigations. C. CSIS’s Delay in Informing the Court of its Use of the Technology Against Subjects of the Court’s Warrants [23] I pause to observe that CSIS or the AGC ought to have informed the Court about the forthcoming NSIRA Report well before that report was released in August 2019. Their failure to do so before the present Application was filed more than two years later, in December 2021, was inconsistent with (i) a commitment made to the Court in 2016 by CSIS’s Director, and (ii) the elevated duty of utmost good faith that applies in ex parte proceedings, particularly pursuant to the CSIS Act: Canadian Security Intelligence Services Act (CA) (Re), 2021 FCA 92, at para 126 [CSIS Act (Re) 2021 FCA]. [24] Specifically, CSIS’s Director of the day Mr. Michel Coulombe committed to advise the Court “as soon as an issue comes up” in a review by the Security Intelligence Review Committee relating to matters involving this Court’s warrants, “even if the report is not finalized”: En Banc Hearing, June 10, 2016, Transcript at 18 and 55. This was on the understanding that the final report and recommendations might be different from the initial information that had been communicated to the Court. In 2018, CSIS’s current Director reiterated a commitment to abide by the spirit of this undertaking. [25] The AGC’s explanations for the failure to inform the Court about the NSIRA Report prior to the present proceeding do not withstand scrutiny. To begin, the AGC maintained that (i) the warrants involved individuals who were, or later became, either warranted subjects of investigation or the subject of a warranted collection, and (ii) that the warrants were obtained and expired prior to the release of the NSIRA Report. However, this does not provide a basis for relieving CSIS from its commitment, or its elevated duty of candour. [26] Of the warranted individuals discussed in the NSIRA report, [_..._]. [_..._] warrants issued against [_..._] were [_..._] during the period covered by NSIRA’s review and [_..._] issued for a one-year period in July 2018. Another was renewed in June 2018 and expired in June 2019. Given that the NSIRA Report was released in August 2019, it is reasonable to infer that the issues it addressed had sufficiently ripened to have fallen within the scope of both the Director’s above-discussed commitment to the Court and the elevated duty of good faith disclosure well before that date. [27] As for the [_..._], the Technology was deployed against them outside Canada. Warrants against [_..._] of those individuals were sought in mid-2019, [_..._]. The warrant against the [_..._] individual was sought [_..._] the application in the present proceeding was filed. Yet, the use of the Technology against these [_..._] individuals and the [_..._] described above was not disclosed prior to May 18, 2022. Indeed, the Court may never have been made aware of the uses of the Technology against these individuals had I not issued a Direction requiring the AGC and the Service to advise as to whether the Technology had ever been used or directed against any target who either was, or is, the subject of warrants issued by this Court. [28] The AGC further explained that the Court was not informed about the use of the Technology against the above-mentioned individuals because none of the information collected was ever relied upon in an application for warrants. However, as the AGC and CSIS have been repeatedly advised in the past, information concerning the techniques that have been used against subjects of investigation in respect of whom a warrant application has been made, or is being made, is relevant to both the exercise of the Court’s discretion and its oversight of its outstanding warrants. [29] As long as the information may be considered to be relevant to the Court’s exercise of discretion to issue or revisit an outstanding warrant, it must be disclosed: CSIS Act (Re) 2021 FCA, at para 127. The duty of utmost good faith and transparency requires no less. [30] This is so even if the information is or was not relied upon in the warrant application. [31] For greater certainty, this remains true even if CSIS’s affiant has determined that the information does not fall within the scope of the matters to be specified in an application for a warrant, as set forth in paragraphs 21(2)(a) and (b) of the CSIS Act: CSIS Act (Re) 2021 FCA, at para 133. This is so for two reasons. First, the information might well be relevant to the exercise of the Court’s discretion. Second, the Court may well disagree with the determination of CSIS’s affiant regarding the scope and applicability of paragraphs 21(2)(a) and (b). [32] As a result of this Court’s decision in X (Re), 2020 FC 616, and general principles subsequently articulated in CSIS Act (Re) 2021 FCA, at paras 120–133, the AGC and CSIS now recognize that the elevated duty of candour requires the disclosure of all information that may be relevant to the determinations this Court must make in deciding whether to issue a warrant, and if so, on what terms. This includes information that may not have been relied on in support of a warrant application. The AGC and CSIS also accept that NSIRA’s finding that there was a risk of a breach of section 8 of the Charter in relation to CSIS’s use of the Technology within Canada fell within the scope of the elevated duty of full and frank disclosure. They further acknowledge that the Court retains discretion, when informed of matters that fall within the scope of that duty, to rescind the ongoing validity of active warrants, to refuse to issue new warrants, or to order other relief. III. Issues [33] There are two principal issues in this proceeding. They are as follows: 1. Does section 12 of the CSIS Act authorize CSIS to utilize the Technology within Canada in the four ways CSIS has identified, without a warrant? 2. Does section 12 of the CSIS Act authorize CSIS to utilize the Technology outside Canada against foreign nationals with no nexus to Canada, and in the more intrusive ways it has identified, without a warrant? IV. Assessment of the proposed uses within Canada (Issue #1) A. Summary of the Four Proposed Uses and Introduction [34] As previously noted, three of the proposed methods of deploying the Technology would be solely within Canada. They are as follows: i)Against known targets of CSIS investigations, [_..._] within Canada [_..._]. ii)Against known targets of CSIS investigations, [_..._] within Canada, [_..._]. iii)[_..._] within Canada [_..._]. [35] The fourth proposed use of the Technology [_..._] would involve collecting [_..._] data from Devices [both within and outside Canada][2]. [36] The general legal principles applicable to CSIS’s use of new technology to obtain information about the mobile communications devices of subjects of investigation were extensively reviewed in X (Re), 2017 FC 1047 [IMSI]. There, the Court applied the jurisprudence pertaining to what constitutes a “search” and what constitutes an “unreasonable” search, within the meaning of section 8 of the Charter. Like the present proceeding, IMSI involved an application pursuant to sections 12 and 21 of the CSIS Act. [37] There, the Court determined that CSIS’s use of a cellular-site simulator [CSS] to capture the identifying characteristics of a subject of investigation’s mobile communications devices in Canada without a warrant constituted a “search,” but not an “unreasonable” one. Those identifying characteristics consisted of the International Mobile Subscriber Identity and International Mobile Equipment Identity numbers that were emitted by the subject’s devices at certain times. [38] In Canadian Security Intelligence Services Act (CA) (Re), 2020 FC 697 [CSIS_2020], the Court made similar findings regarding the use of (i) CSS technology to capture the same information that was at issue in IMSI [_..._]. However, it proceeded to find that CSIS requires a warrant to [_..._] obtain information about individuals [_..._], which reveals much more personal information about the user of a communications device: [CSIS_2020], at paras 118–125, 166–169 and 176–181. Those findings were made in the context of an application under sections 16 and 21 of the CSIS Act. [39] In IMSI, the Court’s conclusion that the capture of the identifying characteristics of the target’s mobile device did not constitute an “unreasonable” search was based on three principal findings: (i) the “search” was authorized by law, namely, section 12 of the CSIS Act, (ii) that law is reasonable, and (iii) the searches would be carried out in a reasonable manner: IMSI, at paras 198–201, 236 and 238–243. [40] Section 12 states as follows: Collection, analysis and retention Informations et renseignements 12 (1) The Service shall collect, by investigation or otherwise, to the extent that it is strictly necessary, and analyse and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada and, in relation thereto, shall report to and advise the Government of Canada. 12 (1) Le Service recueille, au moyen d’enquêtes ou autrement, dans la mesure strictement nécessaire, et analyse et conserve les informations et renseignements sur les activités dont il existe des motifs raisonnables de soupçonner qu’elles constituent des menaces envers la sécurité du Canada; il en fait rapport au gouvernement du Canada et le conseille à cet égard. No territorial limit Aucune limite territoriale (2) For greater certainty, the Service may perform its duties and functions under subsection (1) within or outside Canada. (2) Il est entendu que le Service peut exercer les fonctions que le paragraphe (1) lui confère même à l’extérieur du Canada. [41] In the course of assessing the authority provided by section 12, the Court in IMSI noted the following: [196] The plain language of section 12 requires CSIS to collect, by investigation or otherwise, to the extent that it is strictly necessary, and to analyse and retain information and intelligence respecting activities that may on reasonable grounds be suspected of constituting threats to the security of Canada. This provides CSIS with the explicit authority to investigate such threats in those circumstances. [42] The Court proceeded to observe that section 12 authorizes CSIS to collect, analyse and retain information that ranges from non-intrusive to highly intrusive. However, once CSIS “moves beyond minimally invasive collection activities, it will require a warrant”: IMSI, above, at para 219. It is important to keep in mind that this statement was made in the context of the Court’s assessment of the application of section 8 of the Charter to intrusive activity in which CSIS had engaged within Canada. In that context, and given the provisions of section 21 pertaining to warrants, it could be inferred that Parliament implicitly contemplated that CSIS would require judicial preauthorization before engaging in collection activities that were more than minimally intrusive: IMSI, above, at para 219. [43] It is common ground between the AGC and the Amicus that the Court’s decision in IMSI provides an appropriate point of departure for the analysis of some of the important issues in the present proceeding. [44] In conducting the assessment below, I will remain mindful of the need to adopt “a purposive approach to section 8 that emphasizes the protection of privacy as a prerequisite to individual security, self-fulfilment and autonomy as well as to the maintenance of a thriving democratic society”: R v Spencer, 2014 SCC 43, at para 15. B. Would the proposed uses of the Technology within Canada constitute a “search”? [45] In IMSI, the Court found that the target had a reasonable expectation of privacy [REP] in respect of the identifying characteristics of his mobile devices: IMSI, above, at paras 140, 177 and 189. This REP existed because of the nature of the information that CSIS was able to begin learning about his private activities, upon obtaining those numeric identifiers from his devices. CSIS’s intrusion on this REP constituted a “search” within the meaning of section 8 and therefore “engaged” the privacy interests protected therein: IMSI, above, at paras 111, 149 and 247. [46] In the present proceeding, it is common ground between the AGC and the Amicus that each of the four ways in which CSIS proposes to utilize the Technology within Canada would constitute a “search” within the meaning of section 8. This is because individuals in Canada have an REP in the [_..._] data [_..._] that are accessible through the Technology. However, the AGC and the Amicus disagree about whether the use of the Technology outside Canada in relation to foreigners who have no nexus to Canada, would constitute such a “search”. This will be discussed in part IV.C. (3)(d) below. C. Would the Proposed Uses of the Technology Within Canada Constitute an “Unreasonable” Search? [47] Warrantless searches such as those proposed in the present proceeding are presumptively unreasonable. However, that presumption may be rebutted by demonstrating that: (i) the searches are authorized by law, (ii) the law is reasonable, and (iii) the searches will be carried out in a reasonable manner: Spencer, at para 68. (1) Are the proposed searches authorized by law? [48] It is common ground between the AGC and the Amicus that the four proposed uses of the Technology within Canada would be authorised by section 12 of the CSIS Act, so long as they are only minimally intrusive in nature. The Amicus maintains that this would be the case only if CSIS abides by certain conditions that are discussed in section IV.C. (3) below, which addresses the reasonableness of the proposed searches. (2) Is the authorizing law reasonable? [49] The AGC and the Amicus agree that section 12 is a reasonable law. However, the Amicus maintains that the analysis of this second prong of the tripartite test for assessing the reasonableness of the proposed searches should not end there. Instead, the Amicus submits that the Court’s assessment should include a review of the [_..._] as well as the [_..._]. [50] With respect to the [_..._], the Amicus submits that they do not reasonably contemplate the use of [_..._] data for national security purposes. [51] In support of this position, the Amicus notes that the NSIRA Report made the following observation at page 6: [_..._]. [52] The Amicus further notes that similar observations were made in several of the [_..._] that were attached to one of the affidavits sworn by Affiant 1. In this regard, the Amicus quoted the following statement regarding the data available through the Technology: [_..._][3] [53] [This paragraph describes a legal argument put forward by the Amicus as to whether an instrument, other than an act or regulation, must be considered in addition to s.12 of the CSIS Act in assessing whether the deployment of the tool is authorized by law. Amicus submits that consideration of the instrument supports a conclusion of unreasonableness for the purposes of the Court’s inquiry under section 8 of the Charter.] [54] In reply, the AGC submits that, for the purposes of section 8, [_..._] are only potentially relevant to the assessment of whether intrusive investigative activity constitutes a “search.” They are not relevant to the assessment of whether a “search” is unreasonable, unless there is evidence of unlawful activity. The AGC observes that, in the case at hand, there is no such evidence — either in respect of the acquisition of [_..._] data [_..._]. Indeed, to the extent that there is any relevant evidence in this regard, it points in the opposite direction. In particular, a document [_..._] entitled [_..._] states: “all data collection is done legally [_..._][4]. [55] The AGC maintains that the Amicus’ position on this issue confuses lack of waiver of a REP with reasonable lawful authority to intrude upon a REP. The latter does not depend on a user consenting to or reasonably expecting such an intrusion. The AGC contends that if there was no REP, there would be no “search” and therefore no need to assess the reasonableness of the authorizing law. [56] In support of this position, the AGC notes that in IMSI this Court found that the interception of mobile device identifiers without a warrant was lawful, even though [_..._]. In other words, [_..._] were not relevant to the assessment of [_..._]. [57] The AGC further observes that, in the criminal law context, the Supreme Court of Canada [SCC] has acknowledged that police “may employ creativity and subterfuge” and “resort to tricks or other forms of deceit” in conducting their investigations: R v Mills, 2019 SCC 22, at para 43; Rothman v The Queen, [1981] 1 SCR 640, at 697. [58] [This paragraph describes the Court’s finding that the instrument was relevant to the assessment of whether a device user has an REP in their data but was not relevant to the assessment of whether CSIS proposed intrusions on any REP are authorized by a reasonable law.] [59] Given the foregoing, and given the Amicus’ acknowledgment that section 12 of the CSIS Act is a reasonable law, it follows that the law authorizing the proposed “searches” is reasonable. (3) Would the searches be carried out in a reasonable manner? (a) The First Proposed Use of the Technology Within Canada (i) Subjects of Investigation [60] In this scenario, the Technology would be used against known targets of CSIS investigations, by [_..._]. [61] This proposed warrantless use of the Technology is the same as that which was before me in respect of the Provisional Warrant, discussed at paragraphs 14-15 above. As discussed, CSIS sought that warrant out of an abundance of caution, to ensure that it did not inadvertently violate the Charter while (i) it gained a better understanding of the data that would be returned through the [_Technology_], and (ii) the Court considered whether that particular use of [_..._] data could be authorized under s. 12 of the Canadian Security Intelligence Service Act alone. At that time, CSIS also explicitly reserved its right to return to the Court to argue that this use of the Technology was minimally intrusive and therefore did not require a warrant. [62] For many of the same reasons discussed in IMSI and [CSIS_2020] this proposed manner of utilizing the Technology (i) is minimally intrusive of the informational and territorial privacy interests of CSIS’s subjects of investigation, and (ii) would not give rise to an “unreasonable” search within the meaning of section 8 of the Charter: IMSI, above, at paras 161–163 and 187–189; [CSIS_2020], above, at 124–125 and 166–168. Consequently, this use would be authorized under section 12 of the CSIS Act, without the need for a warrant. This is subject to the requirement to destroy information that is incidentally collected from non-threat-related third parties quickly, and before assessing that information in any manner whatsoever. I will return to this point in the next section below. [63] When utilizing the Technology in the manner contemplated by this first proposed use within Canada, CSIS would be seeking information about known subjects of investigation [_..._] CSIS could then seek a warrant [_..._]. [64] In the absence of such a warrant, the [_..._] data obtained by CSIS through the Technology would be very limited. At most, it could consist of [_..._]. While CSIS’s access to this [_..._] data would intrude upon the target’s reasonable expectation of privacy in data [_..._] from [_..._] such intrusion would be minimal in nature [_..._]. [65] As in IMSI, CSIS would not be able to access any communications made with the Devices, or any information stored on or accessible through the Devices. Moreover, this proposed use of the Technology would not reveal anything about the activities of CSIS’s subjects of investigation. [_..._] there would be no impact on the target’s experience when using the Devices in question. [66] It bears underscoring that the AGC acknowledges that CSIS would not be able to use the Technology to [_..._] without a warrant. [_..._]. Consequently, use of the Technology for such purposes would require a warrant. [67] I recognize that CSIS’s linking of [_..._] a target’s [_..._] Device may well assist CSIS to begin putting together a personal “profile” of the target, or to add to any profile that it may have already begun to build. However, it is difficult to see how the inferences it may be able to draw regarding the target’s personal activities would be particularly strong or invasive: IMSI, above, at paras 163 and 189; [CSIS_2020], above, at paras 123–125 and 166–168. I am satisfied that any such inferences would not extend to “core” biographical information about the target. [_..._]. [68] As in IMSI and [CSIS_2020], the fact that this proposed use of the Technology is minimally intrusive, highly accurate and narrowly focused, significantly assists to support a finding that the “search” is not unreasonable: IMSI, above, at paras 7, 207, 209 and 236(i); [CSIS_2020], above, at paras 123–125, 161 and 166–168. This high accuracy and narrow focus includes the information obtained by CSIS [_..._] which is further circumscribed by the [_..._] criteria that would be specified in utilizing the Technology to obtain the desired results. [69] I will pause to add that I do not place great significance on the fact that the [_..._] data accessible through the Technology is [_..._]. This is so for two reasons. First, that information [_..._]. Second, the nature of the information obtained is such that its (minimal) degree of its intrusiveness does not materially change by virtue of the fact that it is [_..._]. In other words, there is nothing about the nature of a Device [_..._]. In both cases, the capture is equally intrusive, albeit minimally so. (ii) Non-threat-related Third Parties [70] One of the unfortunate costs of certain legitimate investigative techniques is that private information of “innocent” third parties may be unavoidably captured: R v Thompson, [1990] 2 SCR 1111, at 1143–44 [Thompson]. Consequently, in warrant applications under the CSIS Act, this Court has steadfastly endeavoured to minimize such incidental intrusions on the privacy interests of third parties. Stated differently, the Court has sought to ensure that the incidental collection of third party information is not more intrusive or more broad than what is reasonably required to achieve CSIS’s legitimate investigative objectives: IMSI, above, at para 253. [71] In some cases involving the investigation of data pertaining to mobile communications devices, courts have recognized that it may be reasonably necessary to authorize the capture of a small amount of minimally intrusive data pertaining to a very large number of third parties: IMSI, above, at paras 66–67; R v Baskaran, 2020 ONCA 25, at paras 18 and 21–23 [Baskaran]; R v Brewster, 2016 ONSC 4133, at paras 60–62 [Brewster]. [72] This acceptance of the practical necessity of broad capture of minimally intrusive information at the authorization stage has been counterbalanced by ensuring that information pertaining to non-threat-related third parties is quickly destroyed and, where reasonably possible, not subjected to any analysis whatsoever: IMSI, above, at paras 5, 156 and 252–254; [_..._] [CSIS_2020] above, at paras 17 and 168; X (Re), 2016 FC 1105 at paras 186–188; Sections 12 and 21 of the Canadian Security Intelligence Service Act, RSC 1985, c C-23 (Re), 2019 FC 141, at paras 32 and 37–39 [CSIS Act (Re) 2019]. [73] In this context, “non-threat-related third parties” means individuals who are not involved in threats to the security of Canada, as defined in section 2 of the CSIS Act. [74] In the case at hand, each of the four proposed uses of the Technology within Canada is likely to result in the incidental collection of [_..._] data pertaining to Devices of non-threat-related third parties. An exception would be where the Technology is deployed in relation to [_..._]. [75] Fortunately, CSIS has a strong incentive to deploy the Technology in a manner that minimizes the [_..._] data is collected. [_..._]. [76] Moreover, in certain situations, third party [_..._] data can be readily identified and quickly destroyed without any adverse impact on CSIS’s investigation. [_..._]. As in IMSI [_..._] IMSI, above [_..._]. [77] For this reason, in considering the Provisional Warrant that I granted on January 25, 2022 (see paras 14-15 above), I insisted on the insertion of [_..._] requirement. In brief, the authorization to utilize the Technology was limited to situations in which [_..._] data could be obtained in relation to [_..._] identified in the warrant, for each named subject of investigation. As in IMSI, the data obtained [_..._] would then be quickly destroyed pursuant to one of the conditions in the warrant, without being subjected to any analysis whatsoever: IMSI, above, at paras 5, 7, 156, 236(i), 242 and 253. [78] Subsequent to the issuance of the Provisional Warrant, the AGC filed additional submissions. Among other things, those submissions maintained that restricting the use of the Technology to [_..._] would create unacceptable investigative blind spots and would stymie CSIS’s investigation. In this regard, the AGC cited the following passage from R v Vu, 2013 SCC 60, at para 57: In short, attempts to impose search protocols during the authorization process risk creating blind spots in an investigation, undermining the legitimate goals of law enforcement that are recognized in the preauthorization process. These problems are magnified by rapid and constant technological change. [79] The AGC noted that similar observations were made in R v Latimer, 2020 BCSC 2173, at para 101. [80] In further support of its position, the AGC gave two examples. The first concerned an investigation of [_..._]. In this situation, the AGC asserted that it would be entirely possible that CSIS would [_..._]. In the second example, the AGC posited [_..._]. The clear implication was that innocent lives could be at stake in the meantime. [81] Based on the foregoing, and upon further consideration, I agree that it would not be appropriate to impose a [_..._] requirement in connection with the first of the proposed uses of the Technology, or indeed with respect to any of the three other proposed uses, within Canada. I will note for the record that the Amicus expressed the same view. [82] I am satisfied that the nature of the Technology is such that CSIS will be highly incentivized to use [_..._] whenever reasonably possible. This is because that manner of proceeding would enable CSIS to rapidly identify the [_..._] data of its subjects of investigation [_..._]. When [_..._] data pertaining to Devices of third parties can be readily identified and quickly destroyed, without the need for any analysis whatsoever. In these circumstances, any intrusions upon the privacy rights of third parties would be temporary and limited [_..._]. [83] This very small intrusion into the privacy rights of third parties would not be unreasonable. This is because it would be outweighed by the value of the intelligence that the Technology would enable CSIS to obtain: IMSI, above, at para 211. Moreover, the [_..._] parameters that would be used when deploying the Technology would collectively serve to minimize the extent to which [_..._] data is even temporarily collected. As in IMSI, such narrow targeting, combined with the highly accurate and minimally intrusive nature of the proposed uses of the Technology, weigh in favour of concluding that they would not unreasonably intrude upon the privacy rights of third parties. [84] A further factor that will assist to ensure that such intrusions are not unreasonable is that the Technology can only be deployed when the requirements of section 12 of the CSIS Act are satisfied. These include the necessity for CSIS to have “reasonable grounds to suspect” and the requirement that the use of the Technology be “strictly necessary.” In addition, [_..._] would have direct access to the [_..._] results obtained through the Technology. In this regard, Affiant 1 testified that [_..._] individuals within CSIS currently have the [_..._] necessary to use the Technology: February 9, 2021 Hearing Transcript at 95; see also Brewster, above, at paras 60–62. He added that only those individuals would [_..._] collected [_..._] in deploying the Technology for the first of the uses that CSIS has proposed in this proceeding. Likewise, they are the only persons who would assess whether [_..._] collected in the second and third scenarios discussed below were threat-related [_..._] for retention purposes, although

CSIS v. Threat-Related Activities

Source text

Full judgment (source text)

Related cases

Multani v Commission scolaire Marguerite-Bourgeoys

Halpern v Canada (Attorney General)

Reference re Public Service Employee Relations Act (Alberta)

R v Big M Drug Mart Ltd

Trinity Western University v Law Society of Upper Canada

R v NS

CSIS v. Threat-Related Activities

Source text

Full judgment (source text)

Related cases

Multani v Commission scolaire Marguerite-Bourgeoys

Halpern v Canada (Attorney General)

Reference re Public Service Employee Relations Act (Alberta)

R v Big M Drug Mart Ltd

Trinity Western University v Law Society of Upper Canada

R v NS