Special Joint Committee on the Declaration of Emergency

February 27, 2024

Key Messages

CSIS’ tip line is 613-993-9620, toll-free at 1-800-267-7685. The TTY/TDD number is 613-991-9228. The online reporting mechanism is on CSIS’ web page under Reporting National Security Information.

You are invited to support the Minister of Public Safety at the Special Joint Committee on the Declaration of Emergency (DEDC) on February 27^th, 2024. The meeting was called following a Federal Court Decision which stated that the use of the Emergencies Act against the convoy protests was unreasonable and violated the Charter.

Background: The Government of Canada invoked the Emergencies Act on February 14^th, 2022 in response to protests that gridlocked downtown Ottawa and blocked several border points across the country.  

• CSIS’ mandate is to identify and advise the Government of threats to our national security, which are defined in section 2 of the CSIS Act: espionage and sabotage; foreign influenced-activities; terrorism and violent extremism; and subversion.
• While the Emergencies Act defines threats to the security of Canada by referring to the CSIS Act definition, it is not only CSIS intelligence that is used to determine that the threshold has been met to invoke a national emergency.
• CSIS is part of the larger security and intelligence community, whose collective advice ultimately informed the decision to invoke the Emergencies Act. 
• CSIS is specifically prohibited from investigating lawful protest and dissent. CSIS may investigate only if lawful protest or dissent also involves activities that do constitute a threat under the CSIS Act.

Freedom Convoy

• The beginning of 2022 saw significant manifestations of pandemic-related grievances in the form of the Freedom Convoy protests.
• CSIS closely monitored the opportunities the protests could have presented to IMVE actors to promote or engage in serious acts of violence in Canada.
  • The protests could have offered opportunities to lone actors.
  • The One Vision Process ensured timely sharing with the RCMP and other appropriate law enforcement partners.
  • Other streams of intelligence reporting were carefully monitored for threat information linked to the event, particularly threats of serious violence.
• CSIS was also guarding against other threats to Canada’s national security in relation to the protests, such as foreign interference.
• With respect to foreign sources of funding, CSIS’ mandate is engaged when funds are provided at the direction of a foreign state with the goal of engaging in foreign interference activities in Canada, or when those donating the money are doing so to support an act of serious violence or terrorism.

CSIS’ assessment

• From the beginning of the Convoy and the blockades across the country, CSIS focused on its IMVE subjects of investigation and their activities in relation to those events, while continuing to monitor other streams of intelligence for new or unknown threat actors.
• CSIS re-evaluated its assessment of the Convoy on a daily basis, because of the ripe opportunity it presented for subjects of investigation and lone actors to mobilize to serious violence.
• Ultimately, CSIS did not observe concrete plots of serious violence or mobilization to serious violence, and therefore did not observe a section 2 threat as defined in the CSIS Act.
• CSIS assessed that the Convoy provided an opportunity for those with disparate grievances to unify against a perceived common foe.
• The majority of the participants likely had little to no connection to the trucking industry, but merely viewed the protest as an opportunity to voice their own personal and ideological grievances.
• The presence of subjects of investigation and potentially unknown ideological extremists at the protest provided an opportunity for IMVE to recruit and potentially radicalize new members.

Violent Rhetoric vs. Concrete Threats

• CSIS, and indeed many Canadians, witnessed an increase in violent online rhetoric and polarized discourse in relation to the Convoy. 
• Though such rhetoric is concerning and damaging to Canadian society, the majority of violent online rhetoric does not lead to real world violent extremism
• There is significant disconnect between behavior and language used online and real world acts of serious violence. It is often prolific consumers of extreme discourse, rather than the authors, who are more likely to engage in serious violence.
• While the volume of violent online rhetoric has increased, “awful but lawful” content represents the vast majority of violent online rhetoric and is disproportionate to concrete acts of violence or incitement that fall within CSIS’ mandate.

Advice to Cabinet

• I was assured by legal advice that the definition of threats as defined in the CSIS Act and the definition of threats as it related to the Emergencies Act could have separate interpretations given the broader context of the Emergencies Act.
• This is an important distinction to make because it defines the decision maker in the declaration of a public order emergency under the EA: it is the responsibility of the federal government to determine when a national emergency warrants the invocation of the Emergency Act, not CSIS.
• CSIS is but one among the various federal departments and agencies, whose collective advice ultimately informed the decision by the Governor-in-Council to invoke the Emergencies Act.
• Assessing national security threats in relation to the Convoy was made more challenging due to the fluid and non-homogenous nature of the protests and the scope of CSIS’ specific mandate.
• CSIS’ mandate and assessment of threats should not be interpreted as definitional of or comprising all national security concerns.

National Security Definition

• National Security is a broad concept that increasingly encompasses many aspects of Canadian life, including research security at academic institutions, impacts of climate change, economic security, the resilience of our democratic institutions, access to critical minerals, and even health security, as evidenced during the pandemic.
• There is no legislative definition of national security, and CSIS is confined to the definition of threats to the security of Canada in section 2 of our Act.
• Each member of the national security apparatus is essential in protecting Canada and Canadians through the exercise of their unique role and mandate, and coordination and intelligence sharing ensures that the breadth of national security is being considered in dynamic and evolving situations. 

POEC and DEDC Testimony

• CSIS provided volumes of documents to POEC, including an Institutional Report, and participated in classified and unclassified hearings.
• Due to the classified hearings that were held, CSIS was able to provide more information to POEC than is possible to disclose publically.
• Nevertheless, CSIS demonstrated unprecedented transparency in discussing how our investigations evolve, the state of IMVE in Canada, and CSIS’ assessment of the Convoy.
• The speed at which review mechanisms like DEDC and POEC were stood up and required to conclude their inquiries led, in some instances, to an evolution in the information provided.
• I can assure the Committee that CSIS provided all the information it assessed was possible, given Cabinet Confidences and SOIA guidelines, at any given time.
• CSIS recognizes the importance independent review plays in maintaining and strengthening Canadians’ trust in their national security institutions, which is of the utmost importance for us.

Disclosure

• As a starting point, CSIS is always looking to be as transparent as possible, both through disclosure and in our engagements with Canadians.
• There are also many situations where CSIS information must be protected to ensure the continued safety of sources, methodologies and Canadians.
• Ultimately the protection of information is always related to the potential injury to individuals and Canada’s broader national security.
• Sometimes, with the passage of time, national security injury concerns may no longer be relevant.
• In some instances, CSIS may choose to downgrade, declassify or create sanitized summaries of classified information to allow for its sharing.
• CSIS has several internal policies that guide these procedures and maintain CSIS’ obligation to protect sensitive information. 

Federal Court Decision on Emergencies Act

Key Messages

• I am aware of the recent Federal Court decision in relation to the Emergencies Act.
• The decision to invoke the Emergencies Act was taken after careful deliberation and in the interest of protecting Canadians.
• I understand that the Government of Canada disagrees with the decision of the Federal Court issued on January 23, 2024, and will be filing an appeal.
• Given that the matter will be under consideration by the court, CSIS will not comment on the specifics of the decision.

Freedom Convoy 22

CSIS mandate; s.2(c) and 2(d) definitions

• As this Committee is well aware, CSIS has the mandate to investigate threats to the security of Canada, to advise the Government on these threats, and to take measures to reduce them.
• The threats to Canada’s national security are clearly defined in section 2 of the CSIS Act and include espionage and sabotage, foreign influenced-activities, terrorism and violent extremism, and subversion.
• More specifically, section 2(c) defines them as: activities within or relating to Canada directed toward or in support of the threat or use of acts of serious violence against persons or property for the purpose of achieving a political, religious or ideological objective within Canada or a foreign state.
• And section 2(d) also defines them as: activities directed toward undermining by covert unlawful acts, or directed toward or intended ultimately to lead to the destruction or overthrow by violence of, the constitutionally established system of government in Canada.
• As such, CSIS does not investigate lawful advocacy, protest or dissent. While the internet is filled with racist, bigoted and misogynistic language and narratives, much of it falls under the category of ‘awful but lawful’.
• As you can understand, I cannot comment on specific details regarding our operations.
• What I can say is that CSIS closely monitored the opportunities the protests could have presented to IMVE actors to promote or engage in serious acts of violence in Canada.

Anti-authority movements and conspiracy theories

• The COVID-19 pandemic has exacerbated xenophobic and anti-authority narratives, many of which may directly or indirectly impact national security considerations. Violent extremists continue to exploit the pandemic by amplifying false information about government measures and the virus itself on the internet.
• Some violent extremists view COVID-19 as a real but welcome crisis that could hasten the collapse of Western society. Other violent extremist entities have adopted conspiracy theories about the pandemic in an attempt to rationalize and justify violence.
• These narratives have contributed to efforts to undermine trust in the integrity of government and confidence in scientific expertise.
• While aspects of conspiracy theory rhetoric are a legitimate exercise in free expression, online rhetoric that is increasingly violent and calls for the arrest and execution of specific individuals is of concern.
• IMVE conspiracy theories are often influenced by decentralized online trends and communities of extremist influencers who interpret local, national and international events through a radical lens.
• These broader narratives are often individualized by extremists and are impacted by perceived concerns regarding economic well-being, safety and security, the COVID-19 pandemic or other special events.

Protests and funding

• During the protests in Ottawa and across Canada earlier this year, CSIS remained committed to continue assessing threats to Canada's national security during the important operational activities underway by law enforcement partners.
• While the right to freedom of expression and peaceful assembly is an important part of our democracy, individuals are not justified in breaking the law or engaging in violence. CSIS supported the City of Ottawa and the enforcement actions being taken by the Ottawa Police Service, and their law enforcement partners.
• On financial reporting, CSIS continued to work within the parameters of the CSIS Act to support the Government of Canada in implementing measures that were in effect under the Emergencies Act.
• The Emergencies Act did not expand CSIS’ powers to investigate or take threat reduction measures. CSIS continued to work within the existing authorities of the CSIS Act.
• Under the Emergencies Act, other designated entities had expanded requirements to report to CSIS certain activities linked to designated persons. CSIS engaged with its financial partners to ensure that disclosures specifically related to its national security mandate.
• With respect to foreign sources of funding, CSIS’ mandate is engaged when funds are provided at the direction of or with the support of a foreign state or when those donating the money are doing so to support an act of serious violence or terrorism.

FC22 and way forward

• The bringing together of individuals with differing ideological motivations around a common cause is typical of the IMVE space. However, each radicalization pathway or mobilization to violence is highly individual, and discerning common features or triggers in order to predict action is a core challenge for CSIS and law enforcement partners.
• While CSIS’s work is often undertaken outside of the public eye, we are steadfast in our commitment to work in partnership with communities and individuals, alongside law enforcement, to keep them safe from threats to the security of Canada.
• CSIS works pro-actively with the RCMP, the Department of Justice and the Public Prosecution Service of Canada to align operational efforts, and seek solutions in the interest of public safety. Indeed, we have a duty to share threat-related information within the Government of Canada in order to mitigate risks to public safety.
• In addition, CSIS works closely with its domestic and international partners on understanding the evolution of the threat environment so that it is positioned to provide assessments and advice to support actions, including by law enforcement where appropriate.
• While the IMVE threats directly implicate CSIS’ mandate, there are broader strategic considerations at play. In particular, the manifestation of IMVE activities affect policy considerations related to online harms, the resilience of our democratic institutions, the security of parliamentarians, dialogue with racialized communities, and engagements on national security issues at all levels of government.

Ideologically Motivated Violent Extremism (IMVE)

Issue: What is ideologically motivated violent extremism? What is CSIS’ role and assessment of this threat?

Key Messages

• CSIS takes the long standing threats of religiously, politically and ideologically motivated violent extremism very seriously.
• The uncertain environment caused by the global COVID-19 pandemic is ripe for exploitation by violent extremists.
• It is important to understand that extremism can stem from a range of motivations and personal grievances and is driven by hatred and fear and includes a complex range of threat actors.
• IMVE can stem from a range of ideologies and is driven by hatred and fear. These ideologies can be:
  • xenophobic and linked to white supremacy or neo-Nazism, and ethno-nationalism;
  • anti-authority and targeted at governments and law enforcement;
  • gender-driven, which can lead to violent misogyny; and
  • based on other grievances without clear affiliation to an organized group or external guidance.
• Extremists draw inspiration from a variety of sources including, books music, and of course, online discussions, videos and propaganda. Those holding extremist views often attempt to create a culture of fear, hatred and mistrust by leveraging an online audience in an attempt to legitimize their beliefs and move from the fringes of society to the mainstream.
• As freedom of speech is constitutionally protected, CSIS can only investigate threat actors who meet its investigative threshold – those who are mobilizing to violence or are providing support to an act of violence, as defined in the CSIS Act.
• As such, CSIS does not investigate lawful advocacy, protest or dissent. While the internet is filled with racist, bigoted and misogynistic language and narratives, much of it falls under the category of ‘awful but lawful’.

Anti-authority movements and conspiracy theories

• The COVID-19 pandemic exacerbated xenophobic and anti-authority narratives, many of which may directly or indirectly impact national security considerations. Violent extremists continue to exploit the pandemic by amplifying false information about government measures and the virus itself on the internet.
• Some violent extremists view COVID-19 as a real but welcome crisis that could hasten the collapse of Western society. Other violent extremist entities adopted conspiracy theories about the pandemic in an attempt to rationalize and justify violence.
• These narratives have contributed to efforts to undermine trust in the integrity of government and confidence in scientific expertise.
• While aspects of conspiracy theory rhetoric are a legitimate exercise in free expression, online rhetoric that is increasingly violent and calls for the arrest and execution of specific individuals is of concern.
• IMVE conspiracy theories are often influenced by decentralized online trends and communities of extremist influencers who interpret local, national and international events through a radical lens.
• These broader narratives are often individualized by extremists and are impacted by perceived concerns regarding economic well-being, safety and security, the COVID-19 pandemic or other special events.

Gender-Driven IMVE

• Incel (involuntary celibate) ideology bears many of the hallmarks of more traditionally recognized ideologies, and from the Canadian perspective, conforms to our definition of terrorism and is considered within the general terrorism offence framework.
• Incels belong to a misogynistic community of males, who associate primarily through online platforms. Though they use a unified terminology, they are not an organized group and have no centralized structure or planning.
• Incels believe their genetics determine the quality of their life and relationships, meaning they blame their unattractive physical features for their inability to attract women. They attribute their perceived failings in life to women and society in general.
• The ideology/beliefs within the “Manosphere” (a network of online misogynistic and male supremacy communities) stretch from lawful discussion of men’s rights issues to glorification of violence and violent misogyny. Forums also fluidly combine their resentment of women with racist narratives involving immigrants and people of colour.
• Since 2014, individuals motivated, fully or in part, by Incel ideology have, through numerous attacks, killed and wounded more than 110 individuals in Canada and the United States.
• In Canada, Alek Minassian’s perception and beliefs were motivated in whole or in part by Incel ideology when he deliberately ran down pedestrians with his van, killing 11 and injuring 15. In May 2020, Toronto Police arrested a 17 year male and charged him with terrorist activity after he stabbed a woman to death and injured 2 more at a massage parlor, stating evidence showed the attack was inspired by Incel ideology.

Rise of IMVE threat in Canada

• As reported by the Security Intelligence Review Committee (SIRC) in January 2016, CSIS concluded that the extent and nature of the Right Wing Extremist (RWE) threat no longer met the CSIS threshold for investigation. As such, CSIS ended its investigation into RWE in March 2016.
• In January 2017, following the attack at the Grande Mosquée in Québec City, CSIS reopened its investigation into RWE.
• At that time, CSIS observed that the motivations behind this type of violent extremism had become more complex. Individuals were no longer influenced by a singular and definable belief system, but a range of very personal and diverse grievances.
• For that reason, CSIS took a leading role in developing an understanding and terminology that more accurately depicts the broad range of motivations behind this particular extremist threat facing Canada.
• Based on its findings, CSIS decided to stop using the terms “right-wing” and “left-wing” to define the threat. Instead, it uses ideologically motivated violent extremism – which has now been adopted by both Australia and New-Zealand.
• It is clear from the 2017 Mosque attack, the 2018 van attack, the 2020 spa attack in Toronto, and the 2021 van attack in London, that Canada is not immune to acts committed in whole or in part by IMVE.

Online threat environment

• Violent extremism online continues to represent a deeply concerning threat to public safety and a significant area of focus for CSIS, as it evolves in complexity.
• Online threats represent a modern challenge and demonstrate the clear need for CSIS to be equipped with the tools and authorities it requires in order to protect Canada and Canadians in the digital age.
• As technology and applications proliferate, extremist online collectives can replicate disinformation and interference campaigns that were once the reserve of state actors or large non-state organizations.
• Threat actors have access to a wealth of information online and CSIS has seen a surge in violent extremist content proliferating in that environment. Propaganda is easily disseminated using both mainstream and alternative media and social media platforms.
• We have seen a combination of misinformation and disinformation pollute the global information environment. This manipulation and propagation of information can erode confidence in our democratic values, institutions, and polarize societies while undermining trust in our democratically elected governments.
• Many of these platforms can be used anonymously or leverage encryption technologies to enable threat actors to conceal their identity and evade detection by law enforcement and security agencies, while spreading their message, inciting violence and recruiting link-minded individuals.
• If violent extremists are spreading propaganda online to recruit and fundraise for their cause, inspiring acts of violence or conducting a live terrorist act for an online audience, CSIS and law enforcement need to be informed of the threat and equipped to investigate and prevent further threat activity.

Protests and funding

• During the protests in Ottawa and across Canada earlier this year, CSIS remained committed to continue assessing threats to Canada's national security during the important operational activities underway by law enforcement partners.
• While the right to freedom of expression and peaceful assembly is an important part of our democracy, individuals are not justified in breaking the law or engaging in violence. CSIS supported the City of Ottawa and the enforcement actions being taken by the Ottawa Police Service, and their law enforcement partners.
• With respect to foreign sources of funding, CSIS’ mandate is engaged when funds are provided at the direction of or with the support of a foreign state or when those donating the money are doing so to support an act of serious violence or terrorism.

Terrorist listings

• Listings are an important tool for the Government of Canada and send a signal that extremist activities are not tolerated in Canada.
• CSIS is a partner in the Public Safety-led terrorist listings regime. CSIS is one of several departments and agencies charged with informing the Minister of Public Safety as to the threat that violent extremist entities may pose to Canada, from a national security perspective.
• Intelligence and evidence guide the terrorist listing process and are primary determinants for which entities are considered for listing under the Criminal Code.
• CSIS also works closely with its international partners on understanding the evolution of the global extremist landscape and emerging threat environment so that it is positioned to provide assessments and advice to support actions, including by law enforcement as appropriate.

On specific groups being investigated

CSIS does not investigate Canadians participating in lawful demonstrations or protests in Canada or elsewhere, absent other indications of threat-related activity.

As freedom of speech is constitutionally protected, CSIS can only investigate threat actors who meet its investigative threshold – those who are mobilizing to violence or are providing support to an act of violence, as defined in section 2(c) of the CSIS Act.

As you know, CSIS is limited in what it can say in an unclassified setting, and we cannot publicly comment further on operational matters and requirements.

On correctional facilities

• In 2018, CSIS and the RCMP proactively requested the Operational Improvement Review (OIR) to identify operational solutions to mitigate “intelligence and evidence” challenges.
• The OIR final report included recommendations intended to inform ongoing efforts to enhance cooperation between CSIS, the RCMP, the Department of Justice Canada, and the Public Prosecution Service of Canada (PPSC).
• Since 2018, the agencies have implemented the 76 recommendations outlined by the Operational Improvement Review.

Public Order Emergency Commission (POEC)

Issue: What did CSIS say at POEC in comparison to DEDC?

Key Messages

• CSIS welcomed the review of the Government of Canada’s decision to invoke the Emergencies Act by the Public Order Emergency Commission to ensure transparency and accountability for Canadians.
• CSIS provided volumes of documents to POEC, including an Institutional Report, and participated in classified and unclassified hearings.
• Due to the classified hearings that were held, CSIS was able to provide more information to POEC than is possible to disclose publically.
• Nevertheless, CSIS demonstrated unprecedented transparency in discussing how our investigations evolve, the state of IMVE in Canada, and CSIS’ assessment of the Convoy.
• The speed at which review mechanisms like DEDC and POEC were stood up and required to conclude their inquiries led, in some instances, to an evolution in the information provided.
• I can assure the Committee that CSIS provided all the information it assessed was possible, given Cabinet Confidences and SOIA guidelines, at any given time.
• CSIS recognizes the importance independent review plays in maintaining and strengthening Canadians’ trust in their national security institutions, which is of the utmost importance for us.

POEC Final Report

• POEC provided numerous recommendations to the Government of Canada, and CSIS has been working with partners at Public Safety to analyse these recommendations and implement best practices.
• As the report quotes, I was clear that determining a threat to the security of Canada is not an exact science and that events can deteriorate very quickly.
• The Final Report acknowledges that that CSIS had assessed that there was no threat to the security of Canada under the CSIS Act and that Cabinet was advised of this assessment.

Key Recommendations

• The POEC Final Report provides 56 recommendations, the majority of which fall into two categories: policing reform, and modernizing the Emergencies Act.
• Recommendations on policing reform focused on enhancing collaboration and clarifying distribution practices, especially relating to major events.
• Recommendation 31 of the Final Report recommended the decoupling of the CSIS Act and Emergencies Act.
• Recommendations also called for addressing cryptocurrencies and social media misinformation as it relates to online harms.

Section 2

• The Public Order Emergency Commission recommended that the incorporation by reference to section 2 of the CSIS Act should be removed from the Emergencies Act.
• I note that POEC found hinging the definition on the CSIS Act “accords outsized importance to CSIS’ determination of whether its intelligence mandate should be engaged, which is a different question.”
• In addition, Justice Rouleau noted that the threats which could constitute a public order emergency have evolved, and could take forms that do not fall under the CSIS Act’s definition.
• Separately, Justice Rouleau noted that in today’s world, public order emergencies could arise out of cyberattacks or other technological events that could not even have been envisioned when the CSIS Act was drafted.

Modernizing CSIS Authorities

Issue: What changes are necessary to CSIS’ authorities, and why?

Key messages

• The Government recently concluded public consultations on key national security legislation, including the CSIS Act.
• To be clear, the purpose of amending the Act would not be to lower safeguards, but rather to ensure CSIS has the authorities to provide timely, relevant advice in line with Government and Canadians’ expectations of their intelligence service.
• For example, our Act sets technological limitations on intelligence collection that were not foreseen by the drafters of the legislation in 1984 and limit our investigations in a modern era.
• More than ever, partners outside of the Government of Canada are targets of national security threats, and yet section 19 of the CSIS Act only allows us to provide unclassified threat overviews to external stakeholders.
• This is another example of the way in which the CSIS Act has not kept pace with the threats of today or our operational reality.
• Keeping pace on an ongoing basis with changes in the threat, technological and legal environment will ensure that we can continue to fulfill our mandate of keeping Canada and Canadians safe – and do so in a way that is consistent with Canada’s values and the trust that Canadians place in us.

Consultations

• CSIS completed comprehensive and meaningful consultations with a broad range of national security partners, and received overwhelmingly positive feedback.
• CSIS received 360 submissions to the online consultations, the significant majority of which supported amendments to the CSIS Act.
• CSIS also directly consulted 55 separate organizations and governments, as well as 10 individual academics and experts. Stakeholder consultations were overall very positive.

Oversight and Accountability

• There are multiple layers of protections already in place to ensure respect for the rights protected under the Charter:
  • CSIS is subject to all Canadian laws including the Access to Information Act, the Official Languages Act, the Privacy Act and the Charter.
  • Judicial oversight is a pillar of the CSIS Act and the Federal Court issues warrants for certain activities.
  • CSIS is accountable to Parliament through the Minister of Public Safety and specific Ministerial Direction.
  • The National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians are mandated to review the activities of CSIS and the Intelligence Commissioner must approve certain activities.
  • Finally, like other federal institutions, Officers of Parliament, including the Auditor General and the Canadian Human Rights Commission review certain CSIS activities.
• All of CSIS’ legislative proposals maintain strong protections for Canadian rights and privacy interests, in addition to continuing clear accountability to the Minister and Federal Court. 
• CSIS has made earnest efforts in recent years to build trust with communities who have felt unreasonably targeted in the past by CSIS activities.
• CSIS must appreciate the needs and concerns of the communities it seeks to protect, and maintain this trust in order to be effective in meeting its mandate.

On proposed amendments

Information sharing

Challenge:

• Many of the targets of today’s national security threats are located in Canadian cities, colleges, companies and communities.
• While national security remains very much the remit of the federal government, responding to threats in today’s environment requires collaboration across many sectors of society.
• However, as currently written, the CSIS Act does not provide CSIS with sufficient authority to disclose classified intelligence to domestic partners outside the Government of Canada.

Example:

• In practice this means that, for example, CSIS cannot provide relevant classified information to provincial, territorial, or Indigenous governments to build awareness and resilience against the covert foreign interference efforts by proxies of a foreign state.
• Prohibitions on disclosure also limit how CSIS can share relevant information with private sector and academic institutions engaged in, for example, cutting-edge bio-medical research. Such limitations prevent CSIS from directly sharing information that could help these partners build resilience to foreign interference and espionage threats.

Solution:

• An amendment to the CSIS Act in this area would enable the disclosure of information to other entities or persons, in addition to the Government of Canada, on threats to the security of Canada.
• The objective with is to help partners be more aware of the threats they face and be able to better identify specific foreign interference techniques. Partners could then integrate protective measures to make them more equipped to withstand foreign interference.

New judicial authorization suite

Context:

• As an intelligence service mandated to protect Canada and Canadians against threats to national security, CSIS is equipped with extraordinary powers.
• When CSIS has reasonable grounds to believe there is a threat to national security and has exhausted other investigative tools, it can seek a warrant for more intrusive collection.
  • This could include installing a communications intercept or seeking financial record.
  • All warrants must meet the threshold in the Act and be approved by the Federal Court.
• The CSIS Act, including CSIS’ warrant single warrant authority, was written during a time when landlines were a key method of communication, and when telephone books and pay phones were widely available and used.
  • Internet-based communications, smartphones with encrypted applications and GPS tracking were the stuff of science fiction.
• Today, digital technologies permeate every aspect of Canadians' lives. Electronic information and data have become a large and important part of national security investigations but key, and often basic, pieces of information are no longer accessible through conventional investigative techniques.

Challenge:

• CSIS currently has one kind of collection warrant it can obtain, which was designed for the most intrusive (e.g., the interception of private communications) and, therefore, it was intentionally designed to be used only when all other investigative avenues have been exhausted.
• Today, a range of activities may require CSIS to seek a warrant from the Federal Court but do not have the same privacy impact as, for example, intercepting phone calls.
  • Subscriber information – the identity behind an online account or handle – is a basic building block of an investigation and helps narrow the operational focus early. But collecting subscriber or identifying information requires the same warrant as searching a residence or intercepting phone calls.
• CSIS has no authority to seek a court order for the preservation of information that may be routinely deleted by third parties, for example financial records.
• The absence of a variety of tailored judicial warrants in the CSIS Act impedes, delays, and at times altogether halts, national security investigations. In doing so, it can diminish CSIS’ ability to protect Canadians.

Solution:

• Having more targeted warrants can ultimately be less intrusive overall, because CSIS will not need to resort to multiple other investigative techniques, over longer periods of time. It can help mitigate false starts and focus investigative resources.
• Targeted tools would still, in all instances, require CSIS to seek a warrant from the Federal Court, Ministerial approval, would be subject to external review and would be Charter compliant.
• Amendments could also enable CSIS to seek an order for the preservation of information that is held and may be deleted by a third party.
• Other amendments could enable the collection of information at earlier stages of an investigation or when the investigation requires nimbleness and it is not relying on the most intrusive investigative techniques like the interception of personal communications.

Amendment to increase the efficiency of the collection and use of data

• There is no question that in 2023, the analysis of data is vital to any organization, whether it be private industry, academia, or government institutions.
• In today’s digital world, data and data analytics are critical to CSIS’s ability to detect, investigate and respond to threats to the security of Canada.
• Some data is directly related to threats to the security of Canada – list of members of a terrorist group for example. Other data is not directly related to a threat but can assist CSIS in its investigations.
• In 2019, Parliament recognized the importance of data and introduced an authority for CSIS to collect datasets.
• Information in datasets can enable CSIS to identify victims of threat activities, exclude innocent individuals from investigations, and assist CSIS to better understand patterns of life (habits, behaviours, and daily routines) of threat actors engaged in extremism or foreign interference activities.
• Despite the clear importance of data and data analytics, CSIS’ ability to retain and use datasets under this authority has been limited by the multiple layers of complexity and strict requirements, ambiguity in the law, and the limitations on how these datasets may be used.
  • For CSIS to retain a single dataset, it could require up to five separate authorizations from the Minister, the Federal Court, and the Intelligence Committee.
  • A dataset containing thousands of records that is encrypted and in a foreign language must be evaluated within 90 days, or it must be destroyed.
  • CSIS is also unable to use Canadian datasets for investigations to support Government security screening.
• For example, applicants for certain Government of Canada jobs must provide their education and employment histories, among other information, as part of employment security screening. Efforts by an applicant to hide their links to certain institutions, such as a foreign military, can be relevant to that assessment. A dataset composed primarily of information of individuals in Canada that have studied at a university associated with a foreign military could not be used to verify this information.

Solution:

• Targeted amendments to CSIS’ dataset authority would alleviate some of the more challenging elements by, for example, permitting extensions of time to evaluate a large dataset.
• They could enable CSIS to use Canadian datasets for security screening and immigration investigations.
• Other amendments could clarify several parts of CSIS’ dataset authority, and minimize duplicative aspects. For example, CSIS could decide to keep foreign and Canadian records as a single dataset but apply the more rigorous requirements as if it were a solely Canadian dataset.

Amendment to close a gap in foreign intelligence collection

Challenge:

• CSIS is mandated to assist the Ministers of Foreign Affairs and Defence in the collection of foreign intelligence. This collection must be conducted within Canada, and cannot be directed at a Canadian.
• The “within Canada” geographic limitation restricts foreign intelligence collection in ways that could not have been foreseen in 1984, given how information today is largely digital and borderless.
• Electronic information that was previously collected in support of Canada’s foreign affairs or national defence is now frequently located outside our borders.
  • However, Federal Court decisions have made it clear that CSIS cannot collect foreign intelligence in Canada when the information is located outside of Canada.
  • The Communications Security Establishment cannot direct collection against individuals within Canada (regardless of where the information is located). This issue creates a serious intelligence gap.

Solution:

• Closing this gap is critical to supporting the Government in managing Canada’s foreign relations and national defence by understanding the capabilities, intentions or activities of foreign states or foreign individuals, who may be involved in foreign interference activities.
• CSIS could clarify CSIS authority collect, from within Canada, foreign intelligence which resides outside Canada, while still maintaining the other limitations originally intended by Parliament.

Statutory review of the CSIS Act

Challenge:

• The threat environment facing Canada is in a constant state of evolution and Canada needs to ensure it has the tools necessary to detect and address national security threats.
• Unlike the majority of Canada’s allied partners, there is no statutory requirement to review the CSIS Act on a regular basis to ensure that the Act keeps pace with technology and evolving national security threats.
• As a result, CSIS’ authorities are prone to falling out of date, leaving Canada and Canadians vulnerable.
• Better equipping CSIS to address the threats of today, but also the threats of the future is critical for protecting Canada and Canadians national security.

Solution:

• Implementing a statutory requirement to periodically review the CSIS Act to ensure that it keeps pace with technology and data, and other evolutions in the national security space, while considering the impact they have on the threats facing Canadians and Canada.
• Periodic reviews of the CSIS Act would ensure that CSIS is adapting to emerging threats and has legislative tools available to protect Canada and Canadians.
• Up to date authorities bolster CSIS and Canada’s ability to engage with allies, maintaining Canada’s reputation as a trusted partner in the fight against national security threats that more frequently cross-borders.

Foreign Interference in Canada - General

Issue: What is CSIS’ understanding of this threat?

Key Messages

• Foreign Interference is one of the greatest strategic threats to Canada’s national security because it undermines Canadian sovereignty, national interests and values.
• Foreign interference is a complex modern threat. States employ foreign interference activities against a range of Canadian interests, including the integrity of our political system and democratic institutions, economy and long-term prosperity, foreign policy and military, social harmony, and fundamental rights and freedoms.
• It is also a national threat. It targets all levels of government as well as communities across Canada.
• Foreign interference activities encompass a range of techniques, including human intelligence operations, the use of state-sponsored or foreign-influenced media, and sophisticated cyber tools.
• This threat activity has long been present in Canada, but its scale, speed, range, and impact have grown as a result of globalization and technology.
• In 2021, CSIS released a public report on Foreign Interference Threats to Canada's Democratic Process. As this report shows, foreign states and their proxies target politicians, political parties, and electoral processes in order to covertly influence Canadian public policy, public opinion and ultimately undermine our democracy and democratic processes.

Foreign Interference Manifestations

Democratic institutions

• Democratic institutions and processes, including elections, are vulnerable and valuable targets for hostile activities by state actors. Canada is not immune to these threat activities. This is not new.
• Hostile activities by certain state actors, such as the Russian Federation and the People’s Republic of China, seek to manipulate and abuse Canada’s democratic system to further their own national interests, or to discredit Canada’s democratic institutions and erode public confidence.
• Threat actors have sought to clandestinely target politicians, political parties, electoral nomination processes, and media outlets in order to influence the Canadian public and democratic processes.
• For instance, state-sponsored cyber threat actors use computer network operations to interfere with elections.

Communities

• Foreign states or their proxies have also threatened and intimidated persons in Canada, including members of Canadian communities, to attempt to influence their opinions and behaviours.

Media

• Both traditional media outlets, such as publications, radio and television programs, and non-traditional media, such as online sources and social media, can be targeted to advance a foreign state’s intent.
• Mainstream news outlets, as well as community sources, may also be targeted by foreign states who attempt to shape public opinion, debate, and covertly influence participation in the democratic process.

Countries conducting Foreign Interference in Canada

• CSIS has publically spoken about foreign interference activities in Canada by the PRC, Russia and Iran.
• The Prime Minister made allegations of potential Indian interference in the murder of a Canadians citizen on September 18^th. The involvement of a foreign government in the killing of a Canadian citizen on Canadian soil is a violation of our sovereignty.

PRC

• The Government of China is pursuing a strategy for geopolitical advantage on all fronts – economic, technological, political and military – by using all elements of state power to carry out activities that are a direct threat to our national security and sovereignty.
• This activity can occur through the foreign acquisition of and/or investment into sensitive Canadian intellectual property and technology, which may directly threaten Canada’s economic prosperity and national interests.
• The PRC will leverage every avenue and sector in Canadian society to further their strategic goals, to the detriment to Canada.

Russia

• As the Director mentioned at Stanford last week, one way Russia evades the sanctions applied by allied countries following the invasion of Ukraine is by using covert means of acquiring technology, such as the use of front companies and proxy agents.
• In CSIS’ 2022 Public Report, Russia was noted as a country that engages in disinformation campaigns as a way to attempt to sway public opinion and support in Canada on the conflict with Ukraine.

Iran

• As mentioned in our 2021 Public Report, CSIS has and continues to investigate credible reports of several Canada-based relatives of Flight PS752 victims having experienced harassment and intimidation from threat actors linked to proxies of the Islamic Republic of Iran.
• ‎Following tragic events such as the downing of flight PS752, we work with allies and other government departments. Just as important, we work with those we aim to protect.
• While we cannot comment on individual cases, Canadians and all individuals living or visiting in Canada, regardless of their nationality, should feel safe and free from criminal activity. Anyone who believes a crime is or has been committed against them or is concerned for the well-being of an individual should report it to their local police immediately.

Techniques Used to Conduct Foreign Interference

• The first and most important step you can take as an elected official is to be aware that you and your staff are of immediate and constant interest to certain hostile state actors seeking to interfere in Canada’s democratic and electoral institutions and processes. You should also be aware of how they target you and their tradecraft.
• In July 2021, CSIS released a public report on Foreign Interference Threats to Canada’s Democratic Process. If you have not already done so, I invite you to consult it.
•  A section of this report serves to inform the public of the techniques foreign states use to conduct foreign interference. They include:
  • Elicitation;
  • Cultivation;
  • Coercion;
  •  illicit and corrupt financing;
  • cyber attacks; and,
  • as well as disinformation and espionage.
• Elicitation is when a targeted individual is manipulated into sharing valuable information through a casual conversation.
  • For example, a threat actor could knowingly seek to provide someone with incorrect information, in the hope that the person will correct them. A threat actor may also share some form of sensitive information with the individual in the hopes that the individual will do the same − a technique referred to as the “give to get” principle.
  • How to avoid it: Be discreet, avoid “over-sharing”, and assume public conversations are monitored.
• Cultivation: Effective threat actors seek to build long-lasting, deep, and even romantic relationships with targets.
  • These relationships enable the manipulation of targets when required, for example, through requests for inappropriate and special “favours”.
  • Establishing a relationship first comes via cultivation, all while the threat actor’s affiliation to a foreign state is not readily known. Shared interests and innocuous social gatherings are often leveraged for cultivation, and it begins with a simple introduction with the end goal of recruitment over time.
  • How to avoid it: Be aware and keep track of unnatural social interactions, frequent requests to meet privately, out-of-place introductions or engagements, gifts and offers of all expenses paid travel, and odd attempts to seek employment with your office.
• Coercion such as blackmail and threats are two of the most aggressive types of recruitment and coercion.
  • If a threat actor acquires compromising or otherwise embarrassing details about a target’s life, they can seek to blackmail the person. Sometimes, blackmail or threats may occur after a long period of cultivation and relationship-building. A threat actor may also attempt to put someone in a compromising situation, just to blackmail the person later.
  • Threat actors may also use covert operations, such as intrusions, to steal or copy sensitive information and later use that information to blackmail or threaten the individual.
  • How to avoid it: Avoid sharing compromising details or personal information with untrusted individuals, both in-person and online. Avoid placing yourself in compromising situations, and seek assistance if someone seeks to threaten or blackmail you.
• Illicit and corrupt financing are inducements that may occur innocuously via a simple request for a favour.
  • For example, a threat actor may ask a target to “pay someone back” or relay money to a third party on their behalf.
  • Political parties and candidates may also receive funds (e.g., donations) seemingly from a Canadian, though this may have originated from a foreign threat actor.
  • How to avoid it: Be aware of inappropriate requests which involve money, and question the source of suspicious donations or “gifts”.
• Cyber attacks: Threat actors can compromise electronic devices through a range of means. Socially-engineered emails (i.e., spear-phishing emails) can trick the recipient into clicking a specific link thereby sharing details about their devices, or can potentially introduce harmful malware into their systems.
  • These cyber attacks enable threat actors to collect potentially useful information (e.g., voter data, compromising information about a candidate) that can be used in a foreign influenced operation.
  • How to avoid it: Practice good digital hygiene. Use strong passwords, enable two-factor authentication, don’t use untrusted applications, and don't click on links or open attachments unless you are certain of who sent them and why. Avoid mixing personal and professional devices.
• Disinformation: Threat actors can manipulate social media to spread disinformation, amplify a particular message, or provoke users (i.e., “troll” users) when appropriate to serve their interests.
  • A growing number of foreign states have built and deployed programs dedicated to undertaking online influence as part of their daily business. These online influence campaigns attempt to change voter opinions, civil discourse, policymakers’ choices, government relationships, the reputation of politicians and countries, and sow confusion and distrust in Canadian democratic processes and institutions.
  • How to avoid it: Be critical of what you are consuming online, careful what you share (or repost from others), and take note of unexpected online interactions.
• Espionage: While distinct threats, foreign interference and espionage are often used together by foreign actors to further their goals.
  • For instance, information collected or stolen through espionage can be very useful in planning and carrying out a foreign influence or public disinformation campaign.
  • How to avoid it: Follow security of information protocols, don’t disclose information to individuals who don’t have a reason to access it, and be discrete about how you handle sensitive information.
• If you ever feel like you or your staff are being targeted by a hostile state or state-linked threat actors, please contact us. We are here to help as much as possible, whenever we can.

Disinformation campaigns

• With regard to state-sponsored disinformation campaigns, CSIS has observed social media being leveraged to spread disinformation or run foreign influenced campaigns designed to confuse or divide public opinion, or interfere in healthy public debate.
• Foreign states attempt to manipulate social media to amplify societal differences, sow discord, and undermine confidence in fundamental government institutions or electoral processes.
• They may use a coordinated approach to amplify a single narrative while also promoting inflammatory content. Foreign states may also use cyber-enabled tracking or surveillance of dissidents, those who challenge their rhetoric, or do not support their interests in Canada.
• Such behaviour can lead to threats or blackmail if the individual fails to cooperate.
• In fulfilling our crucial mandate, CSIS developed publicly available resources on foreign interference, which were published in a range of foreign languages in order to ensure that vulnerable communities can access threat information in their language of choice.
• CSIS continues to engage with Canadian communities, advocacy groups, businesses, industry associations, academic institutions, and all levels of government (federal, provincial/territorial, municipal, and Indigenous) to ensure they are aware of the national security threats facing our country and give them the information they need to protect their interests.
• These efforts are aimed at listening, better understanding the communities that we serve, establishing trusted relationships, and conveying threat-related information to increase awareness and resilience to foreign interference in particular.

Targeting of Chinese and Asian-Canadian communities

• To be clear, the threat does not come from the Chinese people, but rather from the Chinese Communist Party and the Government of China.  China is pursuing a strategy for geopolitical advantage on all fronts – economic, technological, political, and military – by using all elements of state power to carry out activities that are a direct threat to our national security and sovereignty.
• Our cultural mosaic is all the richer because of the presence of Chinese-Canadians across Canada, in large cities and in small towns dotting every corner of this country.
• CSIS expresses sincere support for Chinese and Asian-Canadian communities who face ongoing acts of harassment and violence that have increased over the course of the pandemic.

FI on social media platforms

• Canada’s academic institutions are centres of excellence that rely on open, creative, and collaborative environments to innovate and develop understanding of critical global issues. 
• Some foreign intelligence services and government officials, including of China, exploit this culture of openness to monitor and coerce students, faculty, and other university officials.
• In some instances, students are pressured to participate in activities, such as demonstrations and reporting on other students, which are covertly organized by a foreign power. Universities can also be used as venues for “talent-spotting” and intelligence collection, in specific circumstances.
• When foreign states manipulate or intimidate Canadian community groups or students studying in Canada, these activities constitute a threat to Canada’s sovereignty and to our collective security.
• I can assure Canadians that CSIS is working diligently to protect Canadian communities as well as research and academic institutions – particularly by ensuring they understand the threat and that those at risk have the necessary tools to protect themselves.

Public Inquiry

• As with all efforts the Government has put forth, CSIS will participate fully in the Public Inquiry on foreign interference, as announced by the Minister of Public Safety and Democratic Institutions.
• CSIS is working to provide relevant documents and briefings to the Commissioner of the Inquiry, the Honourable Marie-Josée Hogue, and remains available to her and her team as the inquiry progresses.
• CSIS cooperated extensively with the independent special rapporteur and his staff as they conducted their work, providing foundational briefings on the threat and policy landscapes, in cooperation with our Government of Canada partners, and will seek to do the same with the Commissioner.

Hotlines

• As is common in large, multicultural countries, Canadian communities are subject to clandestine and deceptive manipulation by foreign states. This is foreign interference. CSIS and the RCMP actively investigate this threat to our national security.
• Both the RCMP and CSIS have phone numbers and online reporting mechanisms that are monitored 24/7 for anyone who would like to report a threat to national security, including foreign interference.
• Should individuals ever be concerned for their personal safety and security, it is essential that they contact their local police for immediate action.
• CSIS’ tip line is 613-993-9620, toll-free at 1-800-267-7685. The TTY/TDD number is 613-991-9228. The online reporting mechanism is on CSIS’ web page under Reporting National Security Information.

Religiously Motivated Violent Extremism

Issue: is CSIS still concerned about religiously motivated violent extremism?

Key Messages

• While CSIS has made IMVE investigations a priority in the last several years, this should not be understood to mean that CSIS has deemphasized its RMVE investigations.
• Religiously motivated violent extremism remains a top investigative priority for CSIS.
• CSIS is not aware of any current RMVE plots targeting Canada. That said, RMVE remains a threat to Canadian national security as attacks can be planned and executed swiftly with little warning.
• Recent acts of RMVE violence in Canada and other like-minded states have been characterized by low-sophistication, high-impact attacks, frequently targeting civilians and public spaces.
• The October 2014 attacks in St-Jean-sur-Richelieu and on Parliament Hill and the National War Memorial here in Ottawa, remind us that Canada is not immune to the threat of RMVE.
• Canadians and Canadian interests abroad have been and continue to be the targets of acts of religiously-motivated extremist violence in an ever-evolving global threat landscape.
• CSIS works very closely with the RCMP to inform possible criminal investigations or enforcement action as appropriate.
• CSIS assesses that the COVID-19 pandemic has not disrupted online RMVE narratives.
• In fact, as a result of individuals spending more time online and therefore potentially becoming more exposed to online messaging, CSIS assesses that COVID-19 has potentially increased the threat of RMVE radicalization among certain threat actors.

CSIS Screening

Issue: What is CSIS’ security screening mandate? What are the different screening authorities under the CSIS Act? What is CSIS’ role in advising Government on security assessments?

Key Messages

• CSIS’ security screening program is Canada’s first line of defence against terrorism, extremism, espionage, and proliferation.
• Upon request or referral from other departments, CSIS’ security screening mandate supports government clearance processes and immigration-related security screening.
• Each referral is reviewed by a CSIS case officer who uses their training, knowledge and expertise, as well as relevant substantiated intelligence and contextual knowledge to provide advice to the requesting department. This applies to all screening applications, including those identified as having a nexus to research security.
• High standards are applied across the board to support the integrity of these processes and to prevent national security threats from materializing.
• Though it supports an important element of the decision-making process, CSIS provides advice to requesting departments; it does not make the decision on whether to grant, deny or revoke a security clearance, nor does it determine an individual’s eligibility or admissibility to enter or gain status Canada.

Government security screening mandate

• Under its mandate for Government Security Screening, CSIS provides security assessments on individuals who seek employment with the Government of Canada.
• This advice may also be provided to some provincial governments and other organizations, when employment requires individuals to have access to classified information or sensitive sites.
• Under reciprocal screening agreements, CSIS also provides security assessments to foreign governments, agencies and international organizations on Canadians seeking to reside and work in another country.
• On request, CSIS, in conjunction with other federal partners, conducts security checks of elected officials who are being considered for appointment as ministers, parliamentary secretaries and all Order in Council appointments.

Immigration and Citizenship security screening mandate

• Under its mandate for Immigration and Citizenship screening, CSIS provides security advice on permanent resident and citizenship applicants; persons applying for temporary resident visas (whether visitors, foreign students or temporary foreign workers); and persons applying for refugee status in Canada.
• The responsibility for making a decision regarding a person’s admissibility into Canada remains with IRCC or, in the case of refugee applicants, the Immigration and Refugee Board of Canada (IRB).

Possible recourse action when a clearance is denied or revoked

• Individuals who have been denied a clearance or have had their clearance revoked can make a complaint to the National Security and Intelligence Review Agency (NSIRA).
• CSIS fully participates in the complaints process.
• Of note, NSIRA has the mandate to review and investigate public complaints related to any activities carried out by CSIS, which include security screening activities for immigration purposes.

If pressed on specific complaints:

• I cannot comment on specific complaints, due to privacy concerns and to the nature of the proceedings.

Hamas-Israel Conflict

Issue: What is CSIS’ assessment of the threat posed by the conflict between Israel and Hamas following terrorist attacks on October 7?

Key Messages

• CSIS has been and will continue to collect intelligence to inform and advise the Government of Canada and support its decision-making.
• CSIS is working in lockstep with our partners across the Government of Canada, including Global Affairs Canada, to support the Government’s response to the conflict.
• CSIS is engaging closely with key partners abroad, including our Five Eyes allies, to support the Government of Canada’s response to the conflict.