Here's a simplistic but useful metaphor for fighting terrorism in the 21st century: To find a needle in a haystack, i.e., a suicide bomber planning an attack on innocent civilians, first you need a haystack.
The haystack is bulk data – communications metadata, travel information, passport data, law enforcement wiretaps and arrest records, financial transactions, information harvested from social media, and so on.
It was bulk data that allowed British intelligence services in late 2004 to take a tip about a potential suicide bombing that pointed to 27,000 potential candidates, and methodically eliminate suspects until there was only one left. The bombing was prevented.
"Without the haystack, one cannot find the needle," said an official in the British spy agency, MI5, coining a phrase.
Was it worth it? Many would doubtlessly agree that it was. Innocent lives were protected, and British spies did what they are paid to do, which is keep citizens safe.
But where Britain has come to terms with the collection of bulk data by intelligence services, and is willing to own up to it, in Canada we have still not yet had a grown-up talk about this vital issue.
Our main intelligence agency, CSIS, is strictly limited by the law and the courts when it comes to collecting bulk data. It is also closely monitored by outspoken privacy advocates and government privacy commissioners, with the result that there is a great deal of public suspicion about data collection.
It hasn't helped that CSIS was found to have "breached its duty of candour" to Federal Court of Canada judges more than once. It was only last year that the agency was forced to acknowledge the existence of the Operational Data Analysis Centre (ODAC), in which unknown amounts and types of data have been stored for years.
The bottom line is that we know little about our government's data-collection practices. And yet it is critical that we do, so that we can answer the essential question: Is the real threat the needle, or the haystack?
In other words, is the mass collection of data about our personal lives, up to and including medical data, by CSIS, an acceptable price for stopping a terrorist attack? Or is protecting citizens from the prying eyes of government more important?
There is no question that the collection of data from people who are not terrorist suspects is a violation of their privacy. Liberal democracies should not have vast stores of information about its citizens that can be shared across departments. The risk of its politicization is too great, which is partly why the act that created CSIS in 1984 limited its gathering of intelligence to that which is "strictly necessary."
No one wants a Stasi-type secret service monitoring the thoughts of citizens. That's what happens when the haystack falls into the wrong hands.
But Britain has decided that it can collect mass amounts of anonymous data of all types, and limit any invasion of privacy by making the data available to analysts, and attaching names to it, only when a legitimate threat is identified.
MI5 argues that only a tiny fraction of the bulk data is ever examined. Furthermore, the data collectors are obliged to report to Parliament annually about their activities.
Would such a framework make sense for Canada? We don't know, because we haven't had the discussion. The controversy surrounding the Harper government's Anti-terrorism Act, a.k.a. Bill C-51, which the now-ruling Liberals supported but promised to amend, has made privacy a politically toxic issue.
Politicians have shied away from the subject, while privacy advocates, and this page, have warned loudly of the dangers of bulk data collection, and of the fraught issues that arise out of allowing government departments to share information in the name of defending against vaguely worded threats.
But meanwhile CSIS just keeps doing what comes naturally to it, which is to try to collect as much intelligence as possible so that it can never be accused of failing in its mission.
The Globe and Mail reported on Monday that CSIS has been discussing since 2012 its desire to increase its stores of bulk data. It wants that larger haystack, and it has a point. Much has changed since CSIS came into being 33 years ago. Digitized information that can be rapidly searched has revolutionized the spy game.
This is the moment, then, to have the discussion this country needs to have. Instead of allowing everyone to retreat to their corners, the Trudeau government should face this new era of Canadian intelligence-gathering head on. Tell us exactly what is being collected and how. Tell us how the government intends to balance Canadians' privacy rights with their expectation of being kept safe from terrorist threats by agents using the latest tools.
We're grown-ups. We can handle it.
Editor's note: An earlier version of this editorial incorrectly said CSIS has misled Parliament more than once. In fact, CSIS has been found to have "breached its duty of candour" to Federal Court of Canada judges more than once. This version has been corrected.