Sir David Omand is a visiting professor in the War Studies Department King's College London, a member of the CIGI-Chatham House Global Commission on Internet Governance.
Concerns that two of Canada's intelligence agencies, the Communications Security Establishment (CSE) and the Canadian Security Intelligence Services (CSIS), broke the rules by sharing intercepted data with Canada's allies, will further spur public debate about how to strengthen public oversight and accountability mechanisms for Canada's intelligence gathering agencies. Since the revelations of Edward Snowden that authorities can access personal communications from mobile devices and computers, the public the world over has become sensitized to issues of online privacy.
At the same time, terrorist atrocities have continued. The murder in Burkino Faso of six Quebeckers along with many others follows the 2015 Paris attack on journalists working for Charlie Hebdo, on a Jewish synagogue, on British and other European tourists murdered on a Tunisian beach, the downing of a Russian airliner, the Bataclan theatre massacre in Paris, and the San Bernardino killings. The Internet is filled with ultra-violent jihadi images from Syria. Criminal activities of human traffickers result in refugees being drowned trying to reach Europe. Every week brings new cyber attacks on our financial system and infrastructure. Presidents Assad and Putin remind us of the dangers that authoritarian regimes can pose.
The year 2016 must be one of reconciliation in which democracies work out a social compact to allow their authorities lawfully to obtain the digital intelligence needed to keep us safe and secure, but under strong safeguarding norms of proper behaviour towards information on the Internet that ensure respect for our rights to privacy and free speech. One norm should be to have independent judicial and parliamentary oversight of intelligence activity towards which Canada seems to be moving under the leadership of Ralph Goodale, Minister of Public Safety. Another norm should be commitment by nations to do nothing that might weaken the security of the systems upon which the Internet relies and might reduce our confidence in it as a secure medium to do business.
An interesting early test case is the United Kingdom. The U.K. Parliament has now embarked on scrutiny of a comprehensive Investigative Powers Bill placing all forms of digital intelligence gathering by the British authorities, inside and outside the country, under the rule of law, providing for judicially approved warrants after examination of the necessity and proportionality of the case for the activity, and strengthening oversight. It does not include "back-door" provisions to weaken encryption, which the intelligence agencies did not ask for, but powers are sought to have Internet communications records retained for a year by the companies. A question still to be answered is how far the Internet companies (many of course giant American corporations) will co-operate with governments like the U.K. to provide the police and intelligence agencies with information on the communications of their suspects. Not all companies may for commercial and technical reasons feel able to retain the data that long, but most I suspect want to help the fight against terrorism and serious crime, such as child abuse, but only with a clear legal route as provided for in the U.K. Bill.
The U.K. government seems to have taken to heart the judgments of the British Courts and other independent reviews that GCHQ (the British partner of CSE) does conduct all its activities within U.K. law, but the way the law was being applied in the past was, to put it mildly, obscure to the public. A U.K. court therefore ruled the British government had not met the proper standard of the rule of law, under which citizens must be able to understand how the law bears on them. The comprehensive bill now under parliamentary scrutiny is the result, a gold standard in terms of transparency.
We will need to wait to see whether police and intelligence agencies working under such strict conditions, and with both parliamentary and judicial oversight, can actually acquire the pre-emptive intelligence needed to keep the public safe and secure. Previous generations of intelligence officers might have doubted this was possible. I know that the present generation of intelligence leadership is determined to make it work. For all our sakes, we must hope they succeed.
Sir David Omand is a former director of GCHQ, the UK signals intelligence and cyber security agency.