A group representing key Canadian businesses wants legislative changes that would allow Canada’s spy agency to share threat intelligence with companies to help them take timely protective measures.
The Business Council of Canada is also urging the federal government to borrow a U.S. idea and create a new body that would ensure the intelligence is securely and broadly shared across the Canadian economy.
Business council president and CEO Goldy Hyder argues for the new approach in a submission to a federal consultation on possible changes to the legislation governing the Canadian Security Intelligence Service.
The government says the CSIS Act does not provide the spy service with sufficient authority to disclose classified intelligence to provinces, territories, Indigenous governments or municipalities.
It says the prohibitions on disclosure also limit how CSIS can share relevant information with private sector and academic institutions.
Proposed revisions would allow CSIS to share information on threats to the security of Canada beyond the federal sphere, with the aim of increasing awareness and resiliency.
The idea may be gaining support in government and business circles, but it is also stirring concern among civil libertarians who fear inappropriate disclosure of sensitive information about people under CSIS scrutiny.
The government says any broader authority for CSIS to disclose information would be accompanied by measures to safeguard privacy protections.
In his letter to Public Safety Minister Dominic LeBlanc, Mr. Hyder says council members increasingly find themselves in the crosshairs of malicious actors seeking to undermine Canadian livelihoods through sabotage of critical infrastructure, disruption of vital supply chains or theft of proprietary information.
“The nefarious methods employed by these actors are wide-ranging, from the use of foreign intelligence officers and corporate insiders to state-affiliated hackers and seemingly benign joint ventures,” says the letter, which the council shared with The Canadian Press.
The consequences are diminished economic growth and competitiveness, leading to the loss of well-paying jobs, foregone tax revenues and weakened competitive advantage in advanced industries, adds the council, composed of chief executives and entrepreneurs of leading Canadian enterprises.
“Government-produced threat intelligence is of increasing value to companies combatting malicious actors,” says the letter.
Mr. Hyder notes that CSIS can share information in specific circumstances, under its threat reduction mandate, to alert a targeted company about a security event.
“This means of communication – a legislative workaround not designed for sharing threat intelligence with the private sector – is deeply flawed,” the letter says. “The restrictive nature of the regime means that these authorities are rarely used.”
In addition, such an alert arrives only after a threat has materialized, it adds.
“With new threat intelligence sharing authorities, CSIS could communicate more specific and tangible information with Canadian companies,” Mr. Hyder writes. “This would give business leaders a clearer understanding of the threat’s nature, as well as the protective measures that could be taken to better safeguard their employees, customers, and the communities in which they operate.”
Mr. Hyder contends it would also help CSIS build greater trust with the private sector, and encourage business leaders to share more with the government about the threats they are seeing.
The business council calls for creation of a formal threat intelligence exchange akin to the U.S. government’s Domestic Security Alliance Council, a partnership between 700 strategically important American corporations, the Federal Bureau of Investigation and the Department of Homeland Security.
The business council says member companies in the U.S. alliance benefit from direct engagement with senior FBI and DHS leaders, tailored threat intelligence from these agencies and access to a members-only network where private-sector and government officials collaborate, resolve problems, and exchange best practices.
CSIS, Public Safety Canada and the Canadian private sector are well placed to build and operate a similar threat intelligence exchange, the business council says.
There is value in ensuring security threats are addressed promptly rather than in a reactive way, said Tim McSorley, national co-ordinator of the Ottawa-based International Civil Liberties Monitoring Group, which brings together unions, professional associations, faith groups, environmental organizations and human rights advocates.
“There needs to be a broader debate about this,” Mr. McSorley said.
However, the group is not persuaded that allowing access to classified information in private briefings “is the best way to go.”
Indigenous and environmental activists have come under the lens of security agencies while organizing to protecting natural spaces and treaty rights, Mr. McSorley said. As a result, allowing CSIS to share information with the private sector could lead to more such targeting of communities that have legitimate concerns.
In addition, he said, some intelligence about alleged terrorists has turned out to be wrong over the years – more in service of security agencies’ concerns than the goal of “protecting the rights of Canadians and ensuring their safety.”