Associate Chief, Communications Security Establishment Opening Remarks: Standing Committee on Public Safety and National Security
[Check against delivery.]
Good morning, Mr. Chair and members of the Committee.
As Associate Chief of the Communications Security Establishment, I want to thank you for the invitation to appear before you, as you continue your study of Bill C-59, including the CSE Act.
We recognize that this is an important piece of legislation and I am pleased to be in front of the committee to help explain and clarify certain aspects of it.
Why a CSE Act?
Let me begin by underscoring remarks made by Minister Sajjan when this legislation was last discussed in the House of Commons.
The Minister said: “There can be no greater obligation than to protect the security of Canadians at home and abroad. Bill C-59 would provide CSE with the authorities and tools to maintain the highest standards in security protection while adhering to the high standards of accountability and transparency”.
CSE has helped protect the security of Canadians for over 70 years – by providing critical foreign intelligence about threats to our national security and our deployed forces, and by protecting Canada’s most sensitive information and information systems.
In order to deliver on this important mandate, Governments throughout those 70 years have expected CSE to respond to the priorities of the day and ensure it stays ahead of evolving global threats and constantly changing technology. And to meet those challenges while protecting Canadians’ privacy, their rights and their freedoms.
That is what the proposed authorities and accountabilities in the CSE Act do. They would provide CSE modernized authorities to help keep Canadians and Canada safe and secure against global threats, including cyber threats, in a rapidly evolving technological world.
They would provide new accountability measures to ensure that CSE’s activities are authorized, reviewed and are as transparent as possible.
As the committee has studied this bill, a number of important questions have been raised. I would like to address a few of the more common ones.
Publically Available Information
First, I’d like to address the provision in the proposed act around publicly available information. Questions have been raised about how CSE would use publicly available information -- and what impact it would have on the privacy of Canadians.
To be clear, this provision exists only to allow CSE to conduct basic research in support of its mandate from the sort of public resources that would be available to anyone in Canada.
CSE does not, and would not use publicly available information to investigate Canadians or persons in Canada, or to build a dossier on them.
That is not our mandate, and for us, mandate matters.
The proposed CSE Act reinforces this by explicitly requiring that CSE have measures in place to protect the privacy of Canadians and persons in Canada in the use, retention, and disclosure of publicly available information.
So how would we use publicly available information?
Let me provide three quick examples -
- First, we could use it to provide general background information for a foreign intelligence or cyber security report.
- Second, we could use it to assess the nationality of an individual or organization; or
- Third, we could use it to consult technical manuals associated with new technologies or infrastructure.
Under no circumstances would CSE use this provision to acquire information that was unlawfully obtained. Hacked or stolen data would not constitute “publicly available information” under the CSE Act.
This Committee has also heard questions about the proposed active cyber operations aspect of CSE’s mandate, including questions on how they would be used and the potential impact on Canadian privacy. As this is a new authority for CSE, I want to clarify what this means.
Active cyber operations would allow CSE, within strict legal parameters and with the approvals at the highest levels of government, to take action online to disrupt foreign threats, including activities to protect our democratic institutions, to counter violent extremism and terrorist planning, or to counter cyber aggression by foreign states.
For example, CSE could use active cyber operations to prevent a terrorist’s mobile phone from detonating a car bomb. We could impede terrorists’ ability to communicate by obstructing their communications infrastructure. Or we could covertly disrupt a foreign threat actor from interfering in Canada’s democratic process.
The proposed legislation is also clear in the limits built into this authority. CSE would be prohibited from directing active cyber operations at Canadians, at any person in Canada, or at the global information infrastructure in Canada.
The Act would also require that these activities be reasonable and proportionate. It would specifically prohibit CSE from causing death or bodily harm, or wilfully attempting to obstruct, pervert, or defeat the course of justice or democracy.
Let me underscore the fundamental change in approach to Ministerial Authorizations. Bill C-59 builds on CSE’s current Ministerial Authorization regime by broadening its application and introducing new and important oversight and review functions.
Under the Act, CSE will seek a Ministerial Authorization for any activity that would interfere with the reasonable expectation of privacy of a Canadian or a person in Canada, or contravene an Act of Parliament.
For CSE’s Foreign Intelligence and Cybersecurity activities, these would be subject to approval by the Minister of National Defence and the Intelligence Commissioner.
Active and defensive cyber operations are not information collection activities. As such, they would be approved by both the Minister of National Defence and the Minister of Foreign Affairs.
All of CSE’s activities would also be subject to full review by dedicated independent review bodies.
Mr. Chair, I’ll conclude by thanking the committee for inviting me and my colleagues here today.
Thank you for your important deliberations on this legislation. We look forward to answering your questions.