Canada’s national security architecture is about to undergo a major demolition and rebuild this summer, now that C-59 has received royal assent.
The bill — which, after two years, passed through both houses of Parliament this week — gives Canada’s signals intelligence agency new powers, although most of its new authority will come into force down the road.
Once the prime minister and cabinet issue an order, the Communications Security Establishment will be permitted under C-59 to launch cyberattacks (also called “active cyber operations”) for the first time in Canadian history.
Such cyberattacks could be used to stop a terrorist’s cellphone from detonating a car bomb, for example, or to impede a terrorist’s ability to communicate with others by obstructing communication infrastructure, according to the Department of Public Safety.
“You don’t need to do things that are Hollywood scenarios to actually achieve a great outcome and still be lawful in doing so,” said a government official, speaking to reporters earlier this week on background.
In order to launch a cyberattack, CSE would first need to obtain clearance from both the ministers of national defence and foreign affairs, among other conditions. It also would need authorization from the defence minister for any defensive operations.
“We’re not going to start hacking things right away,” said Stephanie Carvin, a former analyst for CSIS and an assistant professor of international affairs at Carleton University.
CSE is explicitly prohibited from directing its foreign intelligence, cyber security and foreign cyber operations at Canadians.
New ‘super-watchdog’ coming
The bill also tasks a new intelligence commissioner with overseeing espionage activities and sets up a watchdog — the National Security and Intelligence Review Agency — to keep tabs on the agencies dealing with national security: the Canadian Security Intelligence Service, the Royal Canadian Mounted Police, the Communications Security Establishment and the Canada Border Services Agency.
Government officials said it could take between six months and a year to set up the agency. Officials said they’re confident it wouldn’t take as long to set up the commissioner’s role.
“This is why some of us were so concerned, because the election is coming up and we need the CSE and CSIS working on things like election security. Just because you’ve passed Bill C-59, that’s step one,” said Carvin.
A cabinet order will be needed to give the Canadian Security Intelligence Service the authority to collect, retain and use datasets — electronic archives of information.
Civil liberty groups have warned that section of C-59 dealing with CSIS and datasets has the potential to usher in mass surveillance.
“Once again, Canadian lawmakers have failed to act to ensure that national security laws do not come at the cost of privacy, free expression, due process and government transparency,” said Tim McSorley, national co-ordinator of the Ottawa-based International Civil Liberties Monitoring Group.
“The national security field is an opaque one, and staying informed of all the negative consequences of this bill will be difficult.”
McSorley said he also sees the potential for problems in a section of the bill granting immunity to CSIS employees if they break certain laws in the course of their work. (RCMP officers already are covered by this type of legislation during investigations.)
Some sections of the bill kicked in immediately after royal assent, including tweaks to CSIS’s ability to actively disrupt terror plots.
Changes to the Criminal Code to revise the offence of counselling terrorism also take effect immediately.
Bill C-59 also addresses the plight of individuals — some of them children — who are falsely flagged as being on the ‘no-fly list” by including changes to the protection program. The government is still working out the details of that portion of the bill.
The Liberals are promising to introduce a redress system for people falsely flagged by the no-fly list sometime next year.