I think that's the right standard. It's hard to imagine that having the name of a vendor would undermine national security, despite the protestations we heard yesterday.
Moving to the core issue, we've talked about the nature of the tool and how expansive it is with respect to collecting data, but I want to take a slightly different tack, Mr. Therrien, because what these tools tend to do and what makes them demonstrably different from other tools is they take advantage of and exploit an existing vulnerability in the technology as it is. You have law enforcement that is exploiting a vulnerability, and that vulnerability affects all Canadians fundamentally, because that vulnerability is on all devices.
Isn't there an argument that law enforcement should be identifying that vulnerability and then letting the company know about the vulnerability such that it's fixed on all of our devices?