In part 3 with regard to clause 76
Activities carried out by [CSE] in furtherance of the foreign intelligence, cybersecurity and information assurance, defensive cyber operations or active cyber operations aspects of its mandate must not be directed at a Canadian or at any person in Canada.
As we know, the Internet is full of encryption; it's full of IP modifiers; it's full of virtual private networks, and on and on and on.
How will you be sure you aren't targeting a Canadian? How do you go about doing that? And here's a follow-up question, if I may, so you can answer them both. If you come across propaganda in the case of a known ISIS terrorist, and the person is spreading mass propaganda to Canadian citizens from a foreign country, would you then have to refrain from using cyber-operations and let that information get out to Canadians? How do you interpret the bill to manage that nuance?