If you think of an active cyber-operation or a defensive cyber-operation as a plan that has been pulled together, it doesn't happen spontaneously. A lot of research and a lot of analysis have to go into getting to the point where you have an idea of what you could do online in a defensive or disruptive action.
The information that leads up to that plan, that informs that plan, is going to be the information that is pulled together through our foreign intelligence mandate and by understanding the players and the infrastructure that are involved. It could be from our cyber-defence mandate and understanding how the Internet works and which servers are configured in which way and how they interact.
It would have to be a very well-informed, thought-through plan in which you'd look at downstream implications. The intelligence commissioner is working at the beginning of those processes and helping to ensure that the ministerial authorizations that are allowing us to gather that information are sound, reasonable, and proportionate, in addition to all of the measures that go into it. We have protections for privacy in that space as well.