I'm confused. Again, proposed subsection 24(1) says, “Despite subsections 23(1) and (2)”, which are the sections that specifically say no activities against Canadians and persons in Canada. I don't want to rehash what we've already had a lot of back and forth about over the course of the study of this bill. I'm just wondering if you're not exploiting vulnerabilities.
How then do you go about research and development for the purpose of testing systems or conducting cybersecurity information assurance activities on the infrastructure without inevitably creating a strain on those systems? How do you measure...? You can't measure the strength of a bridge until someone has actually driven over it.