On that, I would say two things, sir.
One is that the Canadian federal government is in a good position in terms of data security protection, in the sense that it is able to call in the services of the Communications Security Establishment, which is well regarded as a cybersecurity organization.
The question then becomes the fit between what are going to be called the CSE's defensive cyber-operations and the CBSA's capability to lock down its data. We have that advantage. In part this is why I would encourage the committee to at some point take a close look at CBSA. If you look back at previous reports of Auditors General over a number of years, you'll see that CBSA has struggled with its electronic data and data systems, both at the border and at headquarters. It's not clear to me whether they've overcome those struggles or whether those struggles are going to become only worse as they're flooded with this kind of information.
I don't have an expert view at all on how well they're going to be able to manage that data flow. It's been tested to some degree, but not fully. I think it's certainly something that needs to have a watch kept on it. That's partly why, in addition to encouraging the committee to look specifically at CBSA, which is probably the fastest-growing, most expansive security and intelligence agency in the Canadian government, I would also encourage thinking around Bill C-21 that would require annual reporting on the impacts of the bill.