Essentially proposed subsection 24(4) constitutes that, for greater certainty, it is possible legally for the CSE to acquire information incidentally in the course of its properly authorized foreign intelligence and cybersecurity conduct. That incidentally acquired information would presumably then be pulled into the retention rules and how you're supposed to govern that information. There are provisos about protecting the privacy of Canadians.
The other aspects of proposed section 24 are a little bit different. If you'll forgive me, I'll just comment on those. The other ones allow the service—notwithstanding the general admonishment that it's not supposed to direct its activities at Canadians or persons in Canada—to overcome that barrier for certain limited reasons, for research, for instance.
The issue then for me is what happens to the personal information that might be acquired over the course of that authorized conduct. How is that information going to be dealt with? Is there a requirement that it be expunged or be deleted, if done for research purposes? Are there other safeguards in place?