I would love to. Thank you for the opportunity.
The question was about how Canada's cybersecurity can be improved. I would like to draw the committee's attention to the active and defensive cyber-operations aspects of CSE's mandate, that have been added in proposed sections 20 and 19 respectively. It's our position that the inclusion of these two aspects and the activities that come along with them may actually run counter to Canada's broader security interest.
I would draw the committee's attention in particular to the short list of prohibited conduct in proposed section 33. I think there are at least three fundamental problems with that proposed section. The first issue is that, for reasons that are not clear to us, the explicit limitations for prohibited conduct apply only to authorizations issued under the defensive and active cyber-operations component of the mandate and not to the rest of CSE's activities.
The second issue is that neither “justice” nor “democracy” is defined in the act, leaving the limitation about interfering with the course of justice and democracy vague and open to perhaps creative interpretation.
The third problem is that this short list of prohibited conduct, from our perspective, is radically under-inclusive, and at minimum the committee should compare the list with that in proposed subsection 21.1(1.1) of the CSIS Act with that in proposed subsection 33(1). We are concerned about the broad scope of potential activities that CSE would be able to conduct under these aspects of the mandate. We're not convinced that they've been appropriately justified.