Certainly, we know that allied intelligence agencies have engaged in the past in activities meant to interfere with or undermine encryption on anonymity tools. I think we should be concerned about those types of operations, not just in the course of the testing and infrastructure information aspects under proposed section 24, but more generally in the pursuit of the foreign intelligence mandate. Encryption and anonymity tools are vital to protecting the safety of Canadians and persons in Canada as well as Canadian infrastructure. We should be concerned if CSE ends up inadvertently working at cross-purposes by interfering with the very tools designed to protect us.
I would also raise something that's been raised in the past, which is that there's no public framework for disclosing vulnerabilities. While CCLA doesn't have a concrete position on that yet, it is an open issue, from our perspective.