Thank you.
Mr. Chair, distinguised members of the committee, As associate chief of the Communications Security Establishment. I want to thank you for the invitation to appear before you, as you continue your study of bill C-59, which sets out the Communications Security Establishment Act.
I am pleased to be here today to clarify and explain certain aspects of this important piece of legislation.
Let me begin by underscoring remarks made by Minister Sajjan when this legislation was last discussed in the House of Commons. The minister said:
There can be no greater obligation than to protect the security of Canadians at home and abroad. Bill C-59 would provide CSE with the authorities and tools to maintain the highest standards in security protection while adhering to the high standards of accountability and transparency.
CSE has helped protect the security of Canadians for over 70 years by providing critical foreign intelligence about threats to our national security and our deployed forces, and by protecting Canada's most sensitive information and information systems. In order to deliver this important mandate, governments throughout those 70 years have expected CSE to respond to the priorities of the day and to ensure that it stays ahead of evolving global threats and constantly changing technology—and to meet those challenges while protecting Canadians' privacy, rights, and freedoms. That is what the proposed authorities and accountabilities in the proposed CSE act would do. They would provide CSE modernized authorities to help keep Canadians and Canada safe and secure against global threats, including cyber-threats, in a rapidly evolving technological world. They would provide new accountability measures to ensure that CSE's activities are authorized, reviewed, and are as transparent as possible.
As the committee has studied this bill a number of important questions have been raised. I would like to address a few of the more common ones now.
First, I'd like to address the provision in the proposed act around publicly available information. Questions have been raised about how CSE would use publicly available information and what impact that would have on the privacy of Canadians. To be clear, this provision exists only to allow CSE to conduct basic research in support of its mandate from the sorts of public resources that would be available to anyone in Canada. CSE does not and would not use publicly available information to investigate Canadians or persons in Canada, or build dossiers on them. That is not our mandate, and for us, mandate matters.
The proposed CSE act reinforces this by explicitly requiring that CSE have measures in place to protect the privacy of Canadians and persons in Canada in the use, retention, and disclosure of publicly available information.
How would we use that publicly available information? I can provide three quick examples. First, we could use it to provide general background information for a foreign intelligence or cyber-security report. Second, we could use it to assess the nationality of an individual or organization. Third, we could use it to consult technical manuals associated with new technologies or infrastructure.
Under no circumstances would CSE use this provision to acquire information that was unlawfully obtained. Hacked or stolen data would not constitute publicly available information under the CSE act.
This committee has also heard questions about the proposed active cyber-operations aspect of CSE's mandate, including questions on how they would be used and the potential impact on Canadian privacy. As this is a new authority for CSE, I want to clarify what this means. Active cyber operations would allow CSE, within strict legal parameters and with approvals at the highest levels of government, to take action online to disrupt foreign threats, including activities to protect our democratic institutions, to counter violent extremist and terrorist planning, or to counter cyber-aggression by foreign states. As examples, CSE could use active cyber operations to prevent a terrorist's mobile phone from detonating a car bomb; we could impede terrorists' ability to communicate by obstructing their communications infrastructure; or we could covertly disrupt a foreign threat actor from interfering in Canada's democratic processes.
The proposed legislation is also clear in the limits built into this authority. CSE would be prohibited from directing active cyber operations at Canadians, at any person in Canada, or at the global infrastructure in Canada. The act would also require that these activities be reasonable and proportionate. It would specifically prohibit CSE from causing death or bodily harm, or wilfully attempting to obstruct, pervert, or defeat the course of justice or democracy.
Let me underscore the fundamental change in our approach to ministerial authorizations.
Bill C-59 builds on CSE's current ministerial authorization regime by broadening its application and introducing new and important oversight and review functions. Under the act, CSE will seek a ministerial authorization for any activity that would interfere with the reasonable expectation of privacy of a Canadian or a person in Canada, or contravene an act of Parliament.
For CSE's foreign intelligence and cyber-security activities, these would be subject to approval by the Minister of National Defence and the intelligence commissioner. Active and defensive cyber operations are not collection activities and cannot be directed against Canadians or persons in Canada. As such, they would be approved by the Minister of National Defence and the Minister of Foreign Affairs. All of CSE's activities would also be subject to full review by dedicated independent review bodies.
Mr. Chair, I'll conclude by thanking the committee for inviting me and my colleagues here today to testify.
Thank you for your important deliberations on the Communications Security Establishment Act. We look forward to answering your questions.
Thank you.