Public Safety committee  We are prohibited from targeting Canadians anywhere, so if there is a direct correlation, and that activity is emanating from a Canadian's communications, it's off limits. Thank you.

Public Safety committee  Looking at terrorist activity is very much a team sport in Canada. The RCMP, CSIS, CSE, as well as others each have a role, and we work together to understand what each of us is bringing with our mandates, authorities, skills, and capabilities. In this case, it may be within the

Public Safety committee  Sure. You've referred to both the foreign intelligence mandate and the active cyber-operations aspect of the proposed authorities. I can maybe start by speaking about the foreign intelligence side. Before any activities are undertaken, there is a really robust process in place a

Public Safety committee  If you think of an active cyber-operation or a defensive cyber-operation as a plan that has been pulled together, it doesn't happen spontaneously. A lot of research and a lot of analysis have to go into getting to the point where you have an idea of what you could do online in a

Public Safety committee  The bill does not refer specifically to critical infrastructure, but I think it makes reference to non-governmental systems, which are tantamount to critical infrastructure, because as you say, our global information infrastructure is made up of public and private enterprises. I

Public Safety committee  It's a good question. As the legislation firms up and we understand what the scope is, should these authorities be granted it will be up to CSE to work with Public Safety, critical infrastructure owners, and the minister to look at where the risks are and to start designating a

Public Safety committee  On our website we do have a fact sheet that outlines the measures we take to protect privacy at the moment. As technology evolves, as information evolves, we need to make sure we are staying current and are adopting more and more effective measures to protect privacy. So they are

Public Safety committee  I would say as well—

Public Safety committee  As my colleague has already mentioned, this is not new. CSE has to take these kinds of unknown entities and elements of information and try to flesh them out to understand exactly what we're dealing with. It could be as simple as a Google search. It could be looking or working wi

Public Safety committee  Probably the best I can do to reassure you is to say that we've had a commissioner who has reviewed CSE's activities for privacy for more than 20 years. In assessing our activities and looking for privacy concerns or lawfulness, he touches on these kinds of activities, the open s

Public Safety committee  Yes, sir, in fact there's an explicit prohibition in the act that ensures that any active cyber operation is not used to pervert or obstruct the course of justice or democracy.

Public Safety committee  I am not an expert on all of our allies' authorities, but this generally brings us in line with the activities and the authorities that they have at their disposal, and positions us to be a coalition partner in various broader activities that go beyond a national scope.

Public Safety committee  Sure. I would preface this by saying that active cyber operations are meant to achieve an objective that the government has established, and that it's a team sport. That means we each are bringing our mandates, our authorities, and our capabilities to this table. It really is a

Public Safety committee  Yes, critical infrastructure is included. In the legislative proposal, CSE would receive the authority to take the skills and the technology and the capabilities that have been developed to protect Government of Canada networks and to make that advice, guidance, and those service

Public Safety committee  No. The active cyber operations directed at foreign entities outside of Canada require the approval of the Minister of Defence as well as the Minister of Foreign Affairs. Necessity, reasonableness, and proportionality are all factors they have to consider. They cannot be achieved