Cyberspies defend expanded powers
OTTAWA • A senior official from Canada’s cyberspy agency says proposed new powers would allow it to stop a terrorist’s mobile phone from detonating a car bomb, block the ability of extremists to communicate, or prevent a foreign power from interfering in the country’s democratic process.
A Liberal bill would help the Communications Security Establishment counter various forms of cyberaggression and violent extremism, Shelly Bruce, associate chief of the CSE, told a House of Commons committee studying the legislation.
A December report by leading Canadian cybersecurity researchers said there is no clear rationale for expanding the CSE’s mandate to conduct offensive operations.
It said the scope of the planned authority is not clear, nor does the legislation require that the target of the CSE’s intervention pose some kind of meaningful threat to Canada’s security interests.
Bruce stressed the proposed legislation contains safeguards that would prohibit the agency from directing active cyberoperations at Canadians. It would also forbid the CSE from causing death or bodily harm, or wilfully obstructing justice or democracy.
The Ottawa-based CSE intercepts and analyzes foreign communications for intelligence of interest to the federal government. It is a member of the Five Eyes intelligence alliance that also includes the U.S., Britain, Australia and New Zealand.
The Liberal bill provides a statutory mandate for the highly secretive agency, which traces its roots to 1946, while giving it new muscle to conduct both defensive and offensive cyberoperations.
The powers would help keep Canadians safe against global threats, including cyberthreats, in a rapidly evolving technological world, Bruce said during the committee meeting.
She provided some concrete examples of how the CSE might use its new offensive capabilities — with input from other federal officials as well as accountability measures in the new law to prevent abuse.
“Active cyberoperations are meant to achieve an objective that the government has established and that’s a team sport,” she cautioned.
Bruce said a cyberoperation could be aimed at interrupting communications of an extremist group like the Islamic State of Iraq and the Levant “in a way that would stop attack planning before things reach a crisis pitch.”
Bruce tried to allay concerns about how the CSE would use publicly available information under the new legislation and what effect this might have on the privacy of Canadians.
CSE would carry out “basic research” from the sort of public resources available to anyone in Canada, Bruce said. “CSE does not, and would not use publicly available information to investigate Canadians or persons in Canada, or build dossiers on them,” she said.