New spy powers must be debated
It’s hard to imagine that Canada the Good would ever engage in cyberattacks that could sabotage foreign states and people, as the Russians allegedly did during the 2016 U.S. election campaign.
But that is an alarming scenario raised by the University of Toronto’s Citizen Lab about new powers that are proposed in Bill C-59 for the Communications Security Establishment.
The lab, based at the Munk School of Global Affairs, studies how communications technologies affect human rights and global security. It raises the concern in a 90-page report that zeroes in on how Bill C-59 will affect the CSE, Canada’s spy agency which focuses on electronic communications.
Lex Gill, one of the authors of the report, says the new powers could normalize state-sponsored hacking and disinformation campaigns.
And she poses this dilemma: “The open question (is) whether or not affording the (CSE) these types of capabilities will contribute to Canada’s security interests or undermine them.”
If, indeed, the lab’s analysis is correct, parliamentarians tasked with studying the bill must raise very pointed questions as the bill winds its way through the amendment and approval process.
The biggest one is whether Canadians want this country to be engaged in such nefarious activities at all.
“By creating a climate which normalizes these types of activities . . . we’re accepting as Canadians that we think that these types of operations are OK,” Gill points out. That is a very big leap for the government to take. Indeed, the Citizen Lab report says under the proposed legislation the CSE will be limited “only by their imagination” in coming up with new cyber attacks and espionage campaigns.
Among the activities the CSE could engage in, the report says, are: mass dissemination of false information, impersonation, leaking of foreign documents in order to influence political and legal outcomes, disabling account or network access, large-scale denial of service attacks, and interference with the electricity grid.
It can’t engage in these attacks willy-nilly. Under the proposed legislation, the CSE would require approval from both the minister of national defence and the minister of foreign affairs to launch a cyber attack.
Still, offensive cyber-operations would not require judicial approval or oversight, such as the sort of warrants police need for certain invasive operations. Nor would these activities even require the approval of the proposed new independent intelligence commissioner, the report says.
Why, one wonders, should these new powers be exempt from the democratic oversight the Trudeau government so often posited as key to rebalancing the Harper government’s draconian security policy?
Canada should of course want to make sure it can protect itself from cyberattacks and other forms of sabotage. And the security establishment will always want new powers to make their important and increasingly difficult job easier.
But making things easier for the security establishment is not, on its own, enough to guide policy. Lawmakers must determine whether the suggested new powers are necessary and proportionate, whether they are constitutional, whether sufficient oversight and safeguards exist and whether, on balance, they would strengthen our security or weaken it.
In the New Year, the House of Commons’ national security committee will be studying Bill C-59. It will have to take great care in answering these questions. It is, after all, much easier to provide new powers to police or security agencies than it is to take them away.
The Harper government’s Bill C-51, which the Liberals’ C-59 aims to rein in, failed to reflect the difficult balance required of good security policy. The Trudeau government, in its important effort to correct the mistakes of its predecessor, should be careful not to fall into the same trap.
Bill C-59 could normalize state-sponsored hacking and disinformation campaigns, university organization warns