POLITICS

Liberal Government's New Security Legislation Lets Spy Agency Launch Cyberattacks

06/20/2017 04:38 EDT | Updated 06/20/2017 19:53 EDT
Sean Kilpatrick/The Canadian Press

OTTAWA — Canada is going all-in when it comes to cyberwarfare.

Weeks after giving the military permission to start developing cyberweapons and other offensive capabilities, the Trudeau government wants to issue a similar directive to Canada's electronic spy agency.


New national security legislation unveiled by the Liberals on Tuesday would, among other things, let the Communications Security Establishment launch cyberattacks against foreign targets.

Those would include potential threats ranging from hackers and terrorists to countries and governments.

The 70-year-old agency's existing mandate includes protecting computer systems that are deemed critical by the federal government, and only allows for the collection of information from foreign targets.

Those responsibilities would continue under the proposed legislation.

The changes being introduced by the government are necessary to protect Canada in the 21st century, Defence Minister Harjit Sajjan, who is responsible for overseeing the agency, told a news conference.

New powers will come with balances: Goodale

"Currently we only have a defensive shield," he said. "We have to wait to be hit."

The spy agency is also being tapped to help the Canadian military when it comes to developing the latter's ability to fight online, which was included as part of the Liberal government's recently released defence policy.

Taken together, the new measures for CSE and the military mark Canada's entrance into a new realm of warfare — a realm many of its allies already inhabit but which remains extremely complicated and in flux.

They also come days after the CSE warned that cyberthreats to the democratic process around the world are on the rise, and that Canada faced the risk of cyberattacks during the next federal election in 2019.

Public Safety Minister Ralph Goodale, who introduced the proposed legislation, said the government is matching the new powers being given to CSE with additional checks and balances.

'We can't outline a lot of the work that is being done'

Offensive operations will need advance approval from the defence minister and a new intelligence commissioner, while a new committee will review the actions of CSE and several other agencies each year.

The electronic spy agency will also be forbidden from targeting Canadians or anyone in Canada, except when it comes to collecting or analyzing information for another government department with a warrant.

CSE will be allowed to keep information that it obtains "incidentally" — data that was not expressly sought, but obtained in the process of targeting a legitimate target.

That could stoke concerns about the privacy of Canadians given the CSE's expanded mandate and revelations, exposed by Edward Snowden in 2014, of the widespread nature of electronic spying globally.

ralph goodale

Public Safety Minister Ralph Goodale said any powers being given to the Communications Security Establishment will come with additional checks and balances. (Photo: The Canadian Press)

One key question is the degree to which Canadians will be notified about what sort of cybermeasures the spy agency and military are engaged in, including attacks on extremist groups and other countries.

Sajjan acknowledged that actual details of any attack will likely be extremely scarce for the public.

"Just like any other type of operation, it goes through a very strict process and obviously for national security reasons, we can't outline a lot of the work that is being done," he said.

"I think Canadians do understand that."

NDP public safety critic Matthew Dube said he was worried the safeguards built into the legislation wouldn't be enough to ensure CSE's new powers were being used appropriately.

"The government must explain how they intend to prevent the leaking of cyberweapons into the wrong hands," he added, "as we saw last month with the global attack based on a vulnerability stolen from an NSA stockpile."

Hackers reportedly stole a large amount of cyberweapons from the NSA in April, one of which was later used in May to launch the WannaCry attack, which struck different parts of Europe and Asia.

Also on HuffPost

Trudeau Government's Broken Promises (So Far)