Canada’s Electronic Spies Unleashed

Canada’s electronic spies will be limited “only by their imagination” in coming up with new cyber attacks and espionage campaigns under proposed legislation, a new report warns.

The national spy agency  Communications Security Establishment will be able to select targets and launch cyber attacks with little “meaningful” oversight, according to an analysis of Bill C-59 by the University of Toronto’s CitizenLab.

Bill C-59 “affords the CSE the ability to engage in a vast range of un-enumerated and deeply problematic activities with the potential to seriously interfere with charter-protected rights and freedoms,” the report, made public last month, reads.

Bill C-59 proposes to give CSE, for the first time in the agency’s postwar history, the explicit power to conduct cyber-attacks and sabotage against foreign states and people. Until now, the secretive agency has been limited to intelligence gathering, defending government networks, and assisting law enforcement.

The proposed powers are broad. The bill explicitly prohibits CSE from causing death or bodily harm, and from obstructing or perverting “justice or democracy.”

That leaves a very long list of permitted activities, the researchers note: 

“From mass dissemination of false information, to impersonation, leaking foreign documents in order to influence political and legal outcomes, disabling account or network access, large-scale denial of service attacks, and interference with the electricity grid, the possibilities for the types of activities contemplated in (Bill C-59) are limited only by the imagination,” the report reads.

Under the legislation, the CSE would require sign-off from both the minister of national defence and the minister of foreign affairs to launch a cyber-attack. But the offensive cyber operations would not require judicial sign off or oversight, nor would they require approval by the proposed independent Intelligence Commissioner, the report reads.

In a statement, CSE spokesperson Ryan Foreman suggested a warrant system for cyber operations may not be the best fit for the agency’s mandate.

“CSE is a foreign intelligence and cyber security organization, not a domestic security or law enforcement agency. Warrants for law enforcement ... are generally for specific targets or operations ... whereas CSE’s ministerial authorisations authorize a class of activities,” Foreman wrote, noting that the CSE is prohibited from directly targeting Canadians or people in Canada.

“However, these, and all of CSE’s activities would be subject to review” by a new parliamentary committee.
The report was prepared by CitizenLab researchers Christopher Parsons, Lex Gill and Ronald Deibert, as well as Tamir Israel, a lawyer with the Canadian Internet Policy and Public Interest Clinic, and Bill Robinson, who has long chronicled CSE’s history and activities.

In an interview with Toronto's Star on Sunday newspaper, Gill said Canada also runs the risk of normalising state-sponsored hacking and disinformation campaigns, a particular worry in North America, as the United States continues to unravel alleged Russian attempts to influence the 2016 presidential election through disinformation and hacking.

“The open question (is) whether or not affording the (CSE) these types of capabilities will contribute to Canada’s security interests or undermine them,” Gill said.
“By creating a climate which normalises these types of activities, creates a legislative framework for them, we’re accepting as Canadians that we think that these types of operations are okay. I’m not convinced that Canadians have had a robust public conversation about ... a kind of cyber warfare.”

The report compares CSE’s new cyber operations powers to the much-criticized “disruption” powers granted to another security agency, CSIS, by the Conservative administartion in 2015. 

Like the Conservatives’ Bill C-51, the Liberals’ national security bill permits CSE to take a wide array of “disruptive” activities, while explicitly prohibiting only a few limit cases. Bill C-59 is still before the House of Commons’ national security committee.

The governing Liberal party have signaled a willingness to substantially amend the legislation should issues be raised. The committee’s review will resume in early 2018.

The Toronto Star:

You Might Also Read:

Does Canada Need Its Own CIA Or MI6?:

Canada Prioritizes Cyber-Attack:

 

 

« GDPR Compliance & Personal Data Protection
Retaliation Against N Korea For WannaCry »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Vention

Vention

Vention (formerly iTechArt) is the partner of forward-thinking tech leaders around the globe.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Minorities in Cybersecurity (MiC)

Minorities in Cybersecurity (MiC)

MiC was developed out of a unique passion to help fill the gap that exists in the support and development of women and minority leaders in the cybersecurity field.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.