By: Dana Hägg, Jocelyn Gerke and Marika Cherkawsky
Provision Commented On: Section 22(1) of the proposed Communications Security Establishment Act under Bill C-59, An Act Respecting National Security Matters, 2017
The proposed Communications Security Establishment Act (CSE Act), which would be enacted by Bill C-59, expands the Communications Security Establishment (CSE)’s mandate such that the CSE would be able to conduct cybersecurity and information assurance activities on private networks. Given the amount of critical infrastructure in the hands of the private sector, this is a much-needed enlargement of the CSE’s powers.
This new power has been described as being entirely dependent on a request for assistance by the owner of the private information infrastructure (see Parliament, House of Commons, Standing Committee on Public Safety and National Security, Evidence, 42nd Parl, 1st Sess, Meeting 88 at 9:45 (Ms Greta Bossenmaier, Chief of the Communications Security Establishment)). However, this is not represented in the legislation. Under the proposed CSE Act, the CSE would be able to conduct a large amount of privacy-infringing cybersecurity and information assurance activity on private networks without the owner’s knowledge or consent. Continue reading