Weighing in at a daunting 139 pages, Bill C-59 – the government’s sweeping new proposals for reforms to national security law – include some welcome changes, but also many serious new problems and threats to rights.

Here’s a quick primer of the biggest threats and disappoints contained in C-59.

1. Bill C-59’s New Accountability Architecture is Off-Set by Plummeting Legal Thresholds for Mass Surveillance.

Just as we feared, the government’s “response” to the CSIS spying scandals of last fall is to make it legal and infinitely easier for national security intelligence to collect and use bulk data. Although C-59 would create welcome forms of accountability through a new National Security and Intelligence Review Agency and an independent Intelligence Commissioner, these bodies will be overseeing and reviewing security intelligence agencies that will be legally empowered to conduct bulk data surveillance on the basis of significantly reduced thresholds. So, instead of reining in mass surveillance, the accountability framework will actually be providing an official seal of approval for mass surveillance.

2. It Tinkers With But Fails to Fix the Denial of Due Process Rights in Canada’s Flawed No-Fly List.

Still no redress system, meaning no remedy for the ‘No-Fly Kids’ and others with same or similar names and still a grievously flawed process for those deliberately listed, still involving largely secret hearings.

3. It Contains New Powers for our Signals Intelligence Agency to Conduct Cyber Attacks.

The CSE (Canada’s NSA) would have explicit authority to use cyber-attacks against foreign individual, state, organization or terrorist groups. This would include hacking, deploying malware, and “disinformation campaigns.” While some argue that we have reached a stage in cyber security where a country needs the ability to conduct “active cyber operations” (aka: attacks), there remains a significant danger of normalizing state-sponsored hacking and disinformation campaigns.

4. Security Intelligence gets to Collect our “Publically Available” Personal Information

For the CSE, that includes personal information that has been published or broadcast for public consumption, is accessible to the public on the global information infrastructure (aka: Internet) or can be requested, subscribed to or purchased, leaving wide-open the potential for CSE to target Canadians through data brokers. And for CSIS, a “publically available dataset” is defined as being “publicly available at the time of collection” – a not very comforting definition, arguably wide enough to encompass hacked data that has been publically posted.

5. It Fails to Close the Gate on the Expansive Inter-Governmental Disclosures of Canadians’ Personal Information for National Security Purposes.

C-59 provides some tweaks to the terrible “Security of Canada Information Sharing Act” but still allows a troubling amount of information sharing and any way you slice it, it’s still more legalized surveillance of Canadians than was the case pre-Bill C-51.

6. It Does All this Privacy-Problematic Stuff without Giving any Proper Role to the Office of the Privacy Commissioner of Canada.

All these hugely sensitive privacy quagmires and no legislated involvement/role for Canada’s Privacy Commissioner? Seriously…?

7. The CBSA is Still Without a Comprehensive Review Body.

There’s review of the CBSA’s national security activities but most of the CBSA’s activities are still completely without proper review and accountability.

8. It Narrows but Continues to Enable CSIS’s Controversial “Disruption Powers.”

C-59 continues to empower a radically redefined role for CSIS which includes the ability to act on (rather than merely collect) security intelligence. While it introduces some limitations to this new “policing” role, the essential problem remains that CSIS is permitted to conduct much of its work in secret and that secrecy means that rights violations by CSIS are more difficult to detect and more difficult to remedy than actions undertaken by law enforcement agencies.

9. It Does Not Include an Absolute Prohibition on the Use of Torture-Implicated Intelligence.

While apart from C-59, the government has revised its Directive on torture-implicated intelligence, we are still failing to uphold International Law in having a complete prohibition on torture-implicated information. Thus, we are failing to have the appropriate prohibition and failing to enshrine that prohibition in the appropriate statute.