Bill C-59 fails to rein in the CSE’s acquisition of malware, spyware and hacking tools.

It gives CSE “defensive and active cyber powers”, which can mean activities like mass dissemination of false information, impersonation, leaking of foreign documents in order to influence political and legal outcomes, disabling account or network access, large-scale denial of service attacks, and interference with the electricity grid.

These new powers also come with no meaningful or independent oversight, and a complete lack of transparency. They would be approved in secret by the Minister for National Defence and the Minister of Foreign Affairs.

Although the CSE is prohibited from directing its activities at Canadians, the CSE Act endorses mass surveillance of foreigners. And due to the global and deeply interconnected way the Internet works, large volumes of Canadian data is intermingled with international data, and will inevitably be collected, used, and analyzed as an incidental byproduct of the CSE’s activities.

This Act also gives the green light for bulk surveillance of Canadians by failing to impose protections on the collection of ‘publicly available information’ – a very broad term.

All Canadians are at risk from this, but vulnerable and disproportionately targeted people will bear the brunt of these new powers.

Canadians have not had a chance to meaningfully comment on these powers, and they directly contradict what we asked for. The public consultations on Bill C-51 reform showed that Canadians asked for a reigning in of excessive spy powers. But these expanded cyber disruption powers represent the exact opposite – and were never even included in the consultation.

The Senate is our last best chance to fix this Bill.