Article content continued

That enhanced mandate, “extraordinary exceptions” to the CSE’s rule against directing its activities at Canadians and the interconnected nature of the world’s information systems means the bill could create a host of new privacy concerns. The Citizen Lab report also points out that because the agency operates in “near-complete secrecy” it is “impossible for the public to fully understand” how the new act will modify or enhance the CSE’s power.

The bill specifically makes an exception to the agency’s mandate to steer clear of Canadians when it comes to collecting “publicly available information.” NDP MP Matthew Dubé spent his entire allotted time at a committee hearing trying to find out why that exception is needed and what it will be used for.

“Is there not a concern that … we can start going through someone’s social media information that might be public, creating profiles of people who might not necessarily be national security threats, and having this data stored?” asked Dubé.

Photo by Sean Kilpatrick/Canadian Press

CSE chief Greta Bossenmaier said the provision would be used for “basic research,” such as when the agency is issuing a cybersecurity report and wants to refer to public documentation about a breach or incident.

“We don’t have a mandate to focus on Canadians,” she said.

In an interview with the Post, Dubé said he wasn’t satisfied with that answer and the Citizen Lab report went further, saying that, despite the mandate, this doesn’t require authorization from the minister or intelligence commissioner. That means protections and limitations for Canadians only apply if CSE believes the practices around publicly available information contravene a Canadian law or the charter.