Spy Watchdog Raises Alarm Over Potential Legal Ramifications of Cyber Operations Violating International Law
According to a new watchdog report, Canada’s electronic spy agency needs to provide a clearer explanation of how its cyberspace operations comply with international law.
The report from the National Security and Intelligence Review Agency sheds light on the defensive and active cyberoperations conducted by the Communications Security Establishment, which was granted authority under the CSE Act in August 2019.
Defensive cyberoperations aim to prevent foreign online threats from reaching vital federal government systems, while active cyberops could involve disabling communication devices used by foreign terrorist networks to plan attacks.
The report acknowledges that international law in cyberspace is still evolving, and suggests that Canada and other states are working to refine their legal approach in this area.
The report emphasizes the importance of conducting cyberoperations in compliance with international law to avoid legal risks for Canada.
It calls for the development of a clear framework by the CSE and Global Affairs to assess the legal obligations of cyberoperations.
The report also recommends that each operation’s compliance with international law should be thoroughly assessed and documented by Global Affairs in collaboration with the CSE.
The government response indicates that efforts are underway to enhance the assessment of international legal implications in cyberoperations, ensuring alignment with legal standards.
It highlights the necessity for cyberoperations to adhere to the CSE Act, avoiding targeting Canadians or individuals in Canada, and requiring ministerial authorization.
The review acknowledges the progress made by the CSE and Global Affairs in establishing governance structures for cyberoperations but suggests areas for improvement to enhance transparency and clarity.
Key findings from the report include insufficient detail in ministerial authorization applications, lack of alignment with federal strategic priorities, and potential gaps in understanding new legal authorities among employees involved in cyberoperations.
The government assures a cautious approach in ensuring legal compliance and adherence to international obligations in cyberspace activities.