With just over a week to go until Canada's federal election, we finally know where each of Canada's three main political parties stand on surveillance, cybersecurity and privacy.
On Friday, the Conservatives and New Democratic Party (NDP) announced the release of their political platforms, following the release of the Liberal party platform earlier in the week. To varying degrees, each party addressed how their government would handle—or not handle—data breaches, cyberattacks and surveillance run amok.
On the topic of Communications Security Establishment (CSE), Canada's spy agency equivalent of the NSA or GCHQ, the NDP have been the most specific, pledging to "end the practice of bulk collection of data as part of cyber surveillance by Canadian agencies." In recent years, leaked documents have suggested that CSE has operated—and in some cases, still operates—myriad data collection programs around the world, some of which inadvertently collect information about Canadians.
The Liberal party, meanwhile, has pledged to "limit Communications Security Establishment's powers by requiring a warrant to engage in the surveillance of Canadians." Currently, only a ministerial authorization is required for CSE to intercept information sent or received by, or about, Canadians.
Both the NDP and Liberal parties also support the formation of an national security oversight committee, while the Conservative party includes no reference whatsoever to Canada's cyberspy agency in its platform. Julian Fantino, the party's Associate Minister of National Defence, has previously argued that CSE operates within the law and is not in need of oversight.
Instead, the Conservative party's platform focuses purely on cybersecurity. The crux of their plan is proposed legislation, first tabled in April, that would "require operators of vital cyber systems to implement robust cybersecurity plans that meet established standards, and to report cybersecurity breaches to the federal government." Known as the Protection of Canada's Vital Cyber Systems Act, the government would spend $36.4 million over five years that would go towards cyber security tools, security information and expertise.
The Liberals, similarly, have promised to "conduct a thorough review of existing measures to protect Canadians and our critical infrastructure from cyber-threats," but offer nothing more specific than that.
While both the Liberals and the Conservatives have focused on threats to business and critical infrastructure, the NDP has chosen to focus on personal cybersecurity. The party's platform pledges to "create mandatory data breach reporting if individuals may face personal risk, and increase the enforcement powers of the Office of the Privacy Commissioner." (At present, Canada's privacy commissioner can investigate breaches and recommend appropriate action, but not directly prosecute or fine offenders.)
But perhaps the most intriguing cybersecurity pledge can be found in the platform of the NDP. The party had promised to "strike an all-party committee to examine privacy issues as the "Internet of Things" grows more and more mainstream," as well as "consult with business, IT experts and concerned citizens on how to protect privacy and ensure informed consent as more and more everyday objects—from thermostats to cars to bio-chips in animals—are connected to the Internet and are collecting and sharing data about our daily lives."
We'll know soon enough which promises politicians will have to keep. The final day of voting in Canada's federal election is October 19.