Accountability and the Canadian Government’s Reporting of Computer Vulnerabilities and Exploits

31 Pages Posted: 15 Nov 2018

See all articles by Christopher A. Parsons

Christopher A. Parsons

University of Toronto, Munk School of Global Affairs, Citizen Lab

Date Written: November 2, 2018

Abstract

Computer security vulnerabilities can be exploited by unauthorized parties to affect targeted systems contrary to the preferences their owner or controller. Companies routinely issue patches to remediate the vulnerabilities after learning that the vulnerabilities exist. However, these flaws are sometimes obtained, used, and kept secret by government actors, who assert that revealing vulnerabilities would undermine intelligence, security, or law enforcement operations. This paper argues that a publicly visible accountability regime is needed to control the discovery, purchase, use, and reporting of computer exploits by Canadian government actors for two reasons. First, because when utilized by Canadian state actors the vulnerabilities could be leveraged to deeply intrude into the private lives of citizens, and legislative precedent indicates that such intrusions should be carefully regulated so that the legislature can hold the government to account. Second, because the vulnerabilities underlying any exploits could be discovered or used by a range of hostile operators to subsequently threaten Canadian citizens’ and residents’ of Canada personal security or the integrity of democratic institutions. On these bases, it is of high importance that the government of Canada formally develop, publish, and act according to an accountability regime that would regulate its agencies’ exploitation of computer vulnerabilities.

Keywords: VEP, Canada, Policy, Cybersecurity, National Security

Suggested Citation

Parsons, Christopher A., Accountability and the Canadian Government’s Reporting of Computer Vulnerabilities and Exploits (November 2, 2018). Available at SSRN: https://ssrn.com/abstract=3277517

Christopher A. Parsons (Contact Author)

University of Toronto, Munk School of Global Affairs, Citizen Lab ( email )

Toronto, Ontario
Canada

Register to save articles to
your library

Register

Paper statistics

Downloads
10
Abstract Views
74
PlumX