Canada Spy Agency Uses Novel Warrant to Clean Botnets on Home Soil

Canada's spy service, the Canadian Security Intelligence Service (CSIS), obtained a judge's permission to reach into infected infrastructure and dismantle two foreign-operated botnets. The Federal Court released a public version of the ruling on June 15, marking the first time CSIS has used its threat reduction warrant powers to clean compromised devices.

The novel warrant authorized CSIS to alter or remove botnet malware from servers, home routers, and Internet of Things gear physically located on Canadian soil. The move targets command-and-control nodes operated by unnamed foreign adversaries, signaling a shift from passive intelligence collection to active cyber defense.

Technical details remain sparse in the public filing, but the threat reduction warrant effectively allows CSIS to intervene in real-time against ongoing cyberattacks. The spy agency typically focuses on foreign intelligence and covert operations, making this operational role a significant departure from its traditional mandate.

CSIS has not disclosed which botnets were targeted, how many devices were cleaned, or whether the operation succeeded. Privacy advocates may question the scope of such warrants, as they grant a spy agency direct access to domestic systems and could set a precedent for broader surveillance powers.

Attorney for the plaintiffs in related oversight cases have declined comment. The ruling establishes a legal framework for future threat reduction operations, but critics warn of potential mission creep.

Counter-argument: Privacy and civil liberties groups argue that empowering a spy agency to tamper with domestic devices — even for botnet cleanup — blurs the line between foreign espionage and law enforcement, potentially violating Charter rights without sufficient judicial or public oversight.