44th Parl. 1st Sess.
December 1, 2022 10:00AM
Mr. Speaker, I am please to speak today to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.
It is really important to acknowledge that we are severely behind with regard to our protections in this matter. I am going to quote from myself, from when I once engaged the government and asked them this. “I am very concerned that we are not doing enough in Canada to protect the digital privacy of Canadians and am calling on the government to develop stronger frameworks and guidelines to improve cyber security in Canada. These are critical issues that must be addressed”. They must be addressed for the benefit of Canada, as our economy and commerce are currently under threat, as is our personal privacy.
When did I do that? That was in 2016. From 2016 to today, with the digital changes we have had, is a lifetime of change.
I got a response from the government at that time, basically saying it would refer matters and let them play themselves out in court.
One of the most famous cases that came forward at the time involved the University of Calgary, which had reportedly paid $20,000 in compensation to a group of organizations we do not know to protect the breach they had.
What has taken place over several different cases and also in our current laws has shown that it is okay to pay out crime and it is okay to pay out these types of requests for extortion and not even refer that matter back to the people whose privacy has been breached. We do not even have to report it as a crime to law enforcement agencies. It is very disturbing, to say the least. Getting this legislation is something, but it is still a long way off.
As New Democrats, we recognize very much that there needs to be balance in this. This is why I also wrote at that time to the then privacy commissioner of Canada, Jennifer Stoddart, about the cyber-attacks and data breaches.
There is concern about the amount of data and one's rights and one's protections and the knowledge one should have as an individual in a democracy. I do not think it is a conspiracy theory to have those kinds of concerns.
I would point to a simple famous case. As New Democrats are well aware, and I think other Canadians are as well, our number one Canadian champion of health care, Tommy Douglas, was spied upon by his own RCMP at that same time. That was in relation to bringing in Medicare. This is very well documented. We still do not have all the records. We still do not have all the information, and it is a very famous case.
Bringing in our number one treasured jewel, health care, led to a case where our own system was spying on an elected representative who was actually declared Canada's greatest Canadian by the public. We do not want to forget about those things because, when we are introducing laws like this, there is a real concern about one's ability to protect oneself and one's privacy, as well as the expansive conditions that are going to change, often with regard to personal privacy.
What also took place after that was that I was very pleased, in 2020, to put a motion forward at the House of Commons industry committee, where we studied, for the first time in Canadian history, fraud calls in Canada.
There are a lot of cyber-attacks through this type of operating system, and we need to remind ourselves that using this type of system, being our Internet service providers and the telecoms sector, is something that is done by giving up the public infrastructure and a regulated system of industry.
We have built a beast, in many ways, that has a low degree of accountability, and we are finally getting some of that restored. There are also some new programs coming in, like STIR/SHAKEN and other types of reporting that is required.
I want to point out that since we have done that, we have another report that will be tabled, or at least a letter. We have not decided yet, and there is still work going on, but we have had a couple more meetings in the industry committee about it and we have really heard lots of testimony that showed that there is more work that can and should be done.
A good example from the previous report that we did was recommendation number five, which went through sharing information between the RCMP and the CRTC. We have not seen the government act on it.
It is important to note that with this bill there has been a lot of talk about the types of things we can do internationally, as well. One of the things I would point out that I have been very vocal on, because I have had Ukrainian interns in my office for a number of years, is that we could use a lot of our leverage in terms of cybersecurity and training to help them to deal with the Russian hacking and other nefarious international players. That would not only help Ukraine right now in the war with Russia. It would also help with the other activity that comes out of this subsequently, which would help the world economies by having trained, solid professionals who are able to use their expertise and battle this with regard to the current state of affairs and also the future. This would be helpful, not only for the Ukrainian population but also for the European Union, Canada, North America and others, who will continue to battle more complex artificial intelligence and other cyber-attacks that take place.
One of the things I want to note is that in the bill, a proposed new section 15.2 of the act would give the Minister of Industry and the Minister of Public Safety the authority to make several types of orders. It relates to guiding TSPs to stop providing services if necessary. This is a strong power that we are pleased to see in this type of legislation.
What we are really concerned about, as the member for Elmwood—Transcona noted, is that there is no general oversight of the type that we would normally see on other types of legislation. Scrutiny of regulations was the one referred to. For those who are not familiar with the back halls and dark corners of Parliament, there is a committee that I was one of the vice-chairs of at one point in time. The scrutiny of regulations committee oversees all legislation passed in the House of Commons and ensures that the bureaucratic and governmental arms, including that of ministers, whatever political colour they will be of at that time, follow through with the laws of the legislation that is passed. Making this bill not have to go through that type of a process is wrong. I would actually say it is reckless, because the committee has to do a lot of work just to get regulatory things followed on a regular basis. It can be quite a long period, but there is that check and balance that takes place, and it is a joint Senate and House of Commons committee. It is unfortunate that the legislation tries to leave that out.
The legislation also does not have the requirement to gazette information in terms of making it public for the different types of institutions. That is an issue, and it also has a lot of holes when it comes to information that can be withheld and shared.
Why is that important with regard to confidence in the bill? It all comes down to the fact that many of the institutions at risk of being targeted involve not only the private sector, where we have seen not only abuse of customers themselves, or businesses with lax policies that do not protect privacy very well, but also others that have used abusive techniques and processes. Even right now, it is amazing when we think about the information in the process that is going on in the United States. The U.S. Senate is going to oversee the issue with regard to Taylor Swift tickets and Ticketmaster again. That is another one that has had a nefarious past with regard to privacy, information and how it runs its business. People can go back to look at that one, with Live Nation and so forth. At any rate, the U.S. is also involved in this.
I raised those things because it also comes from the soft things like that, which are very serious with respect to credit cards and to people's personal information that is shared. However, across the world and in Canada we also have municipal infrastructure and government institutions that are constantly under attack. That is very important, because it is not just the external elements with regard to consumer protection and business losses, which are quite significant and into the billions of dollars. It is also everything from water treatment facilities to health care facilities in terms of hospitals and utilities for power and hydro. All those elements can be used as targets to undermine a civilian population as well, and one of the things we would like to see is more accountability when it comes to those elements. There is definitely more to do.
One of the things I do not quite understand, and which I am pleased to see the government at least bring to committee, is what we could do to educate the population.
Our first intervention on this bill as New Democrats was several years ago, and it is sad that it is just coming to fruition now.
1653 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I do. For us to get fully engaged in this, we want full accountability, clarity and a playbook so everybody understands the rules. We want to deal with some of the stuff and provide some leverage for law enforcement and investigations to take place, but there has to be a set of rules and that needs to be backstopped by parliamentary oversight. Where it stands right now, it is not backstopped by parliamentary oversight.
76 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, absolutely, but if we are going to give some flexibility in power for the minister to act, it has to be responsibly met with oversight, and that has to be heavy oversight. That will provide the confidence.
That is why I wrote to the Privacy Commissioner right after I challenged the government back in 2016 to act on this. We have seen how long it has taken for it to act on this now, so we need to have that confidence. It is a two-way street. If we have the confidence of privacy and protection for people, with oversight, then I think people will be more willing to accept that there could be some changes with respect to how investigations take place.
125 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I have a book that we use for privacy protection and it is available to everybody. It was written by Kevin Cosgrove. It is a playbook for people on how to protect themselves and their families from a whole bunch of different issues, whether it be WiFi, online banking, shopping, social media, a whole series of things. The reason I use that as a specific example is that a ton of education has to be done. That has to be done for this bill as well. There needs to be a defined playbook of accountability, like going to the Standing Joint Committee for the Scrutiny of Regulations and ensuring there is oversight for the minister. All those things have to be really enhanced to build the confidence so we all buy into this.
135 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, It has been fun to work with my colleague on some of these issues. We need a lot of public education related to this going forward.
That section again is just too weak. It provides too many holes. There should be a way to get back to a process of ensuring the minister is held to account. That is one of the things where we are looking to expand powers, but, again, we really need a lot more public education with respect to cybersecurity.
I know it is one of those issues that when we hear it, our eyes fog up, or they roll back in our heads and we think it is just too complicated for us, that there is always something happening, but we really need to engage Canadians on this. That includes engaging the government to ensure it understands that it has to teach residents about the bill and its repercussions as it goes forward.
160 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
