SoVote

Decentralized Democracy

House Hansard - 139

44th Parl. 1st Sess.
December 1, 2022 10:00AM
Context: House Hansard - 139 - Dec/1/22
Ms. Marilyn Gladu (Sarnia—Lambton, CPC)
  • Dec/1/22 1:49:09 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, it is a pleasure to rise today to speak to Bill C-26 on cybersecurity. I will be sharing my time today with the member for Edmonton Manning. Canadians recognize that we need to do something in the area of cybersecurity. We have all experienced hackers. Myself, when I have bought something online, the next thing I know is my credit card is hacked and then all the pre-authorized transactions need to be changed. It is very time-consuming. I have been hacked numerous times on Facebook, as I am sure many have, as well as on Instagram and other places. Those are small examples that Canadians are seeing. Let us think about the more serious cyber-hacking we are seeing, whereby government systems are hacked and breaches of information are happening. Businesses are experiencing this. I have a friend who is an anti-cyber hacker. For $2,500 a day, he goes around the world, helping companies that have been hacked to improve their protections. Something needs to be done. I would like to talk today about what needs to be done, and then how the bill does or does not meet that need. First, we have to identify what the critical systems are. What are the things we want to protect? If somebody hacks my Netflix account, it is not earth-shattering. However, there are things that are important, and I think everyone would agree that databases that protect our identity or have information about our identity are critical. Financial institutions and people's financial information are critical. On our medical information, we have spent a lot of time on legislation and regulations on protecting medical privacy. Those, to me, would be three of them, but certainly, the critical systems need to be identified. We need to make sure there are adequate protections in place. Not every business and level of government has the same amount of protections and technology in place. There is a journey of defining what adequate protection is and helping people get there. In the case of breaches and having them investigated and addressed, the bill gives very broad powers to the minister. It allows the federal government to secretly order telecom providers to “do anything or refrain from doing anything...necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.” Those three terms are not well defined, so I think there is some work to be done to define those better, but I do not really believe we want to give the government power to do anything it wants. Certainly, shutting down a system for protection is important when there is an actual threat and not just a potential future threat or a possible threat. In the case of a threat, the government needs the ability to act, but certainly we have to tighten up the language in the bill on that. After there has been a breach, there needs to be preventive and corrective action. Preventive action would be additional technology walls or additional controls that are put in place to ensure that we have enhanced protection in the future. Corrective action is fixing the holes that people got into in the first place and punishing the hackers. It does not seem like any of that is happening today. The bill does not address that, but there should be some measures there to take corrective action. I talked about the overarching powers and my concern with them. We cannot have the government continually coming up with bills in which it has not really defined what it is going to do but it tells us not to worry about it because the Governor in Council, after the fact and without any parliamentary oversight, will determine what we are going to do. The Governor in Council means the Liberal cabinet ministers. I think we are at a place where people have lost trust in the government because there is no transparency. The bill allows the government to make orders in secret, without telling people what is done. The public cannot see it and is suspicious, because people have seen numerous examples of the government hiding things. We have just come through a $19-million emergency measures act situation in which the Liberal cabinet ministers and the Prime Minister knew they were never going to disclose the documents that would prove or disprove whether they met the threshold, because they were going to hide behind solicitor-client privilege. They have done it before, hiding behind cabinet confidence, like on the Winnipeg lab issue. Look at the documents we tried to get hold of there. The Liberals even sued the Speaker in order to hide that information from Canadians. In the SNC-Lavalin scandal, we saw them hiding behind cabinet confidence. In the WE Charity scandal, we saw them hiding behind cabinet confidence. I am a little concerned, then, to find that in this cybersecurity bill, the Liberals are saying the government can make secret orders that the public is not going to ever know about. I think that is very dangerous. This is one of the reasons we are seeing an erosion of trust in Canada. A recent poll posted by The Canadian Press showed that if we look at the trust index in Canada, only 22% of Canadians trust the government or politicians. That means four out of five Canadians do not trust the government or politicians, and it is partly because of what has gone on before, when things have been done such as people's banks accounts frozen and drones surveilling citizens. People have lost trust, so I do not think they are going to be willing to give a blank cheque to the government to do whatever it wants for cybersecurity, to control enterprises outside the government to get them to stop operating, for example. The riverbanks need to be much tighter on that. People are concerned about their civil liberties, and I know there has been a lot of conversation about the lack of privacy protection in this country. We have regulations like PIPA and PIPEDA. My doctor cannot reveal my medical information; my employer cannot reveal my medical information, but various levels of government in the pandemic made it so that every barmaid and restaurant owner could know my private medical information and keep a list of it, which is totally against the law. Therefore, when it comes to cybersecurity we are going to have to make sure the privacy of Canadians' information is better protected, and I do not see that element here in the bill—
1110 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 139 - Dec/1/22
Mr. Denis Trudel (Longueuil—Saint-Hubert, BQ)
  • Dec/1/22 3:57:17 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I am not a cybersecurity expert either. A few weeks ago, I attended a demonstration in Montreal with 10,000 people to support the people who are fighting for their freedom in Iran, which, as we know, is not a democratic state. I have also strongly supported people from the Uighur community, who I have met with many times here in Ottawa. We know that they are facing genocide in China. The small white square that I am wearing is a sign of support for people who, at this time, are rising up against the health measures in China, as well as the people in Russia who are protesting against the war in Ukraine. I want to know if there are concrete measures in Bill C‑26 that would prevent Iran, China and Russia from carrying out cyber-attacks on social networks and, for example, hacking my account and interfering in my life as an MP? I would like my colleague to clarify that.
167 words
All Topics
  • Hear!
  • Rabble!
  • star_border