SoVote

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

Dec/1/22 11:20:15 a.m.
Watch
Re: Bill C-26

Mr. Speaker, an interesting debate is under way thus far on such an important issue with which we all have to come to grips. As changes in technology take place, we have to take that into consideration. I suspect that legislation dealing with privacy or cyber-attacks will be ongoing. Once the bill goes to committee, I am sure there will be a great deal of dialogue. I anticipate a great diversity of witnesses will come forward with ideas on the legislation. I will pick up on the point I raised with the member opposite about the concern that the minister had too much power under this legislation. Often, when government brings forward legislation, opposition members bring forward concerns about how power is enhanced through the minister's office. I have had the opportunity to briefly go through the legislation and I genuinely believe there is the right amount of balance. That is why I posed the question for the member. She suggested of reporting mechanisms, whether through an annual report or a report to a standing committee, and that has merit. I say that because I know there has been a great deal of effort in formulating this legislation. If there are ideas that would enhance or make the it that much stronger, we should be looking at that. I do believe the ministry is open to that. When the member was quoting, I wondered where those quotes were from. She used those to amplify fears that one might be challenged to justify. For example, the member referred to an “evil government” based on quotes she had received. I am not saying it is her opinion, but she has raised it, saying this is a quote from some third-party organization and if we believe in that quote, it could lead to an evil government. We have witnessed that a great deal from the Conservative opposition on a variety of different issues, as if there is some sort of conspiracy. There is no conspiracy, contrary to what the member said, at least in one part of her speech. The government is not out to spy on Canadians. The government takes the issue of the privacy of Canadians very seriously. We have brought forward legislation to that effect. This government has spent tens of millions of dollars on cyber threats. The government has had working groups and advisory groups dealing with cyber threats. We recognize the changes in technology and the impact they have had on society. I have said in the past that if we were to look at technological advancements, we would be challenged to find an area that has been as advanced as computer Internet technology. Just the other day, I was speaking to a private member's bill, saying that 10 or 20 years ago there were no such things as iPhones. I note the member for Winnipeg South Centre is listening. He will recall that when we were first elected back in 1988, there was a big computer purchase of $5,000 made through Reg Alcock. We had a wonderful computer with a laser printer, which came with a keyboard and a mouse. At the time, when logging into the Internet with that wonderful and beautiful computer, the first thing we would hear was a dial tone. Then we would hear that stupid clicking sound, which meant we were actually connected to the Internet. We were all fairly impressed with that computer, and there were about 20 of us at the time. We can compare that to where we are today. People can buy a laptop for $500 that has abilities and technological advancements more than tenfold of what we paid $5,000 for, with that long dial-up connection. In fact, people can purchase something brand new for $250 that is hooked into the Internet and running at a rapid speed. It is not even comparable to what it was. There is so much advantage to technological change, but with that change comes risk, which is the essence of what we are debating through Bill C-26. Even though society has benefited immensely, we need to recognize there is a significant risk factor. That risk factor not only applies for the individual who might be surfing the net today, but it also applies to military operations taking place in Ukraine today. Computers today are not optional. The Internet is not optional. They are essential services. That is why the Prime Minister, or one of the other ministers, just the other day made reference to the percentage of Canadians who were hooked up with high-speed connections and how we had literally invested billions to ensure that Canadians continued to get that access, with a special focus on rural Canada. We recognize that because it is no longer optional; it is an essential service. The digital economy varies significantly. If we want to get a sense of this, we can turn to Hollywood and like-minded productions found on Netflix, CBC or the more traditional media outlets. We can look at some of the movies and TV shows out there. The other day I was watching an episode of a show called The Blacklist, which is all about cyber-attacks. I suspect a number of my colleagues might be familiar with that show. One member talked about hydro. Manitoba, in fact all of Canada, should be concerned about our utilities. Through Hollywood productions, we are better able to envision the potential harm of cyber-attacks. A well focused cyber-attack can deny electricity to communities. It can shut down things that should never be shut down. We talk about the sense of urgency. One would expect there will be mischievous lone individuals working in their basements, or wherever it might be in society, challenging systems. However, we also have state-sponsored cyber-attacks, and we should all be concerned about that. In fact, that is why it was comforting when the minister made reference to the Five Eyes. I caught on right away that there are like-minded nations. Canada is not alone. There are like-minded nations that understand the importance of cyber-attacks and the potential damage that can be caused. I will get back to the international side of things later, but when we think of what is at risk, think of digital data. Digital data comes in many different forms. One of the greatest collectors of data is Statistics Canada, an organization that invests a great deal in computers and technology to protect the data it collects from Canadians. Statistics Canada is actually respected around the world for its systems. It has absolutely critical data, and that data is provided to a wide spectrum of stakeholders, obviously including the national government. Let us think of health organizations, the provinces and the collection of health records, or motor vehicle branches and passport offices. All of these government agencies have, at the very least, huge footprints in data collection. Those are government agencies. We could also talk about our banking industries or financial industries. We can think of those industries and the information that is collected from a financial perspective when people put in an application for a loan. All of the information they have to provide to the lender, such as their history, is going into a data bank. There is also the private sector. The other day we were talking about apps. One example is Tim Hortons. We were talking about it, as members might recall. The Tim Hortons app is fairly widely downloaded, and there is a lot of critical information within it. Canadians need to know, whether it is a government agency or private agency, that governments at all levels, in particular the national government, have their backs. That is the reason I started off by giving a very clear indication that even though Bill C-26 is before us today, we have been investing substantial financial resources through other types of legislation to provide assurances to Canadians so they know their information is in fact being protected. There are actions on the Internet today related to our small businesses. The member opposite made reference to this and asked how the government is supporting small businesses. If a person has a small business today, chances are they are on the net. More and more consumers turn to the net for widgets and a multitude of different services. As a result of that, there has been a great demand on small businesses. That is why we have a Minister of Small Business who looks at ways to not only provide tax relief but provide support. Sometimes it is done directly through financial measures and sometimes it is done indirectly by providing resources. However, let there be no doubt that there is support coming from the government. Whether it be a small, medium or large business, the government has a vested interest. We will do what we can. A good example of that is the individual who uses an ATM card when they make a small or large purchase at a small business. The attacks we are talking about today can take many different forms. The digital economic side is definitely one of them, but there is also a social component to the Internet. When I think of the social component, I think about issues of privacy and of communications through, for example, social media. Again, Canadians have an expectation that the government is going to be there for them. Cyber-attacks take place in areas we all need to be concerned about. As I said, the more advanced we become, the more risk there is. There are a lot of things that take place on the net that we need to be aware of and take action on. The exploitation of children is an example. That needs to be taken into consideration. In the legislation, there is a very strong compliance component. As I raised, the minister would have the authority to make some things happen with our telecommunications companies and tell them to stop. I think that sort of action is necessary at times. There is also a financial component so we can ensure a penalty is put in place as an incentive for people to abide by the legislation and the regulations, which are all there for one purpose and one purpose alone: to protect Canadians and institutions from risk. That is why we are investing in cybersecurity, ensuring respect for the privacy of Canadians and supporting responsible innovation. We will continue to protect Canadians from cyber-threats in an increasingly digital world. This legislation is one aspect of what the government is doing to accomplish that. I believe that state-sponsored cyber-threats are one of the greatest concerns and one of the reasons we need to work with allied countries. I made reference to the Five Eyes. There are democratic, free, allied countries that recognize the potential harm of cyber-threats sponsored through governments. This legislation really sinks its teeth into that. I hope that all members will get behind this legislation so we can ultimately see its passage to the committee stage. An official opposition member has indicated there is a great deal of interest in reviewing the legislation, the idea being to come up with ways to ultimately make the legislation better.

1900 words

All Topics

Mr. Arnold Viersen (Peace River—Westlock, CPC)

Dec/1/22 11:40:24 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I am frustrated with this bill given the fact that it does not lay out a lot of specifics. It states that there is a problem, and I think we all agree with that, but the government's solution to that problem is to hand the minister a lot of power so the minister can do amazing things. Is the member not concerned that the bill does not have the details we need to prevent some of the very things he was talking about? I think about Ski-Doos and Bombardier, which is an iconic Canadian company. It has been the victim of one of these targeted cyber-attacks. I do not think there is anything in the bill that would have prevented that or held the people who perpetrated it to account.

135 words

Mr. Kevin Lamoureux

Dec/1/22 11:41:14 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I do not necessarily know the details of the case the member has referenced, but what I can say is that even the Conservative critic acknowledged that certain aspects of the legislation would ensure there are financial penalties and opportunities for the minister to virtually stop an action from taking place. Am I concerned that there is overreach? I do not personally believe there is, but I think there is some merit in having that discussion at the committee stage. I posed a question to the member: If the concern is that there is too much power for the minister, what would the Conservatives do differently? I recognize the fact that in a cyber-attack, often it is necessary to take fairly strong action in an immediate fashion. I think all members recognize that fact. The issue is whether there is something the Conservatives would like to see to provide an additional sense of security.

157 words

Mr. Simon-Pierre Savard-Tremblay (Saint-Hyacinthe—Bagot, BQ)

Dec/1/22 11:42:40 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I thank our colleague for his speech, which was a real voyage of discovery. One moment we were in Hollywood, and the next we were at Tim Hortons. I will do him one better. I will take us on a journey across the Pacific all the way from China to the riding of Papineau. I worry about interference, as does our colleague, I am sure, because he supports a cybersecurity bill to reduce digital vulnerability. Is my colleague concerned about the fact that, within the same time period, the federal Liberal association for the Prime Minister's riding of Papineau received donations from China and a Chinese bank got permission to set up shop in Canada? I have a second question. Does the member believe in chance and coincidence?

131 words

All Topics

Mr. Kevin Lamoureux

Dec/1/22 11:43:30 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I think Bloc members are hanging around the Conservatives too much. It is usually the Conservatives who go under all the rocks and have conspiracy theories. I, for one, see the legislation for what it is. It is an attempt by the government to ensure that we can effectively deal with the threat of cyber-activities, whether they are state-sponsored or from individuals. That is a very strong positive and is absolutely not unique, as other countries around the world are doing likewise in bringing forward legislation of this nature. In terms of the member's conspiracy theory, I will leave that for another member on another day.

111 words

All Topics

Mr. Gord Johns (Courtenay—Alberni, NDP)

Dec/1/22 11:44:35 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I think we all agree that Canada is ill-prepared to deal with cybersecurity threats. I am comforted to hear that we are all on the same page. However, we are falling far behind other similar jurisdictions, such as France and the U.K. Their ability to intercept and respond to cybersecurity threats is much more enhanced to protect their countries. Again, we are glad to see this moving forward, but I am a bit concerned about the government granting ministers so much broad power, especially the Minister of Public Safety and the Minister of Industry. I just want an assurance for Canadians that these powers would not be applied unjustly to them. Also, would the member and his party be willing to work with the NDP to bring forward amendments at committee to make sure there are protections for everyday Canadians?

144 words

Mr. Kevin Lamoureux

Dec/1/22 11:45:35 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I suspect there would be a great deal of will to continue working with the New Democrats in the House in a minority situation. The NDP has taken a very responsible approach to dealing with the government-sponsored legislation. Where there are changes that make sense, I suspect the ministry would be open to how we could address concerns. Having said that, it does not mean we are looking for NDP amendments. As it has been pointed out, whether it is the official opposition or the Bloc, this is legislation that we brought in today at second reading. We hope it will pass at some point so it can go to committee stage, where I expect there will be a great deal of interest from coast to coast to coast on this legislation. I look forward to the contributions of others and their ideas and thoughts going into it, like the member for Kildonan—St. Paul had regarding an annual report that comes from the minister and how that might be incorporated into the legislation. The sooner we can make the ministry aware of some of those ideas, the better it is. Ultimately, it will go to committee, and there will be representatives from the minister's office there. It will be a wonderful opportunity to get the feedback we are all looking for. If there are chances to make it a healthier and stronger legislation, I am sure the government would act on that.

248 words

Mr. Simon-Pierre Savard-Tremblay

Dec/1/22 11:47:33 a.m.
Watch
Re: Bill C-26

Mr. Speaker, that is twice now that my colleague has accused me of subscribing to conspiracy theories. With all due respect, I would ask that he withdraw his remarks.

29 words

All Topics

The Deputy Speaker

Dec/1/22 11:47:33 a.m.
Watch

The hon. member for Saint‑Hyacinthe—Bagot on a point of order.

14 words

Mr. Kevin Lamoureux

Dec/1/22 11:47:57 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I will withdraw the comment.

7 words

All Topics

The Deputy Speaker

Dec/1/22 11:47:57 a.m.
Watch

I understand the member for Saint‑Hyacinthe—Bagot's request. The hon. parliamentary secretary.

16 words

Mrs. Élisabeth Brière (Parliamentary Secretary to the Minister of Mental Health and Addictions and Associate Minister of Health, Lib.)

Dec/1/22 11:48:18 a.m.
Watch
Re: Bill C-26

Mr. Speaker, 85% of Canada's critical infrastructure is owned by the private sector, provinces and non-governmental agencies. Does my colleague think Bill C-26 will help standardize cybersecurity practices to better protect systems and services pertinent to Canada's cybersecurity?

42 words

All Topics

Mr. Kevin Lamoureux

Dec/1/22 11:48:43 a.m.
Watch
Re: Bill C-26

Mr. Speaker, as the member highlights, when we talk about infrastructure, the whole digital economy and what government does, it would be negligent not to recognize the significance of the private sector and how the private sector feeds into it. In fact, it is a major player of 80% plus. That is why, when we talk about the government's role, ensuring that the national infrastructure is safeguarded against cyber-threats is of the utmost importance. That is the essence of the legislation, along with ensuring that Canadians', business's and governments' interests are well served.

96 words

All Topics

Mr. Larry Maguire (Brandon—Souris, CPC)

Dec/1/22 11:49:47 a.m.
Watch
Re: Bill C-26

Mr. Speaker, in regard to my colleague from Kildonan—St. Paul's speech, she talked about how the government has brought this bill forward with a lot of sticks in it and no carrots. I am looking for incentives that would improve it. Is the government open to amendments on this particular bill? If so, what would be its theme to bring forward some issues to improve the bill's transparency?

72 words

Mr. Kevin Lamoureux

Dec/1/22 11:50:23 a.m.
Watch
Re: Bill C-26

Mr. Speaker, I have made reference to the idea, and I hope it will be discussed at committee stage in terms of a reporting mechanism. I get the sense, based on questions for both me and the minister, that there is some concern related to that. We will have to wait and see if that comes forward through committee. At the end of the day, I think it would be nice to see the legislation pass at some point, where the committee is given the opportunity to provide its recommendations and thoughts on the legislation.

95 words

Mr. Daniel Blaikie (Elmwood—Transcona, NDP)

Dec/1/22 11:51:08 a.m.
Watch
Re: Bill C-26

Mr. Speaker, before I begin my remarks, I request that you seek unanimous consent for me to split my time with the member for Windsor West.

26 words

The Deputy Speaker

Dec/1/22 11:51:17 a.m.
Watch

Is there agreement for the member to split his time? Some hon. members: Agreed. The Deputy Speaker: The hon. member for Elmwood—Transcona.

24 words

Mr. Daniel Blaikie

Dec/1/22 11:51:23 a.m.
Watch
Re: Bill C-26

Mr. Speaker, with thanks to the chamber, I am pleased to rise today to speak to Bill C-26. Cybersecurity is a topic that is very much on the minds of many Canadians. It is something that many of us have had experience with in our personal lives, or we know somebody who has. Certainly, as MPs, we hear from folks who have fallen prey to various kinds of cyber-attacks online. We know it is a burgeoning criminal industry to take advantage of people online, grab their information and impersonate their identities. Canadians deserve to be protected from this kind of crime. We also heard about the impact that cybersecurity attacks have had on our commercial industries. One of the examples that stands out in my mind of particular concern was the 2017 cyber-attack on Equifax, where the personal and financial information of thousands of Canadians was obtained illegally. It is an obvious concern for folks when they find out that a company they trusted with their personal information has been subject to this kind of attack. We also know that our government has not been immune from these kinds of attacks. Hospitals and Global Affairs Canada have been the object of successful cyber-attacks. Earlier this fall, the House of Commons had a cyber-attack. MPs were warned about changing their email passwords for fear of information in their work accounts being exposed to outside eyes and ears that would find out what was going on in those accounts. There is no question that it is a real issue. There is also no question, when we talk to experts on the file, that Canada is a laggard in respect to cybersecurity. There have been many debates in this place about the role of Huawei, for instance, in our 5G infrastructure. The government did finally take a decision on Huawei, I think the right decision, although late in the game with respect to our other Five Eyes allies. The idea with this legislation is that the government needs more legal authority in order to implement that decision. Of course, there are a number of ways it can do that. The bill, as it stands, is not ready to go, but New Democrats are happy to send it to committee where we can hear from experts and try to improve it. When I say it is not ready to go, in my view, it is that for as long as it took for the government to reach a decision on Huawei, it clearly was not doing any work alongside its deliberations on Huawei to prepare for banning it. This legislation would largely give a broad, sweeping power to the Minister of Industry to decide later what exactly the government will have to do in order to ban Huawei and respond to other kinds of cyber-threats. There is not a lot of detail in the legislation, and that is something we have seen from the government on other fronts. We have seen it on unrelated items, like the Canada disability benefit. It drafted a bill that had no content on the program. The attitude is “trust us and we will get it right later”. However, we also see a litany of problems with the way the government manages its business, whether we go all the way back to the SNC-Lavalin affair and the question of deferred prosecution agreements or other ethical issues that have come up in the context of this government. I think Canadians are right to have a certain distrust of the government. The answer lies in mechanisms that impose accountability on the government, and those are very clearly absent from this legislation. In fact, not only are they absent from the legislation but the government also very explicitly exempts itself from some of the current types of accountability that do exist. For instance, it exempts itself from the Statutory Instruments Act, which would make it possible for the parliamentary regulations committee to review orders that the minister may issue under the new authority granted to him in this act. Therefore, not only would there be no new accountability measures commensurate with the new powers the government would be giving itself, but it would also be exempting itself from some of the accountability mechanisms already there. The government is also explicitly letting Canadians know its intention in the legislation to give itself the legal authority to keep those orders secret. Therefore, we have to contemplate the idea that there will be a whole branch of secret orders and laws that govern the telecommunications industry that Canadians will not know about, and the telecommunications companies may not have an adequate awareness of them. Where I would like to go with this is to talk a bit more broadly about the Internet and about privacy rights on the Internet. When the new Canada-U.S.-Mexico trade agreement was signed, there was a number of provisions in that agreement that went too far in shoring up the rights of companies to keep their algorithms secret, for instance. There are other kinds of IP protections, or protections that are sold as IP but really mean that it is harder to get a transparent accounting of how companies operate on the Internet and of the artificial intelligence they use to navigate the Internet. There is a way of dealing with the Internet that prioritizes secrecy for commercial purposes, but that same secrecy also breeds more opportunity for malignant actors on the web to go about their business and not have to worry they will have to expose what it is they are doing. Whereas, if we look to the European Union as another model, for privacy and conducting business on the Internet, there are a lot more robust protections there for the private information of consumers on the Internet, and there are a lot more reporting requirements for actors on the Internet. The problem with the bill as it is written here is that it would be trying to fight secrecy with secrecy. When firefighters show up to a house that is on fire, they do not usually show up with a flamethrower. They show up with something else that can fight the fire instead of accelerating it. I do not think Canadians, who are concerned about malignant actors on the Internet and the ways that they are able to exploit the dark corners of the Internet and the back doors of software, also think that the way to fight that is to let the government do it in secret without any reporting. Canadians are not thinking that, with less information available about actors within the digital space or government actions against cybersecurity threats, they are better off if they do not know what the actors on the Internet are doing, and they do not know what the government is doing about it. The problem with the bill as written is that it would double down on the approach that we saw in CUSMA. It was about privacy for actors on the Internet and privacy for the government in how it deals with it. Instead, it could take a more open-source approach to say that the way forward on the Internet has to be that digital actors have to be upfront about the kind of business they are conducting on the Internet, the ways they do it and the algorithms they use. Governments, likewise, could then be pretty transparent about how they would deal with people who were non-compliant or who were breaking the rules. New Democrats are concerned to see, along those broad lines, an approach to the Internet that says transparency and accountability, both for private actors and for public actors, is the way forward. Digital consumers deserve to have this information at their fingertips, so they understand what people are going to be doing with the information they enter on their computer, whether that is to purchase a book, get a loan or whatever kind of business they are doing on the Internet. They should have more rights to know how that information is handled, and the role of the government in keeping that information secure, rather than being told not to worry about it, because commercial interests have their best interest at heart, the government has their best interest at heart, and they do not need to know what is going on. That is why the bill should go to committee, to be sure, because Canada does need its government to have the authority to implement the decision on Huawei and to do better in respect of cybersecurity. There is a lot of good work for committee members to do there, and a lot of amendments that ought to be made to the bill in order for it to pass in subsequent readings.

1481 words

All Topics

Mr. Arnold Viersen (Peace River—Westlock, CPC)

Dec/1/22 12:01:24 p.m.
Watch
Re: Bill C-26

Mr. Speaker, I share a number of the hon. member's concerns, but I want to ask him about some of the major threats we have seen in cybersecurity. I am frustrated because the government has a lot of the tools already at its disposal to go after people who are threatening our cybersecurity. We have seen the shutdown of pipelines and major companies across this country. Rogers Communications was shut down. Is the member not at all concerned about the lack of ability of law enforcement to chase down the bad actors that are pursuing some of this stuff?

100 words

Mr. Daniel Blaikie

Dec/1/22 12:02:19 p.m.
Watch
Re: Bill C-26

Mr. Speaker, there are only so many things that can be fixed with legislation. Legislation is a necessary component of the solution, but it is not sufficient on its own. We see that in many areas. Despite the fact that we have made good laws in this place against certain kinds of crime, nevertheless, those kinds of crimes persist, so of course enforcement is an important part of that question and requires the attention of and resources from government. When those resources are not made available, it matters very little the kinds of laws we pass in this place, because the other necessary component is on the enforcement side. I share the member's concern for proper enforcement of the laws we pass in this place.

126 words

SoVote

House Hansard - 139