44th Parl. 1st Sess.
December 1, 2022 10:00AM
Madam Speaker, it is a pleasure to rise today to speak to Bill C-26 on cybersecurity. I will be sharing my time today with the member for Edmonton Manning.
Canadians recognize that we need to do something in the area of cybersecurity. We have all experienced hackers. Myself, when I have bought something online, the next thing I know is my credit card is hacked and then all the pre-authorized transactions need to be changed. It is very time-consuming. I have been hacked numerous times on Facebook, as I am sure many have, as well as on Instagram and other places. Those are small examples that Canadians are seeing.
Let us think about the more serious cyber-hacking we are seeing, whereby government systems are hacked and breaches of information are happening. Businesses are experiencing this. I have a friend who is an anti-cyber hacker. For $2,500 a day, he goes around the world, helping companies that have been hacked to improve their protections.
Something needs to be done. I would like to talk today about what needs to be done, and then how the bill does or does not meet that need.
First, we have to identify what the critical systems are. What are the things we want to protect? If somebody hacks my Netflix account, it is not earth-shattering. However, there are things that are important, and I think everyone would agree that databases that protect our identity or have information about our identity are critical.
Financial institutions and people's financial information are critical. On our medical information, we have spent a lot of time on legislation and regulations on protecting medical privacy. Those, to me, would be three of them, but certainly, the critical systems need to be identified.
We need to make sure there are adequate protections in place. Not every business and level of government has the same amount of protections and technology in place. There is a journey of defining what adequate protection is and helping people get there.
In the case of breaches and having them investigated and addressed, the bill gives very broad powers to the minister. It allows the federal government to secretly order telecom providers to “do anything or refrain from doing anything...necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”
Those three terms are not well defined, so I think there is some work to be done to define those better, but I do not really believe we want to give the government power to do anything it wants. Certainly, shutting down a system for protection is important when there is an actual threat and not just a potential future threat or a possible threat. In the case of a threat, the government needs the ability to act, but certainly we have to tighten up the language in the bill on that.
After there has been a breach, there needs to be preventive and corrective action. Preventive action would be additional technology walls or additional controls that are put in place to ensure that we have enhanced protection in the future. Corrective action is fixing the holes that people got into in the first place and punishing the hackers. It does not seem like any of that is happening today. The bill does not address that, but there should be some measures there to take corrective action.
I talked about the overarching powers and my concern with them. We cannot have the government continually coming up with bills in which it has not really defined what it is going to do but it tells us not to worry about it because the Governor in Council, after the fact and without any parliamentary oversight, will determine what we are going to do.
The Governor in Council means the Liberal cabinet ministers. I think we are at a place where people have lost trust in the government because there is no transparency. The bill allows the government to make orders in secret, without telling people what is done. The public cannot see it and is suspicious, because people have seen numerous examples of the government hiding things.
We have just come through a $19-million emergency measures act situation in which the Liberal cabinet ministers and the Prime Minister knew they were never going to disclose the documents that would prove or disprove whether they met the threshold, because they were going to hide behind solicitor-client privilege.
They have done it before, hiding behind cabinet confidence, like on the Winnipeg lab issue. Look at the documents we tried to get hold of there. The Liberals even sued the Speaker in order to hide that information from Canadians.
In the SNC-Lavalin scandal, we saw them hiding behind cabinet confidence. In the WE Charity scandal, we saw them hiding behind cabinet confidence. I am a little concerned, then, to find that in this cybersecurity bill, the Liberals are saying the government can make secret orders that the public is not going to ever know about. I think that is very dangerous. This is one of the reasons we are seeing an erosion of trust in Canada.
A recent poll posted by The Canadian Press showed that if we look at the trust index in Canada, only 22% of Canadians trust the government or politicians. That means four out of five Canadians do not trust the government or politicians, and it is partly because of what has gone on before, when things have been done such as people's banks accounts frozen and drones surveilling citizens. People have lost trust, so I do not think they are going to be willing to give a blank cheque to the government to do whatever it wants for cybersecurity, to control enterprises outside the government to get them to stop operating, for example. The riverbanks need to be much tighter on that.
People are concerned about their civil liberties, and I know there has been a lot of conversation about the lack of privacy protection in this country. We have regulations like PIPA and PIPEDA. My doctor cannot reveal my medical information; my employer cannot reveal my medical information, but various levels of government in the pandemic made it so that every barmaid and restaurant owner could know my private medical information and keep a list of it, which is totally against the law. Therefore, when it comes to cybersecurity we are going to have to make sure the privacy of Canadians' information is better protected, and I do not see that element here in the bill—
1110 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to congratulate my colleague on his speech.
Cybersecurity is essential, and it is also a race against time because hackers are becoming better and better organized. They are fast, equipped, cunning and, on top of that, dishonest. That gives them an advantage over us presumably honest people.
The government has been slow to act, legislate and get aggressive with cybersecurity.
Does my colleague think that there is still time to take the lead in this race, or are we going to continue to fall behind international hacker organizations?
92 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, one of the things that has become very clear, particularly since the Russian invasion of Ukraine, is how destabilized our world is and how many bad actors are out there at the state level trying to undermine democracy.
My concern is about the ability of the federal government to withstand cyber-attacks. Earlier today, I talked about 2011 when actors out of China were able to shut down finance and the Treasury Board for days on end with relentless attacks. With the amount of financial information for Canadians that is in those departments, that is very serious.
We know that in the immigration department, which has turned into an absolute nightmare for anybody trying to navigate it, the system is breaking down. Staff in the department cannot access information files because the system is not up to speed. This will require a major investment to protect people, but also to deal with dark forces, whether they are Russians, the Chinese or any other non-state actor.
Has the government put in a credible plan to ensure we get our federal systems up to speed to be able to withstand hackers?
192 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to congratulate my colleague from Lac-Saint-Louis on his speech. He obviously has an excellent grasp of the file.
I put this question to another colleague earlier, after a speech, and it is something that really concerns me. I am asking it again because I do not know if the member was here earlier.
We cannot begin to imagine how organized hackers are. They have such a big head start that it will be hard to catch up to them, even if we invest all the energy and knowledge we can in our systems to protect ourselves against cyber-attacks. We have seen companies like Desjardins and Bombardier fall victim to these hackers, who demand endless ransoms. How many other companies have fallen victim to these attacks without us even hearing about it?
My question is this. Has Canada been too slow to act? It took Canada a long time to decide Huawei's fate, for example. Does the fact that the government seems to have dragged its feet before finally tabling a cybersecurity plan that appears to have some teeth not mean that we will always be one step behind those countries and organizations that are attacking the computer systems of businesses and governments around the world?
213 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
