44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, I appreciate the comments the member has made. However, when we go to these conferences, one thing that is important to recognize is that even with the legislation, compared to other countries, this is an ongoing issue and cybersecurity is dealt with in a wide variety of ways. What we are talking about today is a very important tool. We have been talking about it and have the legislation before us. We now have an opportunity. In listening to members on all sides of the House, we see that there is a will to support the legislation going to committee. My concern is that if we do not allow that opportunity, there is a finite amount of time. We would like to see the legislation go to committee so that opposition members could propose ideas, suggestions and possible amendments.
Could the member provide her thoughts in regard to the importance of trying to get the legislation to the next stage, given that everyone seems to be supporting the legislation?
171 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is a very interesting question. Here is what I would say in response. If my colleague and I were to switch places, I would say that one of the truly urgent and useful things we could do would be to fine-tune and improve the bill to show that the government really cares about cybersecurity and wants to make sure it protects Canadians from all cyber-attacks and any potential interference while strengthening transparency.
If I were in government, which will never happen, I would make sure I handed over everything if someone asked me for information. I would not hide anything to avoid a potential scandal a year from now. I would take it that far with this bill. That would be the first step in a constructive process.
133 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, there were definitely some words in the member's speech that I have to agree with as a member of the NDP, which are really around the Liberals' not taking due care in preparing these pieces of legislation that are coming to the House of Commons. They are not taking due care. They are bringing in these bills that need so much work, and it just appears that perhaps they are not committed to doing their best here. I wonder if they are not qualified, if they are outsourcing to people who are not qualified or what is going on here. I would like to hear if the member really thinks that this is salvageable in committee.
119 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, in my opinion, a government that knows where it is headed and has the competence to get there does not stumble around and try to clear its conscience or improve its own image. On the contrary, a leader who is in a really good position does not wait for the opposition's proposals to figure out what to do. My colleague asked a good question. I will let people come to their own conclusions in that regard.
79 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I will ask a question I asked earlier of another member. In this member's opinion, what does she view as the greatest threat to Canada's cybersecurity? Is it state actors? Is it cybercrime and cyber-technology? Specifically, what does the member think is the greatest threat that we face as a nation around cybersecurity?
58 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is exactly one of the questions we need to ask the experts. We must listen to them and accept their recommendations. We must take action based on the analyses of scientists, particularly those who may have had to reconsider some mechanisms.
Obviously, it is important to be ready to act. The answer might be very different depending on the situation. We are hearing a lot about foreign interference in elections these days. We would like this bill to help put an end to that.
87 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I will take maybe a different tack today to contribute to this debate on cybersecurity. I am going to tell a story about Tom and how he has been impacted by technological changes over the last couple of decades. Before I tell Tom's story, I have to share Emily's story with technology and why this legislation and changes to cybersecurity in Canada are so important and so needed.
Before I get into that, I think it is important to first lay out in simple terms what this bill is about from my current understanding. There are really two parts to the bill.
The first part is about amending the Telecommunications Act to address and fix the security needed for our Canadian telecommunications system. The bill would do this by addressing it through two means. First, it would “direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.” As well, it would establish some monetary penalties tied to those changes.
The second part of the bill is all tied to the critical cyber systems protection act. It would provide the framework for the protection of our critical cyber systems, which are vital to national security and public safety. It would do that through five different aspects. First, it would authorize the government to designate those services that are vital to Canadians, those critical sorts of services, what they are and what systems are tied to them. Second, it would authorize the government to establish who is responsible for maintaining those systems. Third, it has how these cybersecurity incidents would be reported and how Canadians and institutions comply with those changes. Fourth, it lays out how information would be shared and, arguably, needs to be protected. Finally, it gives the “so what” of the enforcement and the consequences for non-compliance with the legislation.
In reality, this bill is quite lengthy and very technical, so I am going to focus most of my speech around two important aspects of the bill. The first aspect is the threats to cybersecurity. The second is information sharing and the need to protect Canadians' privacy rights while highlighting the important need for transparency. How would the government ensure the accountability of any institution affected by this bill, particularly the government itself, with the additional powers this legislation would grant it?
Let us get back to Emily. She is a senior citizen and a retired teacher. She uses a mix of online banking and billing, although she still prefers to handle the majority of her financial transactions right at the bank. She has a fledging social media presence mainly to stay in contact with her grandchildren and friends. She even has a TikTok account at her grandchildren's urging. We will see if she is going to change her mind and delete that sooner than later.
Being online and connected is essential to all Canadians now, more than ever, as a lot of Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. As I have mentioned, we have seen an increased dependency on the Internet, especially for government services. In the last few years, under the Liberal government, it continues to shift more and more government services online, while unfortunately decreasing service delivery for those without access to the Internet at the same time. I will not go into detail on all the shortfalls I see with the current approach, considering that a large portion of rural Canada still do not have access to high-speed or dependable Internet.
What threats does Emily face? She complains about getting emails and phone calls from people alleging to be affiliated with her bank or service providers. She wonders about the advertising that shows up on her social media feeds that align with something she only mentioned in an email to a friend. How is all of this happening?
To quote the director of CSIS from December 4, 2018, over four years ago, during a speech that he gave to Bay Street, which I have extracted from Stephanie Carvin's Stand on Guard, Mr. Vigneault stated that the greatest threat to our prosperity and national interest is “foreign influence and espionage.” While terrorism remains the number one threat to public safety, “other national security threats—such as foreign interference, cyber threats, and espionage—pose greater strategic challenges”.
In her book, Professor Carvin clearly lays out the risks associated with cyber-attacks, whether malware, ransomware, a targeting of critical infrastructure, denials of services or others. She talks about cyberterrorism, cyber-espionage and cybercrime, so how do we deal with this?
We deal with this not only through this legislation, but also, mainly for some of the challenges we have, as my colleague from Selkirk—Interlake—Eastman talked about in much greater detail earlier today in his speech, our Canadian Armed Forces, the Communications Security Establishment and even our federal police services, which have ways to deal with this. My colleague hinted that sometimes the best defence is a good offence.
Offensive cyber-operations are really not the bailiwick of this legislation, although I would offer that there is some overlap, as we look at a lot of these threats Canadians and Canadian institutions are facing are financed through cyber-attacks and more here at home. We need to tackle this and get the balance right.
The bottom line is Emily and Canadians like her being affected by all of these cyber risks. Professor Carvin pointed out that at least 10 million Canadians had their data compromised in 2017 alone. Unfortunately, this number is likely under-reported, and neither the government nor the private sector fully understand the scale of the problem. To sum up, the threats are huge.
Bill C-26 must balance privacy rights while ensuring national security. Increased use of encrypted apps, data being stored in the cloud on servers outside of Canada, IP protection and more factor into the challenges of getting this legislation right. In order to deal with these threats, the legislation would need to enable our security establishments with robust, flexible powers. However, these robust powers must come with clear guidance on how far and when to inform the public. This is essential in rebuilding our trust in our democratic institutions.
The Business Council of Canada has already publicly expressed concerns over the current draft of this legislation. It rightly identified that large companies, and also small- and medium-sized enterprises, are concerned that the sheer amount of red tape tied to this bill is extremely high.
We need to get the balance right. It is vital, and it is going to require significant expert testimony at committee. Although I would argue the legislation is desperately needed, and I would argue even late in coming, it needs to be done right and cannot be rushed through debate or review at the committee stage.
I have some final comments. This legislation is needed to protect Canadians. However, this legislation needs to be reviewed regularly and needs to include safeguards. I know if he gets the chance, the member for Winnipeg North might ask about what amendment we are recommending. There is no annual reporting mechanism in this bill, so the government should have to table an annual report to Parliament outlining the progress on this legislation, and include an updated cyber threat assessment to Canadians and what it has been hearing back from the companies impacted by this legislation.
Sean McFate, in this book The New Rules of War: Victory in the Age of Durable Disorder, wrote, “ Secrets and democracy are not compatible.... Democracy thrives in the light of information and transparency.”
Finally, I will conclude with Tom's story and how he has been impacted by technology. The bottom line is that he has not been. He does not have a cell phone. He does not use the Internet. He only pays in cash and does not have a credit card. The only way he is currently being impacted is when he shows up to try to get some federal services from the government. He cannot do it because he does not have any of that, and he cannot get anybody to show up in an office to work.
1404 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I listened intently to the member opposite's speech. He spoke about transparency. He talked about advertising and constituents who wondered how certain ads were targeted to them. He spoke about annual reporting.
In that vein, I am curious if the member opposite would like to report to the House anything that the Conservative Party has done to condemn their leader for the misogynistic, anti-women hate hashtags that were used to target individuals who promote hate towards women and violence. That is a form of domestic terrorism CSIS has highlighted as well.
Would the member opposite like to talk about clarifying in the House how Conservatives are going to address the cyber-attacks against women in this country?
121 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I suggest that the member ask the member for Carleton, the Leader of the Opposition, to answer that question because I cannot speak for him other than to state that he has put out a very clear, definitive statement condemning the hashtags that were put on some videos, which he knew nothing about. I will leave my comments at that.
The last time I checked, we are debating Bill C-26, legislation that is needed to protect Canadians. It needs to be improved and debated to get it right so we can deal with threats of political interference from foreign states, such as the Communist Chinese government. That is of utmost importance to Canadians.
116 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I listened carefully to my colleague's speech.
The Bloc Québécois has often supported the need for the government to tighten cybersecurity controls. I am curious about the Conservative Party and I have a question for my colleague. There has been a lot of doubt and uncertainty concerning cyber-attacks and companies like Huawei. We know and people know that a former candidate for the Conservative leadership worked with Huawei.
I would like my colleague to explain to me what credibility the Conservative Party has today, as we talk about cybersecurity and Chinese interference, because one of its own members, who was a leadership candidate, worked with a company like Huawei. The giants in this world, the Five Eyes in particular, have stopped doing business with this company. Today, we are once again asking how that party can lecture everyone else about cybersecurity.
149 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I think the public record of the House and this party in the chamber has been clear-cut on the issue of Huawei. We have called for it to be disavowed, taken off devices and not be allowed to be a provider here. That was passed a year and a half ago.
Whether someone had private employment prior to them declaring or running in a leadership race is a great question for the individual. Because somebody's past history involved them working for different institutions and companies, yes, we can judge those individuals, but let us talk about the public record here. I would argue that there has been no party in the history of Canada that has stood up more for the defence and sovereignty of this nation than the Conservative Party of Canada.
137 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, a common theme I have heard, highlighted well from members from the Conservative side, is how past records are one of the best indicators for future success or failure. Certainly, when it comes to the issues surrounding Huawei and cybersecurity, we see Canada, especially its reputation on the world stage, being greatly diminished by the actions and, in many cases, inactions of the Liberal government and the Prime Minister over the course of five years.
Could he expand on how those past actions have diminished Canada's reputation among allies and partners?
94 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I referenced a couple important books and a couple references by some of our esteemed national security experts across this country. If people read through that and read some books that are out there, they would see this is a threat that has been building for the better part of a decade or more.
The government has known about this since the day it formed government, yet we have seen no action. As mentioned by the CSIS director from 2018, here we are almost five years later, and we are just now seeing this important legislation being delivered.
100 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is an honour to rise again in the House to speak to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. My Conservative colleagues and I, as has been indicated, support this legislation being sent to committee for further study, as it needs a lot of further work and amendments.
For those watching this debate, who have not had time to review the legislation, the bill has two main parts, as has been explained throughout the day. The first part would amend the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.
The second part of the bill would enact the critical cyber systems protection act, which is a new act, that attempts to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are designed to operate as part of a work, undertaking or business that is within the legislative authority of Parliament. Services and systems that would initially be designed and designated as vital are telecommunications systems, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems, banking systems, and clearing and settlement systems. Any additions to this list of vital systems can be made and added to by the Governor in Council.
The critical cyber systems protection act would have several components to it. It would authorize the Governor in Council to designate any service or system as a vital service or vital system; it would authorize the Governor in Council to establish classes of operators in respect of a vital service or vital system; it would require designated operators to, among other things, establish and implement cybersecurity programs, mitigate supply-chain and third-party risks, report cybersecurity incidents and comply with cybersecurity directions; it would provide for the exchange of information between relevant parties; and would authorize the enforcement of the obligations under the act and impose consequences for non-compliance. Those would be significant consequences, I might add.
On its face, it seems that the Liberals have finally awoken after eight years of doing absolutely nothing on this file, yet somehow they hastily scrambled to cobble together a proposition for sweeping changes to a regulatory framework, which this legislation would enact.
The Civil Liberties Association said, “The problems with the Bill lie in the fact that the new and discretionary powers introduced by C-26 are largely unconstrained by safeguards to ensure those powers are used, when necessary, in ways that are proportionate, with due consideration for privacy and other rights. The lack of provisions around accountability and transparency make it all more troubling still.” We understand that a modernization in this field may be required to do so without the caveats of being necessary, proportionate and reasonable to take it one step too far for Canadians to accept.
For support of this argument, the Liberals only need to look at the research report from Citizen Lab, written by Christopher Parsons. The report is called “Cybersecurity Will Not Thrive in Darkness, A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”. That report provides 30 recommendations that clearly lay out common sense changes and how this legislation could be improved to include transparency or at least apply limitations on the government's authoritarian use of power. For the benefit of the careless drafters and my Liberal colleagues across the way who would happily vote on any flawed legislation their leader tells them to without bothering with independent thought or even reading its criticisms, I will take some time and share the flaws.
Citizen Lab also seems to address what appears to be a recurring theme with the government: a lack of transparency and limitations on the government's authoritarian use of power. It too addresses that, “The minister may, by order, direct a telecommunications service provider to do anything or refrain from doing anything...that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”
That, too, seems a little broad. Amendments need to be applied that include a limitation on the minister's powers, ensuring that actions are necessary, proportionate and reasonable. This government has proven that it cannot be trusted with powers without strict limitations. It is simply unable to self-regulate.
The Canadian Civil Liberties Association and Christopher Parsons agree again on the lack of privacy and broad provisions around information sharing.
The CCLA writes:
Also concerning are the very broad provisions around expanding information sharing with a long list of potential recipients including Ministers of Foreign Affairs and National Defence, the Canadian Security Intelligence Service (CSIS), and also, once an agreement is signed, with provincial governments, foreign governments, or international state organisations, again, at the Minister’s discretion. The Communications Security Establishment (CSE), Canada’s signals intelligence agency is also a key recipient of information.
The Citizen Lab review echos how the government ought to have included provisions that respect information privacy. To any Canadian listening, this does not sound like too much to ask. Specifically, the Citizen Lab report recommends that “information obtained from telecommunications providers should only be used for cybersecurity and information assurance activities".
It also recommends that “government should explain how it will use information and reveal the domestic agencies to which information is disclosed”. The report says “information obtained for telecommunications providers should only be used for cybersecurity information assurance activities”. It should only be used for “data retention periods”, and that it “should be attached to telecommunications provider's data”. Citizen Lab states that “data retention periods should be attached to foreign disclosures of information”. It also indicates that “telecommunications providers should be informed which foreign parties receive their information”, and “legislation should delimit the conditions wherein a private organization's information can be disclosed”.
Why does the government need to be told that its legislation has these fundamental flaws by outside organizations? Many are asking: Do these Liberals have no shame when it comes to the privacy of Canadians?
The CCLA further points out that, although there is an appeal process through judicial review, when the subject of an order finds it to be unreasonable or ungrounded, it suggests that, under Bill C-26, the government overlooks the basic, fair process that even a national security threat would receive. The Citizen Lab, on the other hand, discusses that the government fails to compensate for government intrusion into small business. Mr. Parsons proposes that the legislation should be amended such that telecommunications providers can seek moderation of “certain orders where implementing them would have a material impact on the provider's economic viability”.
In conclusion, while it is notable that the Liberal government has finally awakened to this topic, the legislation has again missed some pretty traditional marks of Liberal legislation. It leaves citizens at risk of major government overreach. It takes the privacy and information of Canadians for granted. It relies on a system of review that falls short of due process, and it leaves businesses susceptible to bearing the costs of an overbearing government. Lastly, this is typical lazy Liberal legislation.
1278 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, let us look at the bungling that has gone on in recent years. Ottawa arrested Meng Wanzhou, not for a common law crime, but for failing to comply with an American embargo. It kowtowed to the Americans on an embargo that Canada does not even share.
There is also Ottawa's refusal to follow the leadership and initiative of the U.S., which acted very quickly with regard to Huawei. Does that not demonstrate a glaring lack of vision?
82 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I think many Canadians are wondering why the government took so long to act on Huawei. Our Five Eyes allies have certainly put pressure on Canada and acted previously to ensure that their 5G systems were not compromised, which had been found to be the case with the Huawei technology. That is why, in my statement, I made some comments that this government is finally waking up, after all this time, to deal with some of these issues we are facing as a country.
86 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I will say it again: It does not feel like the Liberals are taking due care in presenting legislation. In listening to the debate today, I am really concerned, not only as a Canadian but also as a parliamentarian, that there is not enough knowledge in the House to be even having this discussion. I would like to know from the member whether there have been adequate technical briefings from the Liberal government in regard to this legislation, because it seems like this is a lot more serious than what this debate is holding to today.
98 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, we all know that cybersecurity issues are a fast-moving target and how they change almost monthly. One thing that I can be confident in is our national security agencies that deal with some of these issues on cybersecurity. They are working diligently on our behalf. I would agree that there would be very few of us in the House who would have the technical capacity to understand much of what we ask our defence agencies, our national security agencies and our cybersecurity agencies to do for us on behalf of our country.
I would encourage the government, as was indicated by my colleague, to enlighten the House and to provide briefings by those technical experts in government and from our public servants. We would all benefit, not only from the study of this bill but also from the ability to answer our constituents who have cybersecurity questions. We could answer them more intelligently.
156 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I appreciated the speech by my colleague from just south of my constituency. Certainly, this is an incredibly complex and important series of issues. They are not just related to this particular bill but a whole host of larger security and cybersecurity issues. I wonder if the member could provide further comments, specifically on the lack of leadership that Canada has shown on the world stage over the last eight years that this Prime Minister has been in charge, and has it impacted Canada's reputation globally?
89 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is disconcerting, as Canadians, when we look at the history of the Liberals since they have been in for seven years and five months. Inflation brings it to eight years.
One of the things that is important is we have lost face, if one wants to use that term, with our global partners and our Five Eyes agencies that have now gone and done things without us. That is because we have not been at the table. We have been slow to react to the very legitimate concerns about the cybersecurity and the national security of this country and of our allies.
105 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
