44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will be addressing elements of the legislation that deal with securing Canada's telecommunications system.
As Canadians rely more and more on digital communication, it is critical that our telecommunications system is secure. Let me assure the House that the Government of Canada takes the security of that system seriously. That is why we conducted a review of 5G technology and the associated security and economic considerations. It is clear that 5G technology holds lots of promise for Canadians: advanced telemedicine, connected and autonomous vehicles, smart cities, clean energy, precision agriculture, smart mining, and lots more.
However, our security review also made it clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system. The Canadian Security Intelligence Service recognized this in its most recent public annual report. The report said, “Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada’s national security, its interests and its economic stability.”
The report said that cyber-actors conduct malicious activities to advance their political, economic, military, security and ideological interests. These actors seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities. The CSIS report also highlighted the increasing cyber-threat that ransomware poses.
The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish victims' data or block access to it unless a ransom is paid. It is not just cybercriminals doing this. CSIS has warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution.
To be sure, Canadians, industry and government have worked hard to this point to defend our telecom system, but we must always be alert and always be guarding against the next attacks. This has become more important as people are now often working remotely from home office environments, and the challenges are accentuated by the 5G technology. In 5G systems, sensitive functions will become increasingly decentralized to be able to be faster where speed is needed. We all recognize cell towers in our communities and along our highways, and 5G networks will add a multitude of smaller access points in order to increase speeds. The devices the 5G network will connect to will also grow exponentially. Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with the older technology. Bad actors could have more of an impact on our critical infrastructure than before.
The security review we conducted found that, for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technology and the threat environment.
Now, for these reasons, we are proposing amendments to the Telecommunications Act. The amendments would ensure that the security of our telecommunications system remains an overriding objective. This bill would add to the list of objectives set out in section 7 of the Telecommunications Act. It would add the words “to promote the security of the Canadian telecommunications system.” It is important to have these words specified in law. It would mean that the government would be able to exercise its power under the legislation for the purposes of securing Canada's telecommunications system.
The amendments also include authorities to prohibit Canadian telecommunication service providers from providing and using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary after consultation with the telecommunications providers and other stakeholders. They would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks, upon which all critical infrastructures depend.
We have listened to our security experts, Canadians and our allies, and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canadian competitiveness, economic stability and long-term prosperity.
It is clear that the telecommunications infrastructure has become increasingly essential, and it must be secure and resilient. Telecommunications present an economic opportunity, one that grows our economy and creates jobs.
The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve designated organizations' ability to prepare, prevent, respond to and recover from all types of cyber incidents, including ransomware. It will designate telecommunications as a vital service.
Together, this legislative package will strengthen our ability to defend telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day.
The legislation before us today fits with the Government of Canada's telecommunications reliability agenda. Under this agenda, we intend to promote robust networks and systems, strengthen accountability and coordinated planning and preparedness.
Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of the network has never been more crucial. They are fundamental to the safety, prosperity and well-being of Canadians.
We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that.
939 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his riveting speech.
I would like to ask him what he thinks about the government's strategy on Huawei and 5G. It seems to me that there were a lot of about-faces, that it took a long time and that there was a lot of dilly-dallying.
I would like to hear my colleague's thoughts on that.
66 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a pleasure to rise on behalf of the good people of Central Okanagan—Similkameen—Nicola.
I welcome this debate because essentially what the government has put forward in the bill is two words: “Trust us”. We should trust the government and give it all these powers for the Telecommunications Act, expanding it drastically. We should trust the government when it comes to designating cybersecurity systems as being of such importance that a whole host of new rules should be put upon them. That is what the government is asking us to do.
This is the same government that took years to answer the question of whether we will allow Huawei in our 5G infrastructure. It is a question that has infuriated our allies because they expect Canada to be a trustworthy party in the Five Eyes' intelligence and sharing. It has also infuriated the companies themselves, as many had hoped to utilize the technology. Now, I was against the use of Huawei, but these enterprises are in a competitive venture and will take any particular opportunity to compete and try to lower their prices. However, this government wasted years for that infrastructure to be procured. I believe this also infuriated many Canadians who wanted a simple yes or no on Huawei.
I think the government went through three public safety ministers who said that an answer was coming. Finally, it said no, answering Conservative calls for “no way to Huawei”. However, now it has put forward a bill that would essentially give the power to the government. For example, the government would be able to bring forward an order that could not be reviewed by Parliament. In fact, the Statutory Instruments Act is being exempted from both the telecommunications component in Bill C-26 and the new cybersecurity part, the critical cyber systems protection act.
I am the co-chair of the Standing Joint Committee for the Scrutiny of Regulations, which is a committee tasked by the House and the other place to ensure that when the government creates an order or regulation, it does not exceed the authority granted to it by Parliament. We are able to make sure that when a department or ministry is charged with a delegated authority that it does so justly, and in light of the legislation, that it does not, ultra vires, exceed it.
However, in the legislation before us, the government is effectively saying that it gets to place secret orders that cannot be reviewed by Parliament. Now, members may say that they can go to a justice to be able to have a case heard in court. Again, who can be designated under this proposed bill is an open question. Someone could go in front of a justice, but guess what, Madam Speaker? The government reserves the right to actually make its accusations in a closed-door fashion where a person or company does not have to be there to defend themselves against the evidence that is brought to the court. There, a person or company may be subject to an order that is so secret that it cannot even be said within a closed hearing with an independent judge.
Now, some may say, “Well, so what? It is for national security.” However, we actually do not know. There are so many different organizations that can make powers here. Everyone from the responsible minister to the appropriate regulator, the minister of foreign affairs, the minister of national defence, the chief of the defence staff, the chief or an employee of the Communications Security Establishment, the director or an employee of the Canadian Security Intelligence Service or any other person or entity that is prescribed in the regulations can exert power.
“Trust us”, says the government. The government wants us to give it this power, and it will choose who can use it on whom; Parliament will never know anything about it. Even if a person or company protests, they will not be able to hear the evidence in court as to why they must comply.
Granted, I believe that, within Canada's interests, we should have the ability to work with providers around concerns, but I have great reservations on this. This bill says, “Trust us.” The government says this repeatedly. When we ask questions about foreign interference or share concerns about Huawei, the answer is, “Trust us.” This is not a respectful way to do it.
Let me tell everyone about a respectful way to do these things. Having brought forward a bill, it would perhaps be respectful to bring it to the committee stage first. There is a process where a committee can have hearings on potential legislation before it comes to this place for second reading. This offers the committee the flexibility to begin hearings and mould whether those powers are going to be broadly met in this House. In a minority setting, that would have been ideal.
However, that is the past; the government has brought forward this bill and we are at second reading. What would have been even better is to look at the example of Australia, which decided to hold a number of different inquiries over a period of years. I know the government is very sore around the subject of inquiries these days, but these commissions were set up and asked what information government should have, as well as how and with what kinds of regulations data should be regulated by government. Essentially, it took the approach that someone's personal data is their own, and they should be able to direct it.
Over a series of commissions, some with 800-page reports, they decided on a process for making changes. They would focus on privacy, deciding what the government could keep and could not keep, and they went through that legislative process. Then they said they were going to regulate industry by industry. We should notice that the proposed critical cyber systems protection act casts such a wide net that it could be anything from pipelines to sewage water treatment plants or air transit systems.
We do not know because the government just says to trust it. However, I know, and I am sure others know as well from experience, that every industry uses different technology. Therefore, a one-size-fits-all, big, bossy government, as the member for Carleton would probably call it, does not have the touchpoints or the understanding. All we know is that these orders can be placed on any industry at any time and that those orders will never be looked at by Parliament. To me, the government is asking for too much.
Again going to the Australian model, Australia said it was going to start with data privacy rights in telecommunications, energy systems and banking. It picked the industry that it was going to focus on and made sure it got it right before putting forward the new rules that allowed for a steady process. Instead of a holus-bolus process where everything gets thrown into Bill C-26 with the government telling Canadians, members of Parliament and members of the other place to just trust it, we could have had smart legislation that would be reviewed at committee. Hearings could be held, and we could find out what is reasonable for each industry and what is not. From a privacy standpoint, we could also ask what the government means when it designates someone under this act. Does it mean a person or a company? What are their rights and responsibilities? Unfortunately, this is all on the government side; it decides, saying, “Trust us.”
My colleagues and I will be seeing this bill go to committee. However, I have to protest in this place that this is not the way to make our systems better and provide more trust in our institutions. “Trust us” is not an argument, and the government should know better by now.
1342 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, governments are made of people, and people make mistakes. After talking to many of our allies and seeing what our other Five Eyes partners in the United States, Great Britain, New Zealand and Australia have done, the government probably heard the feedback that it was a black eye that it took so long for Huawei to be banned from Canada's 5G infrastructure. This is now perhaps an overreaction to try to make up for that.
Let me say this. In this place, in this country, we want laws that are just, fair, and most of all, practicable. Unfortunately, this is a one-size-fits-all, big, bossy government that asks us to trust it because it knows the shots and will take them as it sees them. It has not done well in the past, and I believe that this overshoot is to respond to that lack of credibility with respect to Huawei. However, two wrongs do not make a right.
164 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I think many Canadians are wondering why the government took so long to act on Huawei. Our Five Eyes allies have certainly put pressure on Canada and acted previously to ensure that their 5G systems were not compromised, which had been found to be the case with the Huawei technology. That is why, in my statement, I made some comments that this government is finally waking up, after all this time, to deal with some of these issues we are facing as a country.
86 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
