44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, I will be splitting my time with the member for Kootenay—Columbia.
I am pleased to rise in the House today to speak to Bill C-26, the critical cyber systems protection act, introduced in June 2022 and split into parts 1 and 2. The former aims to amend the Telecommunications Act to include:
the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.
The latter outlines the introduction of the critical cyber systems protection act, which would create a new regulatory regime requiring designated critical infrastructure providers to protect their cyber systems.
I would like to emphasize that the safety and security of our telecom industry, with particular reference to foreign adversaries such as the Beijing Communist Party, has been a broad theme in communications lately. This is especially concerning the controversial Bill C-11, the online streaming act, or, should I say, government censorship, and new revelations from the Canadian Security Intelligence Service, CSIS, flagging election interference from those involved with the Beijing Communist Party.
We Conservatives believe it is of paramount importance to defend the rights and interests of Canadians from coast to coast to coast. Thus, Canada's national security should be strongly well equipped to be prepared for cyberwarfare threats that could be presented by emerging digital technologies, intelligent adversaries or authoritarian artificial intelligence.
The NDP-Liberal government has had a long record of denying Canadians the truth. Instead of protecting their rights and freedoms, the government uses deflection tactics to divide Canadians, pitting them against one another to distract from the real issue: that the NDP-Liberal government has been too slow to address cyber-threats. For this critical lack of action, Canada has seen several serious incidents occur with no substantive legislative response for over seven years. After years of chronic mismanagement and utter failure, it is time for the government to step aside and let the Conservatives turn Canadians' hurt into hope.
We support the stringent and thorough examination of this legislation. We will always defend and secure the security of Canadians, especially with regard to cybersecurity in an increasingly digitized world. There is a pressing demand to ensure the security of Canada's critical cyber-infrastructure against cyber-threats. Let us not forget that these very systems lay the foundation of the country as a whole. It is these cyber systems that run our health care, banking and energy systems, all of which should be guarded against the cybercriminals, hackers and foreign adversaries who want to infiltrate them.
Akin to several other Liberal ideas, a number of aspects of this bill require further review, and it should thus be sent straight to committee where it can be further dissected and refined to ensure that all flaws are addressed. One can only imagine the disaster that a hospital system crash would add to the already horrible wait times in emergency rooms and shortages of medical professionals thanks to the NDP-Liberal government. The results would be disastrous. Furthermore, disruption of critical cyber-infrastructure in health care can bring severe consequences, such as enabling cybercriminals to access confidential patient health care information.
While we understand that it is imperative to provide the resources necessary to effectively defend against cyber-threats, it is still equally important to ensure that the government does not overreach on its specified mandate through Bill C-26. A research report written by Christopher Parsons called “Cybersecurity Will Not Thrive in Darkness” highlights some recommendations to improve Bill C-26. Among these recommendations is an emphasis on drafting legislation to correct accountability deficiencies, while highlighting amendments that would impose some restrictions on the range of powers that the government would be able to wield. These restrictions are critical, especially concerning the sweeping nature of Bill C-26, the critical cyber systems protection act, as outlined in parts 1 and 2, which I have explained in my opening statement.
The sweeping nature of this legislation is not new, particularly for the Liberal government. It even goes back to Bill C-11, the online streaming act, which essentially placed the Liberal government as the online content regulator controlling what Canadians see or listen to online. If members ask me, the government policing what Canadians view online is a cyber-threat in its own way, but I will not get into that right now.
There are other flaws in Bill C-26 that I would like to highlight, which brings us back to having Bill C-26 closely reviewed in committee.
In terms of civil liberties and privacy, some civil liberties groups have flagged serious concerns regarding the scope and lack of oversight around the powers that may be granted to the government under Bill C-26. In September last year, the Canadian Civil Liberties Association, along with other groups, released a joint letter of concern regarding Bill C-26, highlighting that the bill is “deeply problematic”, like several other questionable Liberal policies. They went on to further explain that Bill C-26 “risks undermining our privacy rights, and the principles of accountable governance and judicial due process”.
From an economic perspective, the bill lacks recognition of foreseeable impacted enterprises, such as small and medium-sized businesses, which will undoubtedly bring forth unintended consequences. According to the Business Council of Canada, some concerns include the lack of transparency seen through the one-way sharing of information. This brings about serious concerns. Operators are required to provide information to the NDP-Liberal government, yet those same operators are not entitled to receive any information back from the government or other cyber-operators. This whole information-sharing regime is lacking and, simply put, completely misses an opportunity to implement a transparent information-sharing system that would benefit all parties involved.
There is also concern regarding government overreach. Considering what powers would be granted to the government to order what a telecommunications provider has to do under Bill C-26, I would have expected to see sufficient evidence to support this overreach. However, that was not addressed at all, if not vaguely, in this bill. This, on top of blatant disregard for the recognition of privacy and other charter-protected rights, proves how the government only cares about granting itself more and more power, even in the face of blatant transparency and accountability concerns like election interference or the Bill C-11 censorship bill.
I only highlighted a few of the several highly valid concerns regarding this critically flawed bill. Obviously, it is important to defend national cybersecurity and defend against cybercriminals or foreign threats. However, there is a fine line between upholding the best interests of Canadians and just using another faulty bill as a power grab for the NDP-Liberal government, despite concerns regarding cyber systems, privacy and security infrastructure.
We Conservatives believe that it is of paramount importance to truly defend the rights and interests of Canadians from coast to coast to coast. One of the best ways this can be done is by securing Canada's cyber-infrastructure from attacks. While we welcome the idea of protecting the interests of Canadians in terms of cybersecurity, we want to flag that Bill C-26 has some highly concerning content that should be closely reviewed and discussed in committee to correct flaws and prevent potential overreach from the NDP-Liberal government. In the interest of protecting Canada's cyber-infrastructure, we must also guard against the sweeping government powers outlined in the critical cyber systems protection act.
1294 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will be addressing elements of the legislation that deal with securing Canada's telecommunications system.
As Canadians rely more and more on digital communication, it is critical that our telecommunications system is secure. Let me assure the House that the Government of Canada takes the security of that system seriously. That is why we conducted a review of 5G technology and the associated security and economic considerations. It is clear that 5G technology holds lots of promise for Canadians: advanced telemedicine, connected and autonomous vehicles, smart cities, clean energy, precision agriculture, smart mining, and lots more.
However, our security review also made it clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system. The Canadian Security Intelligence Service recognized this in its most recent public annual report. The report said, “Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada’s national security, its interests and its economic stability.”
The report said that cyber-actors conduct malicious activities to advance their political, economic, military, security and ideological interests. These actors seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities. The CSIS report also highlighted the increasing cyber-threat that ransomware poses.
The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish victims' data or block access to it unless a ransom is paid. It is not just cybercriminals doing this. CSIS has warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution.
To be sure, Canadians, industry and government have worked hard to this point to defend our telecom system, but we must always be alert and always be guarding against the next attacks. This has become more important as people are now often working remotely from home office environments, and the challenges are accentuated by the 5G technology. In 5G systems, sensitive functions will become increasingly decentralized to be able to be faster where speed is needed. We all recognize cell towers in our communities and along our highways, and 5G networks will add a multitude of smaller access points in order to increase speeds. The devices the 5G network will connect to will also grow exponentially. Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with the older technology. Bad actors could have more of an impact on our critical infrastructure than before.
The security review we conducted found that, for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technology and the threat environment.
Now, for these reasons, we are proposing amendments to the Telecommunications Act. The amendments would ensure that the security of our telecommunications system remains an overriding objective. This bill would add to the list of objectives set out in section 7 of the Telecommunications Act. It would add the words “to promote the security of the Canadian telecommunications system.” It is important to have these words specified in law. It would mean that the government would be able to exercise its power under the legislation for the purposes of securing Canada's telecommunications system.
The amendments also include authorities to prohibit Canadian telecommunication service providers from providing and using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary after consultation with the telecommunications providers and other stakeholders. They would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks, upon which all critical infrastructures depend.
We have listened to our security experts, Canadians and our allies, and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canadian competitiveness, economic stability and long-term prosperity.
It is clear that the telecommunications infrastructure has become increasingly essential, and it must be secure and resilient. Telecommunications present an economic opportunity, one that grows our economy and creates jobs.
The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve designated organizations' ability to prepare, prevent, respond to and recover from all types of cyber incidents, including ransomware. It will designate telecommunications as a vital service.
Together, this legislative package will strengthen our ability to defend telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day.
The legislation before us today fits with the Government of Canada's telecommunications reliability agenda. Under this agenda, we intend to promote robust networks and systems, strengthen accountability and coordinated planning and preparedness.
Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of the network has never been more crucial. They are fundamental to the safety, prosperity and well-being of Canadians.
We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that.
939 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I share the member's sense of urgency in making sure that we advance opportunities to make the networks safer. The technology has developed very quickly in recent years, so it is important that we stay ahead of that technology.
On the relationship between the provinces and the federal government, I think it is important that we develop reliable agreements where appropriate, but telecommunications is the responsibility of the federal government, and we are not going to shirk from our responsibilities in making sure that the network is safe for our citizens.
94 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a pleasure to rise on behalf of the good people of Central Okanagan—Similkameen—Nicola.
I welcome this debate because essentially what the government has put forward in the bill is two words: “Trust us”. We should trust the government and give it all these powers for the Telecommunications Act, expanding it drastically. We should trust the government when it comes to designating cybersecurity systems as being of such importance that a whole host of new rules should be put upon them. That is what the government is asking us to do.
This is the same government that took years to answer the question of whether we will allow Huawei in our 5G infrastructure. It is a question that has infuriated our allies because they expect Canada to be a trustworthy party in the Five Eyes' intelligence and sharing. It has also infuriated the companies themselves, as many had hoped to utilize the technology. Now, I was against the use of Huawei, but these enterprises are in a competitive venture and will take any particular opportunity to compete and try to lower their prices. However, this government wasted years for that infrastructure to be procured. I believe this also infuriated many Canadians who wanted a simple yes or no on Huawei.
I think the government went through three public safety ministers who said that an answer was coming. Finally, it said no, answering Conservative calls for “no way to Huawei”. However, now it has put forward a bill that would essentially give the power to the government. For example, the government would be able to bring forward an order that could not be reviewed by Parliament. In fact, the Statutory Instruments Act is being exempted from both the telecommunications component in Bill C-26 and the new cybersecurity part, the critical cyber systems protection act.
I am the co-chair of the Standing Joint Committee for the Scrutiny of Regulations, which is a committee tasked by the House and the other place to ensure that when the government creates an order or regulation, it does not exceed the authority granted to it by Parliament. We are able to make sure that when a department or ministry is charged with a delegated authority that it does so justly, and in light of the legislation, that it does not, ultra vires, exceed it.
However, in the legislation before us, the government is effectively saying that it gets to place secret orders that cannot be reviewed by Parliament. Now, members may say that they can go to a justice to be able to have a case heard in court. Again, who can be designated under this proposed bill is an open question. Someone could go in front of a justice, but guess what, Madam Speaker? The government reserves the right to actually make its accusations in a closed-door fashion where a person or company does not have to be there to defend themselves against the evidence that is brought to the court. There, a person or company may be subject to an order that is so secret that it cannot even be said within a closed hearing with an independent judge.
Now, some may say, “Well, so what? It is for national security.” However, we actually do not know. There are so many different organizations that can make powers here. Everyone from the responsible minister to the appropriate regulator, the minister of foreign affairs, the minister of national defence, the chief of the defence staff, the chief or an employee of the Communications Security Establishment, the director or an employee of the Canadian Security Intelligence Service or any other person or entity that is prescribed in the regulations can exert power.
“Trust us”, says the government. The government wants us to give it this power, and it will choose who can use it on whom; Parliament will never know anything about it. Even if a person or company protests, they will not be able to hear the evidence in court as to why they must comply.
Granted, I believe that, within Canada's interests, we should have the ability to work with providers around concerns, but I have great reservations on this. This bill says, “Trust us.” The government says this repeatedly. When we ask questions about foreign interference or share concerns about Huawei, the answer is, “Trust us.” This is not a respectful way to do it.
Let me tell everyone about a respectful way to do these things. Having brought forward a bill, it would perhaps be respectful to bring it to the committee stage first. There is a process where a committee can have hearings on potential legislation before it comes to this place for second reading. This offers the committee the flexibility to begin hearings and mould whether those powers are going to be broadly met in this House. In a minority setting, that would have been ideal.
However, that is the past; the government has brought forward this bill and we are at second reading. What would have been even better is to look at the example of Australia, which decided to hold a number of different inquiries over a period of years. I know the government is very sore around the subject of inquiries these days, but these commissions were set up and asked what information government should have, as well as how and with what kinds of regulations data should be regulated by government. Essentially, it took the approach that someone's personal data is their own, and they should be able to direct it.
Over a series of commissions, some with 800-page reports, they decided on a process for making changes. They would focus on privacy, deciding what the government could keep and could not keep, and they went through that legislative process. Then they said they were going to regulate industry by industry. We should notice that the proposed critical cyber systems protection act casts such a wide net that it could be anything from pipelines to sewage water treatment plants or air transit systems.
We do not know because the government just says to trust it. However, I know, and I am sure others know as well from experience, that every industry uses different technology. Therefore, a one-size-fits-all, big, bossy government, as the member for Carleton would probably call it, does not have the touchpoints or the understanding. All we know is that these orders can be placed on any industry at any time and that those orders will never be looked at by Parliament. To me, the government is asking for too much.
Again going to the Australian model, Australia said it was going to start with data privacy rights in telecommunications, energy systems and banking. It picked the industry that it was going to focus on and made sure it got it right before putting forward the new rules that allowed for a steady process. Instead of a holus-bolus process where everything gets thrown into Bill C-26 with the government telling Canadians, members of Parliament and members of the other place to just trust it, we could have had smart legislation that would be reviewed at committee. Hearings could be held, and we could find out what is reasonable for each industry and what is not. From a privacy standpoint, we could also ask what the government means when it designates someone under this act. Does it mean a person or a company? What are their rights and responsibilities? Unfortunately, this is all on the government side; it decides, saying, “Trust us.”
My colleagues and I will be seeing this bill go to committee. However, I have to protest in this place that this is not the way to make our systems better and provide more trust in our institutions. “Trust us” is not an argument, and the government should know better by now.
1342 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I will take maybe a different tack today to contribute to this debate on cybersecurity. I am going to tell a story about Tom and how he has been impacted by technological changes over the last couple of decades. Before I tell Tom's story, I have to share Emily's story with technology and why this legislation and changes to cybersecurity in Canada are so important and so needed.
Before I get into that, I think it is important to first lay out in simple terms what this bill is about from my current understanding. There are really two parts to the bill.
The first part is about amending the Telecommunications Act to address and fix the security needed for our Canadian telecommunications system. The bill would do this by addressing it through two means. First, it would “direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.” As well, it would establish some monetary penalties tied to those changes.
The second part of the bill is all tied to the critical cyber systems protection act. It would provide the framework for the protection of our critical cyber systems, which are vital to national security and public safety. It would do that through five different aspects. First, it would authorize the government to designate those services that are vital to Canadians, those critical sorts of services, what they are and what systems are tied to them. Second, it would authorize the government to establish who is responsible for maintaining those systems. Third, it has how these cybersecurity incidents would be reported and how Canadians and institutions comply with those changes. Fourth, it lays out how information would be shared and, arguably, needs to be protected. Finally, it gives the “so what” of the enforcement and the consequences for non-compliance with the legislation.
In reality, this bill is quite lengthy and very technical, so I am going to focus most of my speech around two important aspects of the bill. The first aspect is the threats to cybersecurity. The second is information sharing and the need to protect Canadians' privacy rights while highlighting the important need for transparency. How would the government ensure the accountability of any institution affected by this bill, particularly the government itself, with the additional powers this legislation would grant it?
Let us get back to Emily. She is a senior citizen and a retired teacher. She uses a mix of online banking and billing, although she still prefers to handle the majority of her financial transactions right at the bank. She has a fledging social media presence mainly to stay in contact with her grandchildren and friends. She even has a TikTok account at her grandchildren's urging. We will see if she is going to change her mind and delete that sooner than later.
Being online and connected is essential to all Canadians now, more than ever, as a lot of Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. As I have mentioned, we have seen an increased dependency on the Internet, especially for government services. In the last few years, under the Liberal government, it continues to shift more and more government services online, while unfortunately decreasing service delivery for those without access to the Internet at the same time. I will not go into detail on all the shortfalls I see with the current approach, considering that a large portion of rural Canada still do not have access to high-speed or dependable Internet.
What threats does Emily face? She complains about getting emails and phone calls from people alleging to be affiliated with her bank or service providers. She wonders about the advertising that shows up on her social media feeds that align with something she only mentioned in an email to a friend. How is all of this happening?
To quote the director of CSIS from December 4, 2018, over four years ago, during a speech that he gave to Bay Street, which I have extracted from Stephanie Carvin's Stand on Guard, Mr. Vigneault stated that the greatest threat to our prosperity and national interest is “foreign influence and espionage.” While terrorism remains the number one threat to public safety, “other national security threats—such as foreign interference, cyber threats, and espionage—pose greater strategic challenges”.
In her book, Professor Carvin clearly lays out the risks associated with cyber-attacks, whether malware, ransomware, a targeting of critical infrastructure, denials of services or others. She talks about cyberterrorism, cyber-espionage and cybercrime, so how do we deal with this?
We deal with this not only through this legislation, but also, mainly for some of the challenges we have, as my colleague from Selkirk—Interlake—Eastman talked about in much greater detail earlier today in his speech, our Canadian Armed Forces, the Communications Security Establishment and even our federal police services, which have ways to deal with this. My colleague hinted that sometimes the best defence is a good offence.
Offensive cyber-operations are really not the bailiwick of this legislation, although I would offer that there is some overlap, as we look at a lot of these threats Canadians and Canadian institutions are facing are financed through cyber-attacks and more here at home. We need to tackle this and get the balance right.
The bottom line is Emily and Canadians like her being affected by all of these cyber risks. Professor Carvin pointed out that at least 10 million Canadians had their data compromised in 2017 alone. Unfortunately, this number is likely under-reported, and neither the government nor the private sector fully understand the scale of the problem. To sum up, the threats are huge.
Bill C-26 must balance privacy rights while ensuring national security. Increased use of encrypted apps, data being stored in the cloud on servers outside of Canada, IP protection and more factor into the challenges of getting this legislation right. In order to deal with these threats, the legislation would need to enable our security establishments with robust, flexible powers. However, these robust powers must come with clear guidance on how far and when to inform the public. This is essential in rebuilding our trust in our democratic institutions.
The Business Council of Canada has already publicly expressed concerns over the current draft of this legislation. It rightly identified that large companies, and also small- and medium-sized enterprises, are concerned that the sheer amount of red tape tied to this bill is extremely high.
We need to get the balance right. It is vital, and it is going to require significant expert testimony at committee. Although I would argue the legislation is desperately needed, and I would argue even late in coming, it needs to be done right and cannot be rushed through debate or review at the committee stage.
I have some final comments. This legislation is needed to protect Canadians. However, this legislation needs to be reviewed regularly and needs to include safeguards. I know if he gets the chance, the member for Winnipeg North might ask about what amendment we are recommending. There is no annual reporting mechanism in this bill, so the government should have to table an annual report to Parliament outlining the progress on this legislation, and include an updated cyber threat assessment to Canadians and what it has been hearing back from the companies impacted by this legislation.
Sean McFate, in this book The New Rules of War: Victory in the Age of Durable Disorder, wrote, “ Secrets and democracy are not compatible.... Democracy thrives in the light of information and transparency.”
Finally, I will conclude with Tom's story and how he has been impacted by technology. The bottom line is that he has not been. He does not have a cell phone. He does not use the Internet. He only pays in cash and does not have a credit card. The only way he is currently being impacted is when he shows up to try to get some federal services from the government. He cannot do it because he does not have any of that, and he cannot get anybody to show up in an office to work.
1404 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is an honour to rise again in the House to speak to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. My Conservative colleagues and I, as has been indicated, support this legislation being sent to committee for further study, as it needs a lot of further work and amendments.
For those watching this debate, who have not had time to review the legislation, the bill has two main parts, as has been explained throughout the day. The first part would amend the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.
The second part of the bill would enact the critical cyber systems protection act, which is a new act, that attempts to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are designed to operate as part of a work, undertaking or business that is within the legislative authority of Parliament. Services and systems that would initially be designed and designated as vital are telecommunications systems, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems, banking systems, and clearing and settlement systems. Any additions to this list of vital systems can be made and added to by the Governor in Council.
The critical cyber systems protection act would have several components to it. It would authorize the Governor in Council to designate any service or system as a vital service or vital system; it would authorize the Governor in Council to establish classes of operators in respect of a vital service or vital system; it would require designated operators to, among other things, establish and implement cybersecurity programs, mitigate supply-chain and third-party risks, report cybersecurity incidents and comply with cybersecurity directions; it would provide for the exchange of information between relevant parties; and would authorize the enforcement of the obligations under the act and impose consequences for non-compliance. Those would be significant consequences, I might add.
On its face, it seems that the Liberals have finally awoken after eight years of doing absolutely nothing on this file, yet somehow they hastily scrambled to cobble together a proposition for sweeping changes to a regulatory framework, which this legislation would enact.
The Civil Liberties Association said, “The problems with the Bill lie in the fact that the new and discretionary powers introduced by C-26 are largely unconstrained by safeguards to ensure those powers are used, when necessary, in ways that are proportionate, with due consideration for privacy and other rights. The lack of provisions around accountability and transparency make it all more troubling still.” We understand that a modernization in this field may be required to do so without the caveats of being necessary, proportionate and reasonable to take it one step too far for Canadians to accept.
For support of this argument, the Liberals only need to look at the research report from Citizen Lab, written by Christopher Parsons. The report is called “Cybersecurity Will Not Thrive in Darkness, A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”. That report provides 30 recommendations that clearly lay out common sense changes and how this legislation could be improved to include transparency or at least apply limitations on the government's authoritarian use of power. For the benefit of the careless drafters and my Liberal colleagues across the way who would happily vote on any flawed legislation their leader tells them to without bothering with independent thought or even reading its criticisms, I will take some time and share the flaws.
Citizen Lab also seems to address what appears to be a recurring theme with the government: a lack of transparency and limitations on the government's authoritarian use of power. It too addresses that, “The minister may, by order, direct a telecommunications service provider to do anything or refrain from doing anything...that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”
That, too, seems a little broad. Amendments need to be applied that include a limitation on the minister's powers, ensuring that actions are necessary, proportionate and reasonable. This government has proven that it cannot be trusted with powers without strict limitations. It is simply unable to self-regulate.
The Canadian Civil Liberties Association and Christopher Parsons agree again on the lack of privacy and broad provisions around information sharing.
The CCLA writes:
Also concerning are the very broad provisions around expanding information sharing with a long list of potential recipients including Ministers of Foreign Affairs and National Defence, the Canadian Security Intelligence Service (CSIS), and also, once an agreement is signed, with provincial governments, foreign governments, or international state organisations, again, at the Minister’s discretion. The Communications Security Establishment (CSE), Canada’s signals intelligence agency is also a key recipient of information.
The Citizen Lab review echos how the government ought to have included provisions that respect information privacy. To any Canadian listening, this does not sound like too much to ask. Specifically, the Citizen Lab report recommends that “information obtained from telecommunications providers should only be used for cybersecurity and information assurance activities".
It also recommends that “government should explain how it will use information and reveal the domestic agencies to which information is disclosed”. The report says “information obtained for telecommunications providers should only be used for cybersecurity information assurance activities”. It should only be used for “data retention periods”, and that it “should be attached to telecommunications provider's data”. Citizen Lab states that “data retention periods should be attached to foreign disclosures of information”. It also indicates that “telecommunications providers should be informed which foreign parties receive their information”, and “legislation should delimit the conditions wherein a private organization's information can be disclosed”.
Why does the government need to be told that its legislation has these fundamental flaws by outside organizations? Many are asking: Do these Liberals have no shame when it comes to the privacy of Canadians?
The CCLA further points out that, although there is an appeal process through judicial review, when the subject of an order finds it to be unreasonable or ungrounded, it suggests that, under Bill C-26, the government overlooks the basic, fair process that even a national security threat would receive. The Citizen Lab, on the other hand, discusses that the government fails to compensate for government intrusion into small business. Mr. Parsons proposes that the legislation should be amended such that telecommunications providers can seek moderation of “certain orders where implementing them would have a material impact on the provider's economic viability”.
In conclusion, while it is notable that the Liberal government has finally awakened to this topic, the legislation has again missed some pretty traditional marks of Liberal legislation. It leaves citizens at risk of major government overreach. It takes the privacy and information of Canadians for granted. It relies on a system of review that falls short of due process, and it leaves businesses susceptible to bearing the costs of an overbearing government. Lastly, this is typical lazy Liberal legislation.
1278 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
