44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is always an honour to rise in the House, especially when I can talk about safety and security.
I always try to enhance safety and security for Canadians at home and abroad, for our corporations that are major contributors to our economic base, and of course, for government institutions. Today, discussing cybersecurity in Canada is an opportunity to enhance our country's ability to protect us from cyber-threats.
Security is a significant concern for all Canadians. Lately, with the rise in organized crime and gang offences to the tune of a 92% increase in gang crime, I have to wonder when the government will be led by evidence, or in other words, provide evidence-based action. It is extremely important for our country to have cybersecurity to protect itself from threats, and I welcome Bill C-26. However, I am apprehensive about how successful this bill may be since accountability is a question that the opposition brings up every day in this House.
Bill C-26 is basically divided into two parts. The first part aims to amend the Telecommunications Act to promote the security of the Canadian telecommunications system. It aims to do this by adding security as a policy objective to bring the telecommunications sector into line with other infrastructure sectors.
By amending the Telecommunications Act to secure Canada's telecommunications systems and prohibit the use of products and services provided by specific telecommunications service providers, the amendment would enforce the ban on Huawei Technologies and ZTE from Canada's 5G infrastructure, as well as the removal and termination of related 4G equipment by 2027. Of concern is the time it took the government to react to enforce the ban on Huawei.
The second part aims to enact the critical cyber systems protection act, the CCSPA, which is designed to protect critical cybersecurity and systems that are vital to national security or public safety or are delivered or operated within the legislative authority of Parliament. The purpose of the CCSPA is to ensure the identification and effective management of any cybersecurity risks, including risks associated with supply chains and using third party products and services; protect critical cyber systems from being compromised; ensure the proper detection of cybersecurity incidents; and minimize the impacts of any cybersecurity incidents on our critical cyber systems.
The effects of this bill will be far-reaching, and there are some points to consider: The government would have the power to review, receive, assess and even intervene in cyber-compliance and operational situations within critical industries in Canada. There would also be mandatory cybersecurity programs for critical industries, as well as the enforcement of regulations through regulatory and law enforcement with potential financial penalties.
Under both provisions, the Governor in Council and the Minister of Industry would be afforded additional powers.
If any cybersecurity risks associated with the operator's supply chain or its use of third party products and services are identified, the operator must take reasonable steps to mitigate these risks. While the bill does not indicate what steps would be required from the operators, such steps may be prescribed by the regulations during a committee review.
The act also addresses cybersecurity incidents; a cybersecurity incident is defined as an:
incident, including an act, omission or circumstance, that interferes or may interfere with
(a) the continuity or security of a vital service or vital system; or
(b) the confidentiality, integrity or availability of the critical cyber system
touching upon these vital services. It does not indicate what would constitute interference under the act.
In the event of a cybersecurity incident, a designated operator must immediately report the incident to the CSE and the appropriate regulator. At present, the act does not prescribe any timeline or indicate how “immediately” should be interpreted. Again, there is an opportunity to address this at committee.
There are some concerns with Bill C-26 as it is presently drafted. What the government might order a telecommunications provider to do is not clearly identified. Moreover, the secrecy and confidentiality provisions of the telecommunications providers to establish law and regulations are not clearly defined.
As has been brought up today, potential exists for information sharing with other federal governments and international partners, but it is just not defined. Costs associated with compliance with reforms may endanger the viability of small providers. Drafting language needs to be in the full contours of legislation, and that could be discussed at committee as well. In addition, there should be recognition that privacy or other charter-protected rights exist as a counterbalance to proposed security requirements, which will ensure that the government is accountable.
Some recommendations, or ones derived from them, should not be taken up, such as that the government should create legislation requiring the public and telecommunication providers to simply trust that the government knows what it is doing. Of course, this is a challenge. Telecommunications networks and the government must enact legislation to ensure its activities support Canada's democratic values and norms of transparency and accountability.
If the government is truly focused on security for Canadians, should we not be reviewing our gang and organized crime evidence? Our present policies have failed. Should we not look at the safety and security of our bail reform in an effort to prevent innocent Canadians from becoming victims?
Bill C-26 is a step in protecting Canada from cybersecurity threats. What is the review process to ensure compliance and effectiveness, as well as that goals are met?
In terms of bail reform, even though the evidence clearly shows that Bill C-75 has failed, we see that the NDP-Liberal government is not interested in reviewing bail reform. Cybersecurity is important to our country's security; so are victims of crime after their safety and security has been violated.
I am concerned that the government is struggling with evidence-based information to review Bill C-26, as it has with Bill C-75 and Bill C-5. These bills are not supported by evidence. In fact, offenders and criminals have a higher priority than victims do. My concern is as follows: If Bill C-26 requires amendments and review, will the government follow up? It is so important to be flexible and to be able to address changes, especially in a cybersecurity world, which changes so rapidly.
Bill C-26 proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security. Therefore, although late out of the gate, Bill C-26 is a start. However, since this bill proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security, I would like to see individuals, corporations, and most importantly, the government held accountable. There should also be measures to ensure that the objectives of the bill are met and that there is a proper review process.
As I have stated, government accountability has not been a priority. For the proposed bill to succeed, there have to be processes for review and for updating the critical cyber systems protection act.
The failure of Bill C-75 on bail reform is clear with recent violent acts by murderers and individuals who should never have been out on bail. Today we are debating Bill C-26, and I would hope that there are lessons learned from our failure to review Bill C-75. In addition, we can learn from the failure of Bill C-5, as gang violence and organized crime rates are up 92%. Surely the government will open a door for review and making required changes to Bill C-26 on cybersecurity.
I am thankful for the time to speak on the responsibilities related to cybersecurity.
1289 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am pleased to be able to rise in this place today and speak to Bill C-26, a bill that we as Conservatives are supporting to get to committee.
I have a lot of concerns around the bill itself, in terms of making sure that the government did not make a number of errors in judgment in putting it together. These concerns are based on the feedback we have received from Canadians and from organizations, especially on the issues surrounding privacy and the costs that have been offloaded to the private sector.
I also have to raise my concerns. Here we are, eight long years under the Liberal government, and we know that, when it has come down to cybersecurity, it has been slow in responding. A good case in point was banning Huawei from our critical infrastructure, our 5G network. We know that the Liberals sat on their hands and tried to do nothing for most of the past seven years, before they were finally forced to act after a great deal of pressure was brought upon them by our allies, especially within the Five Eyes.
Cybersecurity and national defence go hand in hand. When we talk about our national defence and national security, we know that hybrid warfare has evolved.
It is now about more than just targeting military assets; it is about targeting the entire government as it is at play. All we have to do is look at what is happening in Ukraine today, as well as what has happened to a number of other allies we have, through NATO, in eastern Europe.
We see the troll farms in St. Petersburg constantly attacking, on Facebook and on Twitter, the military individuals, the soldiers and troops, serving there. They also attack things like critical infrastructure in countries where Canadians are currently deployed, like Latvia. As we have witnessed in Ukraine and Estonia, they have not just gone after them through direct kinetic means to take out critical infrastructure, but they have also gone through cyberwarfare as well.
The Russians have done this very effectively in knocking down financial systems, knocking down transportation systems, and taking out power and water infrastructure in places like Estonia. As a prelude to the war in Ukraine, before they had actually started bombing these civilian targets in Ukraine, they were attacking them on cyber. It is part of hybrid warfare and it is the evolution of war.
There is a responsibility upon the Government of Canada to ensure that we are protecting not just our national infrastructure and the Government of Canada, that we are not just using CSE, or Communications Security Establishment, to protect national defence, but that we are also using a plethora of capabilities to ensure that our infrastructure here in Canada is protected.
That includes preventing our adversaries from going after our soft targets. That is what I think Bill C-26 is trying to accomplish, to ensure that telecommunications companies in Canada are stepping up to do their share to protect Canadians from cyber-attacks. We know that cyber-attackers have gone after things like our health care systems. They have gone after the medical records of Canadians. They have gone after the education records of students at schools and at universities. They go after retailers. They can go in through a retailer's back door, harvest all sorts of personal data, especially credit card information, and then use that for raising money, for transnational criminal gangs or for ransomware, as we have witnessed as well.
We must remember that we have a number of a maligned foreign actors at play here in Canada now and against our allies. It was just reported, again, that the People's Liberation Army was found guilty of hacking into U.S. critical infrastructure.
We know that the People's Liberation Army, under the control of the communist regime in Beijing, continues to attack cybersecurity assets around the world, including trying to break through the Canadian cybersecurity walls of our government and national defence on a daily basis.
As I mentioned, Russia has become very good at this. That does not mean that it is concentrating only on its near sphere of influence, NATO members in eastern Europe like Estonia, Latvia and Lithuania, but it is also targeting Ukraine. We know that it is targeting Moldova. We know that it has gone after countries like Romania, but it also does cyber-attacks here in Canada and in the United States.
Russia continues to be an adversary and we have to stand on guard to protect Canadians from those attacks.
We know that Iran, the regime in Tehran, is continuing to be a government that attacks its neighbours and attacks Israel and Canada through cyber-means. North Korea has developed an entire cybersecurity and cyberwarfare unit and continues not to just wreak havoc with the democratically elected, peaceful South Korea, but has also gone after Japan and the Phillippines, and is going after U.S. infrastructure as well. Therefore, we have to take the necessary steps to make sure we can deal with transnational criminal organizations, with nefarious foreign states and with those who are trying to get rich through ransomware.
Here in Canada just a couple of years ago, we saw a situation in regard to the Royal Military College in Kingston, which the member for Kingston and the Islands is certainly aware of. The Department of National Defence stated that RMC had been a target. It originally called it a mass phishing campaign, but a month after the incident, it was established that the phishing campaign was actually a cyber-attack going after financial information and personal data of cadets. These had been compromised and published on the dark web, and were made available to a lot of people who participate on the dark web to profiteer from that information.
According to several observers who looked at the hack of RMC Kingston, it was attributed to a cybercriminal group called DoppelPaymer that did not seem to be connected to a nation-state actor. There are criminal organizations out there that are going about their criminal activities in such a way as to extract dollars from governments, retailers and private citizens, as well as from other corporations, to line their pockets and continue doing other nefarious things that sometimes go beyond the cyberworld.
I have said in the past, when we have talked about other legislation here dealing with cybersecurity, that we not only need the ability to defend, but also that the government has the responsibility, especially under national defence, to attack using cybersecurity. We cannot just be here deflecting the arrows; sometimes we have to be able to shoot down the archer. The way we do that is by having a very robust cybersecurity system. We need the best capabilities and the best personnel who are able not only to sit here and defend, that is to put up shields and fight off the attacks, but also are able to go out there and take out the adversaries, to knock out their systems, so that we are safer here at home.
With regard to some of the criticisms that have come out, I know that letters have come in from the Canadian Civil Liberties Association, and the Business Council of Canada wrote a very detailed brief, as did the Citizen Lab in looking at the bill. When we read through the documentation, we see that one of the concerns that has been raised, especially by the Business Council of Canada, is that there seems to be an imbalance. We are telling members of corporate Canada to go out there and make sure they have the proper cybersecurity systems in place, but at the same time we realize that it is not just up to them to do the defending. What we see is that the corporations are saying that either they have to do it or we are going to fine them up to $15 million or five years of jail time, and that the individuals who work for them could also be held criminally responsible for not doing enough.
Sometimes resources are not available. Sometimes there are new companies that may not have the ability to put in place the proper security systems. I look at a lot of the Internet service providers that we have, for example. They are covered under the Telecommunications Act, yet, as new start-ups, they may not have the personnel or the equipment to properly defend their networks. Would we go ahead and fine these companies up to $15 million? Then what would we do in regard to jail time and fines for those criminal organizations that are profiteering through cyber-attacks? Where is the balance in this? That is one of the concerns we have and one of the things we have to look at through our study at the industry committee when it brings this forward.
A huge concern has been raised, especially by the Canadian Civil Liberties Association, on how this would be implemented and how it may affect the privacy rights of Canadians at the individual level. Corporations have broader responsibilities and do not necessarily fall under the charter, but their clients who they are going to protect and the information they are going to be required to share with the Government of Canada could very well be violations of their clients' privacy rights.
When we look at section 7 of the Charter of Rights, we have to balance the right to life, liberty and security of a person with section 8 of the charter which says that we have freedom from search and seizure. When we drill down on section 8 and go to some of the legal analysis of our charter, as all the rights and freedoms are laid out, it tells us that the underlying values of freedom from search and seizure when it comes to individual privacy is the value of dignity, integrity and autonomy. Again, I think we are all concerned that when we look at Bill C-26 at committee, we ensure the bill balances those rights of the individual to be both secure and safe from cyber attacks, but do it without compromising privacy rights and charter rights as described in freedom from search and seizure. The way we do that is through warrants.
We know that through National Defence, the Communications Security Establishment, or CSE, which has a long-standing history of defending the Canadian Armed Forces, has to comply with the charter. It has to comply with all Canadian legislation and it cannot do indirectly what it is prohibited doing directly. Therefore, CSE cannot go to the National Security Agency, or NSA, of the United States, say that it is concerned that a Canadian maybe talking to a terrorist organization offshore and ask the agency to spy on that individual because CSE is prohibited from spying on the person and listening in through the Communications Security Establishment. CSE cannot go to the NSA and ask it to violate Canadian law on its behalf to find out what is happening in the same way CSIS cannot go to the FBI or the CIA and ask it to spy on Canadians. It cannot do indirectly what it is prohibited from doing directly under Canadian law. The way to get around that is to apply for warrants.
Judicial appointments are made to have supernumerary justices over these organizations to ensure that charter rights are protected, even when conversations take place inadvertently. In the past, CSE has listened in on people who may have been in Afghanistan funding the Taliban or al Qaeda. They may have family in Canada and were talking back and forth about something that had nothing to do with operations on al Qaeda or the Taliban. However, because it involved a Canadian citizen, it had to go through the proper processes to ensure that his or her charter rights were protected by getting a warrant to listen to those conversations. Whether they were listening electronically or through wire taps, it is all mandated to watch that we do not trip over the rights of Canadians under legislation.
Bill C-26 would not address this like we have under the National Defence Act, under the Criminal Code and under the whole gamut of cybersecurity that has been in place up to date. The privacy rights are paramount.
To come back to Bill C-26, the Supreme Court of Canada said in 1984, as well as in 1988, that privacy was paramount and was “at the heart of liberty in a modern state”. Again, did the Liberal government ensure the bill was tested first to ensure those privacy rights were protected? This is what we will have to find out when we get Bill C-26 in front of committee.
We can look at information that has come from places like the Business Council of Canada. One of the concerns it raises goes back to this whole issue of huge fines on Canadian corporations, as well as the employees of those corporations, if they are found to have been not responsible enough to put in place proper security protocols to protect their clients from cyber attacks. Because it goes against individual employee as well, we will create another brain drain from Canada.
We are unfairly targeting Canadian employees who are going to be working for these cybersecurity firms, working in the telecommunications sector and in our financial institutions. If they are found to have erred, which a lot of times it is by error or by a lack of resources, then they are held criminally responsible and they are fined. The question becomes why they would want to work in Canada when they are afforded better protections in places like the United States, the European Union, the United Kingdom or Australia, which was held up by the Business Council of Canada as the gold standard we should be striving to achieve, and what it has done through their own cybersecurity protocols.
We want to ensure that we protect critical infrastructure, but we do not want to chase away very good Canadian employees and force them, with their skills, to go offshore where they have better protection and probably better pay. We want to ensure we keep the best of the best here. We want to ensure we do not go through a brain drain, as we have witnessed before when the Liberals have targeted professionals in Canada, such as lawyers, accountants, doctors or anyone who set up a private corporation. Now I fear the Liberals are going after individuals again who we need in Canada to protect us here at home, that they are creating a toxic work environment and those individuals will want to leave.
The Citizen Lab wrote a report entitled “Cybersecurity Will Not Thrive in Darkness”. It brought forward a ton of recommendations on how bad this bill was. It suggested that there needed to be 30 changes made to the act itself.
We realize that the government has not done its homework on this. We need to ensure we get experts in front of us who are going to look at everything, such as there is responsibility upon government to help corporate Canada ensure we have the proper security mechanisms in place to prevent cyber attacks. We have to ensure that those corporations are not being coerced into sharing private information with the Government of Canada that could be a violation of private rights, which may be a violation of the Personal Information Protection and Electronic Documents Act, PIPEDA. We want to ensure that privacy rights will be cohesive, but, at the same time, collectively, we need to balance all federal legislation that is in contravention of each other.
We need to bring in the legal experts. The Canadian Civil Liberties Association needs to be before committee. The Citizen Lab, which is very concerned about individual privacy rights, has to be front and centre in the discussion. We need to ensure the Business Council of Canada, the Canadian Chamber of Commerce and others are brought forward, along with the department officials who were responsible for drafting this bill at the direction of the Liberal government.
I will reiterate that I will be voting in favour of the bill to ensure it goes to committee and the committee can do its homework. I would hope that the government will allow the committee to do a thorough investigation, as well as a constructive report with recommendations on how to change and amend the legislation.
Finally, I would remind everyone that the Supreme Court of Canada said, “privacy is at the heart of liberty in a modern society”, and we have to take that to heart to ensure we protect Canadians from cyber attacks, as well as to ensure they have their privacy, dignity, integrity and autonomy respected.
2837 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, when look at Bill C-26, I want to assure the member that the government has made very clear the importance of privacy rights. In fact, it was a Liberal administration that brought in the Charter of Rights, understanding and appreciating just how important privacy rights were. The legislation, which the Conservative Party is voting in favour of, and I grateful for that, is there to protect the integrity of the system. As we move more and more into that digital world, cyber-threats are very real and can have a profoundly negative impact. That is why we have to bring forward the legislation.
Given the potential threats to things such as the delivery of health care services to interactions on the net by Canadians, would the member not agree that it is important that legislation of this nature continue not only to deal with the threats but to build confidence in the system with Canadians?
158 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, we all have to be concerned about the rapid deployment of new technologies and how they can be used nefariously to attack Canadians. This comes back to Bill C-26 as well. Again, the government would be putting all the onus on corporate Canada to protect us, but at the same time, I wonder who will do the R&D, who will step up to ensure our technology and our ability to defend ourselves is deployed across the spectrum, whether it is government agencies, government departments, our provincial and territorial partners or corporate Canada. How are we going to ensure the safety of Canadians when it comes down to their personal information and ID, especially if we are seeing new malware out there that will harvest and hack passwords in a matter of seconds?
We have to be investing in R&D. The government has a responsibility and role to get it done, but we do not see that in Bill C-26.
167 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it took eight long years for the Liberal government to recognize that cybersecurity threats exist in this country and around the world. Congratulations to them for coming to the party a little late.
The Liberals have now presented a bill to try to address issues of cybersecurity in the country. As I said, it took them eight years to get there, but I have to say I am pleased that the Liberals have decided to finally do something. I look forward to this bill being passed so that it can be extensively studied at committee.
There are some things in this bill that are good. I know praising the Liberal government is strange territory for me, but I will say that the bill would give the government some tools to respond quickly to cyber-threats. There is currently no explicit legislative authority in the Telecommunications Act to ensure that telecom providers are suitably prepared for cyber-attacks. This is a good reason why this bill should probably move forward to committee to be studied.
The challenge I have, though, includes a whole number of things. My issue with the government is trust. While I do want this legislation to go to committee, I have extraordinary concerns about this bill. Many of these concerns have been raised by many groups across the country, and I do want to speak to some of those in the probably somewhat whimsical hope that the government will listen and take some of these amendments seriously.
There has been a very bad track record of the government responding to concerns from the opposition or from outside organizations with respect to legislation. There is a view that the Liberals are going to do what they want to do on pieces of legislation and that they really do not care what other people have to say. I am very concerned that the government is not going to listen to the very serious concerns that have been raised about this bill.
I have my own concerns when I look at how the government has behaved with respect to other pieces of legislation. We have to look at Bill C-11. There has been a multitude of organizations that have said the bill needs further amendment. Margaret Atwood has said that she has grave concerns about the legislation, that she supports the intent but has grave concerns about the implementation and how it is going to affect artists and content creators. We have had folks who compete in the YouTube sphere who have raised all kinds of concerns about Bill C-11, and the government's response has been that it does not care what they have to say, and that it is going forward with the legislation as it is.
The Senate has made a number of amendments to Bill C-11. I suspect the government's attitude is going to be the same, which is that it does not care what the amendments are and that it is going to proceed with the bill as it sees fit.
We also have only to look to Bill C-21 as well. We had the minister clearly not aware of what constituted a hunting rifle and a hunting gun. The Liberals introduced amendments at committee, and it took extraordinary push-back from Canadians from coast to coast to coast to get them to wake up and withdraw those amendments that they had put in at the last minute.
What it speaks to is that, despite having at its disposal the entire apparatus of the Canadian government, the Liberals are still unable to get legislation right. It takes an enormous amount of effort and hue and cry across the country saying that this has to stop and that this has to be changed. If there is not a massive uprising, the government tends not to listen to the legitimate concerns of other constituents or other groups when it introduces legislation.
With that context, it is why I have real concerns that the government is not going to listen to some of the serious concerns that have been raised with respect to Bill C-26. I am going to go through some of those.
The Canadian Civil Liberties Association has some very serious concerns. It has issued a joint letter that says that the bill is deeply problematic and needs fixing, because it risks undermining our privacy rights and the principles of accountable governance and judicial due process. This is a big bell that is going off, and I hope the government is listening. As I have said, I do not have a lot of faith, given other pieces of legislation where thoughtful amendments have been put forward and the government decided not to do anything with them.
I want to enumerate a few of the concerns from the Canadian Civil Liberties Association. On increased surveillance, it says that the bill would allow the federal government “to secretly order telecom providers” to “do anything or refrain from doing anything necessary...to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption”.
That is a pretty broad power. Where is the government putting the guardrails in that would limit the effects of this or protect the privacy rights of Canadians? That is something I think is incredibly concerning.
On the termination of essential services, Bill C-26 would allow the government to bar a person or a company from being able to receive specific services and bar any company from offering these services to others by secret government order.
Where are we going to have the checks and safety checks on this? Unfortunately, I am not in a position where I think I can trust the government to do the right thing on these things. We have seen it through vaccine mandates, in the legislation on Bill C-21 and in how the Liberals are trying to push through Bill C-11 without listening to reasoned amendments. If reasonable concerns are raised about Bill C-26, I just do not have faith the Liberals are going to take those concerns seriously and make the amendments that are necessary. I really hope they do.
On undermining privacy, the bill would provide for the collection of data from designated operators, which would potentially allow the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations. When someone takes the de-identified personal information of Canadians and does not say how they are going to deal with it or what protections they have in place to make sure it is not misused, what happens in the event that they take that information and somehow there is a government breach? Where does that information go? These are things I think we should be extraordinarily concerned about.
There was also an analysis provided with respect to this by Christopher Parsons, in a report subtitled “A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”. Parsons raises concerns about vague language. The report notes that key terms in the bill, such as “interference”, “manipulation” and “disruption”, which trigger the government's ability to make orders binding on telecom service providers, are unidentified.
Where are the guardrails in the legislation to prevent government overreach and therefore protect Canadians? This is something that I think all Canadians should be watching and be very concerned about. They should be letting their voices be heard by the government on this.
The report talks about how the minister of industry's scope of power to make orders is also undefined. We would be giving a whole host of undefined powers to the minister and the government that would allow them to have all kinds of sensitive information. These are things that may be necessary, but I do not know. They are highly concerning to me. They should be highly concerning to Canadians, and I hope the government will hear from real experts at committee.
Let us not have a two-day committee study where we think Bill C-26 is perfect as it is and bring it back to the House of Commons, bring in time allocation or closure and pass it through. We have seen that story before, and we do not want to see it with the piece of legislation before us. My really big hope is that the government is going to take the time to really consider the seriousness and breadth of Bill C-26 and make sure we have the ways to protect Canadians.
I just want to add that the Business Council of Canada has released its own letter to the Minister of Public Safety, expressing its incredibly deep concerns with respect to the bill: there is a lack of a risk-based approach, information sharing is one-way and the legal threshold for issuing directions is too low.
There are three reports, right there, that are outlining significant concerns with Bill C-26, and I, for one, just do not believe the government is going to listen or get it right. It does not have the track record of doing so, but I am hoping it will, because cybersecurity is incredibly serious as we move toward a digital economy in so many ways. I really hope the government is going to listen to these things, take them seriously, do the hard work at committee and bring forward whatever amendments need to be brought forward, or, if the amendments are brought forward by the opposition, listen to and implement those amendments.
1614 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, one of the things I have heard in talking to universities and different groups is that one of the faults of this piece of legislation is that they have to share this information with the government when they have been attacked, but it is a one-way street. When they see an attack happen, they share it with the government, but there is no information given to other businesses to help them protect against attacks similar to that in nature.
Could the member talk about why it is important and what it means to companies when they are attacked and how it can hurt not only their bottom line? Indigo, for instance, would be a good example of what happens when there is a cybersecurity attack.
128 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I think everybody in the House agrees that we need to up our game in this country to protect Canadians and our society from cyber-attacks.
My specific question has to do with certain specific vulnerable groups. I am thinking of young people, particularly teenagers between the ages, say, of 13 and 19. Even more particularly I am thinking of young girls and women who may be subject to all sorts of cyber-bullying and other offences, as well as seniors who can be victims of cyber-fraud.
I am wondering if my hon. colleague has any thoughts as to how Bill C-26 might impact those particularly vulnerable groups and what suggestions he may have legislatively to help protect them.
123 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I suggest that the member ask the member for Carleton, the Leader of the Opposition, to answer that question because I cannot speak for him other than to state that he has put out a very clear, definitive statement condemning the hashtags that were put on some videos, which he knew nothing about. I will leave my comments at that.
The last time I checked, we are debating Bill C-26, legislation that is needed to protect Canadians. It needs to be improved and debated to get it right so we can deal with threats of political interference from foreign states, such as the Communist Chinese government. That is of utmost importance to Canadians.
116 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, as the member for Portneuf—Jacques-Cartier, I am pleased to rise today to speak to Bill C-26. I want to say hello to all of the families who are taking advantage of March break to do fun activities in the beautiful riding of Portneuf—Jacques-Cartier.
As I was saying, Bill C‑26 seeks to add the promotion of the security of the Canadian telecommunications system. It also seeks to provide a framework for the protection of the cyber systems that are vital to national security or public safety and create frameworks for the exchange of information.
It goes without saying that these issues are very important to the official opposition, of which I am very proud to be a member. It is no secret that my Conservative Party of Canada colleagues and I are, and always have been, great defenders of public safety. It is part of our DNA.
Industry and experts have asked the government many times to create cybersecurity standards, but it is important to act intelligently.
There is a lot of instability in our modern world, and threats can come from anywhere. Cyber-threats are nothing new. This is not a recent thing. It is clear that this weapon is used as much by foreign governments, which have their own motives, as by individuals or groups seeking to do harm or make money, for God knows what motives. It happens everywhere, on both small and very large scales.
Here are a few examples that illustrate this reality: data stolen from institutions or companies and held for ransom; the leak of personal information that affected millions of Desjardins members or customers in Quebec; and possible election interference from Beijing.
No, we are not going to question the outcome of previous elections here. We do not believe that interference changed the overall outcome of those elections. However, electoral integrity is the foundation of our democracy, and it must be ensured and maintained. As a Canadian, I have the privilege of going abroad, and people recognize that we are concerned about protecting our democracy. We need to put measures in place to continue that.
The fact remains that, over the past eight years, the government has been slow to crack down on cyber-threats. This is yet another example of a foot-dragging government finally coming up with a bill, but it turns out that bill has flaws that call for more thorough study in committee.
I know for a fact that this issue is really important to Canadians. We will do the work to make sure this bill is the one Canadians need and deserve. Yes, people want to be safe. Actually, since I was elected in 2015, my constituents have regularly told me they are increasingly concerned about this issue, especially over the past year.
What it comes down to is that confidence in the government and its ability to provide what people need and to keep its promises is essential. It is hard to have confidence in a government that keeps messing up pretty much everything.
I could go on and on about Bill C-13 as an example of a government that makes promises but does not deliver. The government recognizes the decline of French across the country, even in Quebec, but it is trying to impose a bill that does little to address that decline. I know that that is not the subject today, but everyone knows how much I care about official languages, and I had to pass on the message.
I would like to conclude by sharing a very real situation that occurred in my riding. One of my constituents wrote to me about a serious handling error made by Passport Canada.
I would like to inform the House that this is the first time this situation has been discussed publicly. He sent me a letter, and I would like to read it.
Dear Sir/Madam:
I am taking the time to write you a brief note to let you know about what I would describe as a “serious” security flaw within Passport Canada pertaining to the confidential information of Canadian citizens.
It is very important in terms of a timeline.
In early January, 2023, I applied for passports for my three children at Passport Canada.
On February 1, 2023, I received three envelopes containing our passport applications, which were rejected because we forgot to tick a box.
Inside the envelope I also received the rejected application of a woman from British Columbia. I therefore had in my possession her full identification, her passport and her credit card information. I returned those very sensitive documents by express post with a tracking number to Passport Canada.
I filed a complaint out of principle thinking that, although it was just a mistake, it was still worth reporting through Passport Canada's website, so I followed the official procedure. I got a call back. Passport Canada apologized. Nothing more. They refused to compensate me for the cost of returning the documents belonging to the woman from British Columbia. I was told, however, that our applications would be prioritized.
On February 15, 2023, I received four envelopes. I was quite pleased, as I thought we'd finally received our children's passports, but we have three children, not four. As it turns out, our children's passports weren't inside those envelopes. Instead, there were the passport applications (including full identification, passport, original birth certificates, complete credit card data, etc.) of four people from across Canada. These are four different people who have no connection to one another.
What is not stated in the letter is that these people were from Sherbrooke, Ontario, Manitoba and Alberta. That is incredible.
A few days later, we finally received our three children's passports.
As it is obvious, I don't feel I need to explain in my letter the seriousness of receiving the full identification of these people and information that could be used to carry out fraudulent financial transactions by total strangers.
We can't fathom that such mistakes would be made by a recognized federal organization such as Passport Canada, which manages the personal and financial information of so many Canadians. We can't believe that these are two isolated incidents.
This is a very simple task that requires putting the right documents in the right envelope. That's it.
I no longer trust Passport Canada's administration at all. That is why I am entrusting you with the identity documents, which don't belong to us.
I no longer trust Passport Canada's “internal” complaint process, as it will certainly try to cover up this failure, and will only offer an apology.
I am most pleased to read the following excerpt from the letter:
We trust our MP.
I'm always available to answer any questions.
Yes, cybersecurity matters, but the government also needs to take responsibility for the existing systems. It cannot even handle paper documents, but now it wants to allow a minister to step in and be able to manipulate and control information. I am concerned.
I have shown that we have a problem in Canada. We recognize that. We have a problem when it comes to cybersecurity, but we have a problem on other levels too. I would like to see this government take responsibility.
Like my constituent who gave me the documents mentioned, I had to ask myself, what do I do with these documents now? Do I return them to Passport Canada, or do I give them to the minister responsible here? That is a very important question.
Let us get back to the subject at hand, Bill C-26. I am very interested in having measures in place to protect us. It is important that we have confidence in our systems. As a member of the Conservative Party of Canada, I have a lot of confidence in the Conservative members who sit on the committee, as well as members of the Bloc Québécois, the NDP and even the Liberal Party. Things are normally supposed to be neutral in committee.
I must say that I believe in the future. Having said that, we need to put measures in place to have concrete results. Let us work in committee.
1398 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, Canadians are very trusting people. We like to give. However, when we buy into something, such as an app, we are giving over some vital information that is ours. We have seen cases where people had that information abused, and there has been no full disclosure. This is one of the concerns I have with the bill.
There are concerns that we have already witnessed in this country in terms of different businesses; a colleague mentioned Indigo being attacked. My hope is that, during committee, we ensure that we are protected. We have a responsibility to Canadians to protect them.
102 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
