SoVote

Context: House Hansard - 172 - Mar/23/23

Mar/23/23 3:28:50 p.m.
Watch

Pursuant to order made on Thursday, June 23, 2022, the House will now proceed to the taking of the deferred recorded division on the motion to concur in the 10th report of the Standing Committee on Finance. The question is on the amendment.

44 words

The Speaker

Mar/23/23 3:44:44 p.m.
Watch

I declare the amendment defeated. The next question is on the main motion. If a member of a recognized party present in the House wishes that the motion be carried or carried on division or wishes to request a recorded division, I would invite them to rise and indicate it to the Chair.

53 words

Hon. Kerry-Lynne Findlay

Mar/23/23 3:45:24 p.m.
Watch

Mr. Speaker, I request a recorded division.

7 words

The Speaker

Mar/23/23 3:57:01 p.m.
Watch

I declare the motion carried. I wish to inform the House that because of the deferred recorded divisions, Government Orders will be extended by 44 minutes.

26 words

Mr. Chris Warkentin (Grande Prairie—Mackenzie, CPC)

Mar/23/23 3:57:40 p.m.
Watch

Mr. Speaker, it is tradition for the official opposition to ask the Thursday question. This Thursday, we asked the same question 24 times. I understand that the hon. member is looking forward to the question. The question is this: On what date did the Prime Minister first learn about the allegations now being reported by Global News? I wonder, when the government House leader gives us that answer, if he would also tell us what the legislative plans are for this upcoming week.

83 words

The Speaker

Mar/23/23 3:58:16 p.m.
Watch

Before I let the hon. government House leader answer, I just want to remind the hon. members that usually the question pertains to what is going to come up next week as far as legislation is concerned, and is not a continuation of debate. I know it is kind of fuzzy these days, but I just thought I would clarify that for next Thursday, so we can make sure it is done the way we want it.

77 words

Hon. Mark Holland (Leader of the Government in the House of Commons, Lib.)

Mar/23/23 3:58:42 p.m.
Watch

Mr. Speaker, I am sure the hon. member across the way, having not had an opportunity to ask the Thursday question and not having been granted that opportunity, might be somewhat confused about the nature of the Thursday question or what it would be about, so of course we excuse him for that. This afternoon, we are going to be concluding second reading debate of Bill C-26, concerning the critical cyber systems protection act. I would also like to thank all parties for their co-operation in helping to conclude that debate. As all members are aware, and as I am sure you are aware of and quite excited for, Mr. Speaker, the House will be adjourned tomorrow for the address of the United States President, President Joe Biden. On Monday, we will be dealing with the Senate amendments in relation to Bill C-11, the online streaming act. Tuesday, we will continue the debate at second reading of Bill C-27, the digital charter implementation act, with the budget presentation taking place later that day, at 4 p.m. Members will be pleased to know that days one and two of the budget debate, which I know members are anxiously awaiting, will be happening on Wednesday and Thursday, respectively. On Friday, we will proceed to the second reading debate of Bill C-41, regarding humanitarian aid to vulnerable Afghans.

231 words

Hon. John McKay (Scarborough—Guildwood, Lib.)

Mar/23/23 4:00:37 p.m.
Watch
Re: Bill C-26

Mr. Speaker, in some respects, Bill C-26 is quite complicated, but it is also quite simple. It aspires to have the risks of cybersecurity systems identified, managed and addressed so we are at much less risk because of our cyber system. In the last while, I have had the good fortune to be the chair of the public safety committee in the previous Parliament, and I am now the chair of the defence committee. As such, I have listened to literally hours of testimony from people who are quite well informed on this subject matter. My advice to colleagues here is this: It behooves us all to be quite humble and approach this subject with some humility because it is extremely complex. The first area of complexity is with respect to the definitions. For instance, cybersecurity is defined as “the protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information”. Cyber-threat is defined as “an activity intended to compromise the security of an information system”. Cyber-defence, according to NATO, is defensive actions in the cyber domain. Cyberwarfare generally means damaging or disrupting another nation-state's computers. Cyber-attacks “exploit vulnerabilities in computer systems and networks of computer data”. Therefore, with respect to the definitions, we can appreciate the complexity of inserting yet another bill and minister into this process. Let me offer some suggested questions for the members who would be asked to sit on the committee to look at this bill if it passes out of the House. I do recommend that the bill pass out of the House and, if it does, that the committee charged with its review take the appropriate amount of time to inform itself on the complexities of this particular space. The first question I would ask is this: Who is doing the coordination? There are a number of silos involved here. We have heard testimony after testimony about various entities operating in various silos. For instance, the Department of Defence has its silo, which is to defend the military infrastructure. It also has some capability to launch cyber-attacks, but it is a silo. Then there is the public safety silo, which is a very big silo, because it relies on the CSE, CSIS and the RCMP, and has the largest responsibility for the protection of civilian infrastructure. While the CSE does not have the ability to launch cyber-attacks domestically, it has the ability to launch a cyber-attack in international cyberspace. It is a curious contradiction, and I would encourage members to ask potential witnesses to explain that contradiction, because the more this space expands, the more the distinctions between foreign attacks and domestic attacks become blurred. The bill would charge the Minister of Innovation, Science and Industry with some responsibility with respect to cybersecurity. I would ask my colleagues to ask questions about how these three entities, public safety, defence and now the Minister of Innovation, Science and Industry, are going to coordinate so that the silos are operating in a coordinated fashion and sharing information with each other so that Canada presents the best possible posture for the defence of our networks. Again, I offer that as a suggestion of a question to be asked. We cannot afford the luxury of one silo knowing something that the other silo does not know, and this is becoming a very significant issue. CSIS, for instance, deals in information and intelligence. The RCMP deals in evidence. Most of the information that is coming through all of the cyber-infrastructure would never reach the level of evidence, whether the civil or criminal standard of evidence. This is largely information, largely intelligence, and sometimes it is extremely murky. Again, I am offering that as a question for members to ask of those who come before the committee as proponents of the bill. The other area I would suggest is to question is how this particular bill would deal with the attributions of an attack. To add to all of the complications I have already put on the floor of the House, there is also a myriad of attackers. There are pure state attackers, hybrid state criminal attackers and flat-out criminals. For the state attackers, one can basically name the big four: China, Russia, North Korea and Iran. However, there are themes and variations within that. Russia, for instance, frequently uses its rather extensive criminal network to act on behalf of the state. It basically funds itself by with proceeds of its criminal activities, and the Russians do not care. If one is going to cripple a hospital network or a pipeline or any infrastructure on can name, then they do not care whether it happens by pure criminal activity or hybrid activity or state activity. It is all an exercise in disruption and making things difficult for Canadians in particular. We see daily examples of this in Ukraine, where the Russians have used cyber-attacks to really make the lives of Ukrainians vulnerable and also miserable. The next question I would ask, and if this is not enough, I have plenty more, is on the alphabet soup of various actors. We have NSICOP, CSE, CSIS and the RCMP. I do not know what the acronym for this bill will be, but I am sure that somebody will think of it. How does this particular initiative, which, as I say, is a worthy initiative to be supported here, fit into the overall architecture? Finally, CAF and the defence department are now doing a review of our defence posture, our defence policy. Cyber is an ever-increasing part of our security environment and, again, I would be asking the question of how Bill C-26 and all of its various actors fit into that defence review.

978 words

Mr. Alex Ruff (Bruce—Grey—Owen Sound, CPC)

Mar/23/23 4:10:36 p.m.
Watch
Re: Bill C-26

Madam Speaker, I am looking for the member's commentary on something I will read to him. It reads: There are several legislative changes that could be implemented to enhance cybersecurity in Canada. Some of these changes include: 1. Strengthening Privacy Laws... 2. Mandatory Reporting of Cybersecurity Incidents... 3. Improving Cybersecurity Standards... 4. Increasing Cybersecurity Funding... 6. Strengthening Cybercrime Laws... Overall, these legislative changes could help strengthen cybersecurity in Canada and better protect individuals and organizations from cyber threats. I am reading this and I could have read more, but this was all generated by ChatGPT. I could have also given some negatives around certain legislation. My point is that I think this emphasizes the importance of the bill and getting it right because we have artificial intelligence getting to the point where it can literally write speeches for us for the House if we want it to. I would like the member's comments on that.

157 words

Hon. John McKay

Mar/23/23 4:11:36 p.m.
Watch
Re: Bill C-26

Madam Speaker, that was an excellent question. I wish I had written it myself, but apparently someone, or something, else already had. Prior to question period, I was sitting with my colleague from Scarborough—Rouge Park. He wrote a speech for me, through ChatGPT, on my modern slavery bill. We just sat there, and after he had fed in a few words, an entire speech was spit out. Yet again, we have another challenge for us as legislators. I sometimes think that we are so far behind that we do not even know how far behind we are. Cheney said that we do not even know what we do not know. Bill C-26 is an opportunity to bring ourselves into the game.

124 words

Ms. Lindsay Mathyssen (London—Fanshawe, NDP)

Mar/23/23 4:12:37 p.m.
Watch
Re: Bill C-26

Madam Speaker, I want to thank my hon. colleague for his speech and his series of responses. I also want to thank him for being the chair of the defence committee. I know this is a little outside the topic of the bill, but I had asked a another colleague from the same committee two questions that have come forward during our study of cybersecurity. The first was on his thoughts and ponderings on international calls for the International Criminal Court to consider cyber warfare an act of war. The additional thought was that 90% of what the Canadian government sees as classified information could actually be declassified, and the ability to help our organizations sort through a lot of these cyber-attacks and information, when in fact we could eliminate and limit the amount we classify.

137 words

Hon. John McKay

Mar/23/23 4:13:46 p.m.
Watch
Re: Bill C-26

Madam Speaker, that is two impossible questions in a row, and I congratulate the member for them. The first was whether cyberwarfare should be declared an act of war. To my mind, an attack is an attack. If someone is running cars off the road, or interfering with pipelines or hospitals, they are putting people's lives at risk and sometimes even killing them. That does strike me as an act of war. The second issue, and the member was probably there when I raised that question with one of our witnesses, was our levels of classification for information. The question I put to one of the witnesses was as follows: I have been in on some of the security briefings, and I am sitting there wondering whether I read it two weeks ago in The Globe and Mail. We seem to have a very high threshold of classifications, and maybe this could be an opportunity to reduce that threshold.

160 words

Ms. Elizabeth May (Saanich—Gulf Islands, GP)

Mar/23/23 4:14:58 p.m.
Watch
Re: Bill C-26

Madam Speaker, this is an area where I appreciate the member's expertise in identifying where the actors are that attack our cybersecurity. Does the member think, from what he knows, that there is any level of response from the Canadian government that would not always be playing catch-up with cybercriminals who are ahead of us?

57 words

Hon. John McKay

Mar/23/23 4:15:22 p.m.
Watch
Re: Bill C-26

Madam Speaker, the brief answer is no. I think we will always be playing catch-up. In this case, things are moving so quickly.

24 words

Mr. Ryan Williams (Bay of Quinte, CPC)

Mar/23/23 4:15:40 p.m.
Watch
Re: Bill C-26

Madam Speaker, these are the words spoken yesterday by President Xi of China to Vladimir Putin as they departed company in Moscow: “Change that hasn’t happened in 100 years is coming and we are driving this change together.” Their meeting, which took place under the shadow of Russia's onslaught in Ukraine, was one that the experts stated was a meeting to build Russia's and China's alignment against the U.S. and the west, “and a world order more suited to their more autocratic agendas”. Before us is a very serious bill at a very serious time, and it also would work in coordination with a lot of other serious bills we have on the floor right now. Bill C-34 is on the Investment Act, which looks closely at what investments are security minded and good for Canada. Bill C-27 would enact the consumer privacy act and look at the protection of Canadians' privacy. We have stated all along that privacy for Canadians needs to be a fundamental human right. The bill on interoperability and the right to repair look at different ways in which we are dealing with our IP and technology in Canada. Today at the science and research committee, we continued the study of IP commercialization, ensuring we can develop technology and hold technology in Canada. We lose a significant amount of our IP to the Americans, to other nations and to foreign entities. We talk about the world order and what is happening in the world. Albert Einstein famously said that he was not sure what weapons would be used in World War III, but that the weapons of World War IV would be sticks and stones. The weapons being used right now are joysticks and software. We should make no mistake that, at this moment, we are already at war. We are not only talking about Ukraine. The member previous spoke about some of the attacks that are happening from a centre of cyber-attacks in Ukraine. Cyber-attacks are happening across the world, and they are happening right now in Canada. There has been a lot of different alarming statistics on cyber-attacks and malware attacks in Canada. We know the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians, who were victims of that. There was also a hospital in Newfoundland in October 2020 where cybersecurity hackers stole personal information from health care employees and patients in all four health regions. That affected 2,500 people. Black & McDonald, a major defence and security company and contractor, was hit with ransomware just two weeks ago. That is our security being hit by the very thing it is trying to protect us from. Global Affairs Canada was attacked in January 2022 right around the time Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian or Russian state-sponsored actions responsible for the cyber-attack on Global Affairs. Most famously, there was a ransomware attack on critical infrastructure in the United States back in May 2021 where pipeline infrastructure was attacked. President Biden, who will be here tomorrow, issued at that time a state of emergency, and 17 states also issued states of emergency. It was very serious, which shows the capabilities of some of those cyber-threat actors. With ransomware, there are companies that attack companies and then demand a ransom or money before they return those computers or the networks back to the owners. It is now worth $20 billion. That is how much money ransomware is costing businesses. Back in 2016, it was only $5 billion. The technology is rapidly advancing, and it is a war. It is a war that is affecting Canadians at this very moment, and it is something we have to be very serious and realistic about looking at what cybersecurity is, what it means and what we have to do as Canadians and as a Canadian government to combat attacks. We know that the bill is something we support. We, of course, support the bill. Cybersecurity is very important, and as the member noted earlier, we have to make it right. We do not have time for a flawed bill or to race something through. Because of the advancements and because of the need to be very serious and realistic about cybersecurity, let us make sure we get the bill to committee and make sure then that we look at certain amendments that would get it right. The question at this very moment is whether the government is taking this seriously enough. Despite a ban on Huawei announced by the government in May 2022, this week it was ascertained by the member for Dauphin—Swan River—Neepawa, as we were talking about IP commercialization in the science and research committee, that UBC is still working with Huawei after May 2022. The minister assured us that Huawei was banned, that Huawei was done. Of course, there were reports months ago of a crackdown on IP being stolen and shared from Canadian universities. It has already been projected that 2023 will be the worst year for ransomware, for cybersecurity and, of course, for IP leaving Canada. We have to take this seriously, and I know that members across the way have talked about it. Of course, this bill does that, but we need to be serious. We need to talk about cybersecurity, which means being realistic and bold in how we counter, and how we aid the west in winning, the war over cybersecurity. There are amendments to the bill that we would like to see. Number one is to ensure that we protect and safeguard our national security and infrastructure. I know a member talked earlier about the different silos that exist. Probably the most important function is to ensure that silos in the government dealing with cybersecurity are talking to one another. The Americans deal with their cybersecurity concerns through the National Security Agency, the Department of Homeland Security, the Federal Bureau of Investigation and the Department of Defense. They all work alongside each other to enhance the cybersecurity establishment that was developed in 2018. Similarly, Canada has the Communications Security Establishment, part of which is the Canadian Centre for Cyber Security, but as a member noted previously, is it talking to NSICOP and CSE? Are we making sure we are talking to the different departments? We know that the government is pretty large and unwieldy. We have to make sure that these departments are working together. We also have to make sure we are looking after our businesses, as 40% of Canadian SMEs do not have any cybersecurity protection. It is going to be very costly for those businesses to implement that. As a business owner, I know the single biggest cost when it comes to cybersecurity is actually insurance. Insurance premiums just for cybersecurity attacks are going up and up. Every year they have increased by 20% to 30%. Of course, that is aligned with the $20 billion we are seeing from malware and ransomware across the world and the increase in cyber-attacks. We have to make sure that we help our businesses, so perhaps we need to look at tax credits. One thing we can do is ensure that we share best practices and that businesses get support from the federal government to enhance their cybersecurity. Another concern we have is how much power the minister will get, as the minister is supposed to get all the power. We have seen this with other bills. We have seen this in bills on the right to repair and interoperability. We have seen it in Bill C-27. Perhaps it is better to look at an ombudsman. We have talked about the Governor in Council and orders in council, but we want to hear from the security experts at committee to ascertain who exactly should be making these decisions instead of bringing them back to one minister. This bill right now could fit under the INDU committee and the industry minister, but it is going to the public safety committee, so already we have two different departments managing this bill. Why does one minister have to handle it? Why can it not be a broader process to ensure that we are seeing some congruence? Privacy is something we talked about quite a bit. We will be debating Bill C-27 in the House tomorrow, and I certainly feel that privacy needs to be a fundamental human right. Part of this bill has different groups and organizations concerned about how we are protecting Canadians' right to privacy. When they lose their privacy, who is responsible for that? There will be a lot of different witnesses coming to committee. When we look at cybersecurity, we have to ensure we are protecting Canadians' fundamental right to privacy and ensure we are doing all we can so that if their privacy is breached, Canadians can find some relief. We have talked about Bill C-27 and a tribunal, and maybe giving more powers to the Privacy Commissioner, who should have more power to look at whether we should go after criminals or organizations for breaches. We also have to look at the law and at what we are doing to go after criminals who are engaging in cyberwarfare and who continue to be a threat to Canadians. Russia and China are very concerning right now, and there are a lot of different reasons for that. Russia is growing increasingly reliant on China as both an import market and an exporter of electronics. Both leaders are building a closer energy partnership on oil, gas, coal, electricity and nuclear energy. They are going to build the Power of Siberia 2 pipeline through the territory of Mongolia. This is important because Taiwan is coming up—

1658 words

The Assistant Deputy Speaker (Mrs. Carol Hughes)

Mar/23/23 4:25:51 p.m.
Watch

I am sorry, but the hon. member's time is up. I am sure he will be able to add more during questions and comments. Questions and comments, the hon. member for Scarborough—Guildwood

35 words

Hon. John McKay (Scarborough—Guildwood, Lib.)

Mar/23/23 4:26:03 p.m.
Watch
Re: Bill C-26

Madam Speaker, I pretty well agree with everything the member said. However, what I am concerned about is that partisanship is a debilitating exercise around here and this is serious business. Does the member have any thoughts as to how to innoculate this bill, in particular, from the partisanship that may inevitably follow it? Then we can deal with this as serious legislators and serve all of our public.

69 words

Mr. Ryan Williams

Mar/23/23 4:26:44 p.m.
Watch
Re: Bill C-26

Madam Speaker, as I have heard, members from across this side of the House are in agreement with the bill and think that cybersecurity is needed. I think the difference is that on our side, we just want to make sure that we slow down a bit, get the bill right and are realistic and bold about what the Canadian government needs to do to ensure we tackle cybersecurity. I think we can come together at committee. I have heard from many Conservative speakers, and we all agree that we should bring the bill to committee. However, let us bring in the best witnesses to ensure we get it right so that in the end we are leading the world, not catching up.

123 words

Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)

Mar/23/23 4:27:34 p.m.
Watch
Re: Bill C-26

Madam Speaker, like all members of the House, I believe, experts are concerned about Chinese equipment in our critical infrastructure, especially telecommunications infrastructure. Should the Liberal government not be very concerned about the presence of Liberal MPs in its own ranks who are a threat to national security in their own way?

52 words

Mr. Ryan Williams

Mar/23/23 4:28:00 p.m.
Watch
Re: Bill C-26

Madam Speaker, absolutely. We are seriously concerned in an ever-evolving world about national security, cybersecurity, infrastructure and investment security, protecting Canadian interests in IP and making sure we have fair, open and honest inquiries. If there are breaches and interference in our democracy, they should be tackled openly and honestly. We are certainly asking for that every day, and when it comes to the bill before us, it is no different. We are at war with joysticks and software that threaten our infrastructure and the very livelihoods of Canadians and Canadian businesses. Let us get this right. Let us work together openly and honestly and make sure that we pass a good bill that protects Canadians.

117 words