44th Parl. 1st Sess.
December 1, 2022 10:00AM
Mr. Speaker, the member is also from Winnipeg, so he is a fellow Manitoban.
As I outlined it in my remarks, it is not just the Conservative Party. We were alerted to this by every major civil liberties organization in the country. They wrote quite an in-depth open letter with over two dozen different concerns that they had, give or take, so we are using the information we are getting from the organizations specifically tasked with protecting civil liberties and privacy and freedoms of Canadians. That is who alerted us to it.
We would like to bring them before committee to make their recommendations. They have made recommendations in open letters. Various organizations with technical expertise have also recommended various amendments to this bill. Again, I am not an expert in cybersecurity, but I do understand Canadians' need to protect their privacy. Therefore, at the committee stage, we will be bringing forward these experts to help us craft amendments. I mentioned in my remarks that perhaps there could be an ombudsman or a specific oversight committee that is built into this.
One last thing is that there is no annual reporting mechanism in this bill, where government would be responsible for tabling a report to Parliament that would outline and give Canadians an idea of what the government has been doing with this bill and what the threat assessment of Canada in the impacts of what the bill has done and what it has seen in the reporting mechanisms from companies. I would say it needs annual reports to Parliament, and we have to craft those amendments with expert witnesses' testimony at committee. I look forward to those discussions.
280 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I appreciate the question from my colleague, who is also from Winnipeg and a fellow Manitoban.
I take the member's point regarding former pieces of legislation that need work. The leader of the official opposition, the member for Carleton, has been very clear in his desire to protect data and the rights of Canadians, especially if we are looking at Bill C-11, which is the Liberal government's attempt to control and regulate the Internet, so to speak. He put forward the very first, very public and very well executed defence of Bill C-11, so I would say that the capability for data sharing between departments and between ministers, which is a large part of this bill, raises a lot of significant privacy concerns of the data of individual Canadians.
We have been very clear that our intentions with this bill and others are to protect those freedoms and that privacy of Canadians. Therefore, that will be the underlying theme of our approach, certainly to this bill during the committee process and in the days and weeks to come.
184 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, an interesting debate is under way thus far on such an important issue with which we all have to come to grips. As changes in technology take place, we have to take that into consideration. I suspect that legislation dealing with privacy or cyber-attacks will be ongoing. Once the bill goes to committee, I am sure there will be a great deal of dialogue. I anticipate a great diversity of witnesses will come forward with ideas on the legislation.
I will pick up on the point I raised with the member opposite about the concern that the minister had too much power under this legislation. Often, when government brings forward legislation, opposition members bring forward concerns about how power is enhanced through the minister's office.
I have had the opportunity to briefly go through the legislation and I genuinely believe there is the right amount of balance. That is why I posed the question for the member. She suggested of reporting mechanisms, whether through an annual report or a report to a standing committee, and that has merit. I say that because I know there has been a great deal of effort in formulating this legislation. If there are ideas that would enhance or make the it that much stronger, we should be looking at that. I do believe the ministry is open to that.
When the member was quoting, I wondered where those quotes were from. She used those to amplify fears that one might be challenged to justify. For example, the member referred to an “evil government” based on quotes she had received. I am not saying it is her opinion, but she has raised it, saying this is a quote from some third-party organization and if we believe in that quote, it could lead to an evil government. We have witnessed that a great deal from the Conservative opposition on a variety of different issues, as if there is some sort of conspiracy. There is no conspiracy, contrary to what the member said, at least in one part of her speech. The government is not out to spy on Canadians.
The government takes the issue of the privacy of Canadians very seriously. We have brought forward legislation to that effect. This government has spent tens of millions of dollars on cyber threats. The government has had working groups and advisory groups dealing with cyber threats. We recognize the changes in technology and the impact they have had on society. I have said in the past that if we were to look at technological advancements, we would be challenged to find an area that has been as advanced as computer Internet technology. Just the other day, I was speaking to a private member's bill, saying that 10 or 20 years ago there were no such things as iPhones.
I note the member for Winnipeg South Centre is listening. He will recall that when we were first elected back in 1988, there was a big computer purchase of $5,000 made through Reg Alcock. We had a wonderful computer with a laser printer, which came with a keyboard and a mouse. At the time, when logging into the Internet with that wonderful and beautiful computer, the first thing we would hear was a dial tone. Then we would hear that stupid clicking sound, which meant we were actually connected to the Internet. We were all fairly impressed with that computer, and there were about 20 of us at the time.
We can compare that to where we are today. People can buy a laptop for $500 that has abilities and technological advancements more than tenfold of what we paid $5,000 for, with that long dial-up connection. In fact, people can purchase something brand new for $250 that is hooked into the Internet and running at a rapid speed. It is not even comparable to what it was.
There is so much advantage to technological change, but with that change comes risk, which is the essence of what we are debating through Bill C-26. Even though society has benefited immensely, we need to recognize there is a significant risk factor. That risk factor not only applies for the individual who might be surfing the net today, but it also applies to military operations taking place in Ukraine today.
Computers today are not optional. The Internet is not optional. They are essential services. That is why the Prime Minister, or one of the other ministers, just the other day made reference to the percentage of Canadians who were hooked up with high-speed connections and how we had literally invested billions to ensure that Canadians continued to get that access, with a special focus on rural Canada. We recognize that because it is no longer optional; it is an essential service.
The digital economy varies significantly. If we want to get a sense of this, we can turn to Hollywood and like-minded productions found on Netflix, CBC or the more traditional media outlets. We can look at some of the movies and TV shows out there. The other day I was watching an episode of a show called The Blacklist, which is all about cyber-attacks. I suspect a number of my colleagues might be familiar with that show.
One member talked about hydro. Manitoba, in fact all of Canada, should be concerned about our utilities. Through Hollywood productions, we are better able to envision the potential harm of cyber-attacks. A well focused cyber-attack can deny electricity to communities. It can shut down things that should never be shut down.
We talk about the sense of urgency. One would expect there will be mischievous lone individuals working in their basements, or wherever it might be in society, challenging systems. However, we also have state-sponsored cyber-attacks, and we should all be concerned about that.
In fact, that is why it was comforting when the minister made reference to the Five Eyes. I caught on right away that there are like-minded nations. Canada is not alone. There are like-minded nations that understand the importance of cyber-attacks and the potential damage that can be caused.
I will get back to the international side of things later, but when we think of what is at risk, think of digital data. Digital data comes in many different forms. One of the greatest collectors of data is Statistics Canada, an organization that invests a great deal in computers and technology to protect the data it collects from Canadians. Statistics Canada is actually respected around the world for its systems. It has absolutely critical data, and that data is provided to a wide spectrum of stakeholders, obviously including the national government.
Let us think of health organizations, the provinces and the collection of health records, or motor vehicle branches and passport offices. All of these government agencies have, at the very least, huge footprints in data collection.
Those are government agencies. We could also talk about our banking industries or financial industries. We can think of those industries and the information that is collected from a financial perspective when people put in an application for a loan. All of the information they have to provide to the lender, such as their history, is going into a data bank.
There is also the private sector. The other day we were talking about apps. One example is Tim Hortons. We were talking about it, as members might recall. The Tim Hortons app is fairly widely downloaded, and there is a lot of critical information within it. Canadians need to know, whether it is a government agency or private agency, that governments at all levels, in particular the national government, have their backs. That is the reason I started off by giving a very clear indication that even though Bill C-26 is before us today, we have been investing substantial financial resources through other types of legislation to provide assurances to Canadians so they know their information is in fact being protected.
There are actions on the Internet today related to our small businesses. The member opposite made reference to this and asked how the government is supporting small businesses. If a person has a small business today, chances are they are on the net. More and more consumers turn to the net for widgets and a multitude of different services.
As a result of that, there has been a great demand on small businesses. That is why we have a Minister of Small Business who looks at ways to not only provide tax relief but provide support. Sometimes it is done directly through financial measures and sometimes it is done indirectly by providing resources. However, let there be no doubt that there is support coming from the government. Whether it be a small, medium or large business, the government has a vested interest. We will do what we can. A good example of that is the individual who uses an ATM card when they make a small or large purchase at a small business.
The attacks we are talking about today can take many different forms. The digital economic side is definitely one of them, but there is also a social component to the Internet. When I think of the social component, I think about issues of privacy and of communications through, for example, social media. Again, Canadians have an expectation that the government is going to be there for them. Cyber-attacks take place in areas we all need to be concerned about. As I said, the more advanced we become, the more risk there is.
There are a lot of things that take place on the net that we need to be aware of and take action on. The exploitation of children is an example. That needs to be taken into consideration.
In the legislation, there is a very strong compliance component. As I raised, the minister would have the authority to make some things happen with our telecommunications companies and tell them to stop. I think that sort of action is necessary at times.
There is also a financial component so we can ensure a penalty is put in place as an incentive for people to abide by the legislation and the regulations, which are all there for one purpose and one purpose alone: to protect Canadians and institutions from risk. That is why we are investing in cybersecurity, ensuring respect for the privacy of Canadians and supporting responsible innovation.
We will continue to protect Canadians from cyber-threats in an increasingly digital world. This legislation is one aspect of what the government is doing to accomplish that. I believe that state-sponsored cyber-threats are one of the greatest concerns and one of the reasons we need to work with allied countries. I made reference to the Five Eyes. There are democratic, free, allied countries that recognize the potential harm of cyber-threats sponsored through governments. This legislation really sinks its teeth into that.
I hope that all members will get behind this legislation so we can ultimately see its passage to the committee stage. An official opposition member has indicated there is a great deal of interest in reviewing the legislation, the idea being to come up with ways to ultimately make the legislation better.
1900 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I am please to speak today to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.
It is really important to acknowledge that we are severely behind with regard to our protections in this matter. I am going to quote from myself, from when I once engaged the government and asked them this. “I am very concerned that we are not doing enough in Canada to protect the digital privacy of Canadians and am calling on the government to develop stronger frameworks and guidelines to improve cyber security in Canada. These are critical issues that must be addressed”. They must be addressed for the benefit of Canada, as our economy and commerce are currently under threat, as is our personal privacy.
When did I do that? That was in 2016. From 2016 to today, with the digital changes we have had, is a lifetime of change.
I got a response from the government at that time, basically saying it would refer matters and let them play themselves out in court.
One of the most famous cases that came forward at the time involved the University of Calgary, which had reportedly paid $20,000 in compensation to a group of organizations we do not know to protect the breach they had.
What has taken place over several different cases and also in our current laws has shown that it is okay to pay out crime and it is okay to pay out these types of requests for extortion and not even refer that matter back to the people whose privacy has been breached. We do not even have to report it as a crime to law enforcement agencies. It is very disturbing, to say the least. Getting this legislation is something, but it is still a long way off.
As New Democrats, we recognize very much that there needs to be balance in this. This is why I also wrote at that time to the then privacy commissioner of Canada, Jennifer Stoddart, about the cyber-attacks and data breaches.
There is concern about the amount of data and one's rights and one's protections and the knowledge one should have as an individual in a democracy. I do not think it is a conspiracy theory to have those kinds of concerns.
I would point to a simple famous case. As New Democrats are well aware, and I think other Canadians are as well, our number one Canadian champion of health care, Tommy Douglas, was spied upon by his own RCMP at that same time. That was in relation to bringing in Medicare. This is very well documented. We still do not have all the records. We still do not have all the information, and it is a very famous case.
Bringing in our number one treasured jewel, health care, led to a case where our own system was spying on an elected representative who was actually declared Canada's greatest Canadian by the public. We do not want to forget about those things because, when we are introducing laws like this, there is a real concern about one's ability to protect oneself and one's privacy, as well as the expansive conditions that are going to change, often with regard to personal privacy.
What also took place after that was that I was very pleased, in 2020, to put a motion forward at the House of Commons industry committee, where we studied, for the first time in Canadian history, fraud calls in Canada.
There are a lot of cyber-attacks through this type of operating system, and we need to remind ourselves that using this type of system, being our Internet service providers and the telecoms sector, is something that is done by giving up the public infrastructure and a regulated system of industry.
We have built a beast, in many ways, that has a low degree of accountability, and we are finally getting some of that restored. There are also some new programs coming in, like STIR/SHAKEN and other types of reporting that is required.
I want to point out that since we have done that, we have another report that will be tabled, or at least a letter. We have not decided yet, and there is still work going on, but we have had a couple more meetings in the industry committee about it and we have really heard lots of testimony that showed that there is more work that can and should be done.
A good example from the previous report that we did was recommendation number five, which went through sharing information between the RCMP and the CRTC. We have not seen the government act on it.
It is important to note that with this bill there has been a lot of talk about the types of things we can do internationally, as well. One of the things I would point out that I have been very vocal on, because I have had Ukrainian interns in my office for a number of years, is that we could use a lot of our leverage in terms of cybersecurity and training to help them to deal with the Russian hacking and other nefarious international players. That would not only help Ukraine right now in the war with Russia. It would also help with the other activity that comes out of this subsequently, which would help the world economies by having trained, solid professionals who are able to use their expertise and battle this with regard to the current state of affairs and also the future. This would be helpful, not only for the Ukrainian population but also for the European Union, Canada, North America and others, who will continue to battle more complex artificial intelligence and other cyber-attacks that take place.
One of the things I want to note is that in the bill, a proposed new section 15.2 of the act would give the Minister of Industry and the Minister of Public Safety the authority to make several types of orders. It relates to guiding TSPs to stop providing services if necessary. This is a strong power that we are pleased to see in this type of legislation.
What we are really concerned about, as the member for Elmwood—Transcona noted, is that there is no general oversight of the type that we would normally see on other types of legislation. Scrutiny of regulations was the one referred to. For those who are not familiar with the back halls and dark corners of Parliament, there is a committee that I was one of the vice-chairs of at one point in time. The scrutiny of regulations committee oversees all legislation passed in the House of Commons and ensures that the bureaucratic and governmental arms, including that of ministers, whatever political colour they will be of at that time, follow through with the laws of the legislation that is passed. Making this bill not have to go through that type of a process is wrong. I would actually say it is reckless, because the committee has to do a lot of work just to get regulatory things followed on a regular basis. It can be quite a long period, but there is that check and balance that takes place, and it is a joint Senate and House of Commons committee. It is unfortunate that the legislation tries to leave that out.
The legislation also does not have the requirement to gazette information in terms of making it public for the different types of institutions. That is an issue, and it also has a lot of holes when it comes to information that can be withheld and shared.
Why is that important with regard to confidence in the bill? It all comes down to the fact that many of the institutions at risk of being targeted involve not only the private sector, where we have seen not only abuse of customers themselves, or businesses with lax policies that do not protect privacy very well, but also others that have used abusive techniques and processes. Even right now, it is amazing when we think about the information in the process that is going on in the United States. The U.S. Senate is going to oversee the issue with regard to Taylor Swift tickets and Ticketmaster again. That is another one that has had a nefarious past with regard to privacy, information and how it runs its business. People can go back to look at that one, with Live Nation and so forth. At any rate, the U.S. is also involved in this.
I raised those things because it also comes from the soft things like that, which are very serious with respect to credit cards and to people's personal information that is shared. However, across the world and in Canada we also have municipal infrastructure and government institutions that are constantly under attack. That is very important, because it is not just the external elements with regard to consumer protection and business losses, which are quite significant and into the billions of dollars. It is also everything from water treatment facilities to health care facilities in terms of hospitals and utilities for power and hydro. All those elements can be used as targets to undermine a civilian population as well, and one of the things we would like to see is more accountability when it comes to those elements. There is definitely more to do.
One of the things I do not quite understand, and which I am pleased to see the government at least bring to committee, is what we could do to educate the population.
Our first intervention on this bill as New Democrats was several years ago, and it is sad that it is just coming to fruition now.
1653 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, absolutely, but if we are going to give some flexibility in power for the minister to act, it has to be responsibly met with oversight, and that has to be heavy oversight. That will provide the confidence.
That is why I wrote to the Privacy Commissioner right after I challenged the government back in 2016 to act on this. We have seen how long it has taken for it to act on this now, so we need to have that confidence. It is a two-way street. If we have the confidence of privacy and protection for people, with oversight, then I think people will be more willing to accept that there could be some changes with respect to how investigations take place.
125 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I have a book that we use for privacy protection and it is available to everybody. It was written by Kevin Cosgrove. It is a playbook for people on how to protect themselves and their families from a whole bunch of different issues, whether it be WiFi, online banking, shopping, social media, a whole series of things. The reason I use that as a specific example is that a ton of education has to be done. That has to be done for this bill as well. There needs to be a defined playbook of accountability, like going to the Standing Joint Committee for the Scrutiny of Regulations and ensuring there is oversight for the minister. All those things have to be really enhanced to build the confidence so we all buy into this.
135 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to thank my colleague for a very thoughtful speech. He was very good at pointing out some of the issues with this that we have heard from stakeholders. We have heard from privacy and civil liberties groups about the secrecy that could impair accountability, due process and public regulation.
The government orders issued under this bill may be made in secret without public reporting requirements, making it impossible for rights groups and the public to monitor and challenge how power is exercised under the bill. The secrecy of this could be very concerning.
I wonder if the member and the Bloc had any thoughts, once this goes to committee, about anything that could be added to improve the required balance between civil liberties and secrecy.
129 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, this bill gives the government of the day boundless opportunities to abuse our privacy and to issue secret orders.
One can only imagine what would have happened during the lockdowns with secret orders going forth. For even a peaceful demonstration coming to Parliament Hill, imagine the types of punishments, accusations and jail time, not just freezing bank accounts and taking money from lawful people.
66 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I cannot hold up my cellphone, but what is absolutely key to the whole conversation we are having is the fact that all of us in this place carry an incredibly powerful computing device that only a few years ago would have been something we would not have seen even in the most futuristic sci-fi novels and movies. The space in which we are discussing cybersecurity has evolved so rapidly.
Specifically to the question the member asked regarding privacy, it is a very important one. It is one that, as a member of the Standing Committee on Access to Information, Privacy and Ethics, we need to make sure the legislation we have in this country, including privacy legislation both on the application of government and the privacy of all Canadians in terms of corporations and that whole space, reflects the modern realities. In many cases, decades old legislation needs to be updated to reflect the realities of today.
161 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
