44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is an honour to rise again in the House to speak to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. My Conservative colleagues and I, as has been indicated, support this legislation being sent to committee for further study, as it needs a lot of further work and amendments.
For those watching this debate, who have not had time to review the legislation, the bill has two main parts, as has been explained throughout the day. The first part would amend the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.
The second part of the bill would enact the critical cyber systems protection act, which is a new act, that attempts to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are designed to operate as part of a work, undertaking or business that is within the legislative authority of Parliament. Services and systems that would initially be designed and designated as vital are telecommunications systems, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems, banking systems, and clearing and settlement systems. Any additions to this list of vital systems can be made and added to by the Governor in Council.
The critical cyber systems protection act would have several components to it. It would authorize the Governor in Council to designate any service or system as a vital service or vital system; it would authorize the Governor in Council to establish classes of operators in respect of a vital service or vital system; it would require designated operators to, among other things, establish and implement cybersecurity programs, mitigate supply-chain and third-party risks, report cybersecurity incidents and comply with cybersecurity directions; it would provide for the exchange of information between relevant parties; and would authorize the enforcement of the obligations under the act and impose consequences for non-compliance. Those would be significant consequences, I might add.
On its face, it seems that the Liberals have finally awoken after eight years of doing absolutely nothing on this file, yet somehow they hastily scrambled to cobble together a proposition for sweeping changes to a regulatory framework, which this legislation would enact.
The Civil Liberties Association said, “The problems with the Bill lie in the fact that the new and discretionary powers introduced by C-26 are largely unconstrained by safeguards to ensure those powers are used, when necessary, in ways that are proportionate, with due consideration for privacy and other rights. The lack of provisions around accountability and transparency make it all more troubling still.” We understand that a modernization in this field may be required to do so without the caveats of being necessary, proportionate and reasonable to take it one step too far for Canadians to accept.
For support of this argument, the Liberals only need to look at the research report from Citizen Lab, written by Christopher Parsons. The report is called “Cybersecurity Will Not Thrive in Darkness, A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”. That report provides 30 recommendations that clearly lay out common sense changes and how this legislation could be improved to include transparency or at least apply limitations on the government's authoritarian use of power. For the benefit of the careless drafters and my Liberal colleagues across the way who would happily vote on any flawed legislation their leader tells them to without bothering with independent thought or even reading its criticisms, I will take some time and share the flaws.
Citizen Lab also seems to address what appears to be a recurring theme with the government: a lack of transparency and limitations on the government's authoritarian use of power. It too addresses that, “The minister may, by order, direct a telecommunications service provider to do anything or refrain from doing anything...that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”
That, too, seems a little broad. Amendments need to be applied that include a limitation on the minister's powers, ensuring that actions are necessary, proportionate and reasonable. This government has proven that it cannot be trusted with powers without strict limitations. It is simply unable to self-regulate.
The Canadian Civil Liberties Association and Christopher Parsons agree again on the lack of privacy and broad provisions around information sharing.
The CCLA writes:
Also concerning are the very broad provisions around expanding information sharing with a long list of potential recipients including Ministers of Foreign Affairs and National Defence, the Canadian Security Intelligence Service (CSIS), and also, once an agreement is signed, with provincial governments, foreign governments, or international state organisations, again, at the Minister’s discretion. The Communications Security Establishment (CSE), Canada’s signals intelligence agency is also a key recipient of information.
The Citizen Lab review echos how the government ought to have included provisions that respect information privacy. To any Canadian listening, this does not sound like too much to ask. Specifically, the Citizen Lab report recommends that “information obtained from telecommunications providers should only be used for cybersecurity and information assurance activities".
It also recommends that “government should explain how it will use information and reveal the domestic agencies to which information is disclosed”. The report says “information obtained for telecommunications providers should only be used for cybersecurity information assurance activities”. It should only be used for “data retention periods”, and that it “should be attached to telecommunications provider's data”. Citizen Lab states that “data retention periods should be attached to foreign disclosures of information”. It also indicates that “telecommunications providers should be informed which foreign parties receive their information”, and “legislation should delimit the conditions wherein a private organization's information can be disclosed”.
Why does the government need to be told that its legislation has these fundamental flaws by outside organizations? Many are asking: Do these Liberals have no shame when it comes to the privacy of Canadians?
The CCLA further points out that, although there is an appeal process through judicial review, when the subject of an order finds it to be unreasonable or ungrounded, it suggests that, under Bill C-26, the government overlooks the basic, fair process that even a national security threat would receive. The Citizen Lab, on the other hand, discusses that the government fails to compensate for government intrusion into small business. Mr. Parsons proposes that the legislation should be amended such that telecommunications providers can seek moderation of “certain orders where implementing them would have a material impact on the provider's economic viability”.
In conclusion, while it is notable that the Liberal government has finally awakened to this topic, the legislation has again missed some pretty traditional marks of Liberal legislation. It leaves citizens at risk of major government overreach. It takes the privacy and information of Canadians for granted. It relies on a system of review that falls short of due process, and it leaves businesses susceptible to bearing the costs of an overbearing government. Lastly, this is typical lazy Liberal legislation.
1278 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I think many Canadians are wondering why the government took so long to act on Huawei. Our Five Eyes allies have certainly put pressure on Canada and acted previously to ensure that their 5G systems were not compromised, which had been found to be the case with the Huawei technology. That is why, in my statement, I made some comments that this government is finally waking up, after all this time, to deal with some of these issues we are facing as a country.
86 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, we all know that cybersecurity issues are a fast-moving target and how they change almost monthly. One thing that I can be confident in is our national security agencies that deal with some of these issues on cybersecurity. They are working diligently on our behalf. I would agree that there would be very few of us in the House who would have the technical capacity to understand much of what we ask our defence agencies, our national security agencies and our cybersecurity agencies to do for us on behalf of our country.
I would encourage the government, as was indicated by my colleague, to enlighten the House and to provide briefings by those technical experts in government and from our public servants. We would all benefit, not only from the study of this bill but also from the ability to answer our constituents who have cybersecurity questions. We could answer them more intelligently.
156 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is disconcerting, as Canadians, when we look at the history of the Liberals since they have been in for seven years and five months. Inflation brings it to eight years.
One of the things that is important is we have lost face, if one wants to use that term, with our global partners and our Five Eyes agencies that have now gone and done things without us. That is because we have not been at the table. We have been slow to react to the very legitimate concerns about the cybersecurity and the national security of this country and of our allies.
105 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
