44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is an honour, as it always is, to rise in the House of Commons of the Canadian people and speak to Bill C-26, an act respecting cybersecurity, which seeks to amend the Telecommunications Act and make subsequent amendments to others acts.
I want to say from the outset that cybersecurity is a critically important issue. For those of us who have been watching the news, we have even seen bookstores like Indigo impacted by ransomware, and we know that no Canadian, business or government agency is immune to cybersecurity threats. As Conservatives, we obviously support taking robust action on cybersecurity and we look forward to the bill going to committee, where we can hear from stakeholders who have expressed uncertainty about what the impact of the bill is going to be. Certainly, I hope we can work across lines to make a better piece of legislation and address the very real challenges we are facing in this cybersecurity age, in this cyber age that we are facing.
I am going to go into a bit of background on the bill, because my constituents might not have heard of this legislation. For their benefit, I am going to give a bit of summary of what I understand the changes to be.
The threat of malware in our telecommunications sector and critical infrastructure does pose a serious threat to Canada. It is important that we respond to these threats proactively, in light of the inevitable future attacks that will happen in our cyberspace. As I said, Conservatives will support legislation to defend our telecommunications sector and our other critical infrastructure from threats, the likes of which, as I stated earlier, have been levied against Canadian individuals, corporations and government agencies repeatedly.
In order to evaluate this legislation, I would like to take some time to consider how the proposed bill might impact our economy, our national security and our commitment to protecting the civil rights of Canadians. Although legislation relating to cybersecurity threats is now long overdue, we should remain vigilant to protect the rights of Canadians and our domestic corporate actors, who could be seriously impacted by the unintended consequences of this legislation. Notably, I am somewhat concerned by the sweeping discretionary powers that are granted to the minister and the Governor in Council in this legislation. I would also like to talk about some of the objectives of the bill and then describe how this current proposed legislation could fail in achieving its intended purpose.
The bill is presented in two parts. The first would amend the Telecommunications Act to promote the security of the Canadian telecommunications sector, and the second part of the act would enact the critical cyber systems protection act. The amendments to the Telecommunications Act are intended to protect against ongoing threats of malware, which poses a threat to the Canadian telecommunications system, and the critical cyber systems protection act aims to strengthen the cybersecurity systems that are so vital to our national security and public safety, and it would allow the government to respond to these cyber-threats.
The aim of this legislation would implicate operators in a broad variety of fields, including the finance, telecommunications, energy and transportation sectors, just to name a few, all critical parts of our infrastructure. With these aims in mind, it is important to consider how expansive the government powers being talked about here are, new powers to the government, how these new powers will affect all these sectors that affect our day-to-day lives, and whether these new measures are proportionate and necessary to be implemented.
To begin, the powers afforded to the minister present economic and financial risk for critical systems operators and telecommunication system providers. The first consideration is the minister's ability to direct telecommunication service providers to comply with an order to prohibit a provider from using or providing certain products or services to a specific individual or entity. Those are pretty broad powers. The bill would implicate the operations of private telecommunications organizations, and therefore the legislation requires safeguards to protect the economic viability of these companies. The bill would also allow the minister to compel telecommunications companies to obey government directives or face the consequences of significant monetary penalties.
In giving the minister such expansive powers, the government may have failed to consider the potential economic impact of these unchecked provisions on service provisions. Telecommunications revenues contribute over $50 billion to Canada's GDP, yet the government has not provided clear and adequate safeguards in this legislation to limit the extent to which or the frequency with which it might use these service provisions and how they might be restricted under the instance of even a minor cyber-threat.
Large, medium and small regional market players would be impacted by this legislation if appropriate safeguards are not adopted in the amendment stage. Large telecommunications service providers make up about 90% of the market share, and any directive to suspend a service by these large market players could impact a significant amount of the Canadian population. Although we hope that such orders will seldom be issued, the vagueness of the language in the bill does not guarantee this.
Meanwhile, we see small and medium-sized players who disproportionately service under-serviced areas in Canada; I am thinking of rural and remote communities. These small and medium-sized players often have trouble dealing with the regulatory complexity and the financial investments needed to meet regulatory thresholds, and we could see these small and medium-sized players just fold up or get bought out at a fraction of what their value would have been. We would really see this as a consequence for rural and remote communities, which are struggling, even today, to get access to basic services like high-speed Internet.
For these reasons, the overbroad provisions in the bill do not lend themselves to a standard of proportionality.
A stakeholder group, Citizen Lab, released a research report on Bill C-26 from the Munk School, authored by Dr. Christopher Parsons. The report outlines, in its recommendations, that the legislation should be amended to allow telecommunications service providers to obtain forbearance and/or compensation for orders that would have “a deleterious effect on a telecommunications provider’s economic viability”.
The Business Council of Canada is likewise concerned about the CCSPA requiring that all critical systems operators undertake the same precautionary actions to protect themselves from cyber-threats. The Business Council of Canada notes that the legislation would require a singular standard of all service providers “irrespective of their cyber security maturity”. We know that there are highly funded firms with a lot of resources that have highly superior cybersecurity systems, and then we have our more infant, junior tech companies that are trying to grow so that they can attract capital. These regulatory requirements of holding them to the same standard could have a negative effect on growing the tech ecosystem here in Canada.
Moreover, the Business Council of Canada notes that the legal threshold for issuing the directives is too low. The low threshold to issue these orders to an operator would allow the possibility of lost revenue for operators because of an absence of due diligence on the part of the government, a government that has had its own cybersecurity problems. I have serious reservations that a government that is unable to run its own IT systems will have a better capability of telling private companies how to run their IT systems.
The council further notes that the monetary penalties are unduly high and are not proportionate, given the benefits of compliance in the event of a perceived or actual cyber-threat. These companies in Canada want to live by the rules. They want to work with the Canadian government. Their reputations are at stake, yet the government is treating them like they are bad actors by putting these fines in place, when maybe we should be looking at working and engaging more with our telecom sector to have a more friendly relationship on this issue.
Another group, Norton Rose Fulbright, noted that there is still considerable uncertainty as to how detailed the cybersecurity plans must be and how it would alter industries' existing policies and agreements. Clearly, there is a lot of uncertainty about this, but it is too important to let it go aside, so I am looking forward to this coming to committee, where we can have some of these stakeholder witnesses come and talk about things so that we can clear up the uncertainty and we can have targeted cybersecurity measures that actually result in benefits to Canadians.
Other technical experts, academics and civil liberties groups have serious concerns about the size, scope and lack of oversight around the powers that the government would gain under this bill. Civil liberties groups are particularly concerned about the government's ability to direct telecommunications providers to do anything needed by secret order. While the legislation lists what might be included by the minister or Governor in Council, the ambiguity of the wording leaves open the possibility of compelling a telecommunications company to do more than is officially stated. This is particularly noteworthy because of the significant monetary penalties that can be levied against these companies, to the tune of up to $10 million a day.
Liberals, in many cases, have perhaps neglected to consider the privacy of Canadians through this legislation.
Bill C-26 would allow the government to bar any person or company from receiving specific services, which raises concerns about the discretion the government has in making these decisions. Again, it is very unclear. This is too important. We should bring the bill to committee and vote on it, but there are lot of things we need to get right in the legislation. We look forward to looking at that.
1652 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, Parliament exists to defend the rights and liberties of the Canadian people. Oftentimes, I find this legislation is highly technical. The technical legislation is often where we see the biggest changes that would impact people's lives. When the government proposes to give sweeping powers to the minister to have control over sectors that impact every facet of Canadian lives, we need to do our due diligence as parliamentarians. We need to bring forward the stakeholders, the witnesses and the civil liberties advocates to ensure that the rights and liberties of Canadians are protected.
96 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
