44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, the member is right. When we get to committee, we can iron out some of the flaws that we have seen in Bill C-26. It is going to be important to focus on accountability and the member did not address that. That is where this bill can either succeed or fail. We need to ensure there is an accountability process for the government, so when it follows through with Bill C-26, we have a process and we can go back and say we need to tweak or change something because cybersecurity changes so fast.
98 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, we have been hearing details about the impact this bill could have. I would like to hear my colleague's thoughts on the following question. Why are we always in reaction mode?
In 2019, the Standing Committee on Access to Information, Privacy and Ethics was looking at how to separate information pertaining to social insurance numbers in order to protect citizens' privacy.
What message does this bill send? Yes, a structure exists. Yes, there are correspondents, organizations and individuals who will have more power and potential accountability, but what is behind all of this? Are the Liberals trying to clear their conscience for all the scandals of the past few years?
I would like to hear my colleague's thoughts on that.
124 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am not too sure what the specific scandals were, but this bill certainly opens the door for information sharing and, as was brought up, intelligence sharing, and, through accountability, we can cover those. We can actually be accountable in how we share information safely and we can protect the rights of Canadians.
55 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to thank the hon. member for his speech today and for his many years in law enforcement. He certainly knows a lot about this file. Throughout the member's speech, the number one word he used, and we can check Hansard, was “accountability”, and also the frustration with the Liberal government on a lot of the bills that have been passed.
How does he feel on this particular bill on accountability?
77 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, in the last several months, we have seen accountability raise its head here in Parliament with Bill C-5, Bill C-75 and Bill C-11. Without accountability, it is as though the government does not actually care what we are doing because with a majority government, the NDP and Liberals can make decisions based on what they think is right and there is no accountability.
With Bill C-5, the evidence is not there. Bill C-21, taking legal guns from legal gun owners, is another non-evidence-based process. With Bill C-26, which we are talking about today, it is time that we start building in some processes for accountability so the government is actually accountable for what it is doing.
126 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I heard loud and clear what the bill is missing. It lacks teeth and, of course, accountability mechanisms.
I heard my colleague opposite talk about the purpose of this bill, which could restore some degree of public trust. It is safe to say that trust is being undermined at the moment. My colleague is concerned not only about the fact that people's safety must not be compromised, but also about the impact on democracy and the need to ensure that it is not undermined.
Does my colleague agree that this bill has been crafted well enough to deal with the serious problems we are facing in terms of cyber-attacks and interference in our elections?
118 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, the member for Cowichan—Malahat—Langford shared some concerns in his speech. I am sure he saw the open letter from eight groups, including the Canadian Civil Liberties Association, the National Council of Canadian Muslims and OpenMedia. One of their concerns is power without accountability for the CSE, or Communications Security Establishment, our cybersecurity agency.
Can he share more about what could be done to address this concern in Bill C-26?
76 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, there have been serious concerns about how, within the telecommunications infrastructure, Bill C-26 would allow Canada's national security and spy agencies to permanently implant themselves within that infrastructure, have access to all kinds of sensitive data and possibly share it.
I do not know what the specifics are at this point. I think the committee will be empowered to look at that. I want to make sure that, everywhere in Bill C-26 where ministers are able to issue these types of orders, or if they are kept secret, there would be accountability mechanisms built into the bill.
Can we give the standing joint committee on regulations the ability to review those orders, since they could be prevented from being published in the Canada Gazette? That is one particular example, but there are many others.
I agree with the premise of the member's question in that there is a lot of work that needs to be done with Bill C-26 at committee.
168 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, just before the hon. member's speech, we heard from a Liberal member. One of the things the member spoke about in his speech was specifically that the government knows best and to just trust the government on this and we will be fine. That came out of one of the answers to a question I asked.
Can he expand on that in terms of the concern we have with the answers we are hearing today, and in terms of the transparency and accountability required in this bill?
90 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, it is always an honour to rise in this House on behalf of the people of my riding of Moose Jaw—Lake Centre—Lanigan.
The safety and security of our nation is of paramount importance, and I understand the need to enhance the safety and security of Canadians, both here at home and abroad. This would include many of our international corporations, which are large contributors to our economic base, and of course our own government institutions and interests. Having the opportunity to speak to cybersecurity in Canada gives us an opportunity to enhance or increase our country's ability to protect us from cyber-threats.
A significant concern for all Canadians is security. This concern has increased in recent times, as we see the rise in organized crime and gang-related offences, which have gone up 92%. The question I ask myself when I see this increase is this: Will the Liberal government be led by evidence and act on the evidence that has been reported?
Cybersecurity is extremely important for our nation to protect itself from inside and outside threats. I welcome Bill C-26, but I do have some concerns pertaining to the success of the bill, and one concern is about accountability. This is a question that we in opposition bring up every day in this House and regularly.
Bill C-26 is essentially divided into two different parts. The first part is to amend the Telecommunications Act to promote the security of the Canadian telecommunications system, adding security as a policy objective; to bring the telecommunications sector in line with other infrastructure sectors; and to secure Canada's telecommunications system and prohibit the use of products and services provided by specific telecommunications service providers. This amendment would enforce the ban on Huawei Technologies and ZTE from Canada's 5G infrastructure and would remove or terminate 4G equipment by the year 2027. What stands out to me, which has been a concern, is the time that it took the government to react to enforce the ban on Huawei.
The second portion of this bill is to enact the critical cyber systems protection act, or CCSPA, designed to protect critical cyber systems and “systems that are vital to national security or public safety and that are delivered or operated...within the legislative authority of Parliament.” As a report by Norton Rose Fulbright notes, the purpose of the CCSPA is, first, to “[e]nsure the identification and effective management of any cybersecurity risks, including risks associated with supply chains and using third-party products and services”; second, to “[p]rotect critical cyber systems from being compromised”; third, to “[e]nsure the proper detection of cybersecurity incidents”; and finally, to “[m]inimize the impacts of any cybersecurity incidents on critical cyber systems.”
The impacts of this bill would be far-reaching, and here are the things that need to be considered when this bill is in place. The government would have the power to receive, review, assess and even intervene in cyber-compliance and operational situations within critical industries in Canada; to make mandatory cybersecurity programs for critical industries; and to enforce regulations through regulatory and legal enforcement, with potential financial penalties. With this in place, the Governor in Council and the Minister of Industry would be afforded additional powers.
As the report notes:
If any cybersecurity risks associated with the operator’s supply chain or its use of third-party products and services are identified, the operator must take reasonable steps to mitigate those risks. While the Act doesn’t give any indication of what kind of steps will be required from operators, such steps may be prescribed by the regulations [at committee].
It goes on:
The Act also addresses cybersecurity incidents, which are defined as incidents, including acts, omissions or circumstances, that interfere or could interfere with the continuity or security of vital services and systems, or the confidentiality, integrity or availability of the critical cyber systems touching upon these vital services and systems. No indication is given as to what would constitute interference under the Act. In the event of a cybersecurity incident, a designated operator must immediately report the incident to the CSE and the appropriate regulator. At present, the Act does not prescribe any timeline or give other indication as to how “immediately” should be interpreted.
Some deficiencies in Bill C-26, as it is presently drafted, can be listed as follows:
The breadth of what the government might order a telecommunications provider to do is not sufficiently bounded.
The secrecy and confidentiality provisions imposed on telecommunications providers threaten to establish a class of secret law and regulations.
There is a potential for excessive information sharing within the federal government and with international partners.
The costs associated with compliance with reforms may endanger the viability of smaller providers.
The vague drafting language means that the full contours of the legislation cannot be assessed.
There exists no recognition of privacy or other charter-protected rights as a counterbalance to the proposed security requirements, nor are appropriate accountability or transparency requirements imposed on the government.
Should these recommendations or ones derived from them not be taken up, the government could be creating legislation that would require the public and telecommunications providers to simply trust that it knows what it is doing and that its actions are in the best interests of everyone.
Is it reaching the right decision to say that no need exists for broader public discussion concerning the kinds of protections that should be in place to protect the cybersecurity of Canada's telecommunications and networks? The government could amend its legislation to ensure its activities conform with Canada's democratic values and norms, as well as transparency and accountability.
If the government is truly focused on security for Canadians, should we not start by reviewing the gang and organized crime evidence showing that our present policies have failed? Should we not look at safety and security in our bail reform to protect innocent Canadians who become victims?
If Bill C-26 is a step in protecting Canada from cybersecurity threats, what is the review process to ensure compliance? What is the review process to ensure effectiveness and goals are met when we look at Bill C-75 regarding bail reform? The NDP-Liberal government is not interested in reviewing bail reform even though the evidence clearly shows that Bill C-75 failed.
Cybersecurity is important to our country's security, as are the victims of crime after their safety and security are violated. I am deeply concerned that the government is struggling with evidence-based information to review Bill C-26, as Bill C-75 and Bill C-5 are not supported by evidence. In fact, offenders and criminals are a higher priority than their victims are. My concern is if Bill C-26 requires amendment or review.
Bill C-26 proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security. Therefore, although late out of the gate, Bill C-26 is a start.
In conclusion, I would like to see some clear accountability to ensure the objectives of this bill are met and that a proper review process is conducted that holds individuals, corporations, and most importantly, our government accountable.
1232 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
