SoVote

Decentralized Democracy

House Hansard - 164

44th Parl. 1st Sess.
March 6, 2023 11:00AM
Context: House Hansard - 164 - Mar/6/23
Mr. Rob Morrison (Kootenay—Columbia, CPC)
  • Mar/6/23 12:19:11 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, it is always an honour to rise in the House, especially when I can talk about safety and security. I always try to enhance safety and security for Canadians at home and abroad, for our corporations that are major contributors to our economic base, and of course, for government institutions. Today, discussing cybersecurity in Canada is an opportunity to enhance our country's ability to protect us from cyber-threats. Security is a significant concern for all Canadians. Lately, with the rise in organized crime and gang offences to the tune of a 92% increase in gang crime, I have to wonder when the government will be led by evidence, or in other words, provide evidence-based action. It is extremely important for our country to have cybersecurity to protect itself from threats, and I welcome Bill C-26. However, I am apprehensive about how successful this bill may be since accountability is a question that the opposition brings up every day in this House. Bill C-26 is basically divided into two parts. The first part aims to amend the Telecommunications Act to promote the security of the Canadian telecommunications system. It aims to do this by adding security as a policy objective to bring the telecommunications sector into line with other infrastructure sectors. By amending the Telecommunications Act to secure Canada's telecommunications systems and prohibit the use of products and services provided by specific telecommunications service providers, the amendment would enforce the ban on Huawei Technologies and ZTE from Canada's 5G infrastructure, as well as the removal and termination of related 4G equipment by 2027. Of concern is the time it took the government to react to enforce the ban on Huawei. The second part aims to enact the critical cyber systems protection act, the CCSPA, which is designed to protect critical cybersecurity and systems that are vital to national security or public safety or are delivered or operated within the legislative authority of Parliament. The purpose of the CCSPA is to ensure the identification and effective management of any cybersecurity risks, including risks associated with supply chains and using third party products and services; protect critical cyber systems from being compromised; ensure the proper detection of cybersecurity incidents; and minimize the impacts of any cybersecurity incidents on our critical cyber systems. The effects of this bill will be far-reaching, and there are some points to consider: The government would have the power to review, receive, assess and even intervene in cyber-compliance and operational situations within critical industries in Canada. There would also be mandatory cybersecurity programs for critical industries, as well as the enforcement of regulations through regulatory and law enforcement with potential financial penalties. Under both provisions, the Governor in Council and the Minister of Industry would be afforded additional powers. If any cybersecurity risks associated with the operator's supply chain or its use of third party products and services are identified, the operator must take reasonable steps to mitigate these risks. While the bill does not indicate what steps would be required from the operators, such steps may be prescribed by the regulations during a committee review. The act also addresses cybersecurity incidents; a cybersecurity incident is defined as an: incident, including an act, omission or circumstance, that interferes or may interfere with (a) the continuity or security of a vital service or vital system; or (b) the confidentiality, integrity or availability of the critical cyber system touching upon these vital services. It does not indicate what would constitute interference under the act. In the event of a cybersecurity incident, a designated operator must immediately report the incident to the CSE and the appropriate regulator. At present, the act does not prescribe any timeline or indicate how “immediately” should be interpreted. Again, there is an opportunity to address this at committee. There are some concerns with Bill C-26 as it is presently drafted. What the government might order a telecommunications provider to do is not clearly identified. Moreover, the secrecy and confidentiality provisions of the telecommunications providers to establish law and regulations are not clearly defined. As has been brought up today, potential exists for information sharing with other federal governments and international partners, but it is just not defined. Costs associated with compliance with reforms may endanger the viability of small providers. Drafting language needs to be in the full contours of legislation, and that could be discussed at committee as well. In addition, there should be recognition that privacy or other charter-protected rights exist as a counterbalance to proposed security requirements, which will ensure that the government is accountable. Some recommendations, or ones derived from them, should not be taken up, such as that the government should create legislation requiring the public and telecommunication providers to simply trust that the government knows what it is doing. Of course, this is a challenge. Telecommunications networks and the government must enact legislation to ensure its activities support Canada's democratic values and norms of transparency and accountability. If the government is truly focused on security for Canadians, should we not be reviewing our gang and organized crime evidence? Our present policies have failed. Should we not look at the safety and security of our bail reform in an effort to prevent innocent Canadians from becoming victims? Bill C-26 is a step in protecting Canada from cybersecurity threats. What is the review process to ensure compliance and effectiveness, as well as that goals are met? In terms of bail reform, even though the evidence clearly shows that Bill C-75 has failed, we see that the NDP-Liberal government is not interested in reviewing bail reform. Cybersecurity is important to our country's security; so are victims of crime after their safety and security has been violated. I am concerned that the government is struggling with evidence-based information to review Bill C-26, as it has with Bill C-75 and Bill C-5. These bills are not supported by evidence. In fact, offenders and criminals have a higher priority than victims do. My concern is as follows: If Bill C-26 requires amendments and review, will the government follow up? It is so important to be flexible and to be able to address changes, especially in a cybersecurity world, which changes so rapidly. Bill C-26 proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security. Therefore, although late out of the gate, Bill C-26 is a start. However, since this bill proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security, I would like to see individuals, corporations, and most importantly, the government held accountable. There should also be measures to ensure that the objectives of the bill are met and that there is a proper review process. As I have stated, government accountability has not been a priority. For the proposed bill to succeed, there have to be processes for review and for updating the critical cyber systems protection act. The failure of Bill C-75 on bail reform is clear with recent violent acts by murderers and individuals who should never have been out on bail. Today we are debating Bill C-26, and I would hope that there are lessons learned from our failure to review Bill C-75. In addition, we can learn from the failure of Bill C-5, as gang violence and organized crime rates are up 92%. Surely the government will open a door for review and making required changes to Bill C-26 on cybersecurity. I am thankful for the time to speak on the responsibilities related to cybersecurity.
1289 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Alistair MacGregor (Cowichan—Malahat—Langford, NDP)
  • Mar/6/23 12:32:50 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I am very pleased to be joining the debate today to offer some of my thoughts and perspective on Bill C-26, a much awaited bill on a cybersecurity infrastructure. Bill C-26 is a good reminder to members that the Department of Public Safety and its subject matter is so much bigger than just firearms, because, of course, firearms and Bill C-21 have been dominating the news cycle for the last couple of months. That bill, in particular at the public safety committee, has occupied so much time and wasted so many resources. Bill C-26 is a good reminder that with cybersecurity we have so many other agencies that are dedicated to national security under the umbrella of public safety. Cybersecurity is a big subject matter. We also have Bill C-20, which is an important bill on oversight and accountability for both the CBSA and RCMP. Today, we would not find many members in the House of Commons who are arguing against the need for better cybersecurity. All of the evidence out there points to this being a new and evolving threat. Artificial intelligence systems offer some interesting advantages, but with those advantages come threats and with those threats come actors who are determined to use them in nefarious ways that will harm and have harmed Canada's interests. We need a whole host of options to counter this threat. We need our national security agencies to take these threats with increased importance. We also need legislation to fill in the gaps and make sure that all of Canada's laws are up to date. I have spent a lot of time on the public safety committee. We did a couple of reports that directly touched on this area. One of our first reports identified violent extremism. Our most recent study looked at the threat posed by Russia. We know that since Russia conducted its invasion of Ukraine, which has recently passed the one-year anniversary, it has also increased the threats that it offers to Canada and to like-minded countries. One of those areas is cybersecurity. Our committee has not yet tabled its report, which should be tabled in the House of Commons soon so that members of the House and the public can not only see the results of the deliberations, but also see the important recommendations that the committee is going to make. However, we heard a lot of testimony during those committee hearings on the cyber-related threats from Russia. Many witnesses identified that those are among the most serious and relevant for Canada's public safety and national security, particularly in relation to critical infrastructure. I want to set this table before I get into the nuts and bolts of what Bill C-26 is offering, but also set some of the problems that are in evidence with this first version of the bill. We have to understand a few basic terms. The Government of Canada refers to critical infrastructure as the “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government”, whether that is the federal government, the provincial governments or our municipal governments. Because so many of those pieces of critical infrastructure are now tied into computer systems that are vulnerable to attack, a bill like this becomes quite necessary. I could go on and on about all of the critical systems in our modern society and the range of sectors, from our energy production to our food distribution systems to our electricity grid and transportation networks and how our ports and our banking system work. If one were to interrupt any one of those services, it could create absolute havoc within any Canadian community or countrywide. One of the witnesses we had during our public safety meetings on the topic of the threats posed from Russia, and this was just talking about the cyber-threat more broadly, was Jennifer Quaid, Executive Director of the Canadian Cyber Threat Exchange. She reminded our committee that there are nation-states that are conducting espionage and statecraft through the Internet, but there are also criminals who are engaging in cybercrime for financial gain. In some cases, those criminal groups and the nation-states are working together. There is evidence of this not only in Russia but in places like North Korea and China, where it is almost like the policy that was in place back in the 1700s and 1600s, where privateers would go out and do a nation-state's bidding. In this modern-day version of that policy, there are criminal organizations that are working hand in glove with some nation-states to give them some plausible deniability, but the systems they are using do pose a very real threat to Canada. One of our key witnesses during the study was Caroline Xavier, Chief of the Communications Security Establishment. She was not able to go into much detail or specifics, given the very sensitive nature of the topic, but she was able to assure the committee that cybercrime is absolutely the most prevalent and most pervasive threat to Canadians and Canadian businesses. She observed that the state-sponsored cyber programs of China, North Korea, Iran and Russia posed the greatest strategic threat to Canada, and that foreign cyber-threat activities have included attempts to target Canadian critical infrastructure operators, as well as their operational and information technology. Leaving aside the government, it is important for members to realize that most of Canada's critical infrastructure is, by and large, in the hands of the private sector. This is going to underline some of the important elements of Bill C-26. We also had testimony from David Shipley, Chief Executive Officer of Beauceron Security. He was relaying the same stuff about Russian criminal organizations working in tandem with the government, and saying that criminal gangs have crippled Canadian municipalities. They have gone after health care organizations. The range of malicious cyber-activity has absolutely extended to many small and medium-sized enterprises. When we look at the reporting requirements of Bill C-26, one of the biggest gaps that we have in our system is the fact that many businesses, private enterprises, are loath to report the fact that their systems have experienced a cyber-attack. They may be threatened to not do so. There is also a very real concern about the institutional harm that could come from the public release of said information. A large corporation that relays to its customers that it has experienced a cyber-attack may find people are loath to do business with it if they are unsure that its systems are up to par. I also want to highlight a recent example from 2021, where the Government of Newfoundland and Labrador experienced a health records cyber-attack on October 30. The investigation revealed that over 200,000 files were taken that contained confidential patient information. One can just imagine that in a province the size of Newfoundland and Labrador the fact that over 200,000 files were taken, that is a shocking theft of personal and confidential information. It really underlines just how important addressing this is. I also want to touch briefly on the topic of artificial intelligence. I want to read a quote from a recent Hill Times article. This is from Jérémie Harris who is one of the co-founders of Gladstone AI, which is an artificial intelligence safety committee. He says: But perhaps more concerning are the national security implications of these impressive capabilities. ChatGPT has been used to generate highly effective and unprecedented forms of malware, and the technology behind it can be used to power hyperscaled election interference operations and phishing attacks. These applications—and countless other, equally concerning ones also enabled by new advances in AI—would have been the stuff of science fiction just two years ago. He goes on to say: ...ChatGPT is a harbinger of an era in which AI will be the single most important source of public safety risk facing Canada. As AI advances at a breakneck pace, the destructive footprint of malicious actors who use it will increase just as fast. Likewise, AI accidents—now widely viewed by AI safety specialists as a source of global catastrophic risk—will take more significant and exotic forms. Something all members of the House really have to be aware of is how, just in the last two years, AI has advanced so quickly. We can think about what AI will be capable of two years or a decade from now. Just as Mr. Harris said, what it is doing right now was inconceivable just two years ago. The fact that AI is now being used to generate unique code for malware indicates there is no telling what it can be used to do and how it could be used to wreak havoc. That underlies just how important this issue is and how seriously we, as parliamentarians, have to take it as we serve our constituents and do the important work of equipping our nation with the tools it needs to keep Canadians, and the critical infrastructure they depend upon, safe. When I was a member of the public safety committee, I had a chance to speak with Mr. Harris. I actually put a motion on notice that the committee should be undertaking a study on the range of threats posed to Canada's public safety, national security and critical infrastructure, specifically by AI systems. I hope one day the committee can take that study up, but it is a committee with a very heavy workload. It is still trying to find its way through Bill C-21. It is waiting for Bill C-20 to arrive on its door and, of course, this bill, Bill C-26, would also keep committee members quite busy. I would like now to turn to the specifics of Bill C-26 and what it is attempting to do. It is separated into two main parts. According to the summary of the bill: Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. There are a number of orders that the Minister of Industry could issue. For example, he or she could prohibit a TSP from using any specified product or service in its networks or facilities; direct a TSP to remove a specified product from its networks or facilities; impose conditions on a TSP’s use of any product or service; subject a TSP’s networks or facilities, as well as its procurement plans for those networks or facilities, to a specified review process. Those are just a few examples of how the minister's orders could be issued. The bill does require the Governor in Council or the Minister of Industry to publish these orders in the Canada Gazette, but there is an allowance in the bill to allow these provisions to be prohibited, so the government can prevent the disclosure of these orders within the Gazette if they feel they need to be kept secret. Part 2 would enact a brand new statute of Canada, a critical cyber systems protection act, which would “provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety”. In schedule 1 of the government's bill there is a brief list. Vital systems and services can include telecommunication services, interprovincial or international pipelines and power line systems, and nuclear energy systems. Those are a few examples. A really important point is that the Governor in Council, through this bill, would be able to establish classes of operators and require designated operators to establish and implement cybersecurity programs. This is where the bill would affect the private sector and make sure those cybersecurity programs are in place, especially when that private sector is involved in critical infrastructure. As a brief outline, with those cybersecurity programs, the expected outcomes would be that they could identify and manage any cyber-risk to the organization, including supply chain risks; prevent their critical cyber systems from being compromised; detect cybersecurity incidents; and limit the damage in the event a cybersecurity incident did occur. I want to talk about concerns with the bill, because there are a lot of concerns. I have had the chance to speak with a number of organizations, but first and foremost was OpenMedia. I had a great conversation with the people there. There is a section on its website that specifically deals with Bill C-26. OpenMedia absolutely realizes that new cybersecurity protections are needed to protect Canada's infrastructure, but it believes they have to be balanced by appropriate safeguards, and this is to prevent their abuse and misuse. We rely on these essential services, and their protection is important, but Bill C-26, as it is currently written, would give the executive branch huge sweeping powers. In my reading of the bill, there would not be enough accountability and oversight; there would not be enough review mechanisms for Parliament to check the power of the executive, and I think this is a critical point. I think, in principle, we have a good idea with the bill, but a lot of work will be needed at committee to ensure that this executive power would be checked and that it would fit within the parameters of the law. We absolutely must have that kind of parliamentary oversight. I also know of the Canadian Civil Liberties Association, which said: The problems with the Bill lie in the fact that the new and discretionary powers introduced by C-26 are largely unconstrained by safeguards to ensure those powers are used, when necessary, in ways that are proportionate, with due consideration for privacy and other rights. The lack of provisions around accountability and transparency make it all more troubling still. I think, at this stage, we want to ensure, with the minister's powers to order or direct service providers, and the requirement to comply with these orders, that these powers are being subjected to the appropriate safeguard mechanisms. They are quite broad, as currently written. In conclusion, I want to see a bill that protects vulnerable groups from cyber-attacks. So many Canadians rely on these critical systems, and we know so many have been targeted and are being targeted as we speak, and we know these dangers are going to multiply and get worse the longer we go on. We want to make sure they are protected, but we want to make sure that we do not have broad unchecked ministerial powers with no public oversight. That is the balance that must be achieved. I must express, in my closing minute, my personal frustration with how the Liberals draft their bills. The idea behind Bill C-26 is a good one, but the problem with how the Liberals drafted the bill is that it would give huge sweeping amount of power to the executive branch. I just wish they would have had the foresight to understand that, of course, these provisions would be met with opposition. It seems the Liberals are putting the work on committee members to fix the bill for them, rather than having had the foresight and intuition to understand that these are problematic elements of the bill. I think a lot more work could have been done on the government's side to have presented a better first draft. I guess we have what we have to work with, but a lot of work is going to be needed to be done at committee, and I look forward to seeing members do that work. I also look forward to voting for the bill at second reading and sending it to committee. I welcome any questions or comments from my colleagues.
2718 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Mar/6/23 12:52:51 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, Bill C-26 would assist in empowering our laws and legislators to ensure there is a higher sense of Canadian confidence in the digital world, given the importance of the critical systems that are at work. Whether they are in health care services or consumer purchases, we have witnessed a great deal of advancement over the last number of years in cyberspace. I am wondering if the member could provide his thoughts on why it is so important that legislation is brought forward to support Canadian confidence and protect privacy at the same time, and deal with the issue of the security of our Internet.
107 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Alistair MacGregor
  • Mar/6/23 12:55:39 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, in my opinion, based on what I have heard, it is artificial intelligence and its capabilities in the hands of nefarious actors. We heard from Caroline Xavier, the chief of the Communications Security Establishment, at committee. She identified China, Russia, Iran and North Korea as countries that are actively trying to undermine Canada's national security. If we combine that with what Mr. Jérémie Harris has identified as what AI is capable of now and what it could be capable of, I am very concerned that those countries that are actively trying to undermine Canada's national security interests will use this emerging technology to construct malware, the likes of which we have never seen. That is why a bill such as Bill C-26 is important, but it is important that we get it right. We absolutely must make sure that our critical systems are beefed up and secured against not only those particular nation states, but also others that are actively trying to undermine our interests.
174 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Alistair MacGregor
  • Mar/6/23 1:01:30 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, there have been serious concerns about how, within the telecommunications infrastructure, Bill C-26 would allow Canada's national security and spy agencies to permanently implant themselves within that infrastructure, have access to all kinds of sensitive data and possibly share it. I do not know what the specifics are at this point. I think the committee will be empowered to look at that. I want to make sure that, everywhere in Bill C-26 where ministers are able to issue these types of orders, or if they are kept secret, there would be accountability mechanisms built into the bill. Can we give the standing joint committee on regulations the ability to review those orders, since they could be prevented from being published in the Canada Gazette? That is one particular example, but there are many others. I agree with the premise of the member's question in that there is a lot of work that needs to be done with Bill C-26 at committee.
168 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Yves Perron (Berthier—Maskinongé, BQ)
  • Mar/6/23 1:25:10 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I thank my colleague for his speech. It was eminently sensible, and he made some good points. I am glad the Conservatives are going to vote in favour of the bill so that it can go to committee, and I hope we will all approach that work in good faith, as we should. Over the past few weeks, I have had the opportunity to serve as a substitute at the Standing Committee on Public Safety and National Security. I had a chance to question a witness, and one of the things we talked about was quantum computing, a new and rapidly evolving technology that Canada is absolutely not ready for. My sense is that it will take a massive investment up front to prepare the country for future cyber-attacks by systems that could crack passwords at lightning speed. Does my colleague see this as a priority issue? Does he think that the committee should discuss making a massive investment in R and D and creating a technical team to get ready for these new technologies?
178 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. James Bezan
  • Mar/6/23 1:27:36 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I agree. Right now, this will be studied only at the industry committee, but it involves a huge component of national security and national defence. I hope that as legislation comes forward, we will see other studies come into play that look at the impacts of it as it applies not just to industry but to our national security. One would hope that the public safety committee would also undertake a study. There might be a requirement to split this bill, and perhaps OGGO, the government operations committee, needs to look at this as well. There are multiple departments within the Government of Canada, like Shared Services Canada, but how do we make sure that they are fully up to scale with all of the technologies that are currently available and that they are developing the new technologies needed to defend Canadians here at home? We know that the Government of Canada already collects a pile of personal information from Canadians and that they have been targeted by nefarious foreign actors, transnational criminal organizations and cybercriminals right here in Canada.
182 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Ted Falk (Provencher, CPC)
  • Mar/6/23 1:33:08 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, it is my pleasure to rise in the House today to share my thoughts and those of my constituents on Bill C-26. I am very pleased to have this opportunity. Bill C-26 is a risky and tricky piece of legislation. On the one hand, we have serious and growing issues of cybersecurity, and on the other hand, we have the importance of personal privacy. We also have questions related to government accountability and oversight. I am sorry to say that the government has not done a stellar job on either one of those fronts to date. I am hopeful that members of this House can work together collaboratively to craft a piece of legislation around what has been proposed in Bill C-26 that balances both of those vital yet often competing priorities. I grew up in the 1960s under the spectre of the Cold War. When I was a kid, the threat of foreign attack came from the air above us, from nuclear missiles from Russia or China. While our adversaries remain the same and current events have sadly brought the spectre of nuclear disaster to the forefront again, the method of attack to which we are most susceptible today is far more sophisticated and far more insidious. Rather than bombs from the air above us, the weapons of our enemies are in the air all around us: Men and women are sitting at computers in dark rooms, in government agencies or at the local library sending out digital viruses. These cancers attack the Internet, telecommunication waves and the platforms we have become reliant on to what I would consider to be an unhealthy degree. That is where I will pause for a moment, because I think the best thing we can do, the first step to securing our national security and the well-being of Canadians, is what nobody wants to do, which is to take a little step backwards to take a look at this. We need to divest ourselves of our all-consuming reliance on digital platforms, devices and infrastructure, and ensure that our most vital infrastructure always has a physical fail-safe to fall back on. Let me give an example. Let us talk about digital currency for a second. Digital currency exists. Most Canadians have a credit card, a debit card and online banking. I do and I use them; it is convenient. However, that is not to say for a minute that I think progress demands that we do away with hard currency. It is exactly the opposite. Canadians have become more reliant on digital currency, forms of digital ID, smart phones, smart cars, smart homes, smart cities, smart bombs, smart banking and smart hospitals, and the really smart thing to do is ensure that we always maintain physical infrastructure and ensure we are in control and not crippled by the worst that could happen. Nothing is impenetrable. No matter how good or amazing the technology that we create is, no device, no platform and no code has been created that cannot be hacked. Anything people make, people can break, and if they cannot, they will develop a machine that can break it. I was reminded of a story last week of a military computer virus called Stuxnet. Stuxnet single-handedly destroyed one-fifth of Iran's nuclear centrifuges. Actually, that is not totally correct. The worm that Stuxnet was caused these sophisticated machines to self-destruct. It got into their systems, learned how they operated and then caused the powerful turbines to spin in reverse, shredding the machines. We have artificial intelligence so advanced that it can make decisions, and the people who created the technology do not even know how the decisions came about. It cannot even tell them. It is a little scary. Digitized records are important. We have all come to rely on them, but I believe keeping a hard copy is also important. Ensuring that we maintain a hard physical currency is very important too, as is recognizing the value of currency produced by the Royal Canadian Mint. We need to ensure that our power grid still has a physical switch and that our hospitals and banking systems cannot be crippled by a bright kid with a laptop or a foreign actor with a more malicious intent. The government has been very slow to address cyber-threats. Under its watch, the CRA was hacked. It said 5,000 accounts were affected, yet that number turned out to be 50,000. It did not address the issue. There were lots of excuses from the minister, but what really happened? One year later it happened again, and another 10,000 Canadians had their personal data accessed by hackers. Last year, the National Research Council was hacked. I am sure that after this past week, the government is tired of talking about foreign interference in our elections, so I will not belabour that point, except to say that we did have foreign interference in our elections. The Prime Minister knew about it and he did nothing. Worse than that, he still refuses to tell Canadians the truth about what he knew and when he knew it. Like everything else, he refuses to take responsibility. I wonder sometimes just how much longer those on the government benches will allow him to do so. I would bet that right now the Reform Act is looking pretty attractive to them. Last year, Rogers' network went down suddenly. Canadians could not access their banking. Businesses could not function. Emergency services were affected. Rogers and the government said it was a glitch, a hack. We will probably never know for sure, but the effect was the same: chaos. That is what our enemies want, and we do have enemies, both foreign and domestic, people who want to see anarchy and to cause chaos, fear and division. It sounds eerily familiar. What legislative response have we seen from the government to date? I am seriously asking, because when I think back over the past seven years that the Liberals have been in power, I am not aware of any substantive action, either proactive or reactive, that they have taken to address our cybersecurity and the glaring vulnerabilities that exist with respect to it. To that end, I am glad that we are now finally having this important discussion. We need to beef up our security systems, beef up our cybersecurity system and keep Canadians safe. As the government always says, Canadians have a right to be safe and to feel safe. The obvious irony is that it only says it when it is clear that Canadians are neither safe nor feeling safe. Canadians should be able to feel safe, should be safe and should have confidence in the cybersecurity system they rely on. My time is almost gone, and that is a shame because there are so many things we need to talk about with respect to this bill, although I am confident that my colleagues will be able to further articulate some of the concerns. However, I do want to say one word about privacy. Many Canadians are concerned about the ever-increasing size, scope and reach of government in this country. The Prime Minister has increased the size of government by some 30%, and this bill gives such sweeping powers to the government that it has prompted numerous civil liberties groups, including the Canadian Civil Liberties Association, the International Civil Liberties Monitoring Group and the Privacy and Access Council of Canada, in addition to several other groups and academics, to express their very serious concerns about this legislation. They call it “deeply problematic” because it “risks undermining [the] privacy rights [of Canadians], and the principles of accountable governance and judicial due process”. That is a lot to unpack in just one sentence. Had this legislation come forward three years ago, I would have probably said that it was a no-brainer and that we should get it done as national security trumps personal privacy. However, after the violations of civil liberties, even basic liberties, that we have witnessed over the past three years from the government, I would not be so eager to say that we should just get it done. There is also the government overreach, the control and the abject absence of even a semblance of accountability. As vital as our national security is, the government, the ministers and the Prime Minister simply cannot be trusted with more power, and that is what this bill does. It gives the government of the day more power through the Governor in Council and through its agencies to establish regulations and to further limit and restrict the freedoms and privacy of individual Canadians. It is my hope that as members in this House, we can strike the right balance after hearing from all sides and craft a piece of legislation that accomplishes everything we want and need in it. However, as it stands, Bill C-26 gives way too much power to a government that has proven time and time again that it is unable and unworthy to wield it.
1532 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Ted Falk
  • Mar/6/23 1:44:01 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, this is an important question. Some time ago, I did a term on the National Security and Intelligence Committee of Parliamentarians, and what I learned there was that we have phenomenal security agencies in this country. One of those is the CSE, the Communications Security Establishment, which monitors cybersecurity. It does phenomenal work. I was coming back from a meeting one day, driving down the highway. It happened to be a Friday, and I noticed vehicles pulling campers and boats, with roof racks and bicycles attached to their bumpers. I thought, is it not wonderful that we live in a country where we have absolutely no idea about the existential cyber-threats that are out there? Why is that? It is because our security agencies are doing a phenomenal job at keeping us safe and providing this kind of environment. The obligation of the government, when it gets advice from our security agencies, is to act on it.
160 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Ms. Marie-Hélène Gaudreau (Laurentides—Labelle, BQ)
  • Mar/6/23 1:45:26 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, unfortunately, we have seen that, when it comes to everything that affects all citizens, the government is ignoring security issues and the threats that foreign interference can pose. We are seeing partisanship everywhere. We are talking here about cybersecurity. We want our electoral system to be airtight. We also do not want democracy to be affected. Is this the right time for this bill? Is it designed well enough that we can do the same as our Five Eyes colleagues who took the bull by the horns far in advance?
92 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Dane Lloyd (Sturgeon River—Parkland, CPC)
  • Mar/6/23 1:48:45 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, it is an honour, as it always is, to rise in the House of Commons of the Canadian people and speak to Bill C-26, an act respecting cybersecurity, which seeks to amend the Telecommunications Act and make subsequent amendments to others acts. I want to say from the outset that cybersecurity is a critically important issue. For those of us who have been watching the news, we have even seen bookstores like Indigo impacted by ransomware, and we know that no Canadian, business or government agency is immune to cybersecurity threats. As Conservatives, we obviously support taking robust action on cybersecurity and we look forward to the bill going to committee, where we can hear from stakeholders who have expressed uncertainty about what the impact of the bill is going to be. Certainly, I hope we can work across lines to make a better piece of legislation and address the very real challenges we are facing in this cybersecurity age, in this cyber age that we are facing. I am going to go into a bit of background on the bill, because my constituents might not have heard of this legislation. For their benefit, I am going to give a bit of summary of what I understand the changes to be. The threat of malware in our telecommunications sector and critical infrastructure does pose a serious threat to Canada. It is important that we respond to these threats proactively, in light of the inevitable future attacks that will happen in our cyberspace. As I said, Conservatives will support legislation to defend our telecommunications sector and our other critical infrastructure from threats, the likes of which, as I stated earlier, have been levied against Canadian individuals, corporations and government agencies repeatedly. In order to evaluate this legislation, I would like to take some time to consider how the proposed bill might impact our economy, our national security and our commitment to protecting the civil rights of Canadians. Although legislation relating to cybersecurity threats is now long overdue, we should remain vigilant to protect the rights of Canadians and our domestic corporate actors, who could be seriously impacted by the unintended consequences of this legislation. Notably, I am somewhat concerned by the sweeping discretionary powers that are granted to the minister and the Governor in Council in this legislation. I would also like to talk about some of the objectives of the bill and then describe how this current proposed legislation could fail in achieving its intended purpose. The bill is presented in two parts. The first would amend the Telecommunications Act to promote the security of the Canadian telecommunications sector, and the second part of the act would enact the critical cyber systems protection act. The amendments to the Telecommunications Act are intended to protect against ongoing threats of malware, which poses a threat to the Canadian telecommunications system, and the critical cyber systems protection act aims to strengthen the cybersecurity systems that are so vital to our national security and public safety, and it would allow the government to respond to these cyber-threats. The aim of this legislation would implicate operators in a broad variety of fields, including the finance, telecommunications, energy and transportation sectors, just to name a few, all critical parts of our infrastructure. With these aims in mind, it is important to consider how expansive the government powers being talked about here are, new powers to the government, how these new powers will affect all these sectors that affect our day-to-day lives, and whether these new measures are proportionate and necessary to be implemented. To begin, the powers afforded to the minister present economic and financial risk for critical systems operators and telecommunication system providers. The first consideration is the minister's ability to direct telecommunication service providers to comply with an order to prohibit a provider from using or providing certain products or services to a specific individual or entity. Those are pretty broad powers. The bill would implicate the operations of private telecommunications organizations, and therefore the legislation requires safeguards to protect the economic viability of these companies. The bill would also allow the minister to compel telecommunications companies to obey government directives or face the consequences of significant monetary penalties. In giving the minister such expansive powers, the government may have failed to consider the potential economic impact of these unchecked provisions on service provisions. Telecommunications revenues contribute over $50 billion to Canada's GDP, yet the government has not provided clear and adequate safeguards in this legislation to limit the extent to which or the frequency with which it might use these service provisions and how they might be restricted under the instance of even a minor cyber-threat. Large, medium and small regional market players would be impacted by this legislation if appropriate safeguards are not adopted in the amendment stage. Large telecommunications service providers make up about 90% of the market share, and any directive to suspend a service by these large market players could impact a significant amount of the Canadian population. Although we hope that such orders will seldom be issued, the vagueness of the language in the bill does not guarantee this. Meanwhile, we see small and medium-sized players who disproportionately service under-serviced areas in Canada; I am thinking of rural and remote communities. These small and medium-sized players often have trouble dealing with the regulatory complexity and the financial investments needed to meet regulatory thresholds, and we could see these small and medium-sized players just fold up or get bought out at a fraction of what their value would have been. We would really see this as a consequence for rural and remote communities, which are struggling, even today, to get access to basic services like high-speed Internet. For these reasons, the overbroad provisions in the bill do not lend themselves to a standard of proportionality. A stakeholder group, Citizen Lab, released a research report on Bill C-26 from the Munk School, authored by Dr. Christopher Parsons. The report outlines, in its recommendations, that the legislation should be amended to allow telecommunications service providers to obtain forbearance and/or compensation for orders that would have “a deleterious effect on a telecommunications provider’s economic viability”. The Business Council of Canada is likewise concerned about the CCSPA requiring that all critical systems operators undertake the same precautionary actions to protect themselves from cyber-threats. The Business Council of Canada notes that the legislation would require a singular standard of all service providers “irrespective of their cyber security maturity”. We know that there are highly funded firms with a lot of resources that have highly superior cybersecurity systems, and then we have our more infant, junior tech companies that are trying to grow so that they can attract capital. These regulatory requirements of holding them to the same standard could have a negative effect on growing the tech ecosystem here in Canada. Moreover, the Business Council of Canada notes that the legal threshold for issuing the directives is too low. The low threshold to issue these orders to an operator would allow the possibility of lost revenue for operators because of an absence of due diligence on the part of the government, a government that has had its own cybersecurity problems. I have serious reservations that a government that is unable to run its own IT systems will have a better capability of telling private companies how to run their IT systems. The council further notes that the monetary penalties are unduly high and are not proportionate, given the benefits of compliance in the event of a perceived or actual cyber-threat. These companies in Canada want to live by the rules. They want to work with the Canadian government. Their reputations are at stake, yet the government is treating them like they are bad actors by putting these fines in place, when maybe we should be looking at working and engaging more with our telecom sector to have a more friendly relationship on this issue. Another group, Norton Rose Fulbright, noted that there is still considerable uncertainty as to how detailed the cybersecurity plans must be and how it would alter industries' existing policies and agreements. Clearly, there is a lot of uncertainty about this, but it is too important to let it go aside, so I am looking forward to this coming to committee, where we can have some of these stakeholder witnesses come and talk about things so that we can clear up the uncertainty and we can have targeted cybersecurity measures that actually result in benefits to Canadians. Other technical experts, academics and civil liberties groups have serious concerns about the size, scope and lack of oversight around the powers that the government would gain under this bill. Civil liberties groups are particularly concerned about the government's ability to direct telecommunications providers to do anything needed by secret order. While the legislation lists what might be included by the minister or Governor in Council, the ambiguity of the wording leaves open the possibility of compelling a telecommunications company to do more than is officially stated. This is particularly noteworthy because of the significant monetary penalties that can be levied against these companies, to the tune of up to $10 million a day. Liberals, in many cases, have perhaps neglected to consider the privacy of Canadians through this legislation. Bill C-26 would allow the government to bar any person or company from receiving specific services, which raises concerns about the discretion the government has in making these decisions. Again, it is very unclear. This is too important. We should bring the bill to committee and vote on it, but there are lot of things we need to get right in the legislation. We look forward to looking at that.
1652 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Hon. Marco Mendicino (Minister of Public Safety, Lib.)
  • Mar/6/23 2:47:03 p.m.
  • Watch
Mr. Speaker, my colleague and the member of the parliamentary committee had the benefit of hearing extensive evidence from our government's most senior public servants implicated in the area of national security and intelligence, including the Prime Minister's national security advisor. It is important for my colleague to remember that this is not a partisan issue. That is why we will continue to be upfront in that committee. That is why we will continue to leverage the other agencies and bodies, which are there to raise the bar of transparency and sunlight in the way we fight against foreign interference, so we can protect our democratic institutions.
109 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Doug Shipley (Barrie—Springwater—Oro-Medonte, CPC)
  • Mar/6/23 3:59:00 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I am proud to rise in the House today to speak to this important legislation on behalf of the good people of Barrie—Springwater—Oro-Medonte. I am pleased to see Bill C-26 come forward in the House. Improving the resiliency of our critical infrastructure is of the utmost importance to our national security and the everyday safety of Canadians. This legislation consists of two separate parts. The first portion, among other things, would give the Governor in Council powers to order telecommunications providers to secure their systems against threats and to remove malicious actors from our telecommunications infrastructure. The second portion would create the critical cyber systems protection act, which would establish a cybersecurity compliance framework for federally regulated critical infrastructure operators. This would specifically regulate the sectors of finance, telecommunications, energy and transportation. I believe that in principle, this legislation appears promising. I think we can all agree that we need a robust cybersecurity framework in Canada. However, it is worth noting that under the current government, we have done the least to bolster our resilience to cyber-attacks compared to all other Five Eyes partners. We lag behind our western allies in national security, and as such, Canada has failed to secure our critical infrastructure against complex and ever-evolving cyber-threats in the modern world. Therefore, before I get into the specific merits and deficiencies of this legislation, I want to speak about the emerging threats to our critical infrastructure and the pressing need to protect our national security. Threats to our critical infrastructure are real and imminent. In fact, Caroline Xavier, chief of the Communications Security Establishment, or CSE, recently testified before the public safety and national security committee and stated, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses.” She also noted, “Critical infrastructure operators and large enterprises are some of the most lucrative targets.” While there are several forms of cyber-attacks that our critical infrastructure operators are vulnerable to, the Canadian Centre for Cyber Security has noted in its most recent annual national cyber-threat assessment that ransomware is the most disruptive form of cybercrime facing Canadians and that critical infrastructure operators are more likely to pay ransoms to cybercriminals to avoid disruption. For example, in 2018, cybercriminals deployed a malicious software and successfully held the city hall of a municipal government in Ontario hostage, which resulted in that government paying $35,000 to the hackers to avoid disruption. However, this is not always an effective strategy. A survey of Canadian businesses found that only 42% of organizations that paid ransoms to cybercriminals had their data completely restored. In 2021, the CSE stated that it was informed of 304 ransomware incidents against Canadian victims, with over half of them in critical infrastructure. However, it acknowledged that cyber-incidents are significantly under-reported, and the true number of victims is much higher. The enormous economic toll that these cyber-breaches have on Canadian companies is worth noting. According to IBM, in 2022, the average cost of a data breach, which includes but is not limited to ransomware, to Canadian firms was $7 million. There is currently no framework to ensure that companies report when they are victims of these attacks. I will acknowledge that the legislation before us takes steps to address this pervasive issue that Canadians are facing; however, it is certainly an overdue effort. We saw the damage a cyber-attack of this magnitude can cause in May 2021, when a U.S. energy company was subject to a ransomware attack carried out by a Russian-based criminal group that successfully extorted roughly $4.3 million in coin-based currency. As members may remember, this attack disrupted the largest fuel line in the U.S. for five days and led to President Biden calling a national state of emergency. In 2021, at the U.S. Senate committee on homeland security, the CEO of that company testified that he had no emergency preparedness plan in place that specifically mentioned “ransom or action to ransom”. This incident underscores the fact that we as a country must enhance preparedness and improve the resiliency of our critical infrastructure in order to avoid similar incidents. Therefore, I am pleased to see this proposed legislation come forward. However, it is worth noting that this is the first substantive legislative response to this issue during the government’s tenure, despite a steady increase in cyber-threats over the years. The entirety of our federally regulated critical infrastructure is connected to the Internet in some way, and it is extremely important to prevent malicious actors from setting up on our infrastructure and attacking it. Previously, there has been no mechanism for the government to formally remove a company from our telecommunications networks. The clearest example of the need for this mechanism would be the controversy surrounding Huawei, a company that was part of the design of our 5G networks despite glaring national security concerns related to its activities and relationship to the Communist Party in Beijing. It is a significant move that this company will be kicked off our servers, but it is a delayed one. We know that under China's national intelligence law, the CCP has the authority to instruct any company to hand over information to support, assist and co-operate with state intelligence work. Accordingly, we ought to be cautious and avoid contracting with companies that could potentially compromise the security of our critical infrastructure. It is certainly positive that Canada will be able to kick malicious actors such as Huawei off our networks. However, many have noted that we lessened our credibility among the Five Eyes nations due to our delayed response to this issue. Indeed, the United States lobbied Canada for years to exclude Huawei from our 5G mobile networks and warned that it would reconsider intelligence sharing with any countries that use Huawei equipment. In some respects, this legislation is a positive step toward establishing a baseline standard of care for organizations whose functions are integral to our critical infrastructure. As I have previously mentioned, incidents of cyber-attacks often go unreported or under-reported. This legislation's mandatory reporting mechanism, which specifies that a designated operator must immediately report an incident to the CSE and the appropriate regulator, is a welcome step toward addressing this issue. However, the act does not prescribe any timeline or give any other information as to how “immediately” should be interpreted by an operator. As I have just laid out, there are aspects of this legislation that my Conservative colleagues and I fully support. However, I have concerns with several elements of the bill. First and foremost, there is a complete lack of oversight over the sweeping new powers afforded to the cabinet ministers, regulators and government agencies mentioned in this legislation. Alongside a lack of oversight, there is little information on the breadth of what the government might order a telecommunications operator to do. It is evident that this bill draws on much of Australia's legislative model, which was first introduced in 2018 and eventually amended. However, we did not follow suit in terms of the oversight measures Australia included in its critical infrastructure protection act. Notably, Australia introduced political accountability mechanisms alongside its legislation, including a requirement for regular reporting, an independent review and the production of a written report. The Conservatives would like to see annual reporting from the minister on what actions have been taken and a public disclosure of the orders that the government is making under these newly afforded powers. In terms of concerns from the public, we have heard from a number of organizations that are concerned that elements of this legislation undermine the privacy rights of Canadians. In September of last year, several privacy rights organizations signed an open letter to the Minister of Public Safety, which laid out their concerns with Bill C-26. For example, they were concerned about the sweeping new powers this legislation would give to the government over access to the personal data of Canadians and the data of companies. They noted that Bill C-26 “may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.” I think we can all agree that while enacting measures to improve the resilience of our critical infrastructure is of the utmost importance, civil liberties and privacy must be fully respected when drafting those measures. On the other hand, we have heard from stakeholders who are concerned about the regulatory burden this legislation may have on businesses, especially small and medium enterprises. Many stakeholders have noted that the high costs and business impacts of a cyber-incident already incentivize companies to ensure rigorous cybersecurity protocols. Recent statistics released by Statistics Canada found that in 2021, Canadian businesses spent over $10 billion on cybersecurity, a 41% increase compared to 2019. Many stakeholders have noted that the proposed penalties related to this act, which reach up to $15 million and five years of jail time, are touted as being intended to promote compliance rather than to punish. However, I think we can all agree that a $15-million fine would indeed be unduly punitive on a small business that may be subject to this act. Therefore, we must ensure that fines and compliance costs are distributed evenly so as not to stifle competition and endanger the viability of small and medium enterprises in our critical infrastructure sectors. Finally, we face a problem related to definitions and the scope of this bill. Various terms are not defined, including what constitutes a cyber-incident, and it is not immediately clear how the government will determine who is subject to this legislation. I look forward to receiving an explanation from the government to demystify some of the vague language found within it. To conclude, a threat to our critical infrastructure is a threat to our national security. I think all parties agree that the government must take strong and immediate action against cyber-attacks. We support this bill in principle, but we believe that it needs to be amended significantly to ensure greater transparency and accountability from the government and future governments. I look forward to studying and amending this bill at the public safety committee with my colleagues across all parties.
1744 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Tony Van Bynen (Newmarket—Aurora, Lib.)
  • Mar/6/23 4:12:21 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, it is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will be addressing elements of the legislation that deal with securing Canada's telecommunications system. As Canadians rely more and more on digital communication, it is critical that our telecommunications system is secure. Let me assure the House that the Government of Canada takes the security of that system seriously. That is why we conducted a review of 5G technology and the associated security and economic considerations. It is clear that 5G technology holds lots of promise for Canadians: advanced telemedicine, connected and autonomous vehicles, smart cities, clean energy, precision agriculture, smart mining, and lots more. However, our security review also made it clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system. The Canadian Security Intelligence Service recognized this in its most recent public annual report. The report said, “Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada’s national security, its interests and its economic stability.” The report said that cyber-actors conduct malicious activities to advance their political, economic, military, security and ideological interests. These actors seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities. The CSIS report also highlighted the increasing cyber-threat that ransomware poses. The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish victims' data or block access to it unless a ransom is paid. It is not just cybercriminals doing this. CSIS has warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution. To be sure, Canadians, industry and government have worked hard to this point to defend our telecom system, but we must always be alert and always be guarding against the next attacks. This has become more important as people are now often working remotely from home office environments, and the challenges are accentuated by the 5G technology. In 5G systems, sensitive functions will become increasingly decentralized to be able to be faster where speed is needed. We all recognize cell towers in our communities and along our highways, and 5G networks will add a multitude of smaller access points in order to increase speeds. The devices the 5G network will connect to will also grow exponentially. Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with the older technology. Bad actors could have more of an impact on our critical infrastructure than before. The security review we conducted found that, for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technology and the threat environment. Now, for these reasons, we are proposing amendments to the Telecommunications Act. The amendments would ensure that the security of our telecommunications system remains an overriding objective. This bill would add to the list of objectives set out in section 7 of the Telecommunications Act. It would add the words “to promote the security of the Canadian telecommunications system.” It is important to have these words specified in law. It would mean that the government would be able to exercise its power under the legislation for the purposes of securing Canada's telecommunications system. The amendments also include authorities to prohibit Canadian telecommunication service providers from providing and using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary after consultation with the telecommunications providers and other stakeholders. They would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks, upon which all critical infrastructures depend. We have listened to our security experts, Canadians and our allies, and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canadian competitiveness, economic stability and long-term prosperity. It is clear that the telecommunications infrastructure has become increasingly essential, and it must be secure and resilient. Telecommunications present an economic opportunity, one that grows our economy and creates jobs. The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve designated organizations' ability to prepare, prevent, respond to and recover from all types of cyber incidents, including ransomware. It will designate telecommunications as a vital service. Together, this legislative package will strengthen our ability to defend telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day. The legislation before us today fits with the Government of Canada's telecommunications reliability agenda. Under this agenda, we intend to promote robust networks and systems, strengthen accountability and coordinated planning and preparedness. Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of the network has never been more crucial. They are fundamental to the safety, prosperity and well-being of Canadians. We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that.
939 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Tony Van Bynen
  • Mar/6/23 4:22:47 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, we all realize how important security is. In some cases, it may be necessary to act without making the information available so that the perpetrators of fraud against the cyber-network understand what is being accomplished. There are situations where information needs to be maintained securely. A responsible government will do so on the basis of being accountable and transparent to the extent that is appropriate, and I believe the government will do that.
76 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Alex Ruff (Bruce—Grey—Owen Sound, CPC)
  • Mar/6/23 4:23:25 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I will build on that last question a bit because I think the member took it out context, though I may be wrong. The question is around specific cyber-incidents or transgressions that need to be dealt with by the appropriate authorities. The issue is the legislation itself and how the power would be used by our security establishments. One of the criticisms that needs to be fleshed out at committee is how this bill and the legislation get reported back here to the House of Commons and to Canadians. Would the member agree that it would be an important addition or amendment to the legislation to include the requirement for an annual report back to Parliament on how this legislation is progressing and what key changes our national security organizations have made so that Canadians can understand how their lives are being impacted in the cyber-realm?
150 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Tony Van Bynen
  • Mar/6/23 4:24:21 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I believe that transparency, to the extent that is possible without jeopardizing security, is important. Committees will contribute a significant amount of improvements, and the government will listen to reasonable solutions, amendments and additions to protect the safety of Canadians. That is a value that we all share.
50 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Ms. Marie-Hélène Gaudreau (Laurentides—Labelle, BQ)
  • Mar/6/23 4:55:16 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, today I will be talking about the bill we have been discussing for the past few hours, Bill C‑26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts. From the outset, I would like to mention that in 2019, when I arrived in the House of Commons, the topic on everyone's lips was the data breach at Desjardins. To put things into context, at the time I was a member of the Standing Committee on Access to Information, Privacy and Ethics. I was determined to find out how we might protect privacy and decorrelate the social insurance number that we were using far too readily as a means of identification. My colleagues see where I am going with this. It took a scandal for the government to do something about this. Now I am no longer a member of the Standing Committee on Access to Information, Privacy and Ethics, I am vice-chair of the Standing Committee on Procedure and House Affairs. Again, it took a scandal being uncovered by the media for the government to truly listen to us. This is a case of being lax when it comes to the security of the electoral process and national security. I am addressing all those who are listening to us; I hear their concerns. For the past six months, the Standing Committee on Procedure and House Affairs has been looking into Chinese interference in our electoral process. It is likely that there will be an announcement in the near future that will once again demonstrate that we really need to sound the alarm to get things moving. Of course, the Bloc Québécois will always be vigilant. The Bloc Québécois will be there every time it is important to get to the bottom of various allegations or scandals. We will force the government to take action for our constituents, because they deserve it. In light of all that, it goes without saying that Bill C‑26 is a step in the right direction. The bill introduced by the Minister of Public Safety aims to strengthen the security of Canada's telecommunications system. That said, I want to be honest. I have serious concerns. Over the past few years, my confidence in the government on security issues has been eroded. The government must not stick its head in the sand. Quebeckers need assurances. They need to be assured that this paternalistic and so-called well-intentioned government is doing its job, particularly in its areas of jurisdiction. That is all we ask and all we expect. We know that China, Iran and Russia can be considered hostile powers that do not wish us well. When someone does not wish us well, we have to protect ourselves. The government absolutely has to come up with systems to guard against what we have seen since the latest scandals. We demand an explanation, and answers are to be expected, yet the government says everything will be fine and we should move on to other things. Unfortunately, our constituents feel betrayed and lack confidence in this government because it is not taking things seriously, as all the numbers indicate. Regarding what is going on with Beijing specifically, I wonder if there is something we do not know. Why are we taking action so late in the game? Why are we always reacting? I am fed up with all this dissatisfaction. Every time I go back to my riding, my constituents want to talk to me about this, and I get why they are feeling discouraged. As members know, I will be going to the United Kingdom. We are going to be taking a look at the procedures in different Commonwealth countries so we can implement other countries' best practices with respect to national defence and protection against interference in our elections. I know that when having discussions with my colleagues, I am going to have to tell them that the process is ongoing even though the British and the Australians understand the situation and have taken action. The Americans, too, understand and are taking action. I am wondering if our closest allies, our Five Eyes partners, still have confidence in us. For quite some time, the Bloc Québécois maintained that the government needed to tighten control over broadcasting. That is unequivocal. It was part of the discussion on the Huawei and 5G infrastructure file. We continued to call out the government for its indecision, which went on too long. This proves once again that we were right. However, international pressure from our closest allies was needed to make the government take action. Everything is always so urgent. Urgency seems to be an imperative that really drives this government. We would like to see the government change its ways and become more proactive rather than reactive. With Bill C-26, I think we finally have a starting point. Obviously, there is a lot of work to be done to go further in terms of accountability, in terms of the legitimacy of disclosure on all sides, so we can prevent situations like the one we are in. I agree that it is a noble goal. Of course I agree with everything about the security of our critical systems. Do we have everything we need right now to deal with both internal and external threats? The answer is no. That is what we have been told and what we continue hearing, at both the Standing Committee on Procedure and House Affairs and the Standing Committee on Access to Information, Privacy and Ethics. We must act. This bill must be quickly sent to committee to be fine-tuned and given some teeth. It is urgent. I am making a wish and sending it out to the members of the government. I am asking them to always keep in mind our collective security. I trust that they will. We have faith, but we need to be proactive, smart. We also need to talk to our constituents, to speak to people's intelligence. They have suggestions. The G20 countries have good practices that we need to adopt as quickly as possible. We need to set aside partisanship in the interest of our democracy. We need to ensure that the legislation resulting from Bill C-26 really makes people feel safe and lets them know that there is a public, non-partisan institution there to watch out for threats. The bill names six public organizations that will be given the power to order investigations to make sure things are being done right. I am talking about the Superintendent of Financial Institutions, the Minister of Industry, the Bank of Canada, the Canadian Nuclear Safety Commission, the Canadian Energy Regulator and the Minister of Transport. These are critical sectors of our society and our economy. We must not take threats lightly. Is this enough? We will need experts to tell us whether this is truly legitimate, both for whistle-blowers and for the dissemination of information, because people need to know. Since I only have about 30 seconds left, I would like to say to those who were just here that the government took action with regard to TikTok because, once again, there was an urgent need to do so. I hope that any future interventions will be undertaken proactively.
1242 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Alex Ruff
  • Mar/6/23 5:24:43 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I referenced a couple important books and a couple references by some of our esteemed national security experts across this country. If people read through that and read some books that are out there, they would see this is a threat that has been building for the better part of a decade or more. The government has known about this since the day it formed government, yet we have seen no action. As mentioned by the CSIS director from 2018, here we are almost five years later, and we are just now seeing this important legislation being delivered.
100 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 164 - Mar/6/23
Mr. Glen Motz
  • Mar/6/23 5:36:47 p.m.
  • Watch
  • Re: Bill C-26 
Mr. Speaker, we all know that cybersecurity issues are a fast-moving target and how they change almost monthly. One thing that I can be confident in is our national security agencies that deal with some of these issues on cybersecurity. They are working diligently on our behalf. I would agree that there would be very few of us in the House who would have the technical capacity to understand much of what we ask our defence agencies, our national security agencies and our cybersecurity agencies to do for us on behalf of our country. I would encourage the government, as was indicated by my colleague, to enlighten the House and to provide briefings by those technical experts in government and from our public servants. We would all benefit, not only from the study of this bill but also from the ability to answer our constituents who have cybersecurity questions. We could answer them more intelligently.
156 words
  • Hear!
  • Rabble!
  • star_border