44th Parl. 1st Sess.
March 23, 2023 10:00AM
Madam Speaker, I appreciate the interjection and question from my colleague for Winnipeg North. He and I are used to debating each other from our days in the Manitoba legislature, but not too much, because we were both in opposition in those days. However, we did teach him how to speak. When we had the opportunity to filibuster, we were always short a person to speak in the Manitoba legislature, but we could go to my colleague for Winnipeg North and ask him if he wanted a chance to speak. He was the only Liberal in the house at the time, and so he never refused us. I think he learned his lesson on how to carry on well. However, I will not try to do that.
The big thing here is that Canadians need to know that the minister still has extreme powers in the bill, which is why we are making sure that we put it on the record that there need to be some amendments coming forward at committee. The government is listening to that, and I would hope that it would be willing to look at some of those amendments when the time comes, and the bill will get to committee.
205 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, in this modern age, in 2023, we are finally about to pass a cybersecurity bill. We do not oppose the spirit of this bill, but some criticisms have been raised since the bill was introduced.
University of Toronto professor Christopher Parsons has made 29 recommendations to strengthen the transparency and accountability of the measures proposed in this bill. In his view, the bill is so flawed that it would allow authoritarian governments around the world to cite it to justify their own repressive laws.
I have met with groups that support these recommendations and have concerns. They think this bill might give the minister too much power. There may also be some privacy issues for citizens.
I would like to know if my colleague shares those concerns, if he has heard about them and if he is willing to work on this bill in committee with us.
149 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for her excellent question in regard to trying to move the bill forward.
I have indicated that I do want to see the bill go to committee, and I will support it to go to committee. I did refer to a couple of remarks that Christopher Parsons, from the University of Toronto, had made, in a very critical analysis of the bill when it was brought forward. His report states, “No recognition of privacy or other Charter-protected rights exists as a counterbalance to proposed security requirements”. He was very clear on the improvements that could be made to the bill. That is why we want to see it go to the committee, so that we can actually put some of those amendments forward, unless the government brings them forward.
138 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, the intervention just before the last one was unusual, where the member for Winnipeg North said that any time a Conservative debates a bill, we are somehow obstructing it from getting to committee. However, right before the minister's speech, a Liberal member spoke. Therefore, when Liberals speak, they are debating, but when Conservatives speak, they are obstructing.
The debate on the bill may well collapse soon, but it is important to debate it. I would like the member, with the time he has left, to talk again about the serious concerns that people have with the bill and what we can look forward to at committee.
109 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is my expectation that we will send this bill to committee not to give it a quick rubber stamp, but instead to carefully examine it, amend it where it is needed and improve it in order to ensure that Canada's cyber-defences are the best they can be. That was the last paragraph of my speech that I did not get to present.
That would indicate to the Liberals a clearer analysis of what needs to be done.
82 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am pleased to join the debate on second reading of Bill C-26, an act respecting cybersecurity.
Several of my colleagues have already spoken at length about the importance of the bill and the details therein, but it bears repeating that Bill C-26 is critical to our country's national security, our public safety and our economy.
Not only would Bill C-26 introduce the new critical cyber systems protection act or—
77 words
- Hear!
- Rabble!
- add
- star_border
- share
- Mar/23/23 5:04:19 p.m.
- Watch
I am going to bring the House to order a little bit. There are conversations. I would ask the members to maybe step out to have those conversations, to allow the hon. member for Fredericton to have the respect that she deserves during her speech.
The hon. member for Fredericton.
50 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, not only would Bill C-26 introduce the new critical cyber systems protection act, or CCSPA, to legally compel designated operators to protect their cyber systems, but it would also amend the Telecommunications Act to enshrine security as a policy objective and bring the sector in line with other critical infrastructure sectors.
Being online and connected is essential to all Canadians. Now more than ever, Canadians rely on the Internet for their daily lives, but it is about more than just conducting business and paying bills. It is also about staying in touch and connected with loved ones from coast to coast to coast and, indeed, around the world. That is also why the Government of Canada is connecting 98% of Canadians to high-speed Internet by 2026 and 100% of Canadians by 2030.
Our critical infrastructure is becoming increasingly interconnected, interdependent and integrated with cyber systems, particularly with the emergence of new technologies such as 5G, which will operate at significantly higher speeds and will provide greater versatility, capability and complexity than previous generations. These technologies certainly create significant economic benefits and opportunities, but they also bring with them new security vulnerabilities that some may be tempted to prey on.
At this time, I want to bring the perspective of my constituents in the riding of Fredericton to this important debate today. Fredericton is home to the Canadian Institute for Cybersecurity at the University of New Brunswick, with a focus on disruptive technology and groundbreaking research. The institute provides hands-on support for community and industry partners as they face emerging threats, with company-specific, cross-disciplinary research.
Led by Dr. Ali Ghorbani, Canada's research chair in cybersecurity, the institute generates datasets to help thwart malicious cyber-attacks and works in tandem with the National Research Council of Canada in an innovative hub model that will lead to discoveries and advancements in cybersecurity, including publications, patents and the commercialization of technology, as well as provide training opportunities for graduate students and post-doctoral fellows.
Innovative cybersecurity research is conducted with a focus on Internet security, artificial intelligence, human-computer interaction and natural-language processing. I was honoured to welcome many ministers to my riding and to connect them with researchers and leaders in the industry to showcase how my community distinguishes itself in this sector. Fredericton is at the forefront of this new age and the challenges it presents, and I could not be more proud.
Even if there is enormous potential for Canadian digital innovation and expertise in cybersecurity, and I am witnessing it every day at home, we also need to face the fact that cyber-threats are growing in sophistication and magnitude. In 2021, close to 200,000 businesses across the country were affected by cybersecurity incidents, and this number continues to grow. Each of those businesses is not merely a business. It is comprises hard-working owners and employees, with families to feed and bills to pay. It is all the more maddening that many of these businesses must spend precious amounts of time and money preventing or fighting back against these incidents, many of which involve stealing money or demanding ransoms.
Canadian businesses have spent billions of dollars over the last years to detect and prevent cybersecurity incidents and, consequently, they have been experiencing downtime and a loss in revenue. Cybercrime is costly, and those who are bearing the brunt of it are Canadian businesses.
We also know that at all levels of government, we have not been immune from these kinds of attacks, even, horribly, hospitals. Earlier this year, the Toronto SickKids hospital was targeted by a ransomware attack affecting its operations. Closer to home, in Atlantic Canada, a ransomware group was behind the 2021 cyber-attack that paralyzed the Newfoundland and Labrador health care system.
Beyond the monetary implications, attacks like these have the real-life potential of impacting the health and safety of the ones we love, and we must do everything in our power as legislators to put in place effective safeguards. The effects on Canadians demonstrate beyond a doubt why we need to strengthen Canada's cybersecurity systems. As lawmakers, the least we can do is ensure that Canada and its institutions and businesses can continue to thrive in the digital economy and that our banks and telecommunications providers can continue to provide Canadians with reliable services.
Bill C-26 would modernize existing legislation to add security to the nine other policy objectives in the act, bringing telecommunications in line with other critical sectors. The bill would also add new authorities to the Telecommunications Act, which would enable the government to take action to promote the security of the Canadian telecommunications system.
As mentioned, in recent years, Canada's cybersecurity status has been tested by a variety of threat campaigns targeting critical infrastructure, businesses and individuals. The increase in digitization has led to the weaponization of digital tools and processes. This results in the disruption of critical systems and causes a lack of confidence in physical, psychological and economic well-being.
I am proud of all the work that has been done to secure Canada's critical telecommunications infrastructure, but I do not want us to lose sight of the work still to be done. The advent of the COVID-19 pandemic was a catalyst for bolstering national and international cyber-defence practices, requiring improved policies, guidance and cyber-intel.
Furthermore, given what is happening in Ukraine with the Russian invasion, we know that there are still military threats in the 21st century. However, we are also dealing with the emergence of new technologies that pose non-military threats.
With rising geopolitical tensions, government-driven hostile cyber-operations are more prevalent now than ever, posing an increased threat level to Canada's national security, economic prosperity and public safety.
In the 21st century, cybersecurity is national security, and it is our government's responsibility to protect Canadians from growing cyber-threats. That is exactly why we have developed Bill C-26.
It contains a multitude of important measures to protect Canadians and Canadian businesses. It is a carefully designed, multipronged approach. Part 2 of this act would enact the critical cyber systems protection act to provide a framework for the protection of the critical cyber systems that are vital to national security and public safety.
It also authorizes the Governor in Council to designate any service or system as a vital service or vital system, and requires designated operators to establish and implement cybersecurity programs, mitigate supply chain and third party risks, report cybersecurity incidents and comply with cybersecurity directions.
Introducing the new critical cyber systems protection act would strengthen baseline cybersecurity and provide a framework for the government to respond to emerging cyber-threats.
It is essential that we keep pace with the rapidly evolving cyber-environment by ensuring we have a robust, legislative framework in place.
In short, Bill C-26 is essential to helping keep Canadians and their data safe. In a world as connected as ours, we cannot take that for granted. Once again, cybersecurity is national security.
I am looking forward to this bill being sent to committee, and I encourage all members to join me in supporting Bill C-26 in subsequent readings.
1213 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is great to see my fellow 2019 member in the House.
My question is with respect to a theme from all the opposition parties. We generally support the idea of cybersecurity legislation and it is actually well overdue. The challenge is that many of the powers are not sufficiently delineated, and it gives the government quite a bit of power. Without being partisan and talking about particular failures, I think giving any government that much power without delineating it would pose concerns for any opposition party.
Is the government open to making amendments?
96 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, my hon. colleague and I are part of the class of 2019.
That is why a bill works its way through the House. Hopefully this is something that could be discussed at the committee phase, once it has passed through.
It also speaks to the important role of the official opposition in questioning these kinds of powers and holding the government to account. Certainly, I think we are open to these discussions continuing. Any way we can strengthen the bill is a win for Canadians.
87 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I have a bit of a technical question for my hon. colleague. We are wondering how such legislation would apply, for example, to Hydro-Québec, the public utility in Quebec that generates electricity, since the legislation designates interprovincial power lines as a vital service and a vital system.
Does my hon. colleague have any idea what this could mean for Hydro-Québec, a public utility?
71 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I do not have a technical response for the very technical question that the member asked. We have to consider the importance of protecting our electrical grids. New Brunswick relies heavily on our partners in Quebec, so it would certainly have implications for my constituents.
These are questions that we need to ask and hopefully consider during the committee stage, and hear testimony from witnesses that would be able to address those concerns.
75 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am pleased to hear from my Liberal colleague that the Liberals are open to much-needed amendments to this bill to increase the oversight, transparency and accountability on the executive branch.
I just want to read a quote from Jérémie Harris, who is the co-founder of Gladstone AI. He said, “ChatGPT is a harbinger of an era in which AI will be the single most important source of public safety risk facing Canada. As AI advances at a breakneck pace, the destructive footprint of malicious actors who use it will increase just as fast.”
Does my hon. colleague have any comments on how fast this technology is advancing, and how important it is that we equip all of our agencies to keep those vital systems safe?
136 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I have a lot of concerns about how fast technologies are developing, particularly around artificial intelligence and facial recognition technology. All these moving pieces have incredible implications, especially for vulnerable people in our communities. It deserves a hard look by all members of the House, particularly in the committee that would be studying this legislation, but I think beyond that as well.
We are in a new, unpredictable time. I mentioned, in my speech, a lot about geopolitical factors and a lot of threats that are coming in. We do not know what we do not know at this point, and I think that causes a lot of fear. This is a conversation that is long overdue, and I thank the member for allowing me the opportunity to enter into that space. I really hope we have more fulsome discussions around those aspects in particular.
147 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I would be interested in the hon. member's thoughts on how we protect rights without going down the rights rabbit hole that leads to paralysis with respect to a space that is going so fast that very few of us can actually comprehend how fast it is moving.
51 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it speaks to the concept that we need to modernize a lot of our legislation. We need to modernize a lot of our approaches and processes. As I said about not knowing what we do not know, things are happening so fast at this point that we need to protect those who are most vulnerable. We need to protect the generations to come.
There are a lot of unknowns right now, and legislation like this allows us to bring in those experts, have those conversations and ensure we are getting ahead of these things and being proactive.
99 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is an honour to speak today in the House on Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.
With every passing year, Canadians are increasingly moving their lives online. They communicate with loved ones through email, messaging, photo sharing, video calls and more. They can order their entire grocery orders, rent cars for the weekend and book appointments with a click in an app.
As more and more Canadians choose to put more of their lives online, it falls to us, as members of Parliament, to ensure our cybersecurity laws are as protective of their personal and private information as possible.
The next generation of Canadians are increasingly building their professional and personal lives online. At the same time, they face mounting threats from foreign actors, ranging from scammers to state actors. These actors have shown they would use any tactic, from identity theft to cyber-attacks, to exploit Canadians and attack our institutions.
That is why the legislation we have before us today is essential, and why getting it right the first time is even more important. In particular, it must protect our online information while not crushing our small business start-ups under mountains of red tape.
On this side of the House, my Conservative colleagues and I believe that, as currently constructed, Bill C-26 fails to account for the welfare of small business start-ups by adding more red tape and placing burdensome costs on our homegrown technology sector. As constructed, this bill would directly affect start-ups by adding further bureaucracy that would drive up their starting costs. It would overburden with regulation the small telecommunications providers, the companies that provide our families and businesses with access to a global market online.
Wrapping them in red tape could risk our access to competing on the world stage. The Liberal government has already made it hard enough for start-ups, and the Liberal record on small business has been one committed to mazes of bureaucracy, punitive fines and penalties, and rising inflation. A Liberal economy of high tax and wasteful spending has already made it hard enough for start-ups.
Through the overarching premise of this cybersecurity bill, we know that it is needed. We absolutely need to update our cybersecurity laws, while at the same time we cannot allow Bill C-26 to add unnecessary burdens to business, especially small businesses.
I am particularly concerned about how this bill's regulations would also apply to businesses “irrespective of their cyber security maturity”, implying that providers who already have advanced electronic protection measures would still have to comply with the new regulations of the bill. This means that businesses could not continue using their current, possibly more robust, cybersecurity systems. Instead, they would have to disregard their current cybersecurity measures and replace them with the newly proposed government model.
Even Canadian businesses that have already worked hard to protect their customer security at accepted global standards would still incur more cost despite their robust electronic security measures. They would need to invest in government-regulated security measures, incurring costs such as inspection, extra time, installation and further training. They may have to completely overturn their superior standards for the government's preference.
The thing is, we do not know what the regulations would be or how they would affect businesses, because the actual regulations have not been developed. That is how the government does a lot of its bills. There are great titles, with few details. We are expected to just trust the Liberals to figure it all out later, behind closed doors, with no opportunity to study them at committee with expert witnesses.
Imagine if this regulatory framework were applied to any other business. Suppose we were regulating changes in the banking security industry. We would require that every Canadian bank and credit union tear its building down to the ground, brick by brick, and then rebuild itself from scratch. That really does not make sense.
Now is the time when we should be encouraging competition and bringing in more telecommunications companies. We know Canada has some of the highest telecommunications costs in the world. As more and more Canadians move their lives online, whether for banking, social media or work, adding more tape in this bill, as mentioned, would make this transition far more difficult. Costs never remain in the businesses' ledgers forever; they are inevitably always passed on to the consumer.
As a government, we should encourage the next generation of Canadian entrepreneurs who are innovating.
I will mention, as a sidebar, that I was formerly on the industry committee and we did a quantum computing study, which was, frankly, terrifying. It was about how Canada could be exposed to bad actors, which could affect every part of our online lives. As these technological advances develop, we have to be aware of risks and be able to stay ahead of technology.
These enterprises, businesses and telecommunications providers do not need more red tape; they need a stable market without uncompetitive government interference. We know very well how easy it can be for the government to build regulations that only the largest providers of an industry can shoulder. Without attention to scale, a single fault of noncompliance could instantly wipe out a smaller company. The legislation would allow ministers and bureaucrats to levy fines as high as $15 million without special consideration, such as the size of a company's user base.
Nonspecific details like that are music to the ears of our largest telecommunications providers. Monopolization of our telecommunications sector is something Canadians are already concerned about. We must always proceed cautiously, so as not to turn away innovation and new businesses entering the market, which creates healthy competition. For example, these fines could also be enacted under the vague term of “protecting a critical cyber system”. This vague terminology can leave a lot of leeway for government ministers to injure Canadian businesses with rampant fines.
There is already a shortage of online and electronic security professionals in Canada. According to the Business Council of Canada, an estimated 25,000 personnel are needed in the cybersecurity industry. Instead of dissuading these crucial professionals from joining this industry and helping keep Canada safe from domestic and foreign cyber-threats, let us provide a better framework and encourage them to build new businesses in this essential industry. Let us not scare them off with red tape and penalties.
As members can see, the legislation proposed for Bill C-26 has some significant concerns that require amendments at committee. Regulations being made with a lack of transparency behind closed doors, after the bill passes, is a concern. Conservatives will be looking to make amendments to the bill at committee as we hear from experts.
As I mentioned earlier, my Conservative colleagues and I encourage and support new, updated and secure cybersecurity measures being put in place, especially as more and more Canadians move their lives online. However, by placing more and more red tape on small and start-up businesses and providers that have already been in the industry for years, the bill would effectively dissuade businesses from entering this market and providing more services for Canadians. Large and mature businesses can handle the related costs of Bill C-26, but the associated expenses could crush small businesses.
I have worked, for much of my career, around various regulated industries and have seen, all too often, red tape and regulations making it too hard for small businesses to even start or to stay afloat without being acquired by larger firms, as small companies just cannot keep up with the regulatory compliance.
Cybersecurity threats affect all our communities. In January, an international ransomware group claimed responsibility for an Okanagan College cyber-attack in my region. Let us keep Canada safe by building clear online security measures that would encourage start-up professionals and businesses to help build up our cybersecurity infrastructure to a world-class standard. We will not accomplish this goal if we continue to add burdensome fines, penalties and red tape.
1363 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I certainly hear my hon. colleague's support for small businesses and the concerns she is raising, but I come at this from a different standpoint where I feel there are protections here for small businesses. The bill is designed to protect them from unnecessary losses when they happen to be attacked or be subjected to ransomware.
Is there a balance here, where this is also about supporting them by preventing those losses?
75 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I think a part of the piece of legislation is that we really do not have the details, and that is part of the concern, so I am hoping that, if it goes forward to committee, some of that could be worked out, because that is part of the concern right now.
We have the topic and we know what the overarching desire is and what the fines may be, but we do not actually know what all of the regulations would be, and that does raise a lot of concerns, especially for small businesses that do not really know at this point what the bill would mean for them. Hopefully that will come out at committee and there will be more information added, potentially as amendments to the bill.
132 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I appreciate my colleague's comments, particularly about not wanting to add more bureaucracy and more red tape to small and medium-sized enterprises, especially small start-ups. I am looking at a study from the public safety committee about Canada's security posture in relation to Russia. I will just read one of the committee's recommendations. Recommendation number 4 states:
That the Government of Canada instruct the Communications Security Establishment to broaden the tools used to educate small- and medium-sized enterprises about the need to adopt cyber security standards.
Therefore, it is about making education tools available versus adding more red tape. I would like my colleague's comments on that.
116 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
