SoVote

Context: House Hansard - 172 - Mar/23/23

Mr. Gabriel Ste-Marie (Joliette, BQ)

Mar/23/23 5:12:21 p.m.
Watch
Re: Bill C-26

Madam Speaker, I have a bit of a technical question for my hon. colleague. We are wondering how such legislation would apply, for example, to Hydro-Québec, the public utility in Quebec that generates electricity, since the legislation designates interprovincial power lines as a vital service and a vital system. Does my hon. colleague have any idea what this could mean for Hydro-Québec, a public utility?

71 words

Mrs. Jenica Atwin

Mar/23/23 5:12:58 p.m.
Watch
Re: Bill C-26

Madam Speaker, I do not have a technical response for the very technical question that the member asked. We have to consider the importance of protecting our electrical grids. New Brunswick relies heavily on our partners in Quebec, so it would certainly have implications for my constituents. These are questions that we need to ask and hopefully consider during the committee stage, and hear testimony from witnesses that would be able to address those concerns.

75 words

Mr. Alistair MacGregor (Cowichan—Malahat—Langford, NDP)

Mar/23/23 5:13:28 p.m.
Watch
Re: Bill C-26

Madam Speaker, I am pleased to hear from my Liberal colleague that the Liberals are open to much-needed amendments to this bill to increase the oversight, transparency and accountability on the executive branch. I just want to read a quote from Jérémie Harris, who is the co-founder of Gladstone AI. He said, “ChatGPT is a harbinger of an era in which AI will be the single most important source of public safety risk facing Canada. As AI advances at a breakneck pace, the destructive footprint of malicious actors who use it will increase just as fast.” Does my hon. colleague have any comments on how fast this technology is advancing, and how important it is that we equip all of our agencies to keep those vital systems safe?

136 words

Mrs. Jenica Atwin

Mar/23/23 5:14:16 p.m.
Watch
Re: Bill C-26

Madam Speaker, I have a lot of concerns about how fast technologies are developing, particularly around artificial intelligence and facial recognition technology. All these moving pieces have incredible implications, especially for vulnerable people in our communities. It deserves a hard look by all members of the House, particularly in the committee that would be studying this legislation, but I think beyond that as well. We are in a new, unpredictable time. I mentioned, in my speech, a lot about geopolitical factors and a lot of threats that are coming in. We do not know what we do not know at this point, and I think that causes a lot of fear. This is a conversation that is long overdue, and I thank the member for allowing me the opportunity to enter into that space. I really hope we have more fulsome discussions around those aspects in particular.

147 words

Hon. John McKay (Scarborough—Guildwood, Lib.)

Mar/23/23 5:15:07 p.m.
Watch
Re: Bill C-26

Madam Speaker, I would be interested in the hon. member's thoughts on how we protect rights without going down the rights rabbit hole that leads to paralysis with respect to a space that is going so fast that very few of us can actually comprehend how fast it is moving.

51 words

Mrs. Jenica Atwin

Mar/23/23 5:15:33 p.m.
Watch
Re: Bill C-26

Madam Speaker, it speaks to the concept that we need to modernize a lot of our legislation. We need to modernize a lot of our approaches and processes. As I said about not knowing what we do not know, things are happening so fast at this point that we need to protect those who are most vulnerable. We need to protect the generations to come. There are a lot of unknowns right now, and legislation like this allows us to bring in those experts, have those conversations and ensure we are getting ahead of these things and being proactive.

99 words

Mrs. Tracy Gray (Kelowna—Lake Country, CPC)

Mar/23/23 5:16:09 p.m.
Watch
Re: Bill C-26

Madam Speaker, it is an honour to speak today in the House on Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. With every passing year, Canadians are increasingly moving their lives online. They communicate with loved ones through email, messaging, photo sharing, video calls and more. They can order their entire grocery orders, rent cars for the weekend and book appointments with a click in an app. As more and more Canadians choose to put more of their lives online, it falls to us, as members of Parliament, to ensure our cybersecurity laws are as protective of their personal and private information as possible. The next generation of Canadians are increasingly building their professional and personal lives online. At the same time, they face mounting threats from foreign actors, ranging from scammers to state actors. These actors have shown they would use any tactic, from identity theft to cyber-attacks, to exploit Canadians and attack our institutions. That is why the legislation we have before us today is essential, and why getting it right the first time is even more important. In particular, it must protect our online information while not crushing our small business start-ups under mountains of red tape. On this side of the House, my Conservative colleagues and I believe that, as currently constructed, Bill C-26 fails to account for the welfare of small business start-ups by adding more red tape and placing burdensome costs on our homegrown technology sector. As constructed, this bill would directly affect start-ups by adding further bureaucracy that would drive up their starting costs. It would overburden with regulation the small telecommunications providers, the companies that provide our families and businesses with access to a global market online. Wrapping them in red tape could risk our access to competing on the world stage. The Liberal government has already made it hard enough for start-ups, and the Liberal record on small business has been one committed to mazes of bureaucracy, punitive fines and penalties, and rising inflation. A Liberal economy of high tax and wasteful spending has already made it hard enough for start-ups. Through the overarching premise of this cybersecurity bill, we know that it is needed. We absolutely need to update our cybersecurity laws, while at the same time we cannot allow Bill C-26 to add unnecessary burdens to business, especially small businesses. I am particularly concerned about how this bill's regulations would also apply to businesses “irrespective of their cyber security maturity”, implying that providers who already have advanced electronic protection measures would still have to comply with the new regulations of the bill. This means that businesses could not continue using their current, possibly more robust, cybersecurity systems. Instead, they would have to disregard their current cybersecurity measures and replace them with the newly proposed government model. Even Canadian businesses that have already worked hard to protect their customer security at accepted global standards would still incur more cost despite their robust electronic security measures. They would need to invest in government-regulated security measures, incurring costs such as inspection, extra time, installation and further training. They may have to completely overturn their superior standards for the government's preference. The thing is, we do not know what the regulations would be or how they would affect businesses, because the actual regulations have not been developed. That is how the government does a lot of its bills. There are great titles, with few details. We are expected to just trust the Liberals to figure it all out later, behind closed doors, with no opportunity to study them at committee with expert witnesses. Imagine if this regulatory framework were applied to any other business. Suppose we were regulating changes in the banking security industry. We would require that every Canadian bank and credit union tear its building down to the ground, brick by brick, and then rebuild itself from scratch. That really does not make sense. Now is the time when we should be encouraging competition and bringing in more telecommunications companies. We know Canada has some of the highest telecommunications costs in the world. As more and more Canadians move their lives online, whether for banking, social media or work, adding more tape in this bill, as mentioned, would make this transition far more difficult. Costs never remain in the businesses' ledgers forever; they are inevitably always passed on to the consumer. As a government, we should encourage the next generation of Canadian entrepreneurs who are innovating. I will mention, as a sidebar, that I was formerly on the industry committee and we did a quantum computing study, which was, frankly, terrifying. It was about how Canada could be exposed to bad actors, which could affect every part of our online lives. As these technological advances develop, we have to be aware of risks and be able to stay ahead of technology. These enterprises, businesses and telecommunications providers do not need more red tape; they need a stable market without uncompetitive government interference. We know very well how easy it can be for the government to build regulations that only the largest providers of an industry can shoulder. Without attention to scale, a single fault of noncompliance could instantly wipe out a smaller company. The legislation would allow ministers and bureaucrats to levy fines as high as $15 million without special consideration, such as the size of a company's user base. Nonspecific details like that are music to the ears of our largest telecommunications providers. Monopolization of our telecommunications sector is something Canadians are already concerned about. We must always proceed cautiously, so as not to turn away innovation and new businesses entering the market, which creates healthy competition. For example, these fines could also be enacted under the vague term of “protecting a critical cyber system”. This vague terminology can leave a lot of leeway for government ministers to injure Canadian businesses with rampant fines. There is already a shortage of online and electronic security professionals in Canada. According to the Business Council of Canada, an estimated 25,000 personnel are needed in the cybersecurity industry. Instead of dissuading these crucial professionals from joining this industry and helping keep Canada safe from domestic and foreign cyber-threats, let us provide a better framework and encourage them to build new businesses in this essential industry. Let us not scare them off with red tape and penalties. As members can see, the legislation proposed for Bill C-26 has some significant concerns that require amendments at committee. Regulations being made with a lack of transparency behind closed doors, after the bill passes, is a concern. Conservatives will be looking to make amendments to the bill at committee as we hear from experts. As I mentioned earlier, my Conservative colleagues and I encourage and support new, updated and secure cybersecurity measures being put in place, especially as more and more Canadians move their lives online. However, by placing more and more red tape on small and start-up businesses and providers that have already been in the industry for years, the bill would effectively dissuade businesses from entering this market and providing more services for Canadians. Large and mature businesses can handle the related costs of Bill C-26, but the associated expenses could crush small businesses. I have worked, for much of my career, around various regulated industries and have seen, all too often, red tape and regulations making it too hard for small businesses to even start or to stay afloat without being acquired by larger firms, as small companies just cannot keep up with the regulatory compliance. Cybersecurity threats affect all our communities. In January, an international ransomware group claimed responsibility for an Okanagan College cyber-attack in my region. Let us keep Canada safe by building clear online security measures that would encourage start-up professionals and businesses to help build up our cybersecurity infrastructure to a world-class standard. We will not accomplish this goal if we continue to add burdensome fines, penalties and red tape.

1363 words

Mrs. Jenica Atwin (Fredericton, Lib.)

Mar/23/23 5:25:27 p.m.
Watch
Re: Bill C-26

Madam Speaker, I certainly hear my hon. colleague's support for small businesses and the concerns she is raising, but I come at this from a different standpoint where I feel there are protections here for small businesses. The bill is designed to protect them from unnecessary losses when they happen to be attacked or be subjected to ransomware. Is there a balance here, where this is also about supporting them by preventing those losses?

75 words

Mrs. Tracy Gray

Mar/23/23 5:25:51 p.m.
Watch
Re: Bill C-26

Madam Speaker, I think a part of the piece of legislation is that we really do not have the details, and that is part of the concern, so I am hoping that, if it goes forward to committee, some of that could be worked out, because that is part of the concern right now. We have the topic and we know what the overarching desire is and what the fines may be, but we do not actually know what all of the regulations would be, and that does raise a lot of concerns, especially for small businesses that do not really know at this point what the bill would mean for them. Hopefully that will come out at committee and there will be more information added, potentially as amendments to the bill.

132 words

Mr. Tako Van Popta (Langley—Aldergrove, CPC)

Mar/23/23 5:26:44 p.m.
Watch
Re: Bill C-26

Madam Speaker, I appreciate my colleague's comments, particularly about not wanting to add more bureaucracy and more red tape to small and medium-sized enterprises, especially small start-ups. I am looking at a study from the public safety committee about Canada's security posture in relation to Russia. I will just read one of the committee's recommendations. Recommendation number 4 states: That the Government of Canada instruct the Communications Security Establishment to broaden the tools used to educate small- and medium-sized enterprises about the need to adopt cyber security standards. Therefore, it is about making education tools available versus adding more red tape. I would like my colleague's comments on that.

116 words

Mrs. Tracy Gray

Mar/23/23 5:27:30 p.m.
Watch
Re: Bill C-26

Madam Speaker, I appreciate the great question from my colleague. That is a great recommendation, and I will just give a very specific example. One of the roles that I have had in my career was the privilege of being on the board of one of the largest credit unions in Canada for 10 years. We underwent extensive training and cybersecurity was one of the topics that we had to do. I was able to take some of that training and bring it into my small business that I had at the time. I remember thinking that I wished a lot of other small business owners could be going through the extensive training that I just went through. That is a great approach and something that we should definitely work on.

131 words

Mr. Luc Thériault (Montcalm, BQ)

Mar/23/23 5:28:17 p.m.
Watch
Re: Bill C-26

Madam Speaker, clause 13 of Bill C-26 essentially allows the government to take new measures to protect critical cyber systems by order in council. That gives it a lot of flexibility. There is more flexibility there than in the legislative process. Does my colleague think that the bill should be amended in committee so that we can be certain the government will be accountable to Parliament?

70 words

Mrs. Tracy Gray

Mar/23/23 5:28:54 p.m.
Watch
Re: Bill C-26

Madam Speaker, that is certainly something committee members could ask the expert witnesses when they are there at committee. Maybe they could delve into that more to see what those issues are and what the opportunities might potentially be for amendments. That is one of the things that could be looked at in the committee. Certainly the committee members there could ask those questions for the witnesses.

67 words

Ms. Lori Idlout (Nunavut, NDP)

Mar/23/23 5:29:24 p.m.
Watch
Re: Bill C-26

Uqaqtittiji, this bill would create tools for governments to support Canadian business and organizations in securing their networks and protecting personal and private information. I wonder if the member could share her thoughts on how this bill could better ensure that businesses are better protected.

45 words

Mrs. Tracy Gray

Mar/23/23 5:29:51 p.m.
Watch
Re: Bill C-26

Madam Speaker, that is one of the parts of the bill that philosophically sounds like a great thing that the bill could work on, but again, we do not have any details. It is a great objective, but we do not really have any strategies or any other information, so that is something that definitely could be asked at the committee as well.

63 words

Mr. Philip Lawrence (Northumberland—Peterborough South, CPC)

Mar/23/23 5:30:20 p.m.
Watch
Re: Bill C-26

Madam Speaker, while sitting through this debate, I observed that it has been one of the highest in quality since I have been in the House. It has been a substantive discussion of a very important issue. I am proud today, as I always am, to be a member of Parliament and to be sitting in the House of Commons. Today, we are speaking to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. More broadly, it is a cybersecurity issue. From the debate and other academic discussions, we can all agree that this is an area of substantial importance where legislation is required. In fact, it is one of my frustrations, which I think is shared by many Canadians, that this government is not agile enough in responding to a world that is quickly changing. We need to be more agile as a legislature, as the government, to reflect the changes that are going on. We have had a little bit of talk about important changes, such as artificial intelligence, and the exponential speed in which it is changing is unbelievable. Any type of quick Google search will tell us, from many academics, about the great part artificial intelligence can serve in doing much of the hard work that human beings are now doing. However, those observers also say that its ability to do malicious work is equal, which is obviously very challenging. We see these threats, and as we go forward and see more and more powerful artificial intelligence and computing power, the potential for those threats is growing. We have certainly seen our share, for lack of a better term, of run-of-the-mill cybersecurity threats just in the last couple of years. I was serving as the shadow minister for national revenue when there were substantial CRA breaches of confidential information. One such breach did not actually transmit any information, but it forced the CRA to shut down its entire system, which shut out over 800,000 people from their My Account or log-in system right around tax filing season, which was obviously a tremendous concern for Canadians who were attempting to file their taxes. The unfortunate reality, as it stands today, is that we are vulnerable to cybersecurity attacks. My colleague for Kildonan—St. Paul spoke recently about a conversation she had with cybersecurity experts from the minister's department just last year. They warned her about the incredible implications of an attack on our critical infrastructure, such as our electrical infrastructure or pipeline technology. Of course, it is no surprise to many, but maybe to some of my colleagues from British Columba, that we are in a cold country. We can imagine what the impact could be. Our heating infrastructure, our electrical grid and our ability to get natural gas out to some of the coldest places in the world could literally be a matter of life and death. Members can imagine, for example, a cyber attack on one of our nuclear facilities and what that could potentially mean. All this is to highlight in the House today the significance and importance of cybersecurity legislation. Another example, which I believe has been discussed and debated but I think deserves highlighting again, was in Newfoundland in October 2020 when cybersecurity hackers stole personal information from health care workers and patients in all four regions, as well as social insurance numbers of over 2,500 patients. This is deeply personal information, and as our information increasingly goes on that magical cloud both in the public and private sector, it is increasingly important that we put the appropriate measures to cybersecurity. As I said, the spirit of the legislation before us is absolutely right. The intent, I believe, is also right. The timing is a little slow, but we need to get it in place. The member for Winnipeg North did comment on the need for expediency, and I agree with him in one sense. We need cybersecurity legislation, new cybersecurity legislation, in place yesterday. Unfortunately, they brought this legislation in, and it is not complete. There are a series of regulations that we do not know. This is our job, and I am honestly not trying to be partisan. Instead, this is a substantive criticism that it would have expedited this legislation if they had brought forward the legislation completely baked to show us the regulations and what they want to do. Of course, I would feel this way about any government as a Canadian citizen. If we are going to grant them wide swaths of power, and maybe even necessarily, we just want to know what exactly those powers are. Do not do as Nancy Pelosi famously said, as the Speaker of the House of Representatives, to pass the bill and then read the bill. Let us read it first and understand it because, quite frankly, I think the conversation in the House has been at a very high calibre and the more information one can feed us, the more information we can digest to do our job for Canadian citizens by improving the legislation, especially in matters of, as the member from the Liberal Party rightfully said, not just cybersecurity but also national security. We really, in all candour and all honesty, want to do our due diligence here. As I said, part one of the act: amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything This is obviously a very broad power, and that is what we need to look at and work on at committee. Like I said, this legislation, if fully baked, would have meant less work at committee. It would have meant, perhaps, carrying forward with the debate quicker, but as we are left with many questions, those questions deserve to be answered here in the people's House. The legislation continues: Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things, (a) authorizes the Governor in Council to designate any service or system as a vital service or vital system; (b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system; (c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions; (d) provides for the exchange of information between relevant parties; and (e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance. I hope that I have highlighted the fact that this is an important piece of information and that there are gaps within the information, so my substantive ask would be for the government to publish some of those regulations, so that we can review them, perhaps even before committee, and come to it in a spirit of collaboration and discussion. This is a matter of national security. Perhaps, as I am getting a little bit less young these days, I get a little bit more skeptical. I would love to see some accountability mechanisms where the minister reports back to Parliament or otherwise because the question with the government is always who will watch the watcher. We have seen that all governments are not infallible and each can commit its own share of foibles, errors and mistakes, unintentional or intentional, so I would love to see some greater accountability come committee.

1338 words

Mrs. Jenica Atwin (Fredericton, Lib.)

Mar/23/23 5:40:10 p.m.
Watch
Re: Bill C-26

Mr. Speaker, I would agree that this is a very high-level discussion we have been having this afternoon. I think that it has been well placed. He mentioned the possible impacts of, say, a nuclear facility being attacked. It got me thinking about the military capabilities of Canada. My riding of Fredericton is home to CFB Gagetown, very proudly so. We are also home to the Canadian Institute for Cybersecurity, as I mentioned previously in my speech. I am wondering if he could comment more generally on this expanding role and the necessity to have cybersecurity education and professionals in our Canadian military.

104 words

Mr. Philip Lawrence

Mar/23/23 5:40:48 p.m.
Watch
Re: Bill C-26

Mr. Speaker, the short answer is that I agree. The longer answer is that I agree with the comment the member made earlier with respect to modernization. We need to modernize our view on security. The world changed dramatically a year and a half ago, and it continues to change. We need to be adept and agile, and quite frankly, willing to put the resources where they are needed for the future.

72 words

Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)

Mar/23/23 5:41:20 p.m.
Watch
Re: Bill C-26

Mr. Speaker, my colleague knows that TikTok has been banned from all government devices. My question is simple. Does my colleague believe that Beijing is using this platform to engage in political interference?

34 words

Mr. Philip Lawrence

Mar/23/23 5:41:38 p.m.
Watch
Re: Bill C-26

Mr. Speaker, I agree with the government's recommendation or policy to remove TikTok from all government devices. I believe the CEO of TikTok is testifying in front of U.S. Congress today, so we will see what comes from that. I would agree with him that we need to be on guard against foreign interference in all forms.

59 words