Bill C-26

Madam Speaker, I am flattered to hear that the member has been staring into my eyes for a year.

In all seriousness, the member asks a good question. I do not have the answer to that. I am certainly not in a position to be able to provide to him what the government would release later. When the government tables a bill or releases information to Parliament, it does so in a fashion that allows every member of Parliament access to that at the same time. The member's access to that would be no different from mine.

Madam Speaker, I will be sharing my time with the member for Battle River—Crowfoot.

I am proud to rise on behalf of my constituents in the not-quite-fully-connected riding of Renfrew—Nipissing—Pembroke. As the longest-serving member of the national defence committee, I fully appreciate the need for Canada to secure critical cyber systems.

For too long, the government remained indifferent while Canada's telecom companies were being infiltrated, robbed of intellectual property and sabotaged. It took the collective pressure of our Five Eyes allies before the government put up any resistance to the Huawei expansion throughout Canada’s telecom infrastructure.

Only after having been thoroughly shamed and threatened with being cut off from critical security intelligence has the government finally responded with legislation. However, as is so often the case with all governments, having finally been shamed into action, the executive branch overreacted. It now falls upon Parliament to moderate the executive overreach.

Cybersecurity is not a partisan issue. No party ran on a platform to make Canada insecure again. The Conservatives support sending this bill to committee for carefully considered amendments. I hope my colleagues across the aisle will be open to working in a collegial way to ensure that we as parliamentarians strike the right balance. This legislation must balance security with privacy and transparency. It must balance expeditiousness with efficiency and effectiveness.

I appreciate that the members opposite will place greater trust in this government than most Canadians will, but what about the next government or the one after that? Our duty as parliamentarians is to keep in check not just this government but future governments as well. To that end, I encourage all parties to work together at committee and bring back a bill that we can all support.

There are four main issues that need high-level scrutiny. However, as we saw with the invocation of the Emergencies Act, even when Parliament gives clear definitions, the executive branch believes it can extrapolate or simply opt for an overly broad interpretation. While the government has been forced to defend its decision on the use of the Emergencies Act in a public inquiry, Bill C-26 lacks any significant accountability measures while granting even more extraordinary powers, including issuing secret orders.

It should not fall upon the operators of critical cyber systems to guess what the government means by “immediately”. The bill currently grants the government the power to order telecom providers to do anything necessary to secure the telecommunications system. Granting the executive the power to do anything would be a dereliction of our duty as parliamentarians. To give the government the power to do anything while enabling those things to remain secret would be an outright betrayal of our duty.

It is understandable and reasonable that some secrecy is required to combat foreign espionage, but there must be clearly defined limits. There must be avenues for operators to appeal and for Parliament to scrutinize the government’s actions. By “Parliament” I mean Parliament. I do not mean some government committee of parliamentarians but a parliamentary committee.

This bill grants the government the power to deny services to any company or person by secret order. Had this law already been in place, there would be nothing to stop a government from cancelling the Internet and phone service of protesters the government disagrees with.

Granting the government the power to deny services to individuals using secret orders clearly violates the legal rights of Canadians. I do not want to trust the government with that kind of power. I expect my Liberal colleagues would not trust that kind of power when the Conservatives form government, hopefully very soon.

To paraphrase a great comic character, with great power must come great accountability. There are serious cyber-threats and those threats are growing. The government must have the tools to respond quickly and decisively, yet when governments move quickly, mistakes are made. That is why it is all the more important for there to be a robust set of measures to review their actions and ensure accountability when the government makes a mistake.

This legislation takes the extraordinary step of placing personal liability on individual employees of critical infrastructure operators. We threaten people with jail time to ensure they are accountable for their companies' cybersecurity, yet we do not hold government employees or ministers to the same standard. Just as the House must find the appropriate balance between security, secrecy and accountability, so too must we find the balance between privacy and transparency.

The government learned first-hand the public’s reaction to its undisclosed use of mobility data from millions of cellphone users. Canadians had demonstrated a willingness to abide by public safety measures, even extraordinary measures, but the minute the government started tracking our cellphones, even for a public health purpose, Canadians reacted strongly. Even Canadians who supported forced vaccination and punishing the unvaccinated drew a line at cellphone tracking.

The legislation before us would grant even more power to collect data from telecom providers with no restrictions on distributing it to other departments. Even if this data was held by the CRTC, Canadians would be concerned about their privacy. However, it would not be the CRTC doing the data scoop; it would be the Communications Security Establishment.

I appreciate the government feels the CSE is best equipped for countering cyber-threats, but the main purpose of the CSE is collecting intelligence from abroad. The CSE does not report to the public safety minister, who is responsible for keeping Canadians secure. The CSE does not report to the industry minister, who is responsible for telecoms regulations. The CSE reports to the defence minister. It is a fundamentally different type of organization from CSIS or the CRTC.

The legislation would fail to place sufficient limits on what the CSE can do with the data it can secretly order telecoms to provide. In no way is this meant to disparage the work done by the CSE, but as we expand the powers of the CSE, we must also constrain the scope of what it can do with those powers.

These are just some of the trade-offs we must consider when the bill goes to committee. Groups such as the Canadian Civil Liberties Association, the Citizen Lab and the Business Council of Canada have raised several more. However, the one area none of these groups have touched on, at least to my knowledge, is the role private citizens can play in securing Canada against cybersecurity threats. Parliamentarians have studied this both at the defence committee and with our fellow legislators at the NATO Parliamentary Assembly. Canada can take a lead role internationally in cybersecurity by enlisting the aid of ethical hackers, commonly referred to as “white hats”.

White hat hackers represent an untapped resource for a country as large as ours. Our critical infrastructure spans a continent. The job of securing it exceeds the capacity of the federal government and infrastructure operators. If we can develop a framework that protects and incentivizes white hat hackers, we may have a solution. As with the measures already in the legislation, such a framework would involve trade-offs. Even an ethical hacker could unwittingly cause significant cyber-disruption and damage, but they can just as easily expose flaws and gaps.

Regardless of whether the government acknowledges the existence of ethical hackers, they will continue to operate, and it is better for critical infrastructure operators, public servants and the Canadian public if we find a way to incorporate them into our defence strategy. We need to enlist ethical hackers because we simply do not have the resources as a nation to confront the threats.

Globally, cybercrime costs reached over $600 billion U.S. in 2021. Investments in cybersecurity were only $220 billion U.S. last year. Between criminals, terrorists and authoritarian states, the potential for significant damage is accelerating. Our enemies are going to match the best cyber-defences in the world. We do not have the resources to match the United States or the EU. That is why we must be even smarter than our adversaries and our allies.

The legislation is all stick and no carrot. Governments are quick to punish because it is easy. If company X fails to properly secure a critical system, they get a fine, but what if the company innovates and not only prevents an intrusion into their system but detects the source? The bill would require companies to immediately report intrusions, but what about failed attacks? If Bell, Telus and Rogers were to all successfully fend off an attack on the same day, would that not be something we would want the CSE to know about? Punishing failure is an important deterrent, but rewarding success is a powerful incentive.

In this cyber age, we need data to flow both ways. We can enhance our cybersecurity by taking both a carrot and a stick approach. We must pass robust cybersecurity legislation, but it must not compromise the rights of Canadians. We need a cyber-shield and a cyber-sword. As a vast, underpopulated nation full of remote critical infrastructure, we must be smart and creative in how we utilize every possible resource available, including enlisting white hats.

Madam Speaker, it was interesting to follow that speech, with all the conspiracy theories laid in, but I will note the most bizarre part of it. We hear the Conservatives talk about corporate welfare a lot, but it seems the hon. member wants to give money to Bell, Rogers and Telus for doing their job. That is an interesting part of her solution to this problem, which she seems to acknowledge, even though she also suggests that members of our armed forces will do wrong by the new powers they are given.

I am wondering why the member wants to focus on giving Bell, Rogers and Telus more money to help solve the issue of cybersecurity.

Madam Speaker, first of all, I in no way insinuated that the people who serve in the Canadian Armed Forces would do any wrong intentionally. They have to be given the proper direction, and that is why we have to get the legislation right.

Furthermore, when the Liberals talk about conspiracy theories, that only tells us they do not have an answer to the point that we are making. It is just something they throw out when they do not have an explanation for something or they cannot deny it.

Madam Speaker, I thank my colleague for her speech, in which she mentioned something very interesting.

She said that giving too much power to the executive would undermine the work of parliamentarians. I found that quite odd because Bill C‑11, which is exceptionally important for the discoverability of francophone content and for supporting francophone culture in Canada, is currently being held up in the Senate, where Conservative senators have been filibustering it for months.

Does the member think that her friends in the Senate are currently undermining the work of parliamentarians?

Madam Speaker, Bill C-11 is a terrible bill. It seeks to censor, and there is no rationale to have such a bill in place. It would do no good for any freedom-loving, law-abiding citizen in this country and it must be struck down.

Madam Speaker, I am not nearly as old as I look. When I came here I was much younger, but then I had to sit through eight years of the Harper government and my hair turned white. I feel like I am one of the few who remember what actually happened then, and I watch this cultural amnesia play out day after day.

I remember Bill C-30. Stephen Harper decided that he wanted a law allowing the police to check people's phones any time they wanted for whatever reason, and the Conservatives insisted that the telecoms put in a back channel so they could spy on and listen in to ordinary Canadians. That was before we knew there were conspiracy theories, and the Conservatives have a million over there. They would think this had something to do with promoting vaccines, but this was Stephen Harper's attempt to criminalize ordinary people without a warrant.

I want to ask my hon. colleague about that. She talks about, God forbid, the Conservatives coming back. I do not know what would happen to the rest of my hair if that happened. Are they going to continue to promote the kinds of tactics that Stephen Harper used, which criminalized ordinary Canadians in their private homes by listening in to what they were talking about?

Madam Speaker, the member opposite does not have to worry about a previous prime minister coming back to power, because right now what he noted is already happening. With Bill C-21, the police could come into people's homes. They are made into paper criminals just by virtue of the Liberals' declaring that certain firearms are now prohibited. It is already happening, and he does not have to wait for the best prime minister this country ever had to return.

Madam Speaker, I honestly thought the member for Timmins—James Bay dyed his hair Arctic chill. I did not realize, but there is a Clairol product that he can get at the—

Madam Speaker, on a point of order. I retract my previous comment. I do dye my hair so I look smarter than I am. I have been called out, so I have to admit it. I dye my hair.

Madam Speaker, the government has proven itself to fail on multiple fronts in delivering multiple projects and multiple bills.

What concern does the member have as far as delivering on this bill?

Madam Speaker, this bill gives the government of the day boundless opportunities to abuse our privacy and to issue secret orders.

One can only imagine what would have happened during the lockdowns with secret orders going forth. For even a peaceful demonstration coming to Parliament Hill, imagine the types of punishments, accusations and jail time, not just freezing bank accounts and taking money from lawful people.

Madam Speaker, it is an honour to enter into debate in this place, especially when it comes to issues that are so very pressing in relation to national security and some of the challenges that our nation is facing. I would suggest the whole discussion around cybersecurity is especially relevant, because we are seeing highlighted, each and every day, a drip of new information related to foreign interference in our elections.

It highlights how important the conversation around cybersecurity is. It is often through computer and technological means that these malicious, foreign state actors will attack Canadian infrastructure. It is particularly relevant that I rise to debate Bill C-26, relating to the Liberals' recently introduced bill on cybersecurity, and I would like to highlight a couple of things.

The first thing is about seven years of inaction. I find it interesting, after seven years, how it was heard at the ethics committee from a whole host of experts in the field, including on cybersecurity and a whole range of issues, that the government is missing in action. It is not just about the government's inaction, but it is missing in action when it comes to some of the key issues surrounding things like cybersecurity. It has the direct consequence of creating uncertainty in terms of the technological space in the high-tech sector, which has massive opportunities.

We hear the Ottawa area referred to as silicon valley north. We have the Waterloo sector that has a significant investment in the high-tech sector. In my home province of Alberta, there is tremendous opportunity that has been brought forward through innovation, specifically in the Calgary area where we are seeing massive advancements in technology, but there is uncertainty.

Over the last seven years, the government has not taken action when it should have been providing clear direction so that industry and capital could prosper in our country. That is on the investment and economic side, but likewise, on the trust in government institutions side, we have seen an erosion of trust, such as the years-long delay on the decision regarding Huawei.

I and many Canadians, including experts in the field, as well as many within our Five Eyes security partners, were baffled about the government's delay on taking clear and decisive action against Huawei. Even though our Five Eyes, a group of countries that shares intelligence and has a strong intelligence working relationship, sees how inaction eroded the trust that these other nations had in Canada's ability to respond to cyber-concerns and threats. There is the fact that a company, a state-owned enterprise, has clear connections to a malicious foreign actor.

That delay led to incredible uncertainty in the markets and incredible costs taken on by private enterprise that simply did not have direction. Imagine all the telecoms that may have purchased significant assets of Huawei infrastructure because the government refused to provide them direction. There were years and years of inaction.

I will speak specifically about how important it is to understand the question around Canadian institutions. I would hope that members of the House take seriously the reports tabled in this place, such as from the public safety committee, which in the second session of the last Parliament I had the honour of sitting on. There is a whole host of studies that have been done related to this.

Then there are the CSIS reports tabled in this place containing some astounding revelations about foreign state actors and their incursions and attempts to erode trust in Canadian institutions. Specifically, there was a CSE report for 2021, which I believe is the most recent one tabled, that talks about three to five billion malicious incursions in our federal institutions a day via cyber-means. That is an astounding number and does not include the incursions that would be hacks against individuals or corporations. That is simply federal government institutions. That is three to five billion a day.

There are NSICOP reports as well. The RCMP, military intelligence and a whole host of agencies are hard at work on many of these things. It highlights how absolutely important cybersecurity is.

I find it interesting, because over the last seven years the Liberals have talked tough about many things but have delivered action on very few. Huawei is a great example. Cybersecurity is another. We see a host of other concerns that would veer off the topic of this discussion, so I will make sure that I keep directly focused on Bill C-26 today. The Liberal government is very good at announcing things, but the follow-through often leaves much to be desired.

We see Bill C-26 before us today. There is no question that action is needed. I am thankful we have the opportunity to be able to debate the substance of this bill in this place. I know the hard work that will be done, certainly by Conservatives though I cannot speak for the other parties, at committee to attempt to fix some of the concerns that have been highlighted, and certainly have been highlighted by a number of my colleagues.

The reality is Canadians, more and more, depend on technology. We saw examples, when there are issues with that technology, of the massive economic implications and disruptions that take place across our country. We saw that with the Rogers outage that took place in July. Most Canadians would not have realized that the debit card system, one of the foundational elements of our financial system, was dependent upon the Rogers network. For a number of days, having disruptions in that space had significant economic implications. It just speaks to one of the many ways Canadians depend on technology.

We saw an example in the United States, so not directly in Canada, when the Colonial Pipeline faced a ransomware attack. A major energy pipeline on the eastern seaboard of the United States was shut down through a cyber ransomware attack. It caused massive disruptions.

Another Canadian example that has been reported in talking to some in the sector was Bombardier recreational products. The Quebec company is under a cyber-lockdown because of hostile actions. There are numerous other examples, whether in the federal government or in the provinces, where this has been faced.

There are a number of concerns related to what needs to take place in this bill to ensure that we get it right. It needs to align with the actions that have taken place in our Five Eyes allies. We need to ensure that the civil liberties question is clearly answered.

We have seen the government not take concern over the rights of Canadians to see their rights protected, their freedom of speech, whether that is Bill C-11. I know other parties support this backdoor censorship bill, but these are significant concerns. Canadians have a right to question whether or not there would be a civil liberties impact, to make sure there would not be opportunity for backdoor surveillance, and to ensure there would be appropriate safeguards in place and not give too much power to politicians and bureaucrats as to what the actions of government would be.

As was stated by one stakeholder in writing about this, the lack of guardrails to constrain abuse is very concerning. In Bill C-26, there is vague language. Whenever there is vague language in legislation, it leaves it open to interpretation. We have seen how, in the Emergencies Act discussion and debate, the government created its own definition of some of the things that I would suggest were fairly clearly defined in legislation. We have to make sure it is airtight.

Massive power would be given to the Minister of Industry in relation to many of the measures contained in this bill.

I look forward to taking questions. It is absolutely key we get this right, so Canadians can in fact be protected and have confidence in their cybersecurity regime.

Madam Speaker, I heard the member talk about Huawei quite a bit. I could not help but reflect on the fact that the former contender to the current leader of the Conservative Party was actually on the legal team to support Huawei through its initiative to try to get onto the 5G network in Canada. I cannot help but wonder why on earth, if the Conservatives are so against Huawei and treat this threat so seriously, the Conservative Party of Canada would green-light—