Bill C-26

Mr. Speaker, I thank the Minister of Public Safety for his speech.

I have a question about the impact of this bill on Crown corporations that are considered to be critical infrastructure companies. What impact will this bill have on Crown corporations?

What are the impacts of this bill on provincial Crown corporations?

I am referring to Hydro-Québec and Manitoba Hydro, for example. What impact will this bill have on Crown corporations?

Mr. Speaker, I would like to thank my colleague for her very important question.

The goal of Bill C-21 is to build a bridge, a collaborative effort between the government, critical infrastructure sectors and the private sector. We developed an approach that includes excellent lines of communication in order to effectively identify the cyber-threats to critical infrastructure that might jeopardize national security and the economy.

In answer to my colleague’s question, we will work with all federal regulators to create a system to protect all critical infrastructure sectors against all cyber-threats.

Mr. Speaker, I think we are happy to see the government finally tackle the issue of cybersecurity. I am not necessarily saying that it is too little, too late, but I can say that we have waited a long time. We applaud the idea of forcing Internet providers to adopt better practices, and to that we say kudos. We all agree on that.

However, why does the federal government always have to react rather than be proactive?

We have been talking about 5G and Huawei for years. Hydro-Québec has been fending off daily computer attacks for years. We have known for years that China has been gaining power and interfering more and more. In short, we have known for years that Canada is extremely vulnerable in terms of cybersecurity.

How is it that, in this postnational system, everything always happens reactively, not proactively?

Mr. Speaker, with all due respect for my colleague, I would like to point out that the government is always vigilant when it comes to any type of threat, including cyber-threats.

For example, in 2018, we created the national cyber security strategy. That is what I was talking about in my speech. The pillars of this strategy, which is used to respond to all risks, include resilient security systems, an innovative cyber ecosystem and Canadian leadership here and around the world.

We have taken concrete action to protect against the risks posed by certain actors that are not aligned with Canadian interests. We are now prepared to take the next step by introducing this bill to better protect our critical infrastructure. This excellent and effective measure will be implemented in collaboration with all federal regulators and the private sector.

Mr. Speaker, folks would find that it is pretty easy to get agreement here on the idea that there is more to do in respect of cybersecurity. Where some of us may part ways is on the extent to which the government, while increasing its power to act, has not built into the bill corresponding checks and balances on its authority. Indeed, many of the orders it would give itself the power to issue under this act are secret orders. It has exempted itself from some of the normal reporting requirements.

I want to test the minister today on his openness to amending the bill at committee to ensure that there are appropriate checks and balances commensurate with the new and quite wide-ranging powers the government is proposing to grant itself in Bill C-26.

Mr. Speaker, I look forward to collaborating with the hon. member and other parliamentarians on the debate of this important bill, including at committee stage. Without question, whenever the government takes decisive action to meet the threats posed in the realm of cybersecurity, there does need to be corresponding transparency and an articulation of the reasons we are taking that action.

He is quite right to underline that there would be new authorities contained in this bill. However, those new authorities we would propose to create are in direct response to the gaps that currently exist, as I outlined in my speech. We need to do both in lockstep: address the gaps posed on the landscape of national security in the context of cybersecurity but also be transparent about that.

I point out that there are independent bodies, for example NSICOP and NSIRA, so that where the government is taking steps that implicate national security, there can be accountability. This is the way we can achieve both objectives. It would ensure the confidence of all Canadians that this is an appropriate measure to seize the opportunities there, as well as to manage the risks manifested in our landscape.

Mr. Speaker, I wonder if the minister can provide additional comments on the importance of the Five Eyes nations, the countries we work closely with, and give a different perspective on what he believes and why he believes it is important that we walk in step with those Five Eyes nations.

Mr. Speaker, this question allows me to highlight how Canada is co-operating with like-minded democracies around the world, both in the context of the Five Eyes relationship as well as the G7. I had a chance to meet with both counterparts very recently, one in Washington, D.C., and then, about two weeks ago, in Germany. It is without doubt that all the democracies within these multilateral forums are thinking very hard about how to manage threats in cyber, including ransomware, including the spread of disinformation and including the efforts of hostile actors to engage in cyber-espionage and the like.

The way we are advancing that collaboration is through information and intelligence sharing as much as possible, so that we can push back against efforts to attack our economies and to attack Canadian interests, etc.

Even as we present Bill C-26 for debate, to take decisive action here at home domestically by addressing the current gaps within our cyber-realm, we are also collaborating very robustly with partners around the world who are like-minded in managing these threats.

Mr. Speaker, I just have a couple of quick points.

First, I would correct the minister. He referred to it as Bill C-21 a couple of times earlier in his speech. I think that maybe it is on his mind. He knows that there are great changes that need to be made or scrapped out of that bill.

As for the references he talked about in his speech, to Huawei and 5G, obviously the government finally decided to ban Huawei from our 5G network just in May.

Why did it take the government so long? It was tabled here. A motion was passed in the House a year and a half prior to its making that decision.

I am just interested to know why it took the government so long to make such a critical national security decision.

Mr. Speaker, I embrace the urgency of my hon. colleague's question. I also want to thank him for the legislative title correction. Obviously, I am managing a number of priorities, as he well knows.

There is no dispute that we need to advance this debate and to do so thoughtfully and deliberately and urgently. As he will know, we took very decisive action against the risks posed by Huawei and ZTE as they relate to 5G, 4G and 3G networks, and we are going to continue to be vigilant about them.

If he shares that sense of urgency in moving forward, he really ought to study the bill along with his colleagues in the Conservative Party and support it.

At the end of the day, this bill would address those gaps and potential vulnerabilities so that we can manage the risks and, at the same time, leverage the innovative opportunities that lie in wait when it comes to technology.

Mr. Speaker, it is an honour to speak today in the House about Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making other consequential amendments.

This is a critical bill, and I am very happy to see the debate being undertaken today in the House. I do know that cybersecurity is important to the Minister of Public Safety, so I will give him credit for bringing this bill forward. It should be something that is important to all government ministers of every level of government. It is very important that we are having this debate today.

I was provided a briefing from cybersecurity experts from the minister's department just under a year ago. It was very informative about the risk Canada faces in terms of cybersecurity. Just to speak simply, I asked them what would be, in the worst case scenario, sort of a Pearl Harbor moment for Canada. They responded that it would be a cybersecurity attack on our electrical infrastructure or our pipeline infrastructure in the middle of winter. If there were a cyber-attack or a ransomware attack on the infrastructure that keeps Canadians warm in the middle of winter, that would be absolutely devastating, specifically in our coldest provinces, regions and territories in Canada.

Just to give Canadians an idea of the gravity of what we are talking about today and how important it is, not only that we bring forward cybersecurity legislation that builds capacity, but also that it be done right. There was a series of questions before my remarks that outlined a number of the issues in this bill.

I will just outline a number of recent cybersecurity attacks in Canada and also in the United States of late. We know that the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians who were victims of that. There was also a hospital in Newfoundland, in October 2020, where the cybersecurity hackers stole personal information from health care employees and patients in all four health regions, as well as social insurance numbers belonging to over 2,500 patients. Very deeply personal and private data from these hospitals was stolen by cybersecurity hackers.

Global Affairs also most recently was attacked in January 2022, right around the time that Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian, or Russian state-sponsored, actors who were responsible for the cyber-attack on Global Affairs.

That was a very serious attack on another government department. The government is certainly not immune to these types of cybersecurity attacks.

Most famously, I would say, there was a ransomware attack on critical infrastructure in the United States back in May 2021. Pipeline infrastructure was attacked. President Biden issued a state of emergency. Seventeen states issued these states of emergency. It was very serious, and it just shows the capabilities of some of these cyber-threat actors, and the threat they pose to Canadians in their everyday lives and to Canada as a whole, as well as the threat to our allies.

This bill is coming forward in light of the government announcing most recently, in the past year, that it would ban Huawei from our 5G infrastructure. Conservatives and the House of Commons, in fact, have been calling on the government to do that for quite for some time. This legislation would help enable the practical implications of that ban. Again, it is certainly a very long time coming. Had this been done years ago, it would have saved our telecommunications and thereby the everyday users of our telecommunications companies, a lot of pain and a lot of money. I am concerned about the financial impact, although this is critical, that waiting so long to bring it forward would have on everyday Canadians and their cellphone bills, just as an example.

I am the vice-chair of the public safety and national security committee. I championed a study we are undertaking, which is in the process of being finalized right now, of Canada's security posture in relation to Russian aggression. A large part of that study was about cybersecurity. The experts we brought in repeatedly sounded the alarm that cybersecurity is of the utmost importance. It is something that the Government of Canada, the private sector, provincial governments and, frankly, municipal governments must take extremely seriously. It is rapidly evolving. I am going to give some quotes from a few of the experts to the lay the stage of what we are facing as Canadians.

Professor Robert Huebert of the University of Calgary said:

With regard to other cyber threats, we also know the Russians have shown an increasing capability of being able to interfere in various electronic systems and cyber systems of other states. We've seen this with their ability to influence the Ukrainian electrical system prior to the onset of the war in 2014.

This is the other war it engaged in over the last number of years. He also said that we are seeing this in other locations across the globe.

He went on to state:

Once again, it's hard to know exactly how well-defended [Canada has] become in being able to harden that part of cyberwarfare. There's no question, whatsoever, that the attention the Russians and the Chinese are giving this is increasing....

He compared that to the reports we are hearing from our American and British friends and allies who are saying the Chinese and Russians are extremely active on the issue of cybersecurity and involving state-sponsored actors launching attacks against countries like Canada and the United States.

We also had a woman named Jennifer Quaid, who is the executive director of the Canadian Cyber Threat Exchange, which is a private company that supports various companies to help boost their cybersecurity. She talked a lot about cybercriminals. This is an important piece. Even the minister talked about this as well.

First and foremost, she flagged that the Minister of National Defence of the current government said, “Cyber security is one of the most serious economic and national security challenges we face.” Therefore, it is quite a serious issue we are talking about today.

Ms. Quaid went on to say, “cyber-threats are becoming more sophisticated and are increasingly pervasive. Driven by the growth and global adoption of innovative technologies, cybercrime pays.”

She meant that cyber-threat actors can be grouped roughly into two categories, nation states conducting espionage and statecraft through the Internet, and criminals engaging in cybercrime for financial gain.

She went on to say, “It's this criminal element that has commercialized cybercrime”, meaning that cybercriminals and cybercrime have now become a thriving industry. She pointed out that the barriers to entry, the technical expertise needed to be a hacker, so to speak, is increasingly low. She said that several countries now are allowing cybercriminal groups to operate within their borders.

She also named something called a “hacktivist”, an activist hacker, of all things. We may have someone, in the name of social justice, hacking into a fossil fuel company, for example. Imagine if that happened in Canada in the middle of winter to our gas pipeline infrastructure. It would be devastating and deadly, so we have to keep an eye out for hacktivists, as she said.

She also pointed out that 25% of organizations in Canada have reported a cyber-breach. One in four. That is pretty significant. She said that the small and medium-sized enterprises that make up 98% of our economy are also being impacted. Almost 100% of our economy is being attacked in some form or another.

This is really important when we think of big banks and big, wealthy corporations that have pretty good cybersecurity infrastructure and have the money to do so. What feeds them is third party suppliers that may provide the various components or various mechanisms to undertake their important parts of the industry that company is engaged in. They are also at risk. Therefore, if a lower third-party provider of a major telecom is attacked, for example, that may seriously impact the ability of that telecom to deliver its services adequately to Canadians.

She mentioned that 44% of SMEs, small and medium-sized enterprises, do not have any defence. Almost half of our small and medium-sized enterprises, which dominate our economy, do not have any sort of defence and are not even thinking about cybersecurity. That is why today's discussion and this bill are important to be debated and have experts weigh in.

I will also quote Dr. Ken Barker, who is a professor at the Institute for Security, Privacy and Information Assurance at the University of Calgary. He talked a lot about the impact of cybersecurity on critical infrastructure. He mentioned that, in general, it is very vulnerable because it is built on legacy systems that, in essence, predate the Internet. As our legacy systems are getting online, this creates, as he explained, some gaps that hackers can take advantage of, which again puts our critical infrastructure at risk. That came up over and over at committee. He pointed out that our large private companies and our banks are investing a lot in cybersecurity, but again, as he and Ms. Quaid pointed out, it is their SMEs that are the most vulnerable.

I will conclude my quotations here with Caroline Xavier, who is the director of the Communications Security Establishment, which falls under the Department of National Defence. It is the part of government responsible for cybersecurity. Therefore, that she is the head of government cybersecurity is a simple way to look at it.

She said, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses. Cybercriminals trying to probe Canadian systems have been found in Russia, Iran and China, among others. [They] use various techniques such as ransomware”. They are specifically focusing on our critical infrastructure, and they certainly pose, as she said, “the greatest strategic threat to Canada.”

The bill before us would do a number of things. It is quite a large bill, so I will not go into every detail of what it would do, but in essence there are two parts. One would amend our existing Telecommunications Act. Of particular importance, it would give very broad and sweeping powers to the minister of industry to do a number of things. What has been criticized by a number of organizations is a specific part of the bill, which is in the summary, that says it would allow the minister and the Governor in Council to “direct telecommunications service providers to do anything, or refrain from doing anything”.

Those are very broad powers to be given to one minister, so that should immediately put up red flags for all of us. No one should have such vast sweeping powers over our telecoms. Again, I have built the case that we need better cybersecurity, but there is a big question mark here of whether we are giving too much power to one minister, one person, in all of Canada.

The bill also has a whole financial issue involved in it. To do anything, as it said, could have massive financial implications. Big companies such as Telus may be able to afford that, but our small telecoms may not be able to so much. It might bankrupt them. That is not great news, and there would be no financial component, in terms of compensation, for any of these losses, so there is a big question mark there as well.

Also, something of importance I find quite concerning is the way the bill is structured would result in a significant exchange of a lot of information from telecoms to the minister, which he could pass on to various ministers and government agencies. Is that very confidential information? It is certainly the cybersecurity plans. Does that include state secrets? Is it safe that we would be asking our telecoms this?

The second part of the bill involves all critical infrastructure companies in Canada, as was outlined by the minister, including provincial and Crown corporations, and the like, so the bill would really establish the process that all of these companies would have to provide their cybersecurity plans, and there would be a very strict reporting mechanism. We are talking about days, if not a few weeks, to get together these plans and provide them to the minister. There would be annual updates required. If a big company were to change a third-party provider, it would have to, in essence, immediately report that to the minister of industry.

There is a whole host of very cumbersome reporting mechanisms, and I do believe we need some of these, but a question remains, as I have outlined earlier, and the government is not immune to being hacked by cybercriminals. I just outlined three or four incidents when that happened. The bill would take all of our critical infrastructure, and all of companies' cyber-defence plans, along with countless other pieces of personal data of Canadians and others, and we would give that to the government. An argument could be made that this is needed, but where are the protections for that? Where is the defence of government to ensure that this would not end up in the wrong hands or that information is not hacked by cyber-actors?

That is a significant threat that needs to be addressed by the minister, and I was not assured from his remarks that this is something that is front and centre in his objective through the bill.

I would also say that there is a number of civil liberty organizations that have raised serious alarm as well. There was an open letter written to the minister from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Leadnow, Ligue des droits et libertés, OpenMedia, and the Privacy and Access Council of Canada. All of the leaders of research and discussion of our civil liberties, all such major organizations in Canada, were quite alarmed by the bill in many ways and wrote an open letter to the minister that outlined a number of things.

In essence, they said the bill would grant the government sweeping new powers, not only over vast swathes of the Canadian economy, but also in intruding on the private lives of Canadians. To sum it up, and I think they said really quite well, “with great power must come great accountability.” There is great power in the bill, but the accountability side is lacking.

Before I go on to detail some of their concerns, I do want to outline what some other countries are doing. If we look at the U.S. and the EU, they have established similar bills in the past year or so. The EU actually has greater and more significant fines in many ways, and the U.S. provides more prescriptive and strict reporting mechanisms, such as, if a U.S. critical infrastructure company has a ransomware attack, the legislation outlines the company must report it to the government within 24 hours.

That actually might be something we may want to consider for the bill. If we are going to go there, we might as well have it in line with our American allies and make it tight. I do think that a reporting mechanism is one of the most important parts of this bill.

I want to go back to the civil liberties issue. With the government's track record on Internet regulation bills, such as Bill C-11 and others, a lot of people have their backs up about their personal freedoms online and their data, rightfully so. The civil liberties associations are raising some of the concerns that have not been assuaged thus far by the government or the Minister of Public Safety.

In the open letter, they mention that this, “Opens the door to new surveillance obligations”, which is quite concerning. In their view, and this has not been proven, “Bill C-26 empowers the government to secretly order telecom providers ‘to do anything or refrain from doing anything’”, as I mentioned. They believe that, if there was an abuse of this extreme power, it could be utilized by a government with ill intent, not to say that is the Liberal government's intent, but it could be utilized to survey Canadian citizens. It is quite concerning.

They go on in that realm to outline that the powers in this bill allow the administrative industry to terminate who telecoms work for, for example. They believe that could also be applied to individual citizens. They are looking at this and thinking, if a government wanted to punish a group of people, it could call up Telus, and this is very blunt and not overly academic in the way I am explaining it, to direct Telus it cannot do business with these people, cut off their access to the Internet and cut off their cell phones.

It is an extreme worst-case scenario, but it is worth flagging that there may be a bit of a backdoor in this bill that would allow that, should an evil government ever come along that is looking to abuse the civil liberties of Canadians. I would like to see that addressed and have safeguards put in place to prevent that type of abuse, should it ever happen in an extreme circumstance.

They also talk about how it “Undermines privacy” and that there are “No guardrails to constraint abuse”. Again, I think this is an area where opposition parties, in particular, and hopefully government members on the committee, can come together to ensure that there is an ombudsman put in place or an oversight body. We need something where the rights of companies, and more importantly of citizens, are protected from the abuses I have outlined, and there are many others.

There were also a lot of concerns from the Business Council of Canada. It wrote an open letter to the minister on behalf of large companies, and also small and medium-sized enterprises. In essence, what we are seeing is the red tape is extremely high, so we are worried that will impact our small and medium enterprises.

The business community, in general, has said that it seems that this bill, to sum it up bluntly, is all stick and no carrot. It is all hard-hitting. It is going to be super hard on us, and we better comply. I can hopefully go into more details about that in the question part of this debate, but there is no incentive structure built in.

There is no incentive to have companies share best practices with each other. I think the government should be a leader in encouraging the open sharing of best practices and experiences that protect the confidentiality of companies but allow them to share information, so other companies can be better equipped, and we can all work together as one big happy, cyber-secure family.

The Conservative Party of Canada is, first and foremost, concerned about national security and ensuring the federal government takes that leadership role in ensuring that Canada, as a whole, is secure against any possible threat, every eventuality, as the Minister of National Defence likes to say.

We are seeing serious gaps in our military. We can have stronger alliances in our Five Eyes intelligence sharing and other agreements. Certainly, that involves cybersecurity. Canada is vulnerable, like many countries in the world. In fact, most countries are dealing with these problems. The Conservative Party of Canada wants to see a more robust framework to incentivize and enforce reporting mechanisms to ensure our cybersecurity is protected, and to make sure there is not a ransomware attack on our pipelines in the middle of winter, which could kill thousands of Canadians from the cold, for example.

We will be looking to support this bill in going to committee, but I want to make it very clear that, if the issues in this bill, and I have outlined a few of them concerning privacy and impacts to business, are not addressed, the Conservative Party is ready to pull its support immediately and put up a very strong defence to stop this bill from going beyond committee. I want to make that very clear to the minister and the Liberal government.

We will get this to committee to hear from experts because we believe that is important, but it must be fixed. There are serious issues that need to be addressed and amendments that need to be made. I would ask Liberal members on the committee to get to work with us, so we can make this bill what it needs to be and make it better to ensure cybersecurity is protected in Canada today and for years to come.

Mr. Speaker, I do not think there is anyone in society who does not recognize the potential harm of cybersecurity. The issue is how do we ensure we are well positioned to address vital threats to our critical infrastructure. The member opposite says her concern is that we are giving too much power to one individual.

Does the Conservative Party have an alternative to ensure that particular issue is addressed in the form of an amendment? Does the member have any suggestions on that point?

Mr. Speaker, the member is also from Winnipeg, so he is a fellow Manitoban.

As I outlined it in my remarks, it is not just the Conservative Party. We were alerted to this by every major civil liberties organization in the country. They wrote quite an in-depth open letter with over two dozen different concerns that they had, give or take, so we are using the information we are getting from the organizations specifically tasked with protecting civil liberties and privacy and freedoms of Canadians. That is who alerted us to it.

We would like to bring them before committee to make their recommendations. They have made recommendations in open letters. Various organizations with technical expertise have also recommended various amendments to this bill. Again, I am not an expert in cybersecurity, but I do understand Canadians' need to protect their privacy. Therefore, at the committee stage, we will be bringing forward these experts to help us craft amendments. I mentioned in my remarks that perhaps there could be an ombudsman or a specific oversight committee that is built into this.

One last thing is that there is no annual reporting mechanism in this bill, where government would be responsible for tabling a report to Parliament that would outline and give Canadians an idea of what the government has been doing with this bill and what the threat assessment of Canada in the impacts of what the bill has done and what it has seen in the reporting mechanisms from companies. I would say it needs annual reports to Parliament, and we have to craft those amendments with expert witnesses' testimony at committee. I look forward to those discussions.

Mr. Speaker, I have so many questions.

We agree on the principle of the bill, but I do have to wonder about the precautionary principle. Since 2017, the Chinese government has required Chinese companies to hand over any information they collect to its intelligence service. Despite this, the federal government continues to award contracts to Chinese companies like Nuctech, for example.

That was a very important contract, I might add. Nuctech was being asked to install x-ray machines in embassies, precisely where our information must be protected. Information from the embassy could have easily been passed on.

My question for my colleague is this. We currently have an interesting bill before us, although it needs improvement. Should the precautionary principle not be applied more systematically, along with the recommendations made by the Standing Committee on Government Operations and Estimates in its June 2021 report?

Mr. Speaker, the member's question is quite a technical one. The member does mention China and what it has done. I am deeply concerned about Chinese state-sponsored actors who are conducting espionage and looking to steal data and very important national security information from various government departments and individual citizens. That is the reason that all of our Five Eyes allies, with Canada being last, banned Huawei from our 5G infrastructure, because of any possible back-door element.

Because, with all companies that are owned by China, there is, to put it bluntly, an ability for them to direct, for example, Huawei to take all their information. That is why Five Eyes allies, put quite simply, called on Huawei to be banned. They did that before us, and we took a very long time.

I will look more into the specifics. The member was not too familiar with what she talking about. Suffice it to say, the Conservative Party of Canada has been very clear: We need to be very clear-eyed on China, in particular when crafting this bill. It needs to be crafted in a way that offers the most defence for Canadian critical infrastructure against Chinese sponsors, state actors or others.

Mr. Speaker, there is a lot to think about in what the member for Kildonan—St. Paul had to say, and I agree with many things she said, including her concern about the oversharing of Canadians' personal information between government departments. I know that was a significant issue in the 41st Parliament with Bill C-51, when the government of the day introduced security legislation at that time.

I wonder if the Conservative Party today is in a mood to actually protect Canadians against the oversharing of information between government departments and if we might try to find an opportunity in the course of this bill's passage through the House to correct, as we go, some of the defects in that legislation from many years ago.

Mr. Speaker, I appreciate the question from my colleague, who is also from Winnipeg and a fellow Manitoban.

I take the member's point regarding former pieces of legislation that need work. The leader of the official opposition, the member for Carleton, has been very clear in his desire to protect data and the rights of Canadians, especially if we are looking at Bill C-11, which is the Liberal government's attempt to control and regulate the Internet, so to speak. He put forward the very first, very public and very well executed defence of Bill C-11, so I would say that the capability for data sharing between departments and between ministers, which is a large part of this bill, raises a lot of significant privacy concerns of the data of individual Canadians.

We have been very clear that our intentions with this bill and others are to protect those freedoms and that privacy of Canadians. Therefore, that will be the underlying theme of our approach, certainly to this bill during the committee process and in the days and weeks to come.

Mr. Speaker, I want to thank my colleague for Kildonan—St. Paul for taking part in the Manitoba debate that is going on here.

The member commented on SMEs, noting that half of them had no defence and were the most vulnerable. As with the bill I was able to get through last year on SMEs and small businesses, it is very important they have the abilities and rights to protect themselves on this as well. In response to the last question, the member also talked about transparency, which is so important.

Could the member expand on those two areas?

Mr. Speaker, I am enjoying this Manitoba debate. There are a couple of things I would say.

The government, in the last budget of 2021-22, announced about $700 million for cybersecurity. It seems that it is all going to the Communications Security Establishment, which, as I mentioned in my speech, is the government's sort of cybersecurity agency under the Minister of National Defence. It is great. We do need more resources at the government level for CSE. However, I asked the minister if any of that funding was being provided for our small and medium-sized enterprises so they could boost their cybersecurity. The minister never did get a response to my email.

Again, when we are looking at small companies, it is easy for Telus, big banks and others to afford some of these things. However, if we are looking at small telecom providers, like a small Internet provider in northern B.C., the cost to meet the red tape in the bill might put them out of business. Why not take a little of that funding the government has announced and provide it to our SMEs to help them get to the level we need them to be to protect our critical infrastructure? Perhaps we can get a bit creative and look at our tax system to see if there is some sort of capital expense tax write-off or something we can provide our SMEs to help them get there, because we really need to, as I made the case in my remarks, as I am sure others will as well.

I have not heard a response to that. The government is spending the money anyway. It is spending more money than any government in history. Why not provide a little of that to our SMEs to ensure that critical infrastructure is up to par?

Mr. Speaker, we are talking about cybersecurity. This means that there is a lot of foreign interference conducted through cyber-attacks.

Speaking of foreign interference, is my colleague not concerned that, in 2016, after giving a Chinese bank a business licence, the Prime Minister received $70,000 in donations to his riding of Papineau within 48 hours? Is that not interference? In 48 hours, he received donations from outside his riding, specifically from Toronto and British Columbia. Is that not evidence of foreign interference?

Mr. Speaker, I appreciate the investigative work done by the Bloc Québécois on this issue.

We are just learning about the details of this. I am very concerned about the allegations being made, as everyone should be if there is proven to be a connection and it is proven to be true. We are monitoring this quite closely.

I imagine the Parliamentary press gallery and other media sources across the country are digging into this very quickly and as closely, as they should. It is something we are closely monitoring as we learn the details of any possible payoff to the Prime Minister from the Chinese government or other actors from China.

Mr. Speaker, an interesting debate is under way thus far on such an important issue with which we all have to come to grips. As changes in technology take place, we have to take that into consideration. I suspect that legislation dealing with privacy or cyber-attacks will be ongoing. Once the bill goes to committee, I am sure there will be a great deal of dialogue. I anticipate a great diversity of witnesses will come forward with ideas on the legislation.

I will pick up on the point I raised with the member opposite about the concern that the minister had too much power under this legislation. Often, when government brings forward legislation, opposition members bring forward concerns about how power is enhanced through the minister's office.

I have had the opportunity to briefly go through the legislation and I genuinely believe there is the right amount of balance. That is why I posed the question for the member. She suggested of reporting mechanisms, whether through an annual report or a report to a standing committee, and that has merit. I say that because I know there has been a great deal of effort in formulating this legislation. If there are ideas that would enhance or make the it that much stronger, we should be looking at that. I do believe the ministry is open to that.

When the member was quoting, I wondered where those quotes were from. She used those to amplify fears that one might be challenged to justify. For example, the member referred to an “evil government” based on quotes she had received. I am not saying it is her opinion, but she has raised it, saying this is a quote from some third-party organization and if we believe in that quote, it could lead to an evil government. We have witnessed that a great deal from the Conservative opposition on a variety of different issues, as if there is some sort of conspiracy. There is no conspiracy, contrary to what the member said, at least in one part of her speech. The government is not out to spy on Canadians.

The government takes the issue of the privacy of Canadians very seriously. We have brought forward legislation to that effect. This government has spent tens of millions of dollars on cyber threats. The government has had working groups and advisory groups dealing with cyber threats. We recognize the changes in technology and the impact they have had on society. I have said in the past that if we were to look at technological advancements, we would be challenged to find an area that has been as advanced as computer Internet technology. Just the other day, I was speaking to a private member's bill, saying that 10 or 20 years ago there were no such things as iPhones.

I note the member for Winnipeg South Centre is listening. He will recall that when we were first elected back in 1988, there was a big computer purchase of $5,000 made through Reg Alcock. We had a wonderful computer with a laser printer, which came with a keyboard and a mouse. At the time, when logging into the Internet with that wonderful and beautiful computer, the first thing we would hear was a dial tone. Then we would hear that stupid clicking sound, which meant we were actually connected to the Internet. We were all fairly impressed with that computer, and there were about 20 of us at the time.

We can compare that to where we are today. People can buy a laptop for $500 that has abilities and technological advancements more than tenfold of what we paid $5,000 for, with that long dial-up connection. In fact, people can purchase something brand new for $250 that is hooked into the Internet and running at a rapid speed. It is not even comparable to what it was.

There is so much advantage to technological change, but with that change comes risk, which is the essence of what we are debating through Bill C-26. Even though society has benefited immensely, we need to recognize there is a significant risk factor. That risk factor not only applies for the individual who might be surfing the net today, but it also applies to military operations taking place in Ukraine today.

Computers today are not optional. The Internet is not optional. They are essential services. That is why the Prime Minister, or one of the other ministers, just the other day made reference to the percentage of Canadians who were hooked up with high-speed connections and how we had literally invested billions to ensure that Canadians continued to get that access, with a special focus on rural Canada. We recognize that because it is no longer optional; it is an essential service.

The digital economy varies significantly. If we want to get a sense of this, we can turn to Hollywood and like-minded productions found on Netflix, CBC or the more traditional media outlets. We can look at some of the movies and TV shows out there. The other day I was watching an episode of a show called The Blacklist, which is all about cyber-attacks. I suspect a number of my colleagues might be familiar with that show.

One member talked about hydro. Manitoba, in fact all of Canada, should be concerned about our utilities. Through Hollywood productions, we are better able to envision the potential harm of cyber-attacks. A well focused cyber-attack can deny electricity to communities. It can shut down things that should never be shut down.

We talk about the sense of urgency. One would expect there will be mischievous lone individuals working in their basements, or wherever it might be in society, challenging systems. However, we also have state-sponsored cyber-attacks, and we should all be concerned about that.

In fact, that is why it was comforting when the minister made reference to the Five Eyes. I caught on right away that there are like-minded nations. Canada is not alone. There are like-minded nations that understand the importance of cyber-attacks and the potential damage that can be caused.

I will get back to the international side of things later, but when we think of what is at risk, think of digital data. Digital data comes in many different forms. One of the greatest collectors of data is Statistics Canada, an organization that invests a great deal in computers and technology to protect the data it collects from Canadians. Statistics Canada is actually respected around the world for its systems. It has absolutely critical data, and that data is provided to a wide spectrum of stakeholders, obviously including the national government.

Let us think of health organizations, the provinces and the collection of health records, or motor vehicle branches and passport offices. All of these government agencies have, at the very least, huge footprints in data collection.

Those are government agencies. We could also talk about our banking industries or financial industries. We can think of those industries and the information that is collected from a financial perspective when people put in an application for a loan. All of the information they have to provide to the lender, such as their history, is going into a data bank.

There is also the private sector. The other day we were talking about apps. One example is Tim Hortons. We were talking about it, as members might recall. The Tim Hortons app is fairly widely downloaded, and there is a lot of critical information within it. Canadians need to know, whether it is a government agency or private agency, that governments at all levels, in particular the national government, have their backs. That is the reason I started off by giving a very clear indication that even though Bill C-26 is before us today, we have been investing substantial financial resources through other types of legislation to provide assurances to Canadians so they know their information is in fact being protected.

There are actions on the Internet today related to our small businesses. The member opposite made reference to this and asked how the government is supporting small businesses. If a person has a small business today, chances are they are on the net. More and more consumers turn to the net for widgets and a multitude of different services.

As a result of that, there has been a great demand on small businesses. That is why we have a Minister of Small Business who looks at ways to not only provide tax relief but provide support. Sometimes it is done directly through financial measures and sometimes it is done indirectly by providing resources. However, let there be no doubt that there is support coming from the government. Whether it be a small, medium or large business, the government has a vested interest. We will do what we can. A good example of that is the individual who uses an ATM card when they make a small or large purchase at a small business.

The attacks we are talking about today can take many different forms. The digital economic side is definitely one of them, but there is also a social component to the Internet. When I think of the social component, I think about issues of privacy and of communications through, for example, social media. Again, Canadians have an expectation that the government is going to be there for them. Cyber-attacks take place in areas we all need to be concerned about. As I said, the more advanced we become, the more risk there is.

There are a lot of things that take place on the net that we need to be aware of and take action on. The exploitation of children is an example. That needs to be taken into consideration.

In the legislation, there is a very strong compliance component. As I raised, the minister would have the authority to make some things happen with our telecommunications companies and tell them to stop. I think that sort of action is necessary at times.

There is also a financial component so we can ensure a penalty is put in place as an incentive for people to abide by the legislation and the regulations, which are all there for one purpose and one purpose alone: to protect Canadians and institutions from risk. That is why we are investing in cybersecurity, ensuring respect for the privacy of Canadians and supporting responsible innovation.

We will continue to protect Canadians from cyber-threats in an increasingly digital world. This legislation is one aspect of what the government is doing to accomplish that. I believe that state-sponsored cyber-threats are one of the greatest concerns and one of the reasons we need to work with allied countries. I made reference to the Five Eyes. There are democratic, free, allied countries that recognize the potential harm of cyber-threats sponsored through governments. This legislation really sinks its teeth into that.

I hope that all members will get behind this legislation so we can ultimately see its passage to the committee stage. An official opposition member has indicated there is a great deal of interest in reviewing the legislation, the idea being to come up with ways to ultimately make the legislation better.

Mr. Speaker, I am frustrated with this bill given the fact that it does not lay out a lot of specifics. It states that there is a problem, and I think we all agree with that, but the government's solution to that problem is to hand the minister a lot of power so the minister can do amazing things. Is the member not concerned that the bill does not have the details we need to prevent some of the very things he was talking about?

I think about Ski-Doos and Bombardier, which is an iconic Canadian company. It has been the victim of one of these targeted cyber-attacks. I do not think there is anything in the bill that would have prevented that or held the people who perpetrated it to account.

Mr. Speaker, I do not necessarily know the details of the case the member has referenced, but what I can say is that even the Conservative critic acknowledged that certain aspects of the legislation would ensure there are financial penalties and opportunities for the minister to virtually stop an action from taking place. Am I concerned that there is overreach? I do not personally believe there is, but I think there is some merit in having that discussion at the committee stage.

I posed a question to the member: If the concern is that there is too much power for the minister, what would the Conservatives do differently? I recognize the fact that in a cyber-attack, often it is necessary to take fairly strong action in an immediate fashion. I think all members recognize that fact. The issue is whether there is something the Conservatives would like to see to provide an additional sense of security.

Mr. Speaker, I thank our colleague for his speech, which was a real voyage of discovery. One moment we were in Hollywood, and the next we were at Tim Hortons.

I will do him one better. I will take us on a journey across the Pacific all the way from China to the riding of Papineau. I worry about interference, as does our colleague, I am sure, because he supports a cybersecurity bill to reduce digital vulnerability.

Is my colleague concerned about the fact that, within the same time period, the federal Liberal association for the Prime Minister's riding of Papineau received donations from China and a Chinese bank got permission to set up shop in Canada?

I have a second question. Does the member believe in chance and coincidence?

Mr. Speaker, I think Bloc members are hanging around the Conservatives too much. It is usually the Conservatives who go under all the rocks and have conspiracy theories.

I, for one, see the legislation for what it is. It is an attempt by the government to ensure that we can effectively deal with the threat of cyber-activities, whether they are state-sponsored or from individuals. That is a very strong positive and is absolutely not unique, as other countries around the world are doing likewise in bringing forward legislation of this nature.

In terms of the member's conspiracy theory, I will leave that for another member on another day.

Mr. Speaker, I think we all agree that Canada is ill-prepared to deal with cybersecurity threats. I am comforted to hear that we are all on the same page. However, we are falling far behind other similar jurisdictions, such as France and the U.K. Their ability to intercept and respond to cybersecurity threats is much more enhanced to protect their countries.

Again, we are glad to see this moving forward, but I am a bit concerned about the government granting ministers so much broad power, especially the Minister of Public Safety and the Minister of Industry. I just want an assurance for Canadians that these powers would not be applied unjustly to them. Also, would the member and his party be willing to work with the NDP to bring forward amendments at committee to make sure there are protections for everyday Canadians?

Mr. Speaker, I suspect there would be a great deal of will to continue working with the New Democrats in the House in a minority situation. The NDP has taken a very responsible approach to dealing with the government-sponsored legislation. Where there are changes that make sense, I suspect the ministry would be open to how we could address concerns.

Having said that, it does not mean we are looking for NDP amendments. As it has been pointed out, whether it is the official opposition or the Bloc, this is legislation that we brought in today at second reading. We hope it will pass at some point so it can go to committee stage, where I expect there will be a great deal of interest from coast to coast to coast on this legislation.

I look forward to the contributions of others and their ideas and thoughts going into it, like the member for Kildonan—St. Paul had regarding an annual report that comes from the minister and how that might be incorporated into the legislation. The sooner we can make the ministry aware of some of those ideas, the better it is.

Ultimately, it will go to committee, and there will be representatives from the minister's office there. It will be a wonderful opportunity to get the feedback we are all looking for. If there are chances to make it a healthier and stronger legislation, I am sure the government would act on that.

The hon. member for Saint‑Hyacinthe—Bagot on a point of order.

Mr. Speaker, that is twice now that my colleague has accused me of subscribing to conspiracy theories. With all due respect, I would ask that he withdraw his remarks.

I understand the member for Saint‑Hyacinthe—Bagot's request.

The hon. parliamentary secretary.

Mr. Speaker, I will withdraw the comment.

Mr. Speaker, 85% of Canada's critical infrastructure is owned by the private sector, provinces and non-governmental agencies.

Does my colleague think Bill C-26 will help standardize cybersecurity practices to better protect systems and services pertinent to Canada's cybersecurity?

Mr. Speaker, as the member highlights, when we talk about infrastructure, the whole digital economy and what government does, it would be negligent not to recognize the significance of the private sector and how the private sector feeds into it. In fact, it is a major player of 80% plus. That is why, when we talk about the government's role, ensuring that the national infrastructure is safeguarded against cyber-threats is of the utmost importance. That is the essence of the legislation, along with ensuring that Canadians', business's and governments' interests are well served.

Mr. Speaker, in regard to my colleague from Kildonan—St. Paul's speech, she talked about how the government has brought this bill forward with a lot of sticks in it and no carrots. I am looking for incentives that would improve it.

Is the government open to amendments on this particular bill? If so, what would be its theme to bring forward some issues to improve the bill's transparency?

Mr. Speaker, I have made reference to the idea, and I hope it will be discussed at committee stage in terms of a reporting mechanism. I get the sense, based on questions for both me and the minister, that there is some concern related to that. We will have to wait and see if that comes forward through committee.

At the end of the day, I think it would be nice to see the legislation pass at some point, where the committee is given the opportunity to provide its recommendations and thoughts on the legislation.

Mr. Speaker, before I begin my remarks, I request that you seek unanimous consent for me to split my time with the member for Windsor West.

Is there agreement for the member to split his time?

The hon. member for Elmwood—Transcona.

Mr. Speaker, with thanks to the chamber, I am pleased to rise today to speak to Bill C-26.

Cybersecurity is a topic that is very much on the minds of many Canadians. It is something that many of us have had experience with in our personal lives, or we know somebody who has. Certainly, as MPs, we hear from folks who have fallen prey to various kinds of cyber-attacks online. We know it is a burgeoning criminal industry to take advantage of people online, grab their information and impersonate their identities. Canadians deserve to be protected from this kind of crime.

We also heard about the impact that cybersecurity attacks have had on our commercial industries. One of the examples that stands out in my mind of particular concern was the 2017 cyber-attack on Equifax, where the personal and financial information of thousands of Canadians was obtained illegally. It is an obvious concern for folks when they find out that a company they trusted with their personal information has been subject to this kind of attack.

We also know that our government has not been immune from these kinds of attacks. Hospitals and Global Affairs Canada have been the object of successful cyber-attacks. Earlier this fall, the House of Commons had a cyber-attack. MPs were warned about changing their email passwords for fear of information in their work accounts being exposed to outside eyes and ears that would find out what was going on in those accounts.

There is no question that it is a real issue. There is also no question, when we talk to experts on the file, that Canada is a laggard in respect to cybersecurity. There have been many debates in this place about the role of Huawei, for instance, in our 5G infrastructure. The government did finally take a decision on Huawei, I think the right decision, although late in the game with respect to our other Five Eyes allies. The idea with this legislation is that the government needs more legal authority in order to implement that decision. Of course, there are a number of ways it can do that.

The bill, as it stands, is not ready to go, but New Democrats are happy to send it to committee where we can hear from experts and try to improve it. When I say it is not ready to go, in my view, it is that for as long as it took for the government to reach a decision on Huawei, it clearly was not doing any work alongside its deliberations on Huawei to prepare for banning it. This legislation would largely give a broad, sweeping power to the Minister of Industry to decide later what exactly the government will have to do in order to ban Huawei and respond to other kinds of cyber-threats.

There is not a lot of detail in the legislation, and that is something we have seen from the government on other fronts. We have seen it on unrelated items, like the Canada disability benefit. It drafted a bill that had no content on the program. The attitude is “trust us and we will get it right later”. However, we also see a litany of problems with the way the government manages its business, whether we go all the way back to the SNC-Lavalin affair and the question of deferred prosecution agreements or other ethical issues that have come up in the context of this government.

I think Canadians are right to have a certain distrust of the government. The answer lies in mechanisms that impose accountability on the government, and those are very clearly absent from this legislation. In fact, not only are they absent from the legislation but the government also very explicitly exempts itself from some of the current types of accountability that do exist.

For instance, it exempts itself from the Statutory Instruments Act, which would make it possible for the parliamentary regulations committee to review orders that the minister may issue under the new authority granted to him in this act.

Therefore, not only would there be no new accountability measures commensurate with the new powers the government would be giving itself, but it would also be exempting itself from some of the accountability mechanisms already there. The government is also explicitly letting Canadians know its intention in the legislation to give itself the legal authority to keep those orders secret. Therefore, we have to contemplate the idea that there will be a whole branch of secret orders and laws that govern the telecommunications industry that Canadians will not know about, and the telecommunications companies may not have an adequate awareness of them.

Where I would like to go with this is to talk a bit more broadly about the Internet and about privacy rights on the Internet. When the new Canada-U.S.-Mexico trade agreement was signed, there was a number of provisions in that agreement that went too far in shoring up the rights of companies to keep their algorithms secret, for instance. There are other kinds of IP protections, or protections that are sold as IP but really mean that it is harder to get a transparent accounting of how companies operate on the Internet and of the artificial intelligence they use to navigate the Internet.

There is a way of dealing with the Internet that prioritizes secrecy for commercial purposes, but that same secrecy also breeds more opportunity for malignant actors on the web to go about their business and not have to worry they will have to expose what it is they are doing. Whereas, if we look to the European Union as another model, for privacy and conducting business on the Internet, there are a lot more robust protections there for the private information of consumers on the Internet, and there are a lot more reporting requirements for actors on the Internet.

The problem with the bill as it is written here is that it would be trying to fight secrecy with secrecy. When firefighters show up to a house that is on fire, they do not usually show up with a flamethrower. They show up with something else that can fight the fire instead of accelerating it.

I do not think Canadians, who are concerned about malignant actors on the Internet and the ways that they are able to exploit the dark corners of the Internet and the back doors of software, also think that the way to fight that is to let the government do it in secret without any reporting. Canadians are not thinking that, with less information available about actors within the digital space or government actions against cybersecurity threats, they are better off if they do not know what the actors on the Internet are doing, and they do not know what the government is doing about it.

The problem with the bill as written is that it would double down on the approach that we saw in CUSMA. It was about privacy for actors on the Internet and privacy for the government in how it deals with it. Instead, it could take a more open-source approach to say that the way forward on the Internet has to be that digital actors have to be upfront about the kind of business they are conducting on the Internet, the ways they do it and the algorithms they use. Governments, likewise, could then be pretty transparent about how they would deal with people who were non-compliant or who were breaking the rules.

New Democrats are concerned to see, along those broad lines, an approach to the Internet that says transparency and accountability, both for private actors and for public actors, is the way forward. Digital consumers deserve to have this information at their fingertips, so they understand what people are going to be doing with the information they enter on their computer, whether that is to purchase a book, get a loan or whatever kind of business they are doing on the Internet. They should have more rights to know how that information is handled, and the role of the government in keeping that information secure, rather than being told not to worry about it, because commercial interests have their best interest at heart, the government has their best interest at heart, and they do not need to know what is going on.

That is why the bill should go to committee, to be sure, because Canada does need its government to have the authority to implement the decision on Huawei and to do better in respect of cybersecurity. There is a lot of good work for committee members to do there, and a lot of amendments that ought to be made to the bill in order for it to pass in subsequent readings.

Mr. Speaker, I share a number of the hon. member's concerns, but I want to ask him about some of the major threats we have seen in cybersecurity. I am frustrated because the government has a lot of the tools already at its disposal to go after people who are threatening our cybersecurity. We have seen the shutdown of pipelines and major companies across this country. Rogers Communications was shut down.

Is the member not at all concerned about the lack of ability of law enforcement to chase down the bad actors that are pursuing some of this stuff?

Mr. Speaker, there are only so many things that can be fixed with legislation. Legislation is a necessary component of the solution, but it is not sufficient on its own. We see that in many areas. Despite the fact that we have made good laws in this place against certain kinds of crime, nevertheless, those kinds of crimes persist, so of course enforcement is an important part of that question and requires the attention of and resources from government. When those resources are not made available, it matters very little the kinds of laws we pass in this place, because the other necessary component is on the enforcement side.

I share the member's concern for proper enforcement of the laws we pass in this place.

Mr. Speaker, we are talking about Bill C‑26, which deals with national security, and discussions about national security inevitably include the issue of interference from elsewhere, from other countries. Security threats can be internal as well as external.

With respect to external threats, there is a lot of talk right now about the possibility that China interfered in our elections. Earlier, some of our colleagues mentioned that, a few years ago, the Prime Minister received nearly $70,000 in donations immediately after a bank that offers services specifically to Chinese Canadians set up shop in Canada. The donations, which were mostly from people with Chinese names, were made on the same day and within hours of the bank being authorized to open.

Does my colleague find that strange? Is he concerned that there might have been some kind of interference? It is hard to believe that this happened by accident and that it was all just a fluke.

Mr. Speaker, I thank my colleague for his question.

I think that type of coincidence is always a concern. We have mechanisms in place to launch investigations when warranted. I would encourage my colleague to submit his evidence to the authorities who could look into this, because that is the most appropriate way to ensure that the wrongdoing that the member mentioned in his comments has not taken place.

Mr. Speaker, my hon. colleague spoke during his intervention about the need for greater government accountability in the bill, and I am wondering if he could provide the House with an example.

Mr. Speaker, at the very least there has to be some kind of accounting for and public disclosure of the number of orders the government is making under these new powers. That is just one example, a very minimum reporting threshold.

The idea that any number of these orders could be made and Canadians would not even know they have been made or how many have been made is not acceptable. There has to be some reporting of the extent to which these powers are used, or there will be no factual basis upon which to evaluate whether the powers have been appropriate or adequate, or whether they need to change in the future.

Mr. Speaker, I am please to speak today to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.

It is really important to acknowledge that we are severely behind with regard to our protections in this matter. I am going to quote from myself, from when I once engaged the government and asked them this. “I am very concerned that we are not doing enough in Canada to protect the digital privacy of Canadians and am calling on the government to develop stronger frameworks and guidelines to improve cyber security in Canada. These are critical issues that must be addressed”. They must be addressed for the benefit of Canada, as our economy and commerce are currently under threat, as is our personal privacy.

When did I do that? That was in 2016. From 2016 to today, with the digital changes we have had, is a lifetime of change.

I got a response from the government at that time, basically saying it would refer matters and let them play themselves out in court.

One of the most famous cases that came forward at the time involved the University of Calgary, which had reportedly paid $20,000 in compensation to a group of organizations we do not know to protect the breach they had.

What has taken place over several different cases and also in our current laws has shown that it is okay to pay out crime and it is okay to pay out these types of requests for extortion and not even refer that matter back to the people whose privacy has been breached. We do not even have to report it as a crime to law enforcement agencies. It is very disturbing, to say the least. Getting this legislation is something, but it is still a long way off.

As New Democrats, we recognize very much that there needs to be balance in this. This is why I also wrote at that time to the then privacy commissioner of Canada, Jennifer Stoddart, about the cyber-attacks and data breaches.

There is concern about the amount of data and one's rights and one's protections and the knowledge one should have as an individual in a democracy. I do not think it is a conspiracy theory to have those kinds of concerns.

I would point to a simple famous case. As New Democrats are well aware, and I think other Canadians are as well, our number one Canadian champion of health care, Tommy Douglas, was spied upon by his own RCMP at that same time. That was in relation to bringing in Medicare. This is very well documented. We still do not have all the records. We still do not have all the information, and it is a very famous case.

Bringing in our number one treasured jewel, health care, led to a case where our own system was spying on an elected representative who was actually declared Canada's greatest Canadian by the public. We do not want to forget about those things because, when we are introducing laws like this, there is a real concern about one's ability to protect oneself and one's privacy, as well as the expansive conditions that are going to change, often with regard to personal privacy.

What also took place after that was that I was very pleased, in 2020, to put a motion forward at the House of Commons industry committee, where we studied, for the first time in Canadian history, fraud calls in Canada.

There are a lot of cyber-attacks through this type of operating system, and we need to remind ourselves that using this type of system, being our Internet service providers and the telecoms sector, is something that is done by giving up the public infrastructure and a regulated system of industry.

We have built a beast, in many ways, that has a low degree of accountability, and we are finally getting some of that restored. There are also some new programs coming in, like STIR/SHAKEN and other types of reporting that is required.

I want to point out that since we have done that, we have another report that will be tabled, or at least a letter. We have not decided yet, and there is still work going on, but we have had a couple more meetings in the industry committee about it and we have really heard lots of testimony that showed that there is more work that can and should be done.

A good example from the previous report that we did was recommendation number five, which went through sharing information between the RCMP and the CRTC. We have not seen the government act on it.

It is important to note that with this bill there has been a lot of talk about the types of things we can do internationally, as well. One of the things I would point out that I have been very vocal on, because I have had Ukrainian interns in my office for a number of years, is that we could use a lot of our leverage in terms of cybersecurity and training to help them to deal with the Russian hacking and other nefarious international players. That would not only help Ukraine right now in the war with Russia. It would also help with the other activity that comes out of this subsequently, which would help the world economies by having trained, solid professionals who are able to use their expertise and battle this with regard to the current state of affairs and also the future. This would be helpful, not only for the Ukrainian population but also for the European Union, Canada, North America and others, who will continue to battle more complex artificial intelligence and other cyber-attacks that take place.

One of the things I want to note is that in the bill, a proposed new section 15.2 of the act would give the Minister of Industry and the Minister of Public Safety the authority to make several types of orders. It relates to guiding TSPs to stop providing services if necessary. This is a strong power that we are pleased to see in this type of legislation.

What we are really concerned about, as the member for Elmwood—Transcona noted, is that there is no general oversight of the type that we would normally see on other types of legislation. Scrutiny of regulations was the one referred to. For those who are not familiar with the back halls and dark corners of Parliament, there is a committee that I was one of the vice-chairs of at one point in time. The scrutiny of regulations committee oversees all legislation passed in the House of Commons and ensures that the bureaucratic and governmental arms, including that of ministers, whatever political colour they will be of at that time, follow through with the laws of the legislation that is passed. Making this bill not have to go through that type of a process is wrong. I would actually say it is reckless, because the committee has to do a lot of work just to get regulatory things followed on a regular basis. It can be quite a long period, but there is that check and balance that takes place, and it is a joint Senate and House of Commons committee. It is unfortunate that the legislation tries to leave that out.

The legislation also does not have the requirement to gazette information in terms of making it public for the different types of institutions. That is an issue, and it also has a lot of holes when it comes to information that can be withheld and shared.

Why is that important with regard to confidence in the bill? It all comes down to the fact that many of the institutions at risk of being targeted involve not only the private sector, where we have seen not only abuse of customers themselves, or businesses with lax policies that do not protect privacy very well, but also others that have used abusive techniques and processes. Even right now, it is amazing when we think about the information in the process that is going on in the United States. The U.S. Senate is going to oversee the issue with regard to Taylor Swift tickets and Ticketmaster again. That is another one that has had a nefarious past with regard to privacy, information and how it runs its business. People can go back to look at that one, with Live Nation and so forth. At any rate, the U.S. is also involved in this.

I raised those things because it also comes from the soft things like that, which are very serious with respect to credit cards and to people's personal information that is shared. However, across the world and in Canada we also have municipal infrastructure and government institutions that are constantly under attack. That is very important, because it is not just the external elements with regard to consumer protection and business losses, which are quite significant and into the billions of dollars. It is also everything from water treatment facilities to health care facilities in terms of hospitals and utilities for power and hydro. All those elements can be used as targets to undermine a civilian population as well, and one of the things we would like to see is more accountability when it comes to those elements. There is definitely more to do.

One of the things I do not quite understand, and which I am pleased to see the government at least bring to committee, is what we could do to educate the population.

Our first intervention on this bill as New Democrats was several years ago, and it is sad that it is just coming to fruition now.

Madam Speaker, I am a little concerned with some of the elements in Bill C-26 that seem overly broad. They give the government powers to secretly order providers to do things or refrain from doing things, without any transparency. Does the member share my concern?

Madam Speaker, I do. For us to get fully engaged in this, we want full accountability, clarity and a playbook so everybody understands the rules. We want to deal with some of the stuff and provide some leverage for law enforcement and investigations to take place, but there has to be a set of rules and that needs to be backstopped by parliamentary oversight. Where it stands right now, it is not backstopped by parliamentary oversight.

Madam Speaker, I would like to follow up on that question. When the minister is called upon to instruct a provider to take a specific action, that would often be required because something has happened in the environment. If the minister does not have that authority, then the opposition might be somewhat critical of the minister not taking action.

I wonder if the member feels that it is necessary in the legislation, or does he believe we should have it, but we need to amend it in some fashion to ensure it is not abused. Is that what I am hearing from the member?

Madam Speaker, absolutely, but if we are going to give some flexibility in power for the minister to act, it has to be responsibly met with oversight, and that has to be heavy oversight. That will provide the confidence.

That is why I wrote to the Privacy Commissioner right after I challenged the government back in 2016 to act on this. We have seen how long it has taken for it to act on this now, so we need to have that confidence. It is a two-way street. If we have the confidence of privacy and protection for people, with oversight, then I think people will be more willing to accept that there could be some changes with respect to how investigations take place.

Madam Speaker, a group of organizations, including the Canadian Civil Liberties Association, OpenMedia and Leadnow, have written an open letter calling for improvements to Bill C-26. One of the items they call out is that secrecy undermines accountability and due process.

The member for Windsor West spoke a bit about this in his speech. Could he share more about the suggested improvements that would ensure better public reporting as part of Bill C-26?

Madam Speaker, I have a book that we use for privacy protection and it is available to everybody. It was written by Kevin Cosgrove. It is a playbook for people on how to protect themselves and their families from a whole bunch of different issues, whether it be WiFi, online banking, shopping, social media, a whole series of things. The reason I use that as a specific example is that a ton of education has to be done. That has to be done for this bill as well. There needs to be a defined playbook of accountability, like going to the Standing Joint Committee for the Scrutiny of Regulations and ensuring there is oversight for the minister. All those things have to be really enhanced to build the confidence so we all buy into this.

Madam Speaker, I want to thank the member for Windsor West for all his hard work on this. Definitely, when it comes to protecting Canadians, he is the right person to do it.

I wonder if he would expand on clause 15.2 with respect to no general oversight and what the risk is to Canadians if that is not in place.

Madam Speaker, It has been fun to work with my colleague on some of these issues. We need a lot of public education related to this going forward.

That section again is just too weak. It provides too many holes. There should be a way to get back to a process of ensuring the minister is held to account. That is one of the things where we are looking to expand powers, but, again, we really need a lot more public education with respect to cybersecurity.

I know it is one of those issues that when we hear it, our eyes fog up, or they roll back in our heads and we think it is just too complicated for us, that there is always something happening, but we really need to engage Canadians on this. That includes engaging the government to ensure it understands that it has to teach residents about the bill and its repercussions as it goes forward.

Madam Speaker, I will be sharing my time with the hon. member for Vaughan—Woodbridge.

It is a true privilege for me to add my voice to the debate on Bill C-26, an act respecting cybersecurity, on behalf of the residents of my riding of Davenport, many of whom have written to me through the years about their concern around cybersecurity and the need for additional protections at all levels of government.

This bill represents the latest step in the government's constant work to ensure our systems, rules and regulations are strong and as up-to-date as possible. That is especially important when dealing with a topic as fluid and rapidly evolving as cyber-technology. We have known for quite some time we would need to be constantly vigilant on this issue.

In 2013, the government established the security review program operated by the Communications Security Establishment. In 2016, we conducted public consultations on cybersecurity. In 2018, we released the national cybersecurity strategy. In 2019, we allocated $144.9 million through budget 2019 to develop a critical cyber systems framework. In 2021, we completed an interdepartmental 5G security examination, which recommended an updated security framework to safeguard Canada's telecommunications system.

A cornerstone of the updated framework is an evolution of the security review program. It would allow for continued engagement with Canadian telecommunications service providers and equipment suppliers to ensure the security of Canadian telecommunications networks, including 5G. As a result of this multi-year work, to address these identified concerns and improve Canada's cybersecurity posture, including in 5G technology, we introduced Bill C-26.

The bill is intended to promote cybersecurity across four federally regulated critical infrastructure sectors: finance, telecommunications, energy and transportation.

Bill C-26 consists of two very distinct parts. Part 1 introduces amendments to the Telecommunications Act that would add security as a policy objective and create a framework that would allow the federal government to take measures to secure the telecommunications system. Part 2 introduces the critical cyber systems protection act, which would create a regulatory regime requiring designated operators in the finance, telecommunications, energy and transportation sectors to protect their critical cyber systems.

As I mentioned, 5G has the potential to be a transformative technology for Canadians. It promises to bring lightning-fast Internet speeds that are unlike anything we have experienced so far. The benefits of instant and real-time connectivity will be immediate and far-reaching for Canadians and Canadian businesses.

The COVID-19 global pandemic has underlined the importance of this connectivity, whether it is for virtual classrooms, work from home or keeping in touch with loved ones, but we need to be absolutely sure this technology is safe and secure as the technology is rolled out in Canada.

Canada already has a system in place to mitigate cybersecurity risks in our existing 3G and 4G LTE wireless telecommunications network. Since 2013, the Communications Security Establishment's security review program has helped mitigate risks stemming from designated equipment and services under consideration for use in Canadian 3G, 4G LTE telecommunications networks from cyber-threats.

Like previous generations, 5G technology will have new risks and vulnerabilities that will need to be addressed so Canadians can realize its full potential. 5G is considered more sensitive than 4G because it will be deeply integrated into Canada's critical infrastructure and economy, and will connect many more devices through a complex architecture. The deep integration, greater interconnection and complexity increase both the likelihood and potential impact of threats. That is why an examination of emerging 5G technology and the associated security and economic considerations continues to be very important.

The technical agencies of the Government of Canada, within the Department of Innovation, Science and Economic Development, and the safety and security agencies that fall within the Public Safety portfolio, Global Affairs Canada, National Defence and others, are all involved in the federal government's efforts to develop a made-in-Canada approach to ensuring the secure rollout of 5G wireless technology. Moving this bill forward will further that vital work.

In the meantime, our world-class national security and intelligence agencies continue to protect our country from a wide range of threats. As we know, those threats include a growing number of targeted attacks from state and non-state actors, including cybercriminals.

Canada's two main national security organizations, CSIS and CSE, which is short for Communications Security Establishment, are working tirelessly to mitigate these threats.

CSIS provides analysis to assist the federal government in understanding cyber-threats and the intentions and capabilities of cyber actors operating in Canada and abroad who pose a threat to our security. This intelligence helps the government to improve its overall situational awareness, better identify cyber vulnerabilities, prevent cyber espionage or other cyber-threat activity and take action to secure critical infrastructure.

For its part, the CSE is always monitoring for threats that may be directed against Canada and Canadians. The CSE is home to the Canadian centre for cybersecurity, which was established as a flagship initiative of the 2018 national cybersecurity strategy. With the cyber centre, Canadians have a clear and trusted place to turn to for cybersecurity issues. It is Canada's authority on technical and operational cybersecurity issues, a single, unified source of expert advice, guidance, services and support for the federal government, critical infrastructure for owners and operations, the private sector and the Canadian public. It helps to protect and defend Canada's valuable cyber assets and works side by side with the private and public sectors to solve Canada's most complex cyber issues.

For example, the cyber centre has partnered with the Canadian Internet Registration Authority on the CIRA Canadian Shield. The shield is a free protected DNS service that prevents users from connecting to malicious websites that might infect their devices or steal personal information. With the passage of the National Security Act in 2019, Canada's national security and intelligence laws have been modernized and enhanced.

As a result, CSIS and the Communications Security Establishment now have authorities they need to address emerging national security threats, while ensuring that the charter rights of Canadians are protected.

These updates are in line with CSIS's mandate of collecting and analyzing threat-related information concerning the security of Canada in areas including terrorism, espionage, weapons of mass destruction, cybersecurity and critical infrastructure protection.

The passage of the National Security Act also established stand-alone legislation for the CSE for the first time ever. With the Communications Security Establishment Act, the CSE retained its previous authorities and received permission to perform additional activities.

For example, the CSE is now permitted to use more advanced methods and techniques to gather intelligence from foreign targets. Under the CSE Act, CSE is mandated to degrade, disrupt, influence, respond to and interfere with the capabilities of those who aspire to exploit our systems and to take action online to defend Canadian networks and proactively stop cyber-threats before they reach our systems. It is also permitted to assist DND and the Canadian Armed Forces with cyber operations.

As Canada's national police force, the RCMP also plays a very important cybersecurity role. It leads the investigative response to suspected criminal cyber incidents, including those related to national security.

Cybercrime investigations are complex and technical in nature. They require specialized investigative skills and a coordinated effort. That is why, as part of Canada's 2018 national cybersecurity strategy and as a second flagship initiative, the RCMP has established the national cybercrime coordination centre, or NC3.

The NC3 has been up and running for over a year now. It serves all Canadian law enforcement agencies, and its staff includes RCMP officers and civilians from many backgrounds. Working with law enforcement agencies, government and private sector partners, the NC3 performs a number of roles, including coordinating cybercrime investigations in Canada.

All of this is backed up by significant new investments in the two most recent budgets. In budget 2019, we provided $144.9 million to support the protection of critical cyber systems and we later invested almost $400 million in creating the Canadian centre for cybersecurity, the national cybercrime coordination unit and increased RCMP enforcement capacity.

Whether it is nationally or internationally, I have full confidence in the abilities of all those in our national security and intelligence agencies who are working hard day and night to safeguard our cybersecurity and protect us from harm online. I am confident that Bill C-26 will go a long way to continue doing that.

Madam Speaker, I appreciate the comments from the government member across the way.

In the debate today, a number of concerns have been brought forward around some of the ministerial powers included in Bill C-26, as well as the lack of accountability mechanisms. I think we have heard from all parties about the desire to bring forward amendments and improvements at the committee stage.

Does the member opposite have a willingness to work with members of the House to ensure that we improve this bill and make sure it achieves the results it intends to?

Madam Speaker, I think our Minister of Public Safety was very clear this morning. Without question, every time the government takes additional, decisive action and puts additional measures in place, there has to be corresponding transparency and accountability. We absolutely need to make sure there is enough of that in Bill C-26 so we have the confidence not only of the House but of Canadians with regard to having the proper accountability and transparency in place.

Madam Speaker, I thank my colleague for her speech.

This bill still raises some serious concerns. The Bloc Québécois is prepared to support it so that we can examine and improve it in committee.

In 2021, in Canada alone, one in four businesses reported being the victim of a cyber-attack. We are the G7 country that has done the least in this regard. We spent $80 million over four years for research and development, which is not much. Canada is lagging behind in that department. Cyber-attacks on businesses can be sudden and unexpected, and not every business has the money to invest in cybersecurity or protection mechanisms.

What will this bill actually do to help with and improve cybersecurity?

Madam Speaker, I want to point out that we have been providing significant investment in critical cyber systems and cybersecurity. We did this in budget 2019 by providing $144.9 million for the protection of our critical cyber systems in the areas of finance, telecommunications, energy and transport. We also invested almost $400 million in the Canadian centre for cybersecurity, in the creation of the national cybercrime coordination unit and to increase our RCMP enforcement capacity.

The hon. member did a wonderful job in asking how we are going to make sure we work with the public and private sectors. The Minister of Public Safety was very clear this morning: This legislation is about filling in the gaps and providing a bridge for all of the different actors, both in the private sector and in the public sector, so we can work together to create more resiliency against any cyber-attacks in the future.

Madam Speaker, I think we all agree that the protection of Canada's cybersecurity needs to be improved. However, as we are hearing from the opposition, there are concerns around the broad powers the minister would have through this bill and concerns about everyday Canadians possibly being surveilled by their own government.

We have not heard assurances from the government as to how it will address that to ensure Canadians do not feel they will be victims of government overreach through powers given to the minister.

Madam Speaker, this question has come up all morning. I think it is a very big concern, not only for the opposition but for this side of the House.

We want to make sure we get this right. We must ensure that we have very strong protections against cyber-attacks and have cyber-attack resiliency in this country. We also have to be very transparent about the additional powers and how they will be used.

Madam Speaker, I say good morning to all of my hon. colleagues, and I thank the hon. member for Davenport for her insightful discussion of this bill.

I am thankful for the opportunity to weigh in on Bill C-26, an act respecting cybersecurity, as we continue debate at second reading. Bill C-26 will take great strides to enhance the safety of our cyber systems and will make changes to allow for measures to be taken within our telecommunications system.

There are two parts to this act. Part 1 amends the Telecommunications Act to “promote the security of the Canadian telecommunications system” as a policy objective. An order-making power tied to that objective would be created for the Governor In Council, or GIC, and the Minister of Industry. That power could be used to compel action by Canadian telecommunications service providers if deemed necessary. With these authorities, the government would have the ability to take security-related measures, much like other federal regulators can do in their respective critical infrastructure sectors.

The bill would enable action against a range of vulnerabilities to these critical systems, including natural disasters and human error. The Department of Innovation, Science and Economic Development would exercise regulatory responsibilities, and an administrative monetary penalty scheme would be established to promote compliance with orders and regulations made by the GIC or Minister of Industry. Once amendments to the Telecommunications Act receive royal assent, GIC or ministerial orders could be issued to service providers.

Part 2 of the act would create the critical cyber systems protection act, or the CCSPA. The CCSPA would be implemented collaboratively by six departments and agencies: the departments of Public Safety; Innovation, Science and Economic Development; Transport; Natural Resources; and Finance, as well as the Communications Security Establishment. They will all play a key role. Indeed, across the Government of Canada, there is a recognition that cybersecurity is a horizontal issue, and it should be addressed through a streamlined government response across sectors, all rowing in the same direction.

Schedule 1 of the act would designate services and systems that are vital to the national security or public safety of Canadians. Currently, schedule 1 includes telecommunications service and transportation systems. It also includes, in the finance sector, banking systems and clearing and settlement systems, and, in the energy sector, interprovincial or international pipeline and power line systems and nuclear energy systems.

Schedule 2 of the act would define classes of operators of the vital services and systems identified in schedule 1, as well as the regulator responsible for those classes. Operators captured in a class are designated operators subject to the act.

In line with the responsibility to exercise leadership in matters related to national security and public safety, the Minister of Public Safety would have overall responsibility for the legislation and would lead a number of CCSPA-related processes.

Decision-making by GIC under the CCSPA would ensure that a broad range of relevant factors, including national security, economic priorities, trade, competitiveness and international agreements and commitments, are considered when making decisions that have an impact across sectors. The CCSPA would also leverage regulators' expertise and relationships with entities they already regulate under existing legislation.

The Canadian centre for cybersecurity, or the cyber centre, is responsible for technical cybersecurity advice and guidance within Canada, and that would be no different under the CCSPA. It would receive resources to provide advice, guidance and services to designated operators in order to help them protect their critical cyber systems; regulators in support of their duties and functions to monitor and assess compliance; and public safety and lead departments and their ministers, as required, to support them in exercising their powers and duties under the act.

The CCSPA would require designated operators to establish a cybersecurity program that documents how the protection and resilience of their critical cyber systems will be ensured. CSPs must be established by designated operators within 90 days of them becoming subject to the act, that is, when they fall into a class of designated operators published in schedule 2 of the act.

Once established, the CSP must be implemented and maintained by the designated operator in order to keep it up to date and responsive to changing threats and evolving technology. CSPs must include reasonable steps to identify and manage organizational cybersecurity risks, including risks associated with an operator's supply chain, and the use of third party products and services. They must also protect their critical cyber systems from compromise, detect cybersecurity incidents that affect or have the potential to affect CCS and minimize the impact of cybersecurity incidents affecting critical cyber systems.

This legislation would also help confront supply chain issues. With the increasing complexity of supply chains and increased reliance on the use of third party products and services, such as cloud-based data storage and infrastructure as a service, designated operators can be exposed to significant cybersecurity risks from those sources.

When a designated operator, through its CSP, identifies a cybersecurity risk to its CCS in relation to its supply chain or its use of third party services or products, the CCSPA would require the designated operator to take reasonable steps to mitigate those risks. Taking reasonable steps to mitigate risk is understood to mean reducing the likelihood of the risk materializing by, for example, securing a supply chain by carefully crafting contractual agreements to gain more visibility into equipment manufacturing, or by choosing another equipment supplier. It can also mean reducing the impact of a risk that materializes.

Under the CCSPA, there would also be a new obligation to report cybersecurity incidents affecting or having the potential to affect critical cyber systems to the Communications Security Establishment, for use by the cyber centre. A threshold defining this reporting obligation would be set in regulations. This would provide the government with a reliable source of information about cybersecurity threats to critical cyber systems. The availability of incident reports would enhance visibility into the overall threat for the cyber centre. Findings from the analyses of incident reports would make it possible for the centre to warn other designated operators and any operator of a cyber system of potential threats or vulnerabilities, and it would help to inform Canadians of cybersecurity risks and trends, allowing one organization's detection to become another's prevention.

The CCSPA would also create a new authority for the government. Under the act, the Governor in Council would be allowed to issue cybersecurity directions when it decides that specific measures should be taken to protect a critical cyber system from a threat or known vulnerability. Directions would apply to specific designated operators or to certain classes of designated operators. They would require those designated operators to take the measures identified and to do so within a specific time frame. Failure to comply with directions could be subject to an administrative monetary penalty or an offence that can lead to fines or imprisonment. The CCSPA would also includes safeguards to ensure that sensitive information, such as information that was obtained in confidence from Canada's international allies, is protected from disclosure.

All of this provides an overview of strong new legislation, which I hope I have adequately described in two distinct parts. I look forward to our continued debate of this landmark bill, and I encourage all colleagues to join me in supporting Bill C-26 today.

Madam Speaker, I certainly agree that something needs to be done about cybersecurity in this country, but I am increasingly alarmed when I see that the bills continually coming from the Liberal government say ministers would have all powers to do whatever they want. There is no transparency because there is no public record. Then they say not to worry about what the government is really going to do because the Governor in Council, which is really cabinet, will decide afterward with no parliamentary oversight what will be done.

Does the member agree that the government needs to have parliamentary oversight and at least have this subject to the scrutiny of committees?

Madam Speaker, of course, fundamentally I believe in the oversight of government and ensuring that there are checks and balances.

When bills proceed to committee, obviously members within the pertinent committee should bring forth ideas to strengthen them, and that includes Bill C-26. Our main priority as MPs is to bring forth good legislation, to improve it and to protect the security of Canadians, whether it is their cybersecurity or health and safety. Bill C-26 would take us down that path.

Madam Speaker, clause 2 of the bill would enable the government to issue orders to force users of telecommunications services to use products or services that do not come from certain providers, including Huawei.

Does that mean that a person who has already bought a Huawei cellphone, because that is a product, will not be able to use it anymore and will have to buy a new phone much sooner than they expected?

What is more, since decisions will be made by order, does that mean that, under this bill, the government will be using orders to govern in this area instead of going through parliamentarians?

Madam Speaker, I thank my colleague from Quebec for her question.

In the preliminary version of the Library of Parliament's assessment of the bill, there is a reference that the bill specifies that no one would be entitled to any compensation from the federal government for any financial losses resulting from these orders. I am not certain if these orders pertain to exactly what the member was speaking to, but I do believe so. I would have to get back to the member on that specific question, because it is a pertinent question.

Madam Speaker, we are all in agreement here. We know that Canada needs to strengthen protections when it comes to cybersecurity to protect Canadians and Canadian businesses.

One thing we are all unified on over on this side in the opposition parties is that we need to have some assurances for everyday Canadians that these sweeping powers, broad powers that are going to be given to the minister, are not going to be applied to everyday Canadians in terms of surveillance.

I know we keep hearing from Liberal colleagues that they will get it to committee and will answer these questions. However, does my colleague not agree that the minister failed in bringing forward this legislation without addressing some of these concerns at all? This is fairly substantial legislation, and the Liberals have not been able to address any of the concerns we brought forward today around these very real concerns.

Madam Speaker, we must always protect the civil liberties and rights of Canadians. Any legislation brought to the House needs to pass that means test, if I can call it that.

With reference to Bill C-26, it is definitely required that we update our cybersecurity laws to reflect the ongoing changes in technology that have happened over the last number of years and the increasing use of cybersecurity, cyber-threats, increasing digitization that has been going on in the world, and the fact that Canadians are increasingly interconnected in this world.

We need to maintain checks and balances within the system and ensure that individual rights of Canadians are protected.

Madam Speaker, I will be splitting my time with the member for Sherwood Park—Fort Saskatchewan, a good friend of mine.

Today I get to address Bill C-26, and right off the top I will say that I think this is dumb legislation. Why do I say that? I say that because I do not think that it has attempted to do what it has stated it would do. Generally I find that this is another piece of legislation, probably the third or fourth that I have spoken on in this session of Parliament, where I am frustrated with the government in that it does not seem to do the hard work of governing.

Governing is a matter of balancing the interests and coming up with a statement or something that is clear. On the rule of law, we would anticipate the public and anticipate what the rules ought to be and then look at the law, read the law somewhere and say, “Oh, that is what we are supposed to be doing.”

Again, here we have a piece of legislation where there is a clear, identifiable problem. Canadians have seen a number of issues around the country and around the world where cybersecurity is under threat. Canadians are asking the government to govern, to set some parameters and guidelines as to what the expectations are around who gets to participate in cyberspace and how we ought to operate in cyberspace.

We see in this piece of legislation the classic attitude of “We're the government. We're here to help. Trust us. We got this.” We do not trust the government. Particularly, the Conservatives do not trust the government to do the things it needs to do. We have seen it try to hand out billions of dollars to its friends. I mentioned the WE scandal. We have seen it hand out money to its friends over at Baylis Medical. We have ample evidence of why we should not trust the government.

When it comes to cybersecurity, it is also an area where I do not trust the government. The government has been in power for seven years, and we have watched it drag its feet with an inability to come to a decision, for a whole host of reasons, around the Huawei situation. Was a particular company allowed to participate in the building of the infrastructure of our Internet architecture?

This is a major issue. We told the government that we don't think this Chinese Communist Party government-controlled company should be able to participate in the Canadian Internet infrastructure. We called on the government to ban the use of Huawei technology in our Internet infrastructure, yet it could not do it. It took the government years of dragging its feet, wringing its hands and doing a whole host of things. When the Liberals come forward with a bill like Bill C-26 and say to trust the minister and that they will get this right, I am sorry, but we do not trust the minister to get this right.

We have seen a number of security threats challenging our basic infrastructure. One we should really take note of, which was fairly recent, is the shutdown of a particular pipeline. We saw a dramatic spike in fuel prices across North America because the cybersecurity of a particular piece of pipeline infrastructure was not to the state that it should have been. This, again, comes to the fact around trusting the government to do its job, particularly this government.

One of the key roles of government in Canada and anywhere is the maintaining of peace and security, and we have a military, a police force and a judicial system for that. A growing area where we need to be concerned about peace and security is in cyberspace.

We should be able to feel that our property should not go missing. We should be able to own property, and it should be able to be maintained by us, all of these kinds of things. We expect the government to put forward registries so we can register our property, so that, if it goes missing, the government has a registry of it and we can use that to get our property back. It cannot just be expropriated from us, all of these kinds of things.

In the same way, that is increasingly a part of cybersecurity. The ownership of things in cyberspace, the ownership of websites and the ownership of even our own Twitter handles, for example, are increasingly things that are deemed to be cybersecurity.

The government seems to be lacking in the ability to protect Canadians' cybersecurity.

There is an iconic Canadian company, Ski-Doo. I do not know if people are snowmobilers, but I do enjoy snowmobiling, and Ski-Doo is an iconic Canadian company.

I do not know if people know this but, recently, Ski-Doo has been the victim of a cyber-attack and has lost control of its entire dealership network. Its own computer system has gone down. It has not been able to get it back. Somebody else has control of it now and it has not been able to get it back.

These are the types of things that I think are crucial. When one is going to bring in a bill that talks about cybersecurity, these are the kinds of things the government should be trying to keep secure. This is Canadian property. These are Canadian identities. These are Canadian brands. These are the things we need to ensure we can prosecute, that we can track these people down who are doing this kind of thing and that we can ensure cybersecurity.

I guess that is where I get a little frustrated with a bill like this. It says a lot of nice things at the top of it. The government comes here with a blanket statement around how it is going to defend cybersecurity, how cybersecurity is important and how we should all vote in favour of this particular bill. I imagine that we will.

However, the bill does not necessarily tell us what we are going to do. The banning of Huawei is not necessarily laid out in this. There are no criteria as to what the expectations are for companies to operate in this space, in terms of what they can be tied to and what they should not be tied to. It is just, “Trust us. We are the government and we are here to help.”

In addition, we have seen over the last number of years the opportunities for the government to put resources into law enforcement's ability to track some of this down. We can see changes to the Criminal Code, to ensure that some of these malware attacks or ransomware attacks could be tracked down and prosecuted here in Canada. This is a major concern for companies looking at investing in the world. They look at a country's ability to protect them from a cyber-attack but then also to prosecute those cyber-attacks.

I have a friend who works for the Calgary city police. He works in cybercrimes. He often works with police forces from around the world to track down folks who are using ransomware on Canadian companies.

He tells me they rarely, if ever, prosecute in Canada because our laws are so non-distinct around this that it is impossible to prosecute. Because these are multi-jurisdictional crimes, they will often take the prosecution of this to a jurisdiction that has better laws. He says he will work with 23 law enforcement organizations and they will bring a case in Europe, in eastern Europe or in Israel, because those places have much better laws to protect cybersecurity.

Madam Speaker, I am glad the member will be voting in favour of the legislation going to committee. Hopefully many of the concerns he raises on the issues surrounding the worthiness of the legislation, will be addressed at that stage.

The legislation would empower the minister to be able to take actions. It would allow for financial penalties. It would allow for us to deal with cyber-attacks from a legislative perspective. That does not necessarily mean that this is the only thing we have done over the last number of years. There has been a great number of financial resources, individuals, committees and so forth ensuring our industries are protected.

This is yet another step forward in dealing with cyber-attacks, keeping us consistent with other allied countries. I am wondering if the member would acknowledge the importance of moving forward with allied countries in dealing with things, such as cyber-attacks?

Madam Speaker, I am hopeful that this bill would get us in line with other countries from around the world because, increasingly, Canada is left out of the discussions around cybersecurity.

We are no longer invited to some of the many important forums that do take place in battling this. If that is what this bill is attempting to do, to bring us in line with some of these other countries, I hope that is the case. However, I would note, I was talking to my friend with the Calgary Police Service who said that Canada is increasingly not the jurisdiction where they pursue these prosecutions because we are so lacking in good legislation to protect our cybersecurity.

Madam Speaker, I thank my colleague for his speech.

He talked about trust in the government or perhaps a lack of trust. In the current global context, there is interference by countries like China. We know that the RCMP has launched investigations into 11 electoral candidates. In fact, we also know that on July 7, 2016, the Prime Minister authorized a Chinese bank to do business on Canadian soil. At the same time, on July 6 and 7, 2016, the Papineau Federal Liberal Association received more than $70,000 in donations in 48 hours.

Is that not a reason to lose trust in the Prime Minister and the government?

Madam Speaker, that is another prime example among many of why Canadians do not trust the Liberal government, whether it this particular case of accepting interesting money for an approval; the Huawei decision that needed to be made; the WE Charity scandal, where the Prime Minister was trying to give an organization $1 billion, an organization that had funded nearly half a million dollars to his personal family; or the sweetheart deal with Baylis Medical.

Over and over again, we see that the government is not trustworthy. When it comes forward with bills that do not have a lot of details and that just give blanket permission to cabinet ministers, I am sorry, but we do not trust it.

Madam Speaker, today in the House we have heard the NDP speak about its concerns, also about its concerns with oversight.

Are Conservatives also in support of those changes around oversight?

Madam Speaker, yes, that is for sure the case. We are in support of more oversight. We would like to see a detailed bill, not a bill that just says that it would give the minister broad powers to do all the things.

That is not governing. That is not providing legislation. That is basically saying, “We love puppies. You should support us because we love puppies.”

Madam Speaker, I appreciate the opportunity to speak in the House today to a very serious subject, cybersecurity and the security of our country in general.

I will say, on a lighter note, that my friend from Peace River—Westlock spoke about snowmobiling companies and cyber-attacks. I have some personal experience with snowmobiling at his house, and I would say that the government's approach to security is the equivalent of driving a snowmobile over a four-foot retaining wall, which may or may not have happened the last time I tried to drive one of those machines.

The situation of security in this country is very much worth the House taking note of. For much of the time that I have been engaging with and following politics, the primary area of security we would talk about would be concerns about our readiness for and our response to the threat of terrorism. However, it is important to take stock of how things have changed and the fact that, while there are still concerns about terrorism and how we respond to potential acts of terrorism, the primary security threat we face as a country, and indeed that the western world faces, is the threat of foreign state-backed and directed interference in our national affairs. Our abiding concern should be the reality that various foreign states are trying to shape and interfere with our democratic life to try to bend not only our government institutions, but also our civil society institutions, toward their desired objective.

Members of the government have said that the purpose of this interference is to cause total chaos and confusion. We should acknowledge that there are some cases of foreign interference that are aimed at causing chaos, but very often it is about simply trying to subvert and control the direction of institutions toward the will and the interests of that particular foreign power. We have discussed how the Chinese Communist Party is the biggest player when it comes to foreign state-backed interference, but it is far from the only player.

We have seen reports about Chinese government interference in our elections. There have also been recent reports about death threats from the Iranian regime targeting individuals in Canada. There are various other countries that CSIS and other organizations have identified as being involved in this activity of trying to interfere with, subvert and direct Canadian institutions, government really at all levels, as well as civil society organizations, universities and the like, toward their objective.

This kind of invisible, or sometimes a little more visible but often hard to detect, interference in the direction of our national life toward objectives that are not consistent with the objectives Canadians have established is a great threat to our security and our sovereignty. It is something that we should all be seized with and working to respond to.

Part of the context as well is that we are in what some analysts have described as a second cold war. Of course, there are many features of the current conflict between democratic and authoritarian values that are different from the last Cold War, but we have this reality of intensifying global competition between two different value systems that are represented by different countries at different times, and we have countries that are in the middle that are being pulled in different directions.

I tend to think that kind of cold war frame is a reasonably useful way of understanding the current tensions we face in the world. In the context of those tensions, we see how powers with political values that are fundamentally different from ours, where governments are trying to protect their own position, are trying to project their influence around the world. Again, this requires vigilance. It requires a strong response from Canada.

I have been struck by some of the recent comments from the Prime Minister on these matters. I think he has been showing a real lack of transparency around acknowledging what he knew when, and refusing to answer direct questions from the opposition about foreign interference, but he has also stated quite openly the reality that we have a serious problem with foreign interference. This is a reality that opposition members, in particular in the Conservative Party, have been raising for years. We have been asking the government to do more. We have been calling for strong legislative frameworks to respond to the problem of foreign state-backed interference.

We have also sought to elevate the voices of victims of foreign interference, people who have faced threats and intimidation from foreign state actors to try to silence their advocacy, which those foreign state actors see as contrary to their interests. It has been widely reported some of these victims really struggle to actually get proper support. They often get the runaround.

They go to their local police force, which does not necessarily have the capacity to handle a foreign state-backed organized campaign of threats and intimidation. Do they go to Global Affairs? Do they go to CSIS? Do they go to the RCMP? There can be a bit of confusion and passing of the buck concerning support for these victims of foreign state-backed interference.

We have a lot of work to do in legislation and policy, and our preparedness in general and our understanding of these issues. It is critical that we step up to strengthen our understanding of and response to the threats facing our country.

One thing we need to see more from the Prime Minister and the government is transparency because being transparent about this reality can help to counter the impact of that foreign interference. If we know it is happening, if we know what it is directed toward, then we can respond more effectively.

This is not only a responsibility of the federal government to respond to. Provincial and municipal governments need to be aware of the issues of foreign interference. Our universities need to step up as well. Private companies need to be aware of the risks around interference, theft of technology and the ways in which certain things may have a dual military use. There needs to be a broader awareness of this threat to the national interest, a threat to our values across all sectors of society, and a broader response to it.

The government has an important role to play in leading the response and making changes at the national level. We have been far behind, as far the national government goes, in responding to these threats. The Conservative opposition has been calling for a response to foreign interference for years. Now we are seeing the government start to talk about it a bit more.

I noted in some of the language in the Indo-Pacific strategy, for example, the government is starting, or trying, to sound a bit more like Conservatives in the way it talks about some of the challenges confronting us and the steps we need to take in the Indo-Pacific region. While the government is adopting some of that language, it is failing to substantively adjust its approach.

We have a bill in front of us today that deals with one avenue where we need to be engaged with and responding to the problem of foreign state-backed interference, and that is the issue of cybersecurity. I will be supporting this legislation at this stage to see it go to committee, mainly because we clearly need a new cybersecurity bill. We clearly need a new framework. The committee study will identify some of the significant gaps we see in the legislation right now, the ways the legislation needs to be improved and possibly the many additional steps required. I will just note that it is far past due that we have some kind of proposal for a framework on cybersecurity that, in a way, gives the committee the opportunity to add to and build on what the government has initially put forward.

This is really the first time we see any kind of legislation proposed by the government that substantively touches on this emergent problem of foreign state-backed interference. We need a much broader range of responses from the government. We need so much more to be done to counter this major security threat.

This is about preserving our country. It is about preserving the integrity of our institutions. It is about defending the principle that the direction of our democracy and the direction of our society should be shaped through the open deliberation of Canadians, not by foreign powers who have particular interests that may be contrary to our interests who are trying to push and pull that discussion in their preferred direction.

Having this framework that opens the door for the committee to discuss further, fill in some of the gaps and try to push the government to have greater specificity in the framework around what they are going to do provides us with the opportunity to do that. This is late, lacking in detail and really a small piece of the much broader picture that is required.

The government has been so delayed. I mentioned the decision around Huawei. We were way behind all of our allies in making the decision. It is important now, finally, at this late stage where the government is starting to mention the problem, that we actually see concrete action. Conservatives will be pushing the government to act in line with some of the words it has been saying.

Madam Speaker, I would just correct the member. Yes, this legislation is very important and we hope to see it get to the committee stage where it will no doubt be well discussed and debated. There will be presentations where members can digest information and see if there are ways in which we can improve upon the legislation. However, to try to give an impression that this is the only thing the government has done on the issue of cyber-threats is a bit of a false impression.

Not only have we been seeing a great deal of dialogue and actions from different departments to date in the form of formalized advisory groups, but we have seen literally tens of millions of dollars, not to mention the other incentive programs that were there, for the private sector, for example.

I wonder if the member would not agree that this issue is not new and this is just one very important aspect in taking a step forward.

Madam Speaker, the member is correct that this is not a new issue. That is precisely why I think the government is very late in coming to the table. The issue of foreign interference, which is part of the context of the cyber-threats we face, is also not a new issue. Again, we have been calling for action from the government, but we have not seen other action from it. The member says that the Liberals have done all these other things, such as maybe giving some money over here or over there, but he evidently could not articulate specific measures that the government had taken.

We are behind when it comes to defending our security. We are behind what we should have known much earlier. We are behind our allies. We were the last of the Five Eyes and very late to step up on recognizing the risks associated with Huawei.

When it comes to foreign interference, I will challenge the government on one point: Why has the government not expelled foreign diplomats involved in interference and intimidation in Canada? That would be a simple step and the government has not taken it.

Madam Speaker, the bill before us seeks to reinforce our security systems and may affect critical infrastructure in Quebec such as Hydro-Québec. I always think about the Conservatives and their famous great energy corridor. That is the type of project in which the federal government could appropriate provincial responsibilities and critical infrastructure in the name of national security. This sets off major alarm bells in my mind.

Can the member reassure me about the Conservatives' intentions? Can he assure me that if they come to power some day, they would not misuse legislation like this piece of legislation?

Madam Speaker, the member asked what we would do if we were in government. We would make the right decision on every one of those.

With respect to the particulars the member raises with respect to what powers the federal government would have in intervening with provinces, this is an important issue for the committee to look at. I am supporting this legislation because we need to have a cybersecurity framework in Canada. It is important that this goes through to the committee and that those issues be looked at there.

I did not have time to go into it, but there are a significant number of problems in the legislation that do have to be worked out by the committee. No doubt there has to be a role for federal leadership around security, but it has to be a constructive, collaborative relationship, because there are steps for other levels of government. We see foreign interference at the very granular local level, so that collaboration across levels of government is really important.

Madam Speaker, this morning my colleague from Kildonan—St. Paul made an excellent presentation on this bill. She talked about the transparency that may be lacking in certain areas and the effects on small businesses and how they may not be able to afford the cost like a larger company. I wonder if my colleague could expand on that.

Madam Speaker, that is an excellent point. I did not have a chance in my remarks to talk specifically about the transparency issues. Again, we need to support this bill through the second reading stage out of agreement with the general principle that we need to do more on cybersecurity, recognizing how far behind the government has been.

However, there are significant issues with respect to ensuring transparency. There are significant issues on whether the bill is clear and specific enough about the steps that are required, instead of just leaving it, as we see often with the government and legislation, and giving an open-ended blank cheque to the government.

There are definitely issues. This requires a detailed committee study. I hope Conservative proposals will be adopted and we will be able to strengthen the bill as a result.

Madam Speaker, I will begin by saying that I will be sharing my time with the hon. member for Abitibi—Témiscamingue.

I am pleased to speak to this bill, which, I must say, was eagerly awaited by my party.

The Standing Committee on Public Safety and National Security had the opportunity to study the issue of cyber security. We heard from experts in this field, who told us what they think about Canada's cyber security preparedness or posture. The idea came from my Conservative colleagues, and it was a very good one.

Given what is happening in Ukraine with the Russian invasion, we know that there are still military threats in the 21st century. However, we are also dealing with the emergence of new technologies that pose non-military threats. I had the opportunity to talk about these non-military threats at the Organization for Security and Co-operation in Europe Parliamentary Assembly last week in Warsaw, Poland. I discussed non-military threats and how different countries must prepare for or guard against them.

What the Standing Committee on Public Safety and National Security heard is how difficult it is to prepare for these threats, because they are evolving so quickly. No one had anything particularly positive to say about Canada's preparedness.

I think that the willingness is there, and that is what the experts told us: Canada is trying to prepare for and guard against potential cyber-attacks. I said “potential” cyber-attacks, but they are already happening. We know there have been cyber-attacks on various infrastructure and companies in Quebec and Canada, especially in the private sector, in the past. Canada is not as prepared as it could be to face these attacks, but we were told that it may never be totally prepared. The same is true for all countries because, as I said, the technology is changing so rapidly.

For this reason, I think that adopting a cybersecurity framework is an extremely positive step. That is what the government promised. In its national cyber security strategy, it pledged to better regulate cyber systems in the federally regulated private sector. The 2019 budget earmarked $144.9 million to develop a new framework to protect critical infrastructure. That is exactly what the two main parts of this bill do. They are aimed at strengthening the security of the Canadian telecommunications system.

Part 1 of the bill amends the Telecommunications Act to add the promotion of security, authorizing the government to direct Internet service providers to do anything, or refrain from doing anything, that is necessary to secure Canada's telecommunications system. Part 2 enacts the new critical cyber systems protection act to provide a framework for the protection of critical cyber-infrastructure and companies under federal jurisdiction.

The act is essentially a regulatory framework. As my colleague from Abitibi—Témiscamingue mentioned earlier in his question to our Conservative colleague, we will have to see what impact this bill could have on Quebec, especially companies and organizations like Hydro-Québec, since it designates interprovincial power line systems as vital services and vital systems. More on that later.

We will also have to see in committee whether the vast regulation-making powers provided for in Bill C-26 are justified or whether they bypass Parliament for no reason. Certain groups that raised concerns in the media have contacted us as well. Their concerns about this bill are well founded. I will get back to this a little later on.

I would say that it is important to proceed carefully and properly with this bill. Any amendments made to the bill will have a direct impact on every transmission facility in Quebec, including those that will soon be built in my riding to offer adequate cell service to those who are still waiting. Some Canadian ridings are unfortunately still without cell service in 2022. Since my riding is one of them, the bill will have a significant impact.

Local telephone service providers, IP-based voice services, Internet service providers, long distance providers and wireless services will be subject to the amendments to the act.

This means that the amendments would allow authorities to secure the system if there is reason to believe that the security of the telecommunications system is under threat of interference, manipulation or disruption. In that case, telecommunication service providers could be prohibited from using or supplying certain goods or services.

As I understand the wording of the bill, which is rather complex, telecommunication service providers could even be prohibited from supplying services to a specific individual. It is important to realize that these are vast powers, and I hope that, when the bill is sent to committee for study, it will be detailed enough to include the factors that will be taken into account before such powers are granted.

As I was saying earlier, the act will make it possible to designate certain systems and services under federal jurisdiction as critical to national security or public safety. The new Critical Cyber Systems Protection Act will protect critical cyber systems in the private sector.

What, then, is a critical cyber system? I found it difficult to find a clear definition in French of what a critical cyber system is, but the government defines the term itself in the bill. It appears that it is a “system that, if...compromised, could affect the continuity or security of a vital service or vital system.”

The bills lists six vital services and systems in its schedule. These obviously include telecommunications services, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems that are under federal jurisdiction, banking systems, and clearing and settlement systems.

These are the areas this bill addresses. That is a lot to verify, and several actors are involved. Several ministers will be involved in the regulatory process after that, so it is important to study the bill carefully.

At this stage, a number of questions arise. For example, what impact will the bill have on certain interprovincial infrastructures, such as power lines and power grids? The act could impact Hydro-Québec and other non-federal infrastructures, such as aluminum smelters. As I understand it, the bill itself would designate interprovincial power lines as a vital service. That could have an impact.

In principle, the bill is not a problem for my party. When we call experts to testify before the committee, we will be able to determine whether or not it will have a positive impact. I think it could be very positive, but we need to look at its scope.

The Bloc Québécois has often supported the government in its efforts to ensure stricter control of broadcasting for certain vital infrastructures that could be in the crosshairs of foreign nations. Let us consider China and Russia, as I mentioned earlier. There is the Huawei saga and the development of the 5G network. The government's indecision for so many years proves that it would have been better to act beforehand rather than to react to the current situation. China's increasing power and its attempts at interference on several occasions, as well as Canada's vulnerabilities in terms of cybersecurity, are real. For example, we know that Hydro-Québec has been a potential target for Chinese espionage. The same could happen directly in our infrastructures. I think that this bill is relevant. We are very happy that the government introduced it. That is why the Bloc Québécois will vote in favour of sending the bill to a parliamentary committee so that we can hear what the experts have to say.

I would like to take these final moments to talk about the concerns voiced by certain groups. Professor Christopher Parsons of the University of Toronto said that the bill was so imperfect that authoritarian governments around the world could cite it to justify their own repressive laws. That is a worrisome statement. I will elaborate during questions and comments.

Madam Speaker, I thank the member for her speech.

My question is the following. Is the member concerned that this bill gives too much power to the federal government and the minister?

Madam Speaker, yes, that is a concern.

It was mentioned by the University of Toronto professor I cited earlier and certain groups that seek to protect individual freedoms. This bill may give too much power to the minister. We will have to properly study it in committee.

We must bear in mind that this bill seeks to secure and protect Canada's critical infrastructure. I believe that the government is acting in good faith. It is prepared to authorize the circulation of some information so we can help one another and safeguard businesses from potential cyber-attacks. I believe it is a good objective. We will have to ensure that there is nothing sinister about wanting more information.

Madam Speaker, my question for the member is around protection of seniors. I wonder if the member has some comments on how the bill would protect vulnerable groups, like seniors, from scams.

Madam Speaker, that is an excellent question.

Based on what I have seen of the bill so far, I could not say. Quite honestly, I have no idea if this bill will do more to protect seniors from scams.

I know these kinds of scams are happening in my riding in the Lower St. Lawrence region. People call seniors, posing as grandsons in custody or living in another country. They ask their victims to transfer money because they need it right away, and some seniors fall for it.

I have no idea if this bill will help with that kind of thing. If not, the government really should do something to put a stop to it.

Madam Speaker, I thank my colleague for her excellent speech. Her understanding of all these things is much greater than mine.

The member talked about interference and disrupting essential infrastructure, of course, as well as cyber-attacks from other countries or even individuals. My colleague also shared what experts told the committee. To hear them tell it, Canada's security system is a long way from being secure.

I would like my colleague to comment on that.

Madam Speaker, indeed, the committee has heard from several experts on this subject. They told us that there is currently nothing to force companies, whether they are federally regulated or not, to report when they are victims of cyber-attacks, for example. They can just not report it and try to work through it on their own, even though there are authorities in place to help them through these kinds of events.

The experts were telling us that it might be worth having a framework that forces companies to work with the government or cybersecurity bodies to report and help prevent attacks so that a solution can be found. My understanding of the bill is that it would create a framework to compel federally regulated companies to do exactly that. I think that is a very good idea. It follows through on what the experts were proposing in committee.

Madam Speaker, I am pleased to rise to speak to Bill C-26, which will strengthen the security of critical infrastructure and Canada's telecommunications system.

Since June, many experts have been working to learn more about the provisions of this act and assess the value of what the government is proposing.

First, this bill is not structured in the usual way. I see that the urgent need to manage cybersecurity has been taken into account. This bill would give the minister new responsibilities, but the Governor in Council would also be able to act. The law is essentially a regulatory framework that will enable the government to make regulations to ensure the security of critical cyber systems.

I want to focus on the second part of the bill, because passing it will create a new law, the critical cyber systems protection act, which will provide a framework for the protection of critical cyber-infrastructure or businesses under federal jurisdiction. The affected sectors of our economy are identified as designated operators. It is easy to determine which businesses and organizations are affected.

The government has done well to specify who will must comply with the obligations: persons, partnerships or unincorporated organizations that belong to any class of operators set out in schedule 2 of the new law. Those classes will be identified by order.

Each class of operators will be assigned a corresponding regulator, such as the Minister of Innovation, Science and Industry, the Minister of Transport, the Office of the Superintendent of Financial Institutions, the Canadian Energy Regulator, the Bank of Canada or the Canadian Nuclear Safety Commission.

Schedule 1 of the new act sets out the vital services and vital systems that will form the basis of these designations, which may be added at a later date: telecommunications services, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems that are within the legislative authority of Parliament, banking systems, and clearing and settlement systems.

I would like to draw my colleagues' attention to Hydro-Québec. An important part of the bill that has the Bloc Québécois concerned is the part on vital services and vital systems, which could potentially involve interprovincial power lines and distribution networks. It is of paramount importance that this section of the bill be studied and clarified in committee to assess whether this will affect Hydro-Québec and, if so, how.

However, we are not against the underlying principles and objectives of securing and protecting interprovincial infrastructure. Hydro-Québec reportedly suffers more than 500 cyber-attacks a year, or roughly 41 attacks a month. That is more than one attack a day. This could jeopardize our power grid, putting the life and economic health of every Quebecker at risk. It could also jeopardize customers' personal information, although that is generally a secondary target in any attack against a publicly owned energy corporation.

Although Hydro-Québec has managed to fend off these cyber-attacks and protect itself by investing in systems, firewalls and employee training, why should we not take proactive measures? Not only is it very time-consuming for businesses like Hydro-Québec and Desjardins to protect themselves and react to the constant onslaught of cybersecurity attacks, but it is also very expensive. Hopefully, this bill will help prevent or limit these attacks by taking a proactive approach and regulating and promoting new cybersecurity frameworks among Internet service providers. This is particularly important in light of the increased threat to our infrastructure from bad state actors such as Russia or China.

Hopefully, unlike today, businesses will have resources they can consult for information about cyber-attacks.

This is also a national security issue. These states have become emboldened not just by the Canadian government's passive reaction, but also by the regulatory void. We need only think of Huawei and the threat it represents, as well as the damage it has caused to the national security of countries around the world, especially in Africa. The examples are quite striking. China has passed a law forcing all businesses to contribute to the advancement of the objectives of Chinese intelligence services, which is particularly alarming when we consider that this country uses coercive diplomacy, blatantly disregarding international standards.

Even though the federal government has finally banned Huawei technology, the decision was preceded by many years of uncertainty because of the pressure, power and influence that China could unfortunately bring to bear on us.

This decision showed how vulnerable we are to malicious actors on the world stage. That is why we need a regulatory framework, a way to respond to cybersecurity threats, particularly from foreign powers that are in a position of power and use the weakness of others to advance their own positions.

I met this morning with representatives from Shakepay, a Quebec-based financial technology company that operates a platform dedicated entirely to bitcoin, with over one million Canadian customers. One of the things that struck me in that meeting was the importance they place on security and customer protection. Of course, I had Bill C‑26 in mind. They told me that all customer funds are held in a trust at a ratio of 1:1 with Canadian financial institutions and leading cryptocurrency depositories. I learned that they are continually working to improve and promote the implementation of cybersecurity measures to protect their systems.

In preparing for my remarks today on Bill C‑26, I started thinking that we need to examine how we can build on the security standards of Quebec companies like Shakepay and that we need to determine whether the bitcoin and cryptocurrency industry should also be considered in Bill C‑26. Whether we like it or not, technology and customer habits may be leading us in that direction.

I would like to discuss cyber-resilience. I understand that the bill will not be studied by the Standing Committee on Industry and Technology, on which I sit. However, I see issues that affect industries that are in that niche of protecting systems from cyber-attacks. There are two things to keep in mind here: The attackers go after data using methods that were previously unimaginable, and they tend to favour methods that significantly delay the ability to resume operations. The desired consequences are financial and reputational damage.

The inherent complexity of the systems currently in place requires increasingly specialized resources. Innovation, research and development must be encouraged, in short, the entire ecosystem of this industry that works on the cyber-resilience of very high-risk systems. We need to ensure to attract the best talent in the world. The government must carry out its responsibilities at the same pace as it introduces these changes. Let us not forget, as the opportunities for cyber-attacks keep increasing, that we are always one incident away from our continuity of operations being disrupted.

Is there an urgent need for action? Yes, clearly. Is the government on the same page as the people involved in this industry? Unfortunately, it has fallen behind.

For the past year, the Standing Committee on Industry and Technology has been studying topics that enabled it to get to the heart of the advanced technologies used in the industries covered by this bill. The inherent complexity of the environments in which those industries operate expose critical data and system configurations to greater risks than ever before, so much so that we are no longer assessing the likelihood of a successful cyber-attack, but instead how to recover. In fact, as IT infrastructure has become increasingly complex, cyber-attacks have become increasingly sophisticated too.

I dare not imagine what will happen in the coming years, when AI reaches its full potential and quantum computing becomes available. What I am hearing is that hundreds of pieces of users' electronic data are stored each day on international servers. They cannot be thoroughly processed using currently available technology, but what will happen when quantum computers are able to process those data? Maybe we will be very vulnerable as a result of actions we take today by casually agreeing to things in an app or allowing our data to be collected. In short, in five years' time, we may be paying for what we are giving away today.

In conclusion, the Bloc Québécois supports the bill. We want it to be sent to committee to be studied in detail, as my colleague from Avignon—La Mitis—Matane—Matapédia said. I also welcome forthcoming opportunities for specialists in Quebec industries who are renowned for their expertise.

Madam Speaker, it is encouraging when we get support for legislation. This legislation goes a long way in recognizing that cyber-threats are something on which we do need legislation to come forward and be voted upon. This legislation would allow for financial penalties and for the minister to take direct action. I wonder if the member could provide his thoughts on the importance, once we get into committee stage, of listening to what presenters have to say. I understand there are some concerns with regard to the legislation.

Madam Speaker, that is indeed essential, and it is also essential that the act have more teeth. In my opinion, it is vital that the act provide for a mechanism for issuing sanctions or fines in order to enforce compliance with orders and regulations aimed at securing telecommunications.

Let me give an example. We have learned that China maybe funding elections, meaning that there must be a network out there that is a threat to our country. Our national security and our ability to decide for ourselves who will lead our country are being influenced by foreign money. That is something that really worries me.

As a result, our systems need to be strengthened and penalties need to be imposed. Before that, however, we must know what happened, diagnose the problem accurately and be transparent. That is just one example of many, but that is how the problems should be resolved, particularly with respect to cybersecurity.

Madam Speaker, I want to thank my colleague for a very thoughtful speech. He was very good at pointing out some of the issues with this that we have heard from stakeholders. We have heard from privacy and civil liberties groups about the secrecy that could impair accountability, due process and public regulation.

The government orders issued under this bill may be made in secret without public reporting requirements, making it impossible for rights groups and the public to monitor and challenge how power is exercised under the bill. The secrecy of this could be very concerning.

I wonder if the member and the Bloc had any thoughts, once this goes to committee, about anything that could be added to improve the required balance between civil liberties and secrecy.

Sorry for the delay, Madam Speaker. I was waiting for the interpreter to finish. In passing, I want to thank the interpretation team. The fact that we can count on excellent interpreters when we are working on complex bills like this one is a strength of our democracy. I want to thank them.

Ultimately, we are here to protect the people we represent. I am very concerned about this, but I do not profess to be an expert. However, as intermediaries and legislators, we have access to the real experts. It is essential that they appear in committee to tell us how we can strengthen these bills. It is very clear that we need to make decisions today that will protect us against future attacks, which will come in forms that we cannot even fathom right now.

As I said, we have no way of knowing right now how much quantum computing will change our lives, by allowing the attacks to become increasingly sophisticated and rendering our existing defence systems obsolete.

Madam Speaker, because it is the holiday season I will not slight the government for taking so long to bring legislation like this forward. We know that France and the U.K. are far ahead of us in terms of addressing cybersecurity issues. I will give credit to the minister for at least starting to move this process forward.

Our shared concern with the Bloc is that the minister is going to have these extra powers. We are disappointed that this legislation has come forward without ensuring that Canadians will not be unjustly examined or that this is not going to be applied to ordinary Canadians.

Maybe my colleague could speak about how important it is, when government brings forward legislation, that these things are presented in the initial piece of legislation, rather than assuming it will go to committee and get improved upon there. There should be some effort from the government to address these areas at the beginning.

Madam Speaker, I will simply say that I agree with my colleague.

Madam Speaker, it is a pleasure to rise today to speak to Bill C-26 on cybersecurity. I will be sharing my time today with the member for Edmonton Manning.

Canadians recognize that we need to do something in the area of cybersecurity. We have all experienced hackers. Myself, when I have bought something online, the next thing I know is my credit card is hacked and then all the pre-authorized transactions need to be changed. It is very time-consuming. I have been hacked numerous times on Facebook, as I am sure many have, as well as on Instagram and other places. Those are small examples that Canadians are seeing.

Let us think about the more serious cyber-hacking we are seeing, whereby government systems are hacked and breaches of information are happening. Businesses are experiencing this. I have a friend who is an anti-cyber hacker. For $2,500 a day, he goes around the world, helping companies that have been hacked to improve their protections.

Something needs to be done. I would like to talk today about what needs to be done, and then how the bill does or does not meet that need.

First, we have to identify what the critical systems are. What are the things we want to protect? If somebody hacks my Netflix account, it is not earth-shattering. However, there are things that are important, and I think everyone would agree that databases that protect our identity or have information about our identity are critical.

Financial institutions and people's financial information are critical. On our medical information, we have spent a lot of time on legislation and regulations on protecting medical privacy. Those, to me, would be three of them, but certainly, the critical systems need to be identified.

We need to make sure there are adequate protections in place. Not every business and level of government has the same amount of protections and technology in place. There is a journey of defining what adequate protection is and helping people get there.

In the case of breaches and having them investigated and addressed, the bill gives very broad powers to the minister. It allows the federal government to secretly order telecom providers to “do anything or refrain from doing anything...necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”

Those three terms are not well defined, so I think there is some work to be done to define those better, but I do not really believe we want to give the government power to do anything it wants. Certainly, shutting down a system for protection is important when there is an actual threat and not just a potential future threat or a possible threat. In the case of a threat, the government needs the ability to act, but certainly we have to tighten up the language in the bill on that.

After there has been a breach, there needs to be preventive and corrective action. Preventive action would be additional technology walls or additional controls that are put in place to ensure that we have enhanced protection in the future. Corrective action is fixing the holes that people got into in the first place and punishing the hackers. It does not seem like any of that is happening today. The bill does not address that, but there should be some measures there to take corrective action.

I talked about the overarching powers and my concern with them. We cannot have the government continually coming up with bills in which it has not really defined what it is going to do but it tells us not to worry about it because the Governor in Council, after the fact and without any parliamentary oversight, will determine what we are going to do.

The Governor in Council means the Liberal cabinet ministers. I think we are at a place where people have lost trust in the government because there is no transparency. The bill allows the government to make orders in secret, without telling people what is done. The public cannot see it and is suspicious, because people have seen numerous examples of the government hiding things.

We have just come through a $19-million emergency measures act situation in which the Liberal cabinet ministers and the Prime Minister knew they were never going to disclose the documents that would prove or disprove whether they met the threshold, because they were going to hide behind solicitor-client privilege.

They have done it before, hiding behind cabinet confidence, like on the Winnipeg lab issue. Look at the documents we tried to get hold of there. The Liberals even sued the Speaker in order to hide that information from Canadians.

In the SNC-Lavalin scandal, we saw them hiding behind cabinet confidence. In the WE Charity scandal, we saw them hiding behind cabinet confidence. I am a little concerned, then, to find that in this cybersecurity bill, the Liberals are saying the government can make secret orders that the public is not going to ever know about. I think that is very dangerous. This is one of the reasons we are seeing an erosion of trust in Canada.

A recent poll posted by The Canadian Press showed that if we look at the trust index in Canada, only 22% of Canadians trust the government or politicians. That means four out of five Canadians do not trust the government or politicians, and it is partly because of what has gone on before, when things have been done such as people's banks accounts frozen and drones surveilling citizens. People have lost trust, so I do not think they are going to be willing to give a blank cheque to the government to do whatever it wants for cybersecurity, to control enterprises outside the government to get them to stop operating, for example. The riverbanks need to be much tighter on that.

People are concerned about their civil liberties, and I know there has been a lot of conversation about the lack of privacy protection in this country. We have regulations like PIPA and PIPEDA. My doctor cannot reveal my medical information; my employer cannot reveal my medical information, but various levels of government in the pandemic made it so that every barmaid and restaurant owner could know my private medical information and keep a list of it, which is totally against the law. Therefore, when it comes to cybersecurity we are going to have to make sure the privacy of Canadians' information is better protected, and I do not see that element here in the bill—

I have a point of order from the hon. member for Timmins—James Bay.

Madam Speaker, it is important that we not use disinformation in the House. The member mentioned that restaurant waitresses were breaking the law by asking for vaccine information. That is a falsehood. Could the member correct that?

I would say that the information the hon. member is trying to share is more of a point of debate.

The hon. member for Sarnia—Lambton has just under three minutes.

Madam Speaker, I have no problem clarifying. Several of the places I went into were following provincial orders, to be clear, and they were to record who showed up and whether or not they were vaccinated. That is what was done, and that is against PIPA and PIPEDA.

I will turn to the government's record on protecting us in terms of cybersecurity, and talk about Huawei.

In 2018, our Five Eyes partners were concerned about Huawei's connection to the Chinese communist government, and they were not going to allow Huawei into their networks. However, the Canadian government delayed a decision for four years. The Liberals waited until 2022 to ban Huawei. Why did they do that? It was so Bell and TELUS could implement Huawei technology, 4G technology, across the country. That is hardly a protection from a cybersecurity point of view, and it again speaks to why Canadians have lost trust in the government.

However, I will support the bill to go to committee. I have said that we need to do something for cybersecurity, and I have outlined what I think we need to do. I do not think we can leave these huge gaps that have been cited by numerous institutions.

The University of Toronto has written letters to the government, talking about what is wrong with the bill and what it would like to see. If members have not seen the report it did with the Munk School, called “Cybersecurity Will Not Thrive in Darkness”, there are a number of recommendations in the report that talk about what needs to be done to Bill C-26 to fix it. I would encourage the government to look at that, and I would expect it to become the substance of amendments that would be brought at committee.

Also, we should look at what the constitutional and civil liberties lawyers are saying. They are very concerned about the parts of the bill that would surveil Canadians, so I think we need to make sure we listen to what they have to say. They have written an open letter to the government, and I would recommend that the government take a look at that as well.

Finally, on accountability, due process and public regulation, there is potential for abuse. I would encourage the government to take a look.

I look forward to more discussion at committee.

Mr. Speaker, we live in a world where every person is increasingly concerned with cybersecurity. So much of our lives is stored on our personal devices, protected by passwords and multi-factor authentication in the hopes of keeping our most private information secure.

Corporations are increasingly at risk. It seems as if every day we hear a new report of companies’ computer systems being hacked and their data held for ransom by thieves who have managed digital anonymity. Law enforcement officials say many such cybercrimes go unreported, with companies paying quietly and privately so as to avoid publicity.

Our public institutions are not immune either. Hospitals have had their computer systems attacked by intruders, putting patients' lives at risk. Emergency services have been attacked, as have the parliamentary computer systems.

Cyber-threats remain a national security and economic issue that threatens the safety and security of Canadians. Government and industry alike have highlighted the need for regulation in cybersecurity. There has been a lot of talk, but not much else.

Currently the Canadian government does not have a legal mechanism to compel action to address cyber-threats or vulnerabilities in the telecommunications sector, yet cybersecurity has become one of the primary issues each person and institution has to address. I am pleased that the government has introduced this legislation to allow us in the House to examine the cybersecurity concerns and needs of our nation.

Bill C-26 would amend the Telecommunications Act as well as other related acts. The intention would be to amend the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything that is necessary to secure the Canadian telecommunications system.

I do not think there is anyone in the House, indeed in the country, who would disagree with the objective. As I have already pointed out, there is a problem with cybersecurity in our society, and government has an important role to play in protecting Canadian individuals and institutions. Some may wonder about giving such power to the Governor in Council and the Minister of Industry, but there are rules for the judicial review of those orders and applications. This is not a granting of absolute power, but of limited power subject to the checks and balances needed in a democracy.

The bill would also enact the critical cyber systems protection act to provide a framework for the protection of the cyber systems of services and systems vital to national security or public safety. This, among other things, would authorize the Governor in Council to designate any service or system as a vital service or vital system. It would require designated operators to establish and implement cybersecurity programs, mitigate supply chain and third party risks, report cybersecurity incidents and comply with cybersecurity directions.

One would think that such cybersecurity measures should be common sense and not need to be mandated by government. Is it right to compel private corporations and organizations to use their own resources to invest in cybersecurity? It would seem to me that well-run businesses would put cybersecurity first. Not every aspect of a business generates income, and smart business managers and owners know that. As the cliché goes, they have to spend money to make money.

Implementing cybersecurity measures comes with a cost. There is no doubt about that. It would seem to me, though, that the cost would be considerably less than the cost of dealing with criminals holding their data for ransom after they have invaded their computer system and locked them out of it.

Cybersecurity makes common sense for business. However, given that implementing cybersecurity measures comes with a financial cost with no corresponding revenue, do we really want to rely on those who might put short-term profits first, or does it make more sense in this case for government to step in to save some business owners from themselves?

As someone who has spent most of his life working as a businessman, I am reluctant to suggest that business owners need to be saved from themselves, but as a Canadian I know that sometimes such action is necessary.

We have only to look at the history of one of Canada's most successful companies: Nortel. It is a company that might still exist if those running it had taken cybersecurity more seriously. With more than 94,000 employees worldwide, Nortel was a high-tech leader until its headquarters were bugged, its computer systems breached and its intellectual property stolen. Now it is just a memory. We will never know for sure, but perhaps if cybersecurity had been a higher priority at Nortel, it would still be providing jobs, products and services for Canadian people. If anyone ever asks why we would take cybersecurity seriously, the one-word answer is “Nortel”.

Though I am a little uneasy that this bill would almost certainly increase regulations and red tape, maybe there are ways that some of the excessive paperwork that seems to be beloved by the Liberals can be made reasonable. Certainly there is a need to ensure a level playing field of regulatory burdens for small and medium-sized businesses and organizations. If there is not, then I can see companies being forced into bankruptcy by the cost of implementing government-mandated cybersecurity procedures. I know that is not the government's intention, but as we have seen in the past, sometimes not all the impacts of government rule-making are foreseen. The Minister of Industry especially needs to ensure that the rules are workable and provide protection against attacks by criminals and malicious states.

Indeed, it is perhaps malicious states that we should be concerned about the most. The interconnectedness of computer systems and their use in controlling and maintaining our infrastructures mean we are increasingly vulnerable to a devastating attack. An enemy that could seize control of our electricity grid or our banking system could bring our nation to its knees without firing a shot. The nature of warfare has changed, and as a result we must change our defences.

Canada's national security requires being prepared for the security warfare threats that we face. The government has been slow to address cyber-threats and has seen a number of serious incidents occur, with no substantive legislative response for seven years. I am pleased that the government has finally chosen to act, and I am hopeful that we in the House can help improve this legislation. Cybersecurity is of paramount importance in the modern world. Canada cannot neglect it.

Madam Speaker, I want to congratulate my colleague on his speech.

Cybersecurity is essential, and it is also a race against time because hackers are becoming better and better organized. They are fast, equipped, cunning and, on top of that, dishonest. That gives them an advantage over us presumably honest people.

The government has been slow to act, legislate and get aggressive with cybersecurity.

Does my colleague think that there is still time to take the lead in this race, or are we going to continue to fall behind international hacker organizations?

Madam Speaker, I mentioned at the end of my speech that the government was very late in putting forward such a bill. It is a very tough question to answer as to whether or not we can catch up. We know the existing wars and challenges and future wars are mostly around cybersecurity. It will be important in this motion of the House, with this bill, to assess how prepared Canada is for facing future threats.

Madam Speaker, within the legislation there is consideration given to how financial penalties would empower the minister to take strong action to ensure that providers are keeping up with what they need to keep up with.

My question to the member is this. Would he agree that when we take a look at the issue of cyber-attacks, they are not something unique to Canada? It is happening around the world. We are working with allied countries and others. This is one part. It does not stop here. There is a need to continue, as we have for the last number of years, investing tens of millions of dollars and putting people to the task of protecting us against cyber-threats.

Could the member just provide his thoughts in terms of the broader picture of cyber-threats?

Madam Speaker, I will answer the end of the question and go back to the beginning of what the hon. member asked.

We are still not there in terms of assessing our preparedness and our cybersecurity position. I do not know if we have enough understanding of those challenges, what our position is and how prepared we are. That is a very important task for the government.

As far as financial penalties on businesses, I mentioned in my speech that such things could put some businesses into bankruptcy, because they would not be able to afford the services that would provide the protection needed for them not to end up in such a disastrous situation.

Therefore, a balance is needed, and this has to be done by working together with the industry. If we are truly prepared, the financial penalties should be less, because the government should have done more in the last seven years, or even the years before that, in terms of looking to the future.

It all remains in the hands of the government that is putting this bill forward. We hope to get some answers.

Madam Speaker, that was a very interesting intervention. I am not a specialist in cybersecurity, so I am finding this debate very informative.

I guess one of the questions I have is about how we balance the need for cybersecurity with the need for transparency. That is really what the big question is for this. How do we make it effective but also adhere to the Canadian values of transparency, human rights and whatnot?

I wonder if the member has anything to say about the fact—

I have an hon. member with a point of order, and I think I know what the hon. member is going to say. The hon. member asking the question does not have her headset, and we do not allow members to speak without a headset. That is on me, with my apologies.

I will have to interrupt the hon. member right now and give the hon. member for Timmins—James Bay a very short question, please.

Madam Speaker, cyber-threats are not new. In 2011, Canada's two main financial centres in government, Finance and the Treasury Board, were pushed off-line for days by hacks from Chinese operators, yet the Harper government did nothing about that. It did not want to talk about it because it was busy selling off sections of the oil sands and Nexen to Chinese state-owned operators and then signing a free trade deal with China, the deal that would allow it to take on Canada outside of the court system.

I find it kind of special that the Conservatives are suddenly concerned about cybercrime now, when they did nothing to take on China's state threats to Canada under Harper.

Madam Speaker, the NDP member always wants to politicize things. This is a very serious issue, and there is not one party that is more serious about this than others. I wish he had stayed within the non-partisan notion of this bill. Let us talk about facts. Let us talk about logic and stop the attacks.

Madam Speaker, before I begin, I will just say that I will be splitting my time with the member for Kingston and the Islands.

It is an honour to rise today in the House to debate the second reading of Bill C-26, an act respecting cybersecurity. To me, cybersecurity is essential, and it certainly relates directly to our national security.

When we consider the challenges and opportunities we face in this field, the theme of collaboration underpins and needs to underpin all that we do.

The prevalence of cybercrime in an increasingly online world, improving cyber-defence posture in an unstable global environment, deep thinking about what the future holds in a world where innovation and change are exponential, a critical look at whether our policies and laws are up to the task, and the protection of content and intellectual property as data becomes one of the world's most precious resources: These are just some of the reflections that we have to have when considering this bill.

In Canada, being online and connected is essential. Now, more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying connected with loved ones across the country and around the world. We should be able to do all these activities safely and securely.

I would like to offer a few words about what we are doing here in Canada to get that balance right, and I would like to reinforce the importance of our commitment to protecting the cyber systems that underpin our critical infrastructure.

We can take the emergence of new technologies, such as 5G, as one clear reason we need to redouble our efforts. We think about our increased reliance on technology in light of the COVID-19 pandemic. We think about international tensions amidst Russia’s unprovoked and unjustified ongoing invasion of Ukraine, with threats ranging from supply chain disruptions to state and non-state malicious cyber-activity.

Through all of these remarkable events, the government has been working tirelessly to keep Canadians safe. We recognize that, now more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security. It underpins the delivery of critical services, such as energy production, financial transactions, safe transportation and emergency communications.

As part of his mandate, bestowed by Prime Minister Trudeau, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed national—

The hon. member for Battle River—Crowfoot is rising on a point of order.

Madam Speaker, as was pointed out by the parliamentary secretary to the government House leader yesterday, the use of the Prime Minister's name is not an accepted practice of this place.

The hon. member is correct. We do not use the names of current members of Parliament.

Madam Speaker, as part of the mandate bestowed upon him by the Prime Minister, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed cybersecurity strategy. We need to make sure we articulate Canada’s long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace.

The Government of Canada is working to enhance the cybersecurity of the country’s critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is around the clock and ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors. I would like to use one example that is relevant for my riding and the region I come from.

My riding is the riding of Whitby, and Durham District School Board is the public school board in our area. On Friday, November 25, just very recently, there was a cyber-incident at the Durham District School Board. It resulted in online classes being cancelled. They were forced to postpone scheduled literacy tests. They have had phone lines down and email service down. They even do not have access to emergency contacts, and they are trying to limit this incident so it does not impact payroll for the over 14,000 Durham District School Board employees. There are 75,000 students who go to school across our region.

They have notified police of the attack. Their investigation is said to be very complex and time consuming, and they will be assessing the privacy impacts, but we can just imagine how this has impacted students and employees at Durham District School Board.

This is a really serious topic. I think we all need to give it the weight it deserves, and this legislation is trying to ensure we do our utmost to protect against these cyber-threats in the future.

However, we are not starting from scratch to tackle these threats. Since 2018, the Government of Canada has invested a total of approximately $4.8 billion in cybersecurity. Through the national cybersecurity strategy, the Government of Canada would be taking decisive action to strengthen Canada’s defence, preparedness and enforcement against cyber-threats. The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling close to $800 million in the 2018 and 2019 federal budgets.

In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information, and in the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure.

Under the strategy, two flagship organizations were established. One is the Canadian centre for cybersecurity, otherwise known as the cyber centre, under CSE, and the other is the national cybercrime coordination centre under the RCMP.

The cyber centre is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of unique technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector, and the Canadian public.

The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police. In the example I mentioned in my riding of the Durham District School Board, it would report the cybercrime to the local police, and that would go up through NC3 as well.

Public Safety Canada’s Canadian cybersecurity tool also helps owners and operators of Canada’s critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient.

Public Safety Canada also coordinates and delivers cyber-based exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners. Public Safety Canada works closely with the Communications Security Establishment’s Canadian centre for cybersecurity to enhance the resilience of critical infrastructure in Canada. The cyber centre, in addition to providing public advisories, shares valuable cyber-threat information with Canadian critical infrastructure owners and operators.

Today I am very proud to say that we can begin to debate a new piece of legislation to further strengthen what we have built as a government. Today we are debating Bill C-26 for the second reading, and this legislation's objective is twofold.

The first part proposes to make amendments to the Telecommunications Act, which include adding security as a policy objective, adding implementation authorities and bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, when necessary, to mandate any action necessary to secure Canada’s telecommunications system, including its 5G networks. This would include authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers.

The second part introduces the critical cyber systems protection act, or CCSPA. This new act would require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber-systems, and it would support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including malicious electronic espionage and ransomware.

Madam Speaker, I am not a cybersecurity expert either.

A few weeks ago, I attended a demonstration in Montreal with 10,000 people to support the people who are fighting for their freedom in Iran, which, as we know, is not a democratic state. I have also strongly supported people from the Uighur community, who I have met with many times here in Ottawa. We know that they are facing genocide in China. The small white square that I am wearing is a sign of support for people who, at this time, are rising up against the health measures in China, as well as the people in Russia who are protesting against the war in Ukraine.

I want to know if there are concrete measures in Bill C‑26 that would prevent Iran, China and Russia from carrying out cyber-attacks on social networks and, for example, hacking my account and interfering in my life as an MP? I would like my colleague to clarify that.

Madam Speaker, I share the member opposite's ethical concerns with other state-sponsored actors, disinformation and ensuring that our cyber-infrastructure and our lives as MPs are also protected from the attacks and incidents that are too often affecting some of our institutions and even us, as individuals.

This bill really looks to strengthen the work the government has been doing year over year to invest in protections against cyber-attacks in our critical infrastructure and to ensure that we are enhancing those tools and investments, and leveraging them to the best degree possible to protect against the kinds of threats the member opposite identified.

Madam Speaker, cybersecurity cannot be underestimated in its importance, especially in the world in which we live.

One of the concerns that has been highlighted to me, as I listened to security experts surrounding this issue, is how far behind Canada is in taking action on cybersecurity, whether that be the decision regarding Huawei, or how Canada lags behind its Five Eyes partners. Taking action is essential in ensuring that we are on the same playing field.

I am wondering if the member from the government would be willing to expand as to why, after years of being in government, this is only now being debated in the House of Commons.

Madam Speaker, I am not really sure how we get these types of critical remarks coming from the opposite side of the House given that in my speech I gave very tangible examples of two agencies that have been set up and some pretty significant investments that have been made since 2018. The $4.8 billion for cybersecurity is no small amount. We are making investments and setting up the systems and tools.

I have been briefed, as a member of the procedure and House affairs committee, on our House of Commons cyber-infrastructure and cybersecurity. Although those briefings were in camera, I know full well that very strong and resilient systems have been set up to identify and neutralize threats ahead of time to ensure our critical infrastructure in the House of Commons is protected. I think that extends right across Canada with the work that our government has been doing.

Madam Speaker, I want to take a moment to apologize to the interpreters for when I completely forgot my headset previously. I am not feeling my best, and I am obviously not on my game.

I want to thank my colleague for his intervention today. It was very interesting. I agree with my colleagues from the Conservative Party that we are very late to the game, but I think it is vital that we get it right. It is just so important that we do that balance.

One of the concerns we are hearing from the stakeholders we have spoken to is that this bill has orders that will be exempt from the Statutory Instruments Act. Therefore, it would be unable to be reviewed under scrutiny at the regulations committee. Could the member speak to why the government made that decision?

Madam Speaker, as I am not sure of the specific details the member opposite is referring to in her question, I would have to say, in good faith, that I will get back to her on that after doing a bit more research on why that decision was made.

What I can tell her is that the key provisions in this act really do further the overall objectives of protecting our critical infrastructure. It specifically adds to the Telecommunications Act the objective of the “promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to”—

I must interrupt the hon. member. We are way over time.

Resuming debate, the hon. parliamentary secretary to the government House leader, Senate, has the floor.

Madam Speaker, I thank the member for Whitby for sharing his time with me.

It is very important that we talk about such an important piece of legislation that has been brought forward, Bill C-26. The reality is that the changes in technology are happening so incredibly quickly. At times, it seems a daunting task to keep up with them and to make sure that we are always ahead of those actors out there, whether state or non-state, who are trying to engage in activities that could seriously cripple our economy or other aspects of society in Canada.

It seems as though it was just yesterday that we did not have the Internet. I remember vividly when I signed up for my first Internet connection, a dial-up connection, and having access to the Internet. That was when I was a computer engineering student at a local college in Kingston back in 1995 or 1996. Downloading something as simple as a single image sometimes would take two or three minutes to get the full image on the screen.

Madam Speaker, it was not an image of the member opposite who is asking.

The point here is that things are evolving so quickly, and we have come so far in such a short period of time in terms of our ability to utilize, perfect and, for lack of a better term, exploit everything that the Internet has to offer. We have seen it change commerce. We have seen it change how we engage with each other. We have seen it change just about every aspect of our lives. Unfortunately, with that comes new opportunity for people to try to affect what we do in our day-to-day lives. They are trying new forms of fraud, theft, harassment, intimidation and influencing elections, which are all nefarious manners in which people are trying to now utilize the Internet.

Of course, cybersecurity is a huge part of any government operation now, and every government should be seized with doing everything it can to secure it, because when we think about it, everything is connected. There could be a cyber-attack on a utility company, on a functioning parliament, a democracy. There could be an attack on just about every aspect of our lives, and it is critical that we have legislation in place to ensure that we can properly safeguard those things.

I have heard individuals in the House, and in the last two questions, one from the Conservatives and one from the NDP, suggesting that this is taking way too long and that we are behind other countries. I would caution members on that and suggest that it is not entirely accurate. For example, the United Kingdom has a very similar bill to this one that is being studied right now by its members of Parliament, a Conservative government, I might add. They are going through the exact same process as we are now. I think it is always easy to say, and it is one of the things we hear quite a bit from opposition parties, why is this taking so long?

I have my own opinion on why things take so long in this House, but the reality is that I do not believe we are significantly trailing behind other countries. Yes, some countries have done more than us. I am not going to disagree with that, but I disagree that we are significantly behind. I will come back to the United Kingdom where a Conservative government has introduced a very similar piece of legislation to what we have. This brings me to the legislation that we are debating today.

This bill has two primary parts to it. The first part would amend the Telecommunications Act to add the objective of the promotion of cybersecurity of the Canadian telecommunications system to Canadian telecommunications policy.

It also authorizes the Governor in Council and the Minister of Industry to direct telecommunications service providers to secure the Canadian telecommunications system. I think that is incredibly important. In this process, we have to remember that a huge part of what we need to do is work with private partners and the various telecommunications services that are out there. We need, from a policy or government perspective, to put in place some of the things that they need to do.

The reality is that in a competitive business environment where various different telecommunications companies are fighting to be more competitive and more efficient to maximize profit, which we all appreciate is important in the capitalist environment we live in, we have to respect the fact that in order to ensure that some of these safeguards are in place, we are going to need to make sure that the legislation is there to make sure companies are doing what they need to be doing to create those safeguards. Otherwise, it might not happen to the degree it needs to because of the nature of the competitive environment they are in.

The other aspect of this bill is that it enacts the critical cyber systems protection act to provide a framework for the protection of critical cyber systems that are vital to national security and public safety. Of course, this is key because this is what everything else is built on in terms of our national security and the systems that we have. We need to make sure we can properly safeguard those. In that regard, it authorizes the Governor in Council to designate any service or system as a vital service or vital system. Just think about that.

When I was in college studying computer engineering and I went to get my first dial-up connection, who would have thought that a mere 25 years later we would be talking about designating some of these services as being vital to national security or public safety? The reality is that is where we are now. As we rely so heavily on these systems, we rely so heavily on ensuring that we have the systems in place that we do in order to protect our security as it relates to cyber-threats.

I appreciate the opportunity to talk about this very important piece of legislation. I get the sense it is being widely supported in the House. I hope we can move this along so we can get to the next steps, continue to move forward and get what we need into place in order to properly protect our cyber systems from a security perspective.

Madam Speaker, I thank my colleague from Kingston and the Islands for his speech, which was informative as always.

However, I would like to know how this bill will enhance public trust in the Internet. What mechanism in Bill C‑26 will help guarantee public trust?

Madam Speaker, as I said in my speech, one of the things the bill does is it specifically directs what the various telecommunications providers need to do in order to maintain that security. That is what we do from a policy perspective. We establish what those requirements are that are required of the telecommunications systems in order to ensure that security is there. What we will see coming out of this is that the telecommunications systems, in a unified fashion, will promote these particular policies and safeguards that will be put through those directives.

Madam Speaker, one of the things that has become very clear, particularly since the Russian invasion of Ukraine, is how destabilized our world is and how many bad actors are out there at the state level trying to undermine democracy.

My concern is about the ability of the federal government to withstand cyber-attacks. Earlier today, I talked about 2011 when actors out of China were able to shut down finance and the Treasury Board for days on end with relentless attacks. With the amount of financial information for Canadians that is in those departments, that is very serious.

We know that in the immigration department, which has turned into an absolute nightmare for anybody trying to navigate it, the system is breaking down. Staff in the department cannot access information files because the system is not up to speed. This will require a major investment to protect people, but also to deal with dark forces, whether they are Russians, the Chinese or any other non-state actor.

Has the government put in a credible plan to ensure we get our federal systems up to speed to be able to withstand hackers?

Madam Speaker, this is the basic fundamental principle to having our full and complete autonomy over our nation.

We need to ensure that these systems are secure—

Order. The hon. member's microphone is causing an audio problem that is interfering with the interpreter's audio.

I apologize, Madam Speaker. It is not my first day. I should not have let that happen. I apologize to the interpretation staff, through you.

Getting back to what I was saying, in order to maintain that autonomy which we must have as a country, we need to make sure that the proper investments are in place to do that. The member indicated there would need to be a major investment. My own personal perspective is that we should spare no expense to ensure that security is absolutely robust.

Will there be penetrations or will there be times when it might be challenging to maintain that? Yes, but we learn from those. With regard to his example from 2011, I believe we learned from that and we made our systems even better as a result.

Madam Speaker, I can attest that this is not the gentleman's first day. It seems like I have spent a year staring into his eyes here.

In the legislation, there is a fair bit of gray area with respect to definitions. Will the government be releasing additional information on such undefined terms as “cyber- incidents”?

Madam Speaker, I am flattered to hear that the member has been staring into my eyes for a year.

In all seriousness, the member asks a good question. I do not have the answer to that. I am certainly not in a position to be able to provide to him what the government would release later. When the government tables a bill or releases information to Parliament, it does so in a fashion that allows every member of Parliament access to that at the same time. The member's access to that would be no different from mine.

Madam Speaker, I will be sharing my time with the member for Battle River—Crowfoot.

I am proud to rise on behalf of my constituents in the not-quite-fully-connected riding of Renfrew—Nipissing—Pembroke. As the longest-serving member of the national defence committee, I fully appreciate the need for Canada to secure critical cyber systems.

For too long, the government remained indifferent while Canada's telecom companies were being infiltrated, robbed of intellectual property and sabotaged. It took the collective pressure of our Five Eyes allies before the government put up any resistance to the Huawei expansion throughout Canada’s telecom infrastructure.

Only after having been thoroughly shamed and threatened with being cut off from critical security intelligence has the government finally responded with legislation. However, as is so often the case with all governments, having finally been shamed into action, the executive branch overreacted. It now falls upon Parliament to moderate the executive overreach.

Cybersecurity is not a partisan issue. No party ran on a platform to make Canada insecure again. The Conservatives support sending this bill to committee for carefully considered amendments. I hope my colleagues across the aisle will be open to working in a collegial way to ensure that we as parliamentarians strike the right balance. This legislation must balance security with privacy and transparency. It must balance expeditiousness with efficiency and effectiveness.

I appreciate that the members opposite will place greater trust in this government than most Canadians will, but what about the next government or the one after that? Our duty as parliamentarians is to keep in check not just this government but future governments as well. To that end, I encourage all parties to work together at committee and bring back a bill that we can all support.

There are four main issues that need high-level scrutiny. However, as we saw with the invocation of the Emergencies Act, even when Parliament gives clear definitions, the executive branch believes it can extrapolate or simply opt for an overly broad interpretation. While the government has been forced to defend its decision on the use of the Emergencies Act in a public inquiry, Bill C-26 lacks any significant accountability measures while granting even more extraordinary powers, including issuing secret orders.

It should not fall upon the operators of critical cyber systems to guess what the government means by “immediately”. The bill currently grants the government the power to order telecom providers to do anything necessary to secure the telecommunications system. Granting the executive the power to do anything would be a dereliction of our duty as parliamentarians. To give the government the power to do anything while enabling those things to remain secret would be an outright betrayal of our duty.

It is understandable and reasonable that some secrecy is required to combat foreign espionage, but there must be clearly defined limits. There must be avenues for operators to appeal and for Parliament to scrutinize the government’s actions. By “Parliament” I mean Parliament. I do not mean some government committee of parliamentarians but a parliamentary committee.

This bill grants the government the power to deny services to any company or person by secret order. Had this law already been in place, there would be nothing to stop a government from cancelling the Internet and phone service of protesters the government disagrees with.

Granting the government the power to deny services to individuals using secret orders clearly violates the legal rights of Canadians. I do not want to trust the government with that kind of power. I expect my Liberal colleagues would not trust that kind of power when the Conservatives form government, hopefully very soon.

To paraphrase a great comic character, with great power must come great accountability. There are serious cyber-threats and those threats are growing. The government must have the tools to respond quickly and decisively, yet when governments move quickly, mistakes are made. That is why it is all the more important for there to be a robust set of measures to review their actions and ensure accountability when the government makes a mistake.

This legislation takes the extraordinary step of placing personal liability on individual employees of critical infrastructure operators. We threaten people with jail time to ensure they are accountable for their companies' cybersecurity, yet we do not hold government employees or ministers to the same standard. Just as the House must find the appropriate balance between security, secrecy and accountability, so too must we find the balance between privacy and transparency.

The government learned first-hand the public’s reaction to its undisclosed use of mobility data from millions of cellphone users. Canadians had demonstrated a willingness to abide by public safety measures, even extraordinary measures, but the minute the government started tracking our cellphones, even for a public health purpose, Canadians reacted strongly. Even Canadians who supported forced vaccination and punishing the unvaccinated drew a line at cellphone tracking.

The legislation before us would grant even more power to collect data from telecom providers with no restrictions on distributing it to other departments. Even if this data was held by the CRTC, Canadians would be concerned about their privacy. However, it would not be the CRTC doing the data scoop; it would be the Communications Security Establishment.

I appreciate the government feels the CSE is best equipped for countering cyber-threats, but the main purpose of the CSE is collecting intelligence from abroad. The CSE does not report to the public safety minister, who is responsible for keeping Canadians secure. The CSE does not report to the industry minister, who is responsible for telecoms regulations. The CSE reports to the defence minister. It is a fundamentally different type of organization from CSIS or the CRTC.

The legislation would fail to place sufficient limits on what the CSE can do with the data it can secretly order telecoms to provide. In no way is this meant to disparage the work done by the CSE, but as we expand the powers of the CSE, we must also constrain the scope of what it can do with those powers.

These are just some of the trade-offs we must consider when the bill goes to committee. Groups such as the Canadian Civil Liberties Association, the Citizen Lab and the Business Council of Canada have raised several more. However, the one area none of these groups have touched on, at least to my knowledge, is the role private citizens can play in securing Canada against cybersecurity threats. Parliamentarians have studied this both at the defence committee and with our fellow legislators at the NATO Parliamentary Assembly. Canada can take a lead role internationally in cybersecurity by enlisting the aid of ethical hackers, commonly referred to as “white hats”.

White hat hackers represent an untapped resource for a country as large as ours. Our critical infrastructure spans a continent. The job of securing it exceeds the capacity of the federal government and infrastructure operators. If we can develop a framework that protects and incentivizes white hat hackers, we may have a solution. As with the measures already in the legislation, such a framework would involve trade-offs. Even an ethical hacker could unwittingly cause significant cyber-disruption and damage, but they can just as easily expose flaws and gaps.

Regardless of whether the government acknowledges the existence of ethical hackers, they will continue to operate, and it is better for critical infrastructure operators, public servants and the Canadian public if we find a way to incorporate them into our defence strategy. We need to enlist ethical hackers because we simply do not have the resources as a nation to confront the threats.

Globally, cybercrime costs reached over $600 billion U.S. in 2021. Investments in cybersecurity were only $220 billion U.S. last year. Between criminals, terrorists and authoritarian states, the potential for significant damage is accelerating. Our enemies are going to match the best cyber-defences in the world. We do not have the resources to match the United States or the EU. That is why we must be even smarter than our adversaries and our allies.

The legislation is all stick and no carrot. Governments are quick to punish because it is easy. If company X fails to properly secure a critical system, they get a fine, but what if the company innovates and not only prevents an intrusion into their system but detects the source? The bill would require companies to immediately report intrusions, but what about failed attacks? If Bell, Telus and Rogers were to all successfully fend off an attack on the same day, would that not be something we would want the CSE to know about? Punishing failure is an important deterrent, but rewarding success is a powerful incentive.

In this cyber age, we need data to flow both ways. We can enhance our cybersecurity by taking both a carrot and a stick approach. We must pass robust cybersecurity legislation, but it must not compromise the rights of Canadians. We need a cyber-shield and a cyber-sword. As a vast, underpopulated nation full of remote critical infrastructure, we must be smart and creative in how we utilize every possible resource available, including enlisting white hats.

Madam Speaker, it was interesting to follow that speech, with all the conspiracy theories laid in, but I will note the most bizarre part of it. We hear the Conservatives talk about corporate welfare a lot, but it seems the hon. member wants to give money to Bell, Rogers and Telus for doing their job. That is an interesting part of her solution to this problem, which she seems to acknowledge, even though she also suggests that members of our armed forces will do wrong by the new powers they are given.

I am wondering why the member wants to focus on giving Bell, Rogers and Telus more money to help solve the issue of cybersecurity.

Madam Speaker, first of all, I in no way insinuated that the people who serve in the Canadian Armed Forces would do any wrong intentionally. They have to be given the proper direction, and that is why we have to get the legislation right.

Furthermore, when the Liberals talk about conspiracy theories, that only tells us they do not have an answer to the point that we are making. It is just something they throw out when they do not have an explanation for something or they cannot deny it.

Madam Speaker, I thank my colleague for her speech, in which she mentioned something very interesting.

She said that giving too much power to the executive would undermine the work of parliamentarians. I found that quite odd because Bill C‑11, which is exceptionally important for the discoverability of francophone content and for supporting francophone culture in Canada, is currently being held up in the Senate, where Conservative senators have been filibustering it for months.

Does the member think that her friends in the Senate are currently undermining the work of parliamentarians?

Madam Speaker, Bill C-11 is a terrible bill. It seeks to censor, and there is no rationale to have such a bill in place. It would do no good for any freedom-loving, law-abiding citizen in this country and it must be struck down.

Madam Speaker, I am not nearly as old as I look. When I came here I was much younger, but then I had to sit through eight years of the Harper government and my hair turned white. I feel like I am one of the few who remember what actually happened then, and I watch this cultural amnesia play out day after day.

I remember Bill C-30. Stephen Harper decided that he wanted a law allowing the police to check people's phones any time they wanted for whatever reason, and the Conservatives insisted that the telecoms put in a back channel so they could spy on and listen in to ordinary Canadians. That was before we knew there were conspiracy theories, and the Conservatives have a million over there. They would think this had something to do with promoting vaccines, but this was Stephen Harper's attempt to criminalize ordinary people without a warrant.

I want to ask my hon. colleague about that. She talks about, God forbid, the Conservatives coming back. I do not know what would happen to the rest of my hair if that happened. Are they going to continue to promote the kinds of tactics that Stephen Harper used, which criminalized ordinary Canadians in their private homes by listening in to what they were talking about?

Madam Speaker, the member opposite does not have to worry about a previous prime minister coming back to power, because right now what he noted is already happening. With Bill C-21, the police could come into people's homes. They are made into paper criminals just by virtue of the Liberals' declaring that certain firearms are now prohibited. It is already happening, and he does not have to wait for the best prime minister this country ever had to return.

Madam Speaker, I honestly thought the member for Timmins—James Bay dyed his hair Arctic chill. I did not realize, but there is a Clairol product that he can get at the—

Madam Speaker, on a point of order. I retract my previous comment. I do dye my hair so I look smarter than I am. I have been called out, so I have to admit it. I dye my hair.

Madam Speaker, the government has proven itself to fail on multiple fronts in delivering multiple projects and multiple bills.

What concern does the member have as far as delivering on this bill?

Madam Speaker, this bill gives the government of the day boundless opportunities to abuse our privacy and to issue secret orders.

One can only imagine what would have happened during the lockdowns with secret orders going forth. For even a peaceful demonstration coming to Parliament Hill, imagine the types of punishments, accusations and jail time, not just freezing bank accounts and taking money from lawful people.

Madam Speaker, it is an honour to enter into debate in this place, especially when it comes to issues that are so very pressing in relation to national security and some of the challenges that our nation is facing. I would suggest the whole discussion around cybersecurity is especially relevant, because we are seeing highlighted, each and every day, a drip of new information related to foreign interference in our elections.

It highlights how important the conversation around cybersecurity is. It is often through computer and technological means that these malicious, foreign state actors will attack Canadian infrastructure. It is particularly relevant that I rise to debate Bill C-26, relating to the Liberals' recently introduced bill on cybersecurity, and I would like to highlight a couple of things.

The first thing is about seven years of inaction. I find it interesting, after seven years, how it was heard at the ethics committee from a whole host of experts in the field, including on cybersecurity and a whole range of issues, that the government is missing in action. It is not just about the government's inaction, but it is missing in action when it comes to some of the key issues surrounding things like cybersecurity. It has the direct consequence of creating uncertainty in terms of the technological space in the high-tech sector, which has massive opportunities.

We hear the Ottawa area referred to as silicon valley north. We have the Waterloo sector that has a significant investment in the high-tech sector. In my home province of Alberta, there is tremendous opportunity that has been brought forward through innovation, specifically in the Calgary area where we are seeing massive advancements in technology, but there is uncertainty.

Over the last seven years, the government has not taken action when it should have been providing clear direction so that industry and capital could prosper in our country. That is on the investment and economic side, but likewise, on the trust in government institutions side, we have seen an erosion of trust, such as the years-long delay on the decision regarding Huawei.

I and many Canadians, including experts in the field, as well as many within our Five Eyes security partners, were baffled about the government's delay on taking clear and decisive action against Huawei. Even though our Five Eyes, a group of countries that shares intelligence and has a strong intelligence working relationship, sees how inaction eroded the trust that these other nations had in Canada's ability to respond to cyber-concerns and threats. There is the fact that a company, a state-owned enterprise, has clear connections to a malicious foreign actor.

That delay led to incredible uncertainty in the markets and incredible costs taken on by private enterprise that simply did not have direction. Imagine all the telecoms that may have purchased significant assets of Huawei infrastructure because the government refused to provide them direction. There were years and years of inaction.

I will speak specifically about how important it is to understand the question around Canadian institutions. I would hope that members of the House take seriously the reports tabled in this place, such as from the public safety committee, which in the second session of the last Parliament I had the honour of sitting on. There is a whole host of studies that have been done related to this.

Then there are the CSIS reports tabled in this place containing some astounding revelations about foreign state actors and their incursions and attempts to erode trust in Canadian institutions. Specifically, there was a CSE report for 2021, which I believe is the most recent one tabled, that talks about three to five billion malicious incursions in our federal institutions a day via cyber-means. That is an astounding number and does not include the incursions that would be hacks against individuals or corporations. That is simply federal government institutions. That is three to five billion a day.

There are NSICOP reports as well. The RCMP, military intelligence and a whole host of agencies are hard at work on many of these things. It highlights how absolutely important cybersecurity is.

I find it interesting, because over the last seven years the Liberals have talked tough about many things but have delivered action on very few. Huawei is a great example. Cybersecurity is another. We see a host of other concerns that would veer off the topic of this discussion, so I will make sure that I keep directly focused on Bill C-26 today. The Liberal government is very good at announcing things, but the follow-through often leaves much to be desired.

We see Bill C-26 before us today. There is no question that action is needed. I am thankful we have the opportunity to be able to debate the substance of this bill in this place. I know the hard work that will be done, certainly by Conservatives though I cannot speak for the other parties, at committee to attempt to fix some of the concerns that have been highlighted, and certainly have been highlighted by a number of my colleagues.

The reality is Canadians, more and more, depend on technology. We saw examples, when there are issues with that technology, of the massive economic implications and disruptions that take place across our country. We saw that with the Rogers outage that took place in July. Most Canadians would not have realized that the debit card system, one of the foundational elements of our financial system, was dependent upon the Rogers network. For a number of days, having disruptions in that space had significant economic implications. It just speaks to one of the many ways Canadians depend on technology.

We saw an example in the United States, so not directly in Canada, when the Colonial Pipeline faced a ransomware attack. A major energy pipeline on the eastern seaboard of the United States was shut down through a cyber ransomware attack. It caused massive disruptions.

Another Canadian example that has been reported in talking to some in the sector was Bombardier recreational products. The Quebec company is under a cyber-lockdown because of hostile actions. There are numerous other examples, whether in the federal government or in the provinces, where this has been faced.

There are a number of concerns related to what needs to take place in this bill to ensure that we get it right. It needs to align with the actions that have taken place in our Five Eyes allies. We need to ensure that the civil liberties question is clearly answered.

We have seen the government not take concern over the rights of Canadians to see their rights protected, their freedom of speech, whether that is Bill C-11. I know other parties support this backdoor censorship bill, but these are significant concerns. Canadians have a right to question whether or not there would be a civil liberties impact, to make sure there would not be opportunity for backdoor surveillance, and to ensure there would be appropriate safeguards in place and not give too much power to politicians and bureaucrats as to what the actions of government would be.

As was stated by one stakeholder in writing about this, the lack of guardrails to constrain abuse is very concerning. In Bill C-26, there is vague language. Whenever there is vague language in legislation, it leaves it open to interpretation. We have seen how, in the Emergencies Act discussion and debate, the government created its own definition of some of the things that I would suggest were fairly clearly defined in legislation. We have to make sure it is airtight.

Massive power would be given to the Minister of Industry in relation to many of the measures contained in this bill.

I look forward to taking questions. It is absolutely key we get this right, so Canadians can in fact be protected and have confidence in their cybersecurity regime.

Madam Speaker, I heard the member talk about Huawei quite a bit. I could not help but reflect on the fact that the former contender to the current leader of the Conservative Party was actually on the legal team to support Huawei through its initiative to try to get onto the 5G network in Canada. I cannot help but wonder why on earth, if the Conservatives are so against Huawei and treat this threat so seriously, the Conservative Party of Canada would green-light—

The hon. member may know it is not the business of the House to deal with leadership issues of the different parties. I understand what the hon. member is trying to say, but try to keep it to the legislation.

Madam Speaker, Jean Charest was a lawyer for Huawei. The member brought up Huawei. Jean Charest is a well-known Conservative who ran in the leadership. Why would they have allowed Jean Charest to run in the leadership had that been the case?

Madam Speaker, I will suggest this has direct relevance to the debate at hand. It has direct relevance because the victor of that race was not the individual the member referred to, but rather the member for Carleton, who I was proud to support and who will be so pleased to ensure we, as a majority Conservative government after a future election, have the opportunity to get things right and get this country back on track.

Madam Speaker, I thank my colleague for his speech.

I would like my colleague to reassure people who are watching, people in our communities who are worried about a device that is in their hands for much of the day. These people live with this device in their home. They use this device to share anecdotes, conversations and occasionally intimate secrets, believing that it all belongs exclusively to them.

Since our colleague does not seem interested in better control of cyber-attacks, how does he expect to reassure the public without moving toward tighter cybersecurity?

Madam Speaker, I cannot hold up my cellphone, but what is absolutely key to the whole conversation we are having is the fact that all of us in this place carry an incredibly powerful computing device that only a few years ago would have been something we would not have seen even in the most futuristic sci-fi novels and movies. The space in which we are discussing cybersecurity has evolved so rapidly.

Specifically to the question the member asked regarding privacy, it is a very important one. It is one that, as a member of the Standing Committee on Access to Information, Privacy and Ethics, we need to make sure the legislation we have in this country, including privacy legislation both on the application of government and the privacy of all Canadians in terms of corporations and that whole space, reflects the modern realities. In many cases, decades old legislation needs to be updated to reflect the realities of today.

Madam Speaker, when we talk about the updated realities of today, persons with disabilities rely heavily on these technologies and this access. If I think about persons with disabilities who rely on technologies for everyday barrier reduction interactions in their lives, how can their rights to access be protected?

Madam Speaker, the right to access is absolutely key. We have seen some incredible technological advancements that have helped those who face disabilities in a wide variety of things. Outside of the context of what Bill C-26 directly addresses in terms of cybersecurity, there is a particular connection, because if we do not have things like secure networks, if we do not ensure that our telecoms have consistent and stable networks that we can trust as a country, then access becomes a real issue. Malicious foreign-state actors could take advantage of that, which would disadvantage all Canadians, but specifically those who depend on technology to mitigate things like disabilities.

Order. It is my duty, pursuant to Standing Order 38, to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for Bow River, Taxation; the hon. member for South Okanagan—West Kootenay, Post-Secondary Education.

Madam Speaker, I will be sharing my time with the fantastic member for Lac-Saint-Louis.

It is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will address elements in the legislation that deal with securing Canada's telecommunications system.

As Canadians rely more and more on digital communications, it is critical that our telecommunications system be secure. Let me assure this House and in listening to the debate today I think we all agree that the issue of cybersecurity is of utmost importance. The Government of Canada takes the security of this system seriously, which is why we conducted a review of 5G technology and the associated security and economic considerations.

It is clear that 5G technology holds lots of promise for Canadians for advanced telemedicine, connected and autonomous vehicles, smart cities, cleaner energy, precision agriculture, smart mining, and a lot more. Our security review also made clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system.

CSIS, the Canadian Security and Intelligence Service, acknowledged this in its most recent publicly available annual report. The report states:

Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada's national security, its interests and its economic stability.

The report states that “[c]yber actors conduct malicious activities to advance their political, economic, military, security, and ideological interests. They seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities”.

The CSIS report also highlighted the increasing cyber-threat that ransomware poses. The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish a victim's data or block access to it unless a ransom is paid. However, it is not just cybercriminals doing this. CSIS warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution.

To be sure, Canadians, industry and government have, to this point, worked hard to defend our telecom system, but we must always be on the alert, always guarding against the next attacks. This has become more important as people now are often working remotely from home office environments.

5G technology is adding to these challenges. In 5G systems, sensitive functions will become increasingly decentralized in order to boost speeds when required.

Cell towers are a familiar sight in our communities and along our highways. The 5G networks will add many smaller access points to increase speeds. As well, the number of devices that the 5G network will connect will also grow exponentially.

Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with older technology. Bad actors could have more of an impact on our critical infrastructure than before.

The security review we conducted found that in order for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technological and threat environment. For these reasons, we are proposing amendments to the Telecommunications Act. The amendments will ensure that the security of our telecommunications system remains an overriding objective.

This bill will expand the list of objectives set out in section 7 of the Telecommunications Act. It will add the words “to promote the security of the Canadian telecommunications system”.

It is important for those words to be in the act.

It means government will be able to exercise its powers under the legislation for the purposes of securing Canada's telecommunications system.

The amendments also include authorities to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary and after consultation with telecommunications service providers and other stakeholders.

It would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks upon which all critical infrastructure sectors depend.

We have listened to our security experts; we have listened to Canadians; we have listened to our allies and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canada's competitiveness, economic stability and long-term prosperity.

It is clear that the telecommunications infrastructure has become increasingly essential. It must be secure and it must be resilient. Telecommunications presents an economic opportunity, one that grows our economy and creates jobs. The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve the ability of designated organizations to prepare, prevent, respond to and recover from all types of cyber-incidents, including ransomware. It will designate telecommunications as a vital service. Together, this legislative package will strengthen our ability to defend the telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day.

The legislation before us today fits within the Government of Canada's telecommunications reliability agenda. Under this agenda we intend to promote robust networks and systems, strengthen accountability and coordinate planning and preparedness.

Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of our networks has never been more crucial. These services are fundamental to the safety, prosperity and well-being of Canadians.

We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that. I look forward to working with members in this House to getting this right and making sure that our telecommunications system is as strong as it can be.

Madam Speaker, in earnest, the government has had significant failures when it comes to procurement. I would point to shipbuilding, where we are years behind. It has also had significant failures with respect to IT. I point to the Phoenix pay system.

Given these failures, what has the government learned, and how can the Canadian public believe the government will be able to deliver on this legislation?

Madam Speaker, I had the opportunity to sit on the defence committee during my first mandate, and I had the opportunity to work closely with the then minister of national defence on “Strong, Secure, Engaged”. We are going to be reviewing “Strong, Secure, Engaged” in terms of our defence spending, including what we are going to be doing on procurement.

A lot of things have changed in the last seven years in terms of defence, like what is happening across the way in terms of Ukraine and Russia, cyber and how significantly things have changed. We absolutely need to invest in cyber and make sure we get our defence procurement projects completed.

Madam Speaker, I thank my colleague for her speech.

There are people from the Fédération des communautés francophones et acadienne du Canada on the Hill today. They met with the Minister of Official Languages. The House is working on Bill C-13 because we know that the French language is declining in Quebec and Canada, so efforts to promote French must be made.

My colleague represents a riding in which 80% of the population speaks French as their mother tongue. She just delivered a speech that was about 80% in English. Does that not make her a bit uncomfortable? Does she not think that a clearer message could be sent here in the House?

Her government could also send a clearer message by giving speeches more openly in French.

The hon. member's question is a little off topic.

I will nevertheless give the hon. member for Longueuil—Charles-LeMoyne a chance to respond.

Madam Speaker, if the member wants to ask a question about the subject matter of the bill we are debating, I would be pleased to answer.

With respect to language, I speak both official languages and am very proud to do so.

Madam Speaker, the question of Canada's ability to deal with our situation in an increasingly unstable world raises serious questions about priorities. For example, we are years behind on the frigates that are supposed to be brought forward by the navy. The cost overruns are staggering, yet we have just seen in Ukraine that the Russian flagship, Admiral Makarov, was taken out by drones.

Do we need to completely reassess our thinking? This is the 21st century. We are investing, often, in 20th-century solutions in a world of warfare, cyberterrorism and cyber-power that is completely transforming the nature of warfare and democracy's ability to defend itself.

Does my colleague think we need to do a larger rethink across the board in terms of our strategies and our ability to defend ourselves?

Madam Speaker, I want to thank the member for that question, because that is one area of our domain awareness that we have not focused on a lot. When we think about the air force, army or navy, we usually talk about those three domains, but we do not talk a lot about cyber. We know that is the fourth domain that we need to focus on.

In terms of our NORAD modernization, I know cyber is top of mind in working with our Five Eyes partners and other partners. We need that modernization to take place so we can make sure this fourth element of our national defence is also included.

Madam Speaker, I know the member for Longueuil—Charles-LeMoyne has heard some of the debate today, not just from other MPs but from civil society organizations that have raised concerns with respect to secrecy as it relates to addressing cybersecurity.

I am curious to hear her reflections on potential improvements she thinks could be made to the bill in order to better balance the need to improve cybersecurity while holding on to accountability and transparency.

Madam Speaker, unfortunately I do not sit on the public safety committee, so I will not be the person debating it when it eventually gets to committee, but obviously there are opportunities for improvement in any piece of legislation. I look forward to seeing the recommendations that might come from our colleagues in the House when it gets to committee.

Madam Speaker, it is an honour for me to rise at second reading stage of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.

When we consider the opportunities and challenges before us in this area, we see that the theme of collaboration underpins all that we do. Take, for example, the prevalence of cybercrime in an increasingly online world, improving cyber-defence posture in an unstable global environment, deep thinking about what the future holds in a world where innovation and change are exponential, a critical look at whether our policies and laws are up to the task, and the protection of content and intellectual property as data becomes one of the world's most precious resources.

In Canada, being online and connected is essential. Now more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying connected with loved ones across the country and around the world. We should be able to do all these activities safely and securely.

I would like to offer a few words about what we are doing here in Canada to get that balance right. I would like to reinforce the importance of our commitment to protecting the cyber systems that underpin our critical infrastructure.

The emergence of new technologies such as 5G is one clear reason we need to redouble our efforts. Think about our increased reliance on technology in light of the COVID-19 pandemic. Think about international tensions amidst Russia's unprovoked and unjustified invasion of Ukraine, with threats ranging from supply chain disruptions to state and non-state malicious cyber-activity.

Through all of these remarkable events, the government has been working tirelessly to keep Canadians safe. We recognize that, now more than ever before, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security. It underpins the delivery of critical services, such as energy production, financial transactions, safe transportation and emergency communications.

As part of his mandate, bestowed by the Prime Minister, the Minister of Public Safety is seized with the opportunity and the challenge of developing a renewed national cybersecurity strategy. We need to make sure we articulate Canada's long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace.

The Government of Canada is working to enhance the cybersecurity of the country's critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors.

However, we are not starting from scratch in our fight against this threat. Since 2018, the Government of Canada has invested a total of approximately $2.6 billion in cybersecurity. Through the national cyber security strategy, the Government of Canada is taking decisive action to strengthen Canada's defence, preparedness and enforcement against cyber-threats.

The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling nearly $800 million in the 2018 and 2019 federal budgets. In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information.

In the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment, or CSE, and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure.

Under the strategy, two flagship organizations were established. One is the Canadian Centre for Cyber Security, under CSE, and the other is the National Cybercrime Coordination Centre, or NC3, under the RCMP.

The Canadian Centre for Cyber Security is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector and the Canadian public.

The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police.

Public Safety Canada's Canadian cybersecurity tool also helps owners and operators of Canada's critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient.

Public Safety Canada also coordinates and delivers cybersecurity exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners.

Public Safety Canada works closely with CSE's Canadian Centre for Cyber Security to enhance the resilience of critical infrastructure in Canada. The Canadian Centre for Cyber Security shares valuable cyber-threat information with Canadian critical infrastructure owners and operators, in addition to providing public advisories.

Today, I am very proud to say that we can start debating a new bill to further strengthen what we have built. Today we are starting the debate on Bill C‑26, an act respecting cyber security. The objective of this bill is twofold.

First, it would amend the Telecommunications Act to add security as a policy objective, bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, if necessary, to mandate any action necessary to secure Canada's telecommunications system, including its 5G networks. This includes authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers.

Second, it introduces the new critical cyber systems protection act. This new act will require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber systems, and it will also support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including electronic espionage and ransomware. Cyber-incidents involving a certain threshold will be required to be reported.

The bill will also give the government a new tool allowing it to take action in response to threats and vulnerabilities with respect to—

Order. The hon. member's time has expired.

The hon. member for Drummond.

Madam Speaker, I want to congratulate my colleague from Lac-Saint-Louis on his speech. He obviously has an excellent grasp of the file.

I put this question to another colleague earlier, after a speech, and it is something that really concerns me. I am asking it again because I do not know if the member was here earlier.

We cannot begin to imagine how organized hackers are. They have such a big head start that it will be hard to catch up to them, even if we invest all the energy and knowledge we can in our systems to protect ourselves against cyber-attacks. We have seen companies like Desjardins and Bombardier fall victim to these hackers, who demand endless ransoms. How many other companies have fallen victim to these attacks without us even hearing about it?

My question is this. Has Canada been too slow to act? It took Canada a long time to decide Huawei's fate, for example. Does the fact that the government seems to have dragged its feet before finally tabling a cybersecurity plan that appears to have some teeth not mean that we will always be one step behind those countries and organizations that are attacking the computer systems of businesses and governments around the world?

Madam Speaker, I know that the Huawei case has been studied extensively with the involvement of our security agencies. I would like to think that the government and security agencies have learned a great deal. They have learned lessons that they can apply in the future to better protect Canadian businesses and critical infrastructure.

In terms of catching up, yes, technology moves so fast that often governments and society have to react, but it is better to react than to do nothing.

Madam Speaker, I thank my colleague for his speech.

I have a question about publicly owned corporations like Hydro-Québec. How will the bill provide a framework for this, while still allowing companies like Hydro-Québec to be proactive about cybersecurity? How will the bill ensure there is no interference? Will there be support? I would like to hear my colleague's point of view on this issue.

Madam Speaker, I dare to believe and hope that a publicly owned corporation as big as Hydro-Québec has the resources to protect itself properly. Obviously, it provides a critical service. I think I said that in my speech. We hope that this bill will also serve as a model for other levels of government.

I think that, just like protecting the environment, cybersecurity is a team effort. We have to work with partners in other governments to come up with a solution that is watertight, well aligned and effective.

Madam Speaker, my colleague and I spent a lot of the day together today. We had an excellent event this morning, which he organized, so I would like to thank the member for Lac-Saint-Louis for that.

There is one question I do have with regard to the bill. It has been written in such a way that secret orders could be issued, and they could be kept from being publicized or published in the Gazette. Why was that choice made? Why was the decision made to have that level of secrecy in the legislation?

Madam Speaker, I would also like to thank the member for taking part in a panel in front of about 40 students from the Max Bell School of Public Policy this morning. It was wonderful to have her perspective as a westerner, and as a parliamentarian generally.

I would imagine that, when we are dealing with matters of national security in cybersecurity and systems that are key to our well-being, there might be a need in certain cases to be a little more circumspect. I would hope, believe and expect, because every bill that is introduced to the House has to go through a charter analysis, that any such measure the member refers to would pass the test of the charter.

Madam Speaker, I will give my speech in French. I will be sharing my time with my esteemed colleague from Trois‑Rivières, who will no doubt be able to give a more relevant speech than me. I am pleased to share my time with him.

Ottawa is finally proposing a law to deal with the issue of cybersecurity. We are pleased to see that the government is finally addressing this issue. I will not say that it is too little, too late, but I will say that we waited a long time for this.

The purpose of the bill is to force Internet service providers to adopt better practices, something on which we all agree. We commend the government for that.

However, why is Ottawa always in reaction mode? We have been talking about the 5G network and Huawei for years. Hydro-Québec has been experiencing cyber-attacks on a daily basis for years. We have known for years about the rise of China, a country that is interfering more and more. In short, we have known for years that Canada is extremely vulnerable and that it is basically a sieve in terms of cybersecurity.

How can it be that, in this postnational system, everything happens reactively, not proactively? That is all I am going to say about that, because there is no changing the fundamentals of a country that is impervious to reform. Instead, we are going to get out. I just wanted to put that out there.

We support the bill in principle, but there are some grey areas that need clarification. That is what committees are for. The legislation is essentially a regulatory framework that, first and foremost, enables the government to make regulations to ensure the security of critical cyber systems. We have to look at the impact this bill could have on Quebec, especially Hydro‑Québec, because it lists interprovincial power line systems under vital services and vital systems. The committee will also have to look at whether the vast regulatory powers provided for in the bill are justified and ensure that they do not needlessly circumvent Parliament.

The threats that weigh on cybersecurity are likely to increase. They are the future, but they are also very much part of our present. In fact, a number of experts on the matter in Quebec talk to us about it. There is someone I really liked to watch when he was on television, although he stopped appearing when he became a deputy minister. I am talking about one of my constituents, Steve Waterhouse, who is always very interesting to listen to. His work helped raise our awareness and raise public awareness. He is from Sainte‑Madeleine, which is in the incredible riding of Saint‑Hyacinthe—Bagot.

Cyber-threats are already a part of our daily lives. Hydro-Québec is attacked every day by what are referred to as denial of service attacks. These are less sophisticated cyber-attacks and are the easiest ones to deal with, but they can cause major disruptions.

Look at Aluminerie Alouette, on the North Shore, which was the victim of a major cyber-attack that led to a serious outage. A Russian group claimed responsibility. Last summer, during the Rogers outage, which also had a serious impact on debit card transactions, a cyber-attack was the first thing that came to mind.

The objective of the bill is to mitigate the risks upstream. The legislation could certainly help Quebeckers, for example by imposing certain standards on Internet service providers, such as the obligation to avoid using products from suspect companies like Huawei.

In 2020, Parliament adopted a motion to force the government to make a decision about Huawei and Chinese interference in general. Recently, Ottawa finally blocked Huawei after years of dithering. What a waste of time. As Proust wrote, we are in search of lost time.

Madam Speaker, please tell my colleagues that they can let me know if I am disturbing them. I would not want to prevent them from having their conversations.

I ask that members who wish to have conversations leave the chamber to do so.

The hon. member for Saint‑Hyacinthe—Bagot may continue.

Thank you, Madam Speaker. I see that they are no more interested in what you have to say than what I was saying, so I do not take it personally.

The 5G network is a new communications technology with bandwidth that is 10 to 100 times greater than that of current networks. The technology stands out for more than just its speed. It stands out for its extremely low latency, which is the time it takes for one computer to communicate with another and receive a response.

This opens the door to many possibilities in different areas, but to achieve performance, 5G uses a multitude of pathways. To simplify, let us say that something that is sent from Montreal to a computer in Paris could have a portion pass through New York, another through London, another through Barcelona, and so forth. This makes the technology particularly vulnerable because it becomes difficult to track the path that the data takes.

Huawei has already been implicated in the scandal involving China spying on the African Union headquarters. In 2012, China offered the African Union a fully equipped ultramodern building. Africa is known to be an extremely important location for Chinese investment. China supplied everything: networks, computers and telecommunications systems. After a few years of operation, in 2017, African computer scientists realized that the servers were sending out huge amounts of data at night, when nobody was working in the building. They discovered that the data was going to servers in China, which was spying on all staff and political leaders. Huawei was the main supplier of the network infrastructure. Microphones were also found in the walls and tables.

China passed a new national intelligence law in 2017. One thing is clearly set out in their law. All Chinese companies must absolutely participate in China's intelligence efforts. It is a form of economic and commercial patriotism, and we could also add digital. In other words, all the private players are being mobilized to say that they are going to participate in the construction of the great digital wall of China. This includes military intelligence and civilian intelligence. For instance, a company can be called upon to spy on behalf of another Chinese company in order to place China in an advantageous position on the world stage.

At this very moment, a genomics company called BGI, which works with genes, is still supplying medical equipment to Canadian hospitals. Its machines collect data, and only the company's technicians are authorized to carry out the monthly maintenance. They are the only ones with access. It turns out that this company has close ties to the Chinese military.

There is also Alibaba, a publicly traded Chinese company similar to Amazon that was founded by businessman Jack Ma. It derives its income from online activities, including a public market designed to facilitate transactions between businesses, payment and retail sales platforms, a shopping search engine and cloud computing services.

Another example is Tencent, a company founded in 1998 that specializes in Internet and mobility services and online advertising. Tencent's services include social networks, web portals, e-commerce and multiplayer online games. Tencent manages and operates well-known services, such as messaging services Tencent QQ and WeChat, and the qq.com web portal.

Today, China is the champion of data collection. This rising power requires new practices, new barriers and new ways of doing things. We should not think that the U.S. does not have their own giants that collect data, but just in China there are 800 million Internet users. That is more than the U.S. and India put together and one-quarter of all Internet users in the world. This number of users will give public and private Chinese actors, which have a close relationship, access to large sources of data that they can mine at will.

China has built a formidable digital system. There is a reason why it is constantly increasing its data storage. There is no doubt that the issue of cybersecurity is at the centre of the current international economic war that is engulfing an increasingly multipolar world. We need to acknowledge this. We need to act.

We support this bill because it is well-intentioned, but we have to find a way to put some meat on the bones.

Madam Speaker, I appreciate very much the Bloc's tentative support of the legislation to go to committee, recognizing that this legislation empowers the minister to take direct, specific actions to protect Canadians and businesses. As the member pointed out so accurately, there is a very real cyber-threat out there. It also ensures that there can be financial penalties.

Would the member not agree that this is just one step? We have had literally tens of millions of dollars invested in cyber-threats over the years. We have had all sorts of group discussions and meetings to make sure that the government is keeping up. There are a number of stakeholders with the responsibility of fighting cyber-threats today.

Madam Speaker, should that not just be one step? The answer is: of course it should.

I believe we said we are in favour. We are not even sure that this step will be enough, but it is a step in the right direction, and that is why we support it. It is great that there is going to be money for this, but now the real work starts.

I feel there are a lot of areas to consider. We will have to look at industrial espionage and economic espionage too. Regimes have all kinds of legal and digital techniques for acquiring competitors' data and trade secrets.

Madam Speaker, what does the member propose for a solution? What are the immediate steps needed to be taken to deal with the pressing issue of cybersecurity attacks we are facing in the country?

Madam Speaker, Bill C‑26 does contain some good solutions and some interesting elements.

The only thing is, we will have to look at the details and see what is next. Are we giving the minister too much power? At the same time, we may have to think twice about giving more power to the minister at the expense of Parliament when we are not sure whether the minister will fulfill his commitments. There have been promises followed by waffling in the past. There are definitely things that need to be looked at, yes, but at least this bill is motivated by good intentions. For that alone, it deserves to be supported at this stage.

Madam Speaker, my colleague's intervention today was very interesting. He seems to know the subject very well. Looking at this legislation, we have been talking about how it has been a long-time coming, and how we would have liked to have seen this legislation before us sooner.

I wonder if, as he studied this bill, he had an opportunity to look at legislation from other countries, and if there is legislation from other countries that we could be emulating and looking at as we try to improve this bill. After second reading, I think all parties want to make sure this bill improves.

Madam Speaker, as I said at the beginning, I was a bit critical. Unfortunately, in this country, in this Parliament and in this postnational system, it is clear that there is much hemming and hawing in far too many files.

Take a look at the general political culture of other countries like the United States. It did not take them long. Consider the example of Huawei; it took no time at all. They looked at it, concluded that it was preposterous and they put an end to it.

Why has it taken Canada years? This is still something to keep an eye on.

The European Union is also starting to take action. It is starting to move on this front by setting up institutes to monitor interference, the extraterritoriality of certain practices, and so on. There are certainly practices that should be monitored.

Madam Speaker, I thank my colleague from Saint‑Hyacinthe—Bagot, who said he wished that we could talk a bit about what is being done proactively, and that is what I intend to do.

As members know, we cannot discover new worlds until we have the courage to not see the shore. Those who know me know that I would rather talk about the “why” than the “how”. I like to clearly define what we are talking about.

Let us start with the word “security”. Security is an absence of worry. It is peace of mind, a form of safety. It is rather easy to define.

Now, what is the definition of the prefix “cyber”? Cybersecurity is a word that is used in all kinds of ways. We want to combat cybercrime with cybersecurity. We want to prevent cyberstalking. Sometimes it can be confusing. What is the meaning of the prefix “cyber” that is used everywhere?

The origin of the word will help us to understand it. It was coined after the Second World War by an American researcher named Norbert Wiener. This brilliant mathematician was hired by the Massachusetts Institute of Technology, or MIT, to work on a research project on new types of weapons. More specifically, he was asked to develop missiles that could take down V‑1s and V‑2s, the unmanned German aircraft filled with explosives that were causing so much damage in England.

To that end, Professor Wiener had to model the behaviour of a pilot who knew he was being chased in order to better understand the decision-making mechanisms of humans in general. We will use the term human so as not to offend anyone. In 1948, Norbert Wiener named this field of research “cybernetics”, a new area of science that studies the mastery of machines. He was inspired by the Greek term kubernao, which means to pilot and from which the terms “government” and “governance” are also derived. It means “to steer”.

In 1949, Wiener's book was deemed one of the most important works of the 20th century. The New York Times praised it and predicted that cybernetics would be a leading branch of science in the future, which has come to pass. This book still contributes practical knowledge to today's world because one of the main concepts underlying this new theory is that of regulation. That is what we are discussing today.

With the Internet, everything becomes cyber, but the societal challenge is huge because in cyberspace we no longer know what is the cause and what is the effect. We are no longer certain who governs and who is governed. We no longer strive to determine if the chicken came before the egg or if the egg came before the chicken. In cyberspace, we cannot make sense of the chickens and the eggs.

When we talk about the Internet, we are talking about space and time. Space and time are concepts that, throughout history, have allowed us to place and understand ourselves. In philosophy it is said that nothing exists without space and time because everything is always somewhere in space and in a given moment, it is situated in time.

However, the Internet is everywhere and nowhere. In fact, when we talk about the web we picture an entanglement of threads without a centre. Humans, with their neurolinguistics, have a hard time placing themselves when there is no centre. We are always looking for the end. The Internet does not have one. In space, there is no centre and time is eternal. The Internet is always, never, and in perpetuity. It is therefore very hard to understand and associate with the cyber point of view.

Bill C‑26 is divided in two parts. In the first part, it says that it seeks to reinforce the security of the Canadian telecommunications system. Then there are indications of how it will change this and how it will change that. In the second, it says it will create the new critical cyber systems protection act to do this or that. I am summarizing the bill.

I noticed when I read Bill C‑26 that there is a lot of “how” and not a lot of “why”. What is the “why” behind Bill C‑26? In my opinion, there is just one reason why and that is to ensure that citizens can trust in the mechanism that protects them in the area of cybernetics and cyberspace.

Trust is complicated because it is not something that is easily granted. I will use the example given by my colleague from Saint‑Hyacinthe—Bagot. I know him and he is conspicuous in his absence, even though I am not allowed to say that. I do not have eyes in the back of my head.

It is pretty easy to build up trust between two individuals. However, trusting an entity, a company or a government is harder. Trust means having peace of mind, without needing supporting evidence. It is difficult to achieve in the public sphere. It is essential, however, and I think that is what Bill C-26 seeks to accomplish.

Trust begins with education and insight. Since this has been explored in speeches throughout the day, I will not dwell on it, but the geopolitical world is changing these days, and the balance of power is shifting. In addition, it is hard to know where the centre is, as I explained a little earlier.

The Canadian government's foreign policy is vague at best. It took years for the government to acknowledge that there was a problem with Huawei. It was the only Five Eyes nation that did not see the inevitable, that did not see the evidence right under its nose.

I am talking about education, but the bill does not contain any provisions for education in cybersecurity. I am talking about education in terms of privacy and facial recognition. Education would help people avoid the temptation to commit the act that we are trying to prohibit here.

We also know that we are stronger together. It is interesting to see who has already thought about these issues. One of our colleagues said that other institutions have thought about this. Yes, there is a concept known as cyber diplomacy, which involves co-operation and dialogue between nations. Moreover, to answer a question that has not been asked, which is the nature of philosophy, the Council of Europe could offer some very interesting answers and solutions in this matter.

This brings me to another question. Despite the many measures, there are quite a few things I do not see in this bill. I do not see measures that would prevent our devices from being taken over by malware, for example, or by a foreign power. Device takeover is something we recently studied at the Standing Committee on Access to Information, Privacy and Ethics. It is not the stuff of science fiction; it is actually happening now.

Also, I do not see how this bill prevents intellectual property infringement. I could name 200 other things I do not see in this bill, but I will mention just one more. I do not see how we are going to regulate what is known as the dark web. However, the bill names six organizations that will have the power to act as regulators.

However, I would like to ask the following question: Do these organizations have the necessary knowledge to do that? It is not always clear. In previous bills on other subjects, we were told, for example, about the CRTC, which was responsible for implementing some provisions. We saw that the CRTC was an outdated organization. The organizations in question now are not much better.

Cybersecurity is not something that is easy to regulate. That is why it is a good idea to look up and try to see a little further. I agree that the bill is well-intentioned, but intention without courage is meaningless.

A poet that I recently met in Montmartre told me that there is no love, only shows of love. It is the same thing here, except that we are talking about shows of courage, and so I hope that the government will show courage with Bill C‑26 and turn its intentions into action.

Let us send Bill C‑26 to committee as soon as possible.

Madam Speaker, I will be splitting my time with the member for Kootenay—Columbia.

I am pleased to rise in the House today to speak to Bill C-26, the critical cyber systems protection act, introduced in June 2022 and split into parts 1 and 2. The former aims to amend the Telecommunications Act to include:

the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.

The latter outlines the introduction of the critical cyber systems protection act, which would create a new regulatory regime requiring designated critical infrastructure providers to protect their cyber systems.

I would like to emphasize that the safety and security of our telecom industry, with particular reference to foreign adversaries such as the Beijing Communist Party, has been a broad theme in communications lately. This is especially concerning the controversial Bill C-11, the online streaming act, or, should I say, government censorship, and new revelations from the Canadian Security Intelligence Service, CSIS, flagging election interference from those involved with the Beijing Communist Party.

We Conservatives believe it is of paramount importance to defend the rights and interests of Canadians from coast to coast to coast. Thus, Canada's national security should be strongly well equipped to be prepared for cyberwarfare threats that could be presented by emerging digital technologies, intelligent adversaries or authoritarian artificial intelligence.

The NDP-Liberal government has had a long record of denying Canadians the truth. Instead of protecting their rights and freedoms, the government uses deflection tactics to divide Canadians, pitting them against one another to distract from the real issue: that the NDP-Liberal government has been too slow to address cyber-threats. For this critical lack of action, Canada has seen several serious incidents occur with no substantive legislative response for over seven years. After years of chronic mismanagement and utter failure, it is time for the government to step aside and let the Conservatives turn Canadians' hurt into hope.

We support the stringent and thorough examination of this legislation. We will always defend and secure the security of Canadians, especially with regard to cybersecurity in an increasingly digitized world. There is a pressing demand to ensure the security of Canada's critical cyber-infrastructure against cyber-threats. Let us not forget that these very systems lay the foundation of the country as a whole. It is these cyber systems that run our health care, banking and energy systems, all of which should be guarded against the cybercriminals, hackers and foreign adversaries who want to infiltrate them.

Akin to several other Liberal ideas, a number of aspects of this bill require further review, and it should thus be sent straight to committee where it can be further dissected and refined to ensure that all flaws are addressed. One can only imagine the disaster that a hospital system crash would add to the already horrible wait times in emergency rooms and shortages of medical professionals thanks to the NDP-Liberal government. The results would be disastrous. Furthermore, disruption of critical cyber-infrastructure in health care can bring severe consequences, such as enabling cybercriminals to access confidential patient health care information.

While we understand that it is imperative to provide the resources necessary to effectively defend against cyber-threats, it is still equally important to ensure that the government does not overreach on its specified mandate through Bill C-26. A research report written by Christopher Parsons called “Cybersecurity Will Not Thrive in Darkness” highlights some recommendations to improve Bill C-26. Among these recommendations is an emphasis on drafting legislation to correct accountability deficiencies, while highlighting amendments that would impose some restrictions on the range of powers that the government would be able to wield. These restrictions are critical, especially concerning the sweeping nature of Bill C-26, the critical cyber systems protection act, as outlined in parts 1 and 2, which I have explained in my opening statement.

The sweeping nature of this legislation is not new, particularly for the Liberal government. It even goes back to Bill C-11, the online streaming act, which essentially placed the Liberal government as the online content regulator controlling what Canadians see or listen to online. If members ask me, the government policing what Canadians view online is a cyber-threat in its own way, but I will not get into that right now.

There are other flaws in Bill C-26 that I would like to highlight, which brings us back to having Bill C-26 closely reviewed in committee.

In terms of civil liberties and privacy, some civil liberties groups have flagged serious concerns regarding the scope and lack of oversight around the powers that may be granted to the government under Bill C-26. In September last year, the Canadian Civil Liberties Association, along with other groups, released a joint letter of concern regarding Bill C-26, highlighting that the bill is “deeply problematic”, like several other questionable Liberal policies. They went on to further explain that Bill C-26 “risks undermining our privacy rights, and the principles of accountable governance and judicial due process”.

From an economic perspective, the bill lacks recognition of foreseeable impacted enterprises, such as small and medium-sized businesses, which will undoubtedly bring forth unintended consequences. According to the Business Council of Canada, some concerns include the lack of transparency seen through the one-way sharing of information. This brings about serious concerns. Operators are required to provide information to the NDP-Liberal government, yet those same operators are not entitled to receive any information back from the government or other cyber-operators. This whole information-sharing regime is lacking and, simply put, completely misses an opportunity to implement a transparent information-sharing system that would benefit all parties involved.

There is also concern regarding government overreach. Considering what powers would be granted to the government to order what a telecommunications provider has to do under Bill C-26, I would have expected to see sufficient evidence to support this overreach. However, that was not addressed at all, if not vaguely, in this bill. This, on top of blatant disregard for the recognition of privacy and other charter-protected rights, proves how the government only cares about granting itself more and more power, even in the face of blatant transparency and accountability concerns like election interference or the Bill C-11 censorship bill.

I only highlighted a few of the several highly valid concerns regarding this critically flawed bill. Obviously, it is important to defend national cybersecurity and defend against cybercriminals or foreign threats. However, there is a fine line between upholding the best interests of Canadians and just using another faulty bill as a power grab for the NDP-Liberal government, despite concerns regarding cyber systems, privacy and security infrastructure.

We Conservatives believe that it is of paramount importance to truly defend the rights and interests of Canadians from coast to coast to coast. One of the best ways this can be done is by securing Canada's cyber-infrastructure from attacks. While we welcome the idea of protecting the interests of Canadians in terms of cybersecurity, we want to flag that Bill C-26 has some highly concerning content that should be closely reviewed and discussed in committee to correct flaws and prevent potential overreach from the NDP-Liberal government. In the interest of protecting Canada's cyber-infrastructure, we must also guard against the sweeping government powers outlined in the critical cyber systems protection act.

Madam Speaker, on the one hand, the member says that he is really concerned about cybersecurity, and then on the other hand, the member is saying that the government is doing too much and that he is concerned about overreach and is very skeptical. Then he uses examples of health care and talks about waiting lists and so forth. I am a bit confused about exactly where the Conservative Party is with respect to the legislation.

Would the member not agree that, at the very least, many of the issues or concerns he raised might be somewhat irrelevant to the debate and that parts of his comments would probably be better served if the bill went to committee? He seems to give me the impression in his comments that the Conservative Party supports the principles of the legislation. Does the member believe that he will be voting in favour of the bill so that it can go to committee?

Madam Speaker, yes, I think we will be voting in favour of the bill. The problem is that although the bill would address the fact of cybersecurity as a very important thing we need to deal with, it seems like every type of legislation the Liberal government puts forward would also take away our rights and freedoms as Canadians. The Liberals always try to make sure the government is in charge, controlling what we can or cannot do. I think that is quite evident in this legislation when they start talking about one-way sharing of information.

Madam Speaker, I agree somewhat with my colleague. Sometimes, the Conservatives want their bread buttered on both sides, especially when it comes to cybersecurity or Internet bills. They support the principle, but oppose the intervention. It is difficult for them to find the right balance.

My colleague did not address the concerns. He spoke instead about Bill C-11, which is a very important bill for the promotion of French content on the Internet, but which was blocked by my Conservative friends.

Over the past two break weeks, I spoke with many Quebec artists. The Union des artistes fervently hopes that Bill C‑11 will pass so that French content will be promoted on line. It is extremely important. However, the Conservatives are stonewalling. They did so in committee, and even now, they are delaying the work in this place.

How does my colleague feel about the fact that all Quebec and francophone artists across Canada are against his party?

Madam Speaker, I think there is some confusion as to what we do and do not stand for. I believe there are a lot of opportunities in Canada when it comes to online streaming and how we can get our products out to market. However, when we start talking about Bill C-11, we start talking about censorship and what can or cannot happen here in Canada. Everyone talks about how we are going to protect the rights of our artists, but I am very concerned about the time when the censorship starts taking place and Canadians actually start understanding there is going to be content that would not be allowed to be viewed. I sure hope the member is right that there will not be such censorship, but I am afraid he could be mistaken.

Madam Speaker, I am pleased the member is going to vote in favour of the legislation. Could he provide a specific example within the legislation that he would say is government overreach?

Madam Speaker, that was probably the briefest time I have ever heard the member speak in the House; it is shocking. I will do my best as well.

When we start talking about information sharing, all these companies have to provide information as to what they are doing to make cybersecurity safe in Canada. However, the government is not reaching out to the same companies and people to say what it is hearing about and what it is understanding. That is one of the biggest problems; it would not be a two-way sharing system but only a one-way sharing system. Once again, the government is trying to control what Canadians can or cannot do.

Madam Speaker, it is always an honour to rise in the House, especially when I can talk about safety and security.

I always try to enhance safety and security for Canadians at home and abroad, for our corporations that are major contributors to our economic base, and of course, for government institutions. Today, discussing cybersecurity in Canada is an opportunity to enhance our country's ability to protect us from cyber-threats.

Security is a significant concern for all Canadians. Lately, with the rise in organized crime and gang offences to the tune of a 92% increase in gang crime, I have to wonder when the government will be led by evidence, or in other words, provide evidence-based action. It is extremely important for our country to have cybersecurity to protect itself from threats, and I welcome Bill C-26. However, I am apprehensive about how successful this bill may be since accountability is a question that the opposition brings up every day in this House.

Bill C-26 is basically divided into two parts. The first part aims to amend the Telecommunications Act to promote the security of the Canadian telecommunications system. It aims to do this by adding security as a policy objective to bring the telecommunications sector into line with other infrastructure sectors.

By amending the Telecommunications Act to secure Canada's telecommunications systems and prohibit the use of products and services provided by specific telecommunications service providers, the amendment would enforce the ban on Huawei Technologies and ZTE from Canada's 5G infrastructure, as well as the removal and termination of related 4G equipment by 2027. Of concern is the time it took the government to react to enforce the ban on Huawei.

The second part aims to enact the critical cyber systems protection act, the CCSPA, which is designed to protect critical cybersecurity and systems that are vital to national security or public safety or are delivered or operated within the legislative authority of Parliament. The purpose of the CCSPA is to ensure the identification and effective management of any cybersecurity risks, including risks associated with supply chains and using third party products and services; protect critical cyber systems from being compromised; ensure the proper detection of cybersecurity incidents; and minimize the impacts of any cybersecurity incidents on our critical cyber systems.

The effects of this bill will be far-reaching, and there are some points to consider: The government would have the power to review, receive, assess and even intervene in cyber-compliance and operational situations within critical industries in Canada. There would also be mandatory cybersecurity programs for critical industries, as well as the enforcement of regulations through regulatory and law enforcement with potential financial penalties.

Under both provisions, the Governor in Council and the Minister of Industry would be afforded additional powers.

If any cybersecurity risks associated with the operator's supply chain or its use of third party products and services are identified, the operator must take reasonable steps to mitigate these risks. While the bill does not indicate what steps would be required from the operators, such steps may be prescribed by the regulations during a committee review.

The act also addresses cybersecurity incidents; a cybersecurity incident is defined as an:

incident, including an act, omission or circumstance, that interferes or may interfere with

(a) the continuity or security of a vital service or vital system; or

(b) the confidentiality, integrity or availability of the critical cyber system

touching upon these vital services. It does not indicate what would constitute interference under the act.

In the event of a cybersecurity incident, a designated operator must immediately report the incident to the CSE and the appropriate regulator. At present, the act does not prescribe any timeline or indicate how “immediately” should be interpreted. Again, there is an opportunity to address this at committee.

There are some concerns with Bill C-26 as it is presently drafted. What the government might order a telecommunications provider to do is not clearly identified. Moreover, the secrecy and confidentiality provisions of the telecommunications providers to establish law and regulations are not clearly defined.

As has been brought up today, potential exists for information sharing with other federal governments and international partners, but it is just not defined. Costs associated with compliance with reforms may endanger the viability of small providers. Drafting language needs to be in the full contours of legislation, and that could be discussed at committee as well. In addition, there should be recognition that privacy or other charter-protected rights exist as a counterbalance to proposed security requirements, which will ensure that the government is accountable.

Some recommendations, or ones derived from them, should not be taken up, such as that the government should create legislation requiring the public and telecommunication providers to simply trust that the government knows what it is doing. Of course, this is a challenge. Telecommunications networks and the government must enact legislation to ensure its activities support Canada's democratic values and norms of transparency and accountability.

If the government is truly focused on security for Canadians, should we not be reviewing our gang and organized crime evidence? Our present policies have failed. Should we not look at the safety and security of our bail reform in an effort to prevent innocent Canadians from becoming victims?

Bill C-26 is a step in protecting Canada from cybersecurity threats. What is the review process to ensure compliance and effectiveness, as well as that goals are met?

In terms of bail reform, even though the evidence clearly shows that Bill C-75 has failed, we see that the NDP-Liberal government is not interested in reviewing bail reform. Cybersecurity is important to our country's security; so are victims of crime after their safety and security has been violated.

I am concerned that the government is struggling with evidence-based information to review Bill C-26, as it has with Bill C-75 and Bill C-5. These bills are not supported by evidence. In fact, offenders and criminals have a higher priority than victims do. My concern is as follows: If Bill C-26 requires amendments and review, will the government follow up? It is so important to be flexible and to be able to address changes, especially in a cybersecurity world, which changes so rapidly.

Bill C-26 proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security. Therefore, although late out of the gate, Bill C-26 is a start. However, since this bill proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security, I would like to see individuals, corporations, and most importantly, the government held accountable. There should also be measures to ensure that the objectives of the bill are met and that there is a proper review process.

As I have stated, government accountability has not been a priority. For the proposed bill to succeed, there have to be processes for review and for updating the critical cyber systems protection act.

The failure of Bill C-75 on bail reform is clear with recent violent acts by murderers and individuals who should never have been out on bail. Today we are debating Bill C-26, and I would hope that there are lessons learned from our failure to review Bill C-75. In addition, we can learn from the failure of Bill C-5, as gang violence and organized crime rates are up 92%. Surely the government will open a door for review and making required changes to Bill C-26 on cybersecurity.

I am thankful for the time to speak on the responsibilities related to cybersecurity.

Madam Speaker, we have seen an explosion in the impact of the digital world around the globe. Here in Canada, our systems are very complex, and we have some that are absolutely critical, which need to have the proposed protection.

We have a progressive government that is looking at this in a very serious manner. This is why we are bringing forward this legislation and recognizing the impact of cybersecurity threats. The opposition seems to support the principle of the legislation.

The member has recognized a number of areas in which he would like to see better definition and more details. I would suggest to the member that much of what he is looking for could best be had at the committee stage. If we get the bill to committee, could we look at what he is talking about in more detail? What are his thoughts on that?

Madam Speaker, the member is right. When we get to committee, we can iron out some of the flaws that we have seen in Bill C-26. It is going to be important to focus on accountability and the member did not address that. That is where this bill can either succeed or fail. We need to ensure there is an accountability process for the government, so when it follows through with Bill C-26, we have a process and we can go back and say we need to tweak or change something because cybersecurity changes so fast.

Madam Speaker, we have been hearing details about the impact this bill could have. I would like to hear my colleague's thoughts on the following question. Why are we always in reaction mode?

In 2019, the Standing Committee on Access to Information, Privacy and Ethics was looking at how to separate information pertaining to social insurance numbers in order to protect citizens' privacy.

What message does this bill send? Yes, a structure exists. Yes, there are correspondents, organizations and individuals who will have more power and potential accountability, but what is behind all of this? Are the Liberals trying to clear their conscience for all the scandals of the past few years?

I would like to hear my colleague's thoughts on that.

Madam Speaker, I am not too sure what the specific scandals were, but this bill certainly opens the door for information sharing and, as was brought up, intelligence sharing, and, through accountability, we can cover those. We can actually be accountable in how we share information safely and we can protect the rights of Canadians.

Madam Speaker, I want to thank the hon. member for his speech today and for his many years in law enforcement. He certainly knows a lot about this file. Throughout the member's speech, the number one word he used, and we can check Hansard, was “accountability”, and also the frustration with the Liberal government on a lot of the bills that have been passed.

How does he feel on this particular bill on accountability?

Madam Speaker, in the last several months, we have seen accountability raise its head here in Parliament with Bill C-5, Bill C-75 and Bill C-11. Without accountability, it is as though the government does not actually care what we are doing because with a majority government, the NDP and Liberals can make decisions based on what they think is right and there is no accountability.

With Bill C-5, the evidence is not there. Bill C-21, taking legal guns from legal gun owners, is another non-evidence-based process. With Bill C-26, which we are talking about today, it is time that we start building in some processes for accountability so the government is actually accountable for what it is doing.

Madam Speaker, I am very pleased to be joining the debate today to offer some of my thoughts and perspective on Bill C-26, a much awaited bill on a cybersecurity infrastructure.

Bill C-26 is a good reminder to members that the Department of Public Safety and its subject matter is so much bigger than just firearms, because, of course, firearms and Bill C-21 have been dominating the news cycle for the last couple of months. That bill, in particular at the public safety committee, has occupied so much time and wasted so many resources. Bill C-26 is a good reminder that with cybersecurity we have so many other agencies that are dedicated to national security under the umbrella of public safety. Cybersecurity is a big subject matter. We also have Bill C-20, which is an important bill on oversight and accountability for both the CBSA and RCMP.

Today, we would not find many members in the House of Commons who are arguing against the need for better cybersecurity. All of the evidence out there points to this being a new and evolving threat. Artificial intelligence systems offer some interesting advantages, but with those advantages come threats and with those threats come actors who are determined to use them in nefarious ways that will harm and have harmed Canada's interests. We need a whole host of options to counter this threat. We need our national security agencies to take these threats with increased importance. We also need legislation to fill in the gaps and make sure that all of Canada's laws are up to date.

I have spent a lot of time on the public safety committee. We did a couple of reports that directly touched on this area. One of our first reports identified violent extremism. Our most recent study looked at the threat posed by Russia. We know that since Russia conducted its invasion of Ukraine, which has recently passed the one-year anniversary, it has also increased the threats that it offers to Canada and to like-minded countries. One of those areas is cybersecurity.

Our committee has not yet tabled its report, which should be tabled in the House of Commons soon so that members of the House and the public can not only see the results of the deliberations, but also see the important recommendations that the committee is going to make. However, we heard a lot of testimony during those committee hearings on the cyber-related threats from Russia. Many witnesses identified that those are among the most serious and relevant for Canada's public safety and national security, particularly in relation to critical infrastructure.

I want to set this table before I get into the nuts and bolts of what Bill C-26 is offering, but also set some of the problems that are in evidence with this first version of the bill.

We have to understand a few basic terms. The Government of Canada refers to critical infrastructure as the “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government”, whether that is the federal government, the provincial governments or our municipal governments. Because so many of those pieces of critical infrastructure are now tied into computer systems that are vulnerable to attack, a bill like this becomes quite necessary.

I could go on and on about all of the critical systems in our modern society and the range of sectors, from our energy production to our food distribution systems to our electricity grid and transportation networks and how our ports and our banking system work. If one were to interrupt any one of those services, it could create absolute havoc within any Canadian community or countrywide.

One of the witnesses we had during our public safety meetings on the topic of the threats posed from Russia, and this was just talking about the cyber-threat more broadly, was Jennifer Quaid, Executive Director of the Canadian Cyber Threat Exchange. She reminded our committee that there are nation-states that are conducting espionage and statecraft through the Internet, but there are also criminals who are engaging in cybercrime for financial gain.

In some cases, those criminal groups and the nation-states are working together. There is evidence of this not only in Russia but in places like North Korea and China, where it is almost like the policy that was in place back in the 1700s and 1600s, where privateers would go out and do a nation-state's bidding. In this modern-day version of that policy, there are criminal organizations that are working hand in glove with some nation-states to give them some plausible deniability, but the systems they are using do pose a very real threat to Canada.

One of our key witnesses during the study was Caroline Xavier, Chief of the Communications Security Establishment. She was not able to go into much detail or specifics, given the very sensitive nature of the topic, but she was able to assure the committee that cybercrime is absolutely the most prevalent and most pervasive threat to Canadians and Canadian businesses. She observed that the state-sponsored cyber programs of China, North Korea, Iran and Russia posed the greatest strategic threat to Canada, and that foreign cyber-threat activities have included attempts to target Canadian critical infrastructure operators, as well as their operational and information technology.

Leaving aside the government, it is important for members to realize that most of Canada's critical infrastructure is, by and large, in the hands of the private sector. This is going to underline some of the important elements of Bill C-26.

We also had testimony from David Shipley, Chief Executive Officer of Beauceron Security. He was relaying the same stuff about Russian criminal organizations working in tandem with the government, and saying that criminal gangs have crippled Canadian municipalities. They have gone after health care organizations. The range of malicious cyber-activity has absolutely extended to many small and medium-sized enterprises.

When we look at the reporting requirements of Bill C-26, one of the biggest gaps that we have in our system is the fact that many businesses, private enterprises, are loath to report the fact that their systems have experienced a cyber-attack. They may be threatened to not do so. There is also a very real concern about the institutional harm that could come from the public release of said information. A large corporation that relays to its customers that it has experienced a cyber-attack may find people are loath to do business with it if they are unsure that its systems are up to par.

I also want to highlight a recent example from 2021, where the Government of Newfoundland and Labrador experienced a health records cyber-attack on October 30. The investigation revealed that over 200,000 files were taken that contained confidential patient information.

One can just imagine that in a province the size of Newfoundland and Labrador the fact that over 200,000 files were taken, that is a shocking theft of personal and confidential information. It really underlines just how important addressing this is.

I also want to touch briefly on the topic of artificial intelligence. I want to read a quote from a recent Hill Times article. This is from Jérémie Harris who is one of the co-founders of Gladstone AI, which is an artificial intelligence safety committee. He says:

But perhaps more concerning are the national security implications of these impressive capabilities. ChatGPT has been used to generate highly effective and unprecedented forms of malware, and the technology behind it can be used to power hyperscaled election interference operations and phishing attacks. These applications—and countless other, equally concerning ones also enabled by new advances in AI—would have been the stuff of science fiction just two years ago.

He goes on to say:

...ChatGPT is a harbinger of an era in which AI will be the single most important source of public safety risk facing Canada. As AI advances at a breakneck pace, the destructive footprint of malicious actors who use it will increase just as fast. Likewise, AI accidents—now widely viewed by AI safety specialists as a source of global catastrophic risk—will take more significant and exotic forms.

Something all members of the House really have to be aware of is how, just in the last two years, AI has advanced so quickly. We can think about what AI will be capable of two years or a decade from now. Just as Mr. Harris said, what it is doing right now was inconceivable just two years ago. The fact that AI is now being used to generate unique code for malware indicates there is no telling what it can be used to do and how it could be used to wreak havoc. That underlies just how important this issue is and how seriously we, as parliamentarians, have to take it as we serve our constituents and do the important work of equipping our nation with the tools it needs to keep Canadians, and the critical infrastructure they depend upon, safe.

When I was a member of the public safety committee, I had a chance to speak with Mr. Harris. I actually put a motion on notice that the committee should be undertaking a study on the range of threats posed to Canada's public safety, national security and critical infrastructure, specifically by AI systems. I hope one day the committee can take that study up, but it is a committee with a very heavy workload. It is still trying to find its way through Bill C-21. It is waiting for Bill C-20 to arrive on its door and, of course, this bill, Bill C-26, would also keep committee members quite busy.

I would like now to turn to the specifics of Bill C-26 and what it is attempting to do. It is separated into two main parts. According to the summary of the bill:

Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system.

There are a number of orders that the Minister of Industry could issue. For example, he or she could prohibit a TSP from using any specified product or service in its networks or facilities; direct a TSP to remove a specified product from its networks or facilities; impose conditions on a TSP’s use of any product or service; subject a TSP’s networks or facilities, as well as its procurement plans for those networks or facilities, to a specified review process. Those are just a few examples of how the minister's orders could be issued. The bill does require the Governor in Council or the Minister of Industry to publish these orders in the Canada Gazette, but there is an allowance in the bill to allow these provisions to be prohibited, so the government can prevent the disclosure of these orders within the Gazette if they feel they need to be kept secret.

Part 2 would enact a brand new statute of Canada, a critical cyber systems protection act, which would “provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety”. In schedule 1 of the government's bill there is a brief list. Vital systems and services can include telecommunication services, interprovincial or international pipelines and power line systems, and nuclear energy systems. Those are a few examples. A really important point is that the Governor in Council, through this bill, would be able to establish classes of operators and require designated operators to establish and implement cybersecurity programs.

This is where the bill would affect the private sector and make sure those cybersecurity programs are in place, especially when that private sector is involved in critical infrastructure. As a brief outline, with those cybersecurity programs, the expected outcomes would be that they could identify and manage any cyber-risk to the organization, including supply chain risks; prevent their critical cyber systems from being compromised; detect cybersecurity incidents; and limit the damage in the event a cybersecurity incident did occur.

I want to talk about concerns with the bill, because there are a lot of concerns. I have had the chance to speak with a number of organizations, but first and foremost was OpenMedia. I had a great conversation with the people there. There is a section on its website that specifically deals with Bill C-26. OpenMedia absolutely realizes that new cybersecurity protections are needed to protect Canada's infrastructure, but it believes they have to be balanced by appropriate safeguards, and this is to prevent their abuse and misuse.

We rely on these essential services, and their protection is important, but Bill C-26, as it is currently written, would give the executive branch huge sweeping powers. In my reading of the bill, there would not be enough accountability and oversight; there would not be enough review mechanisms for Parliament to check the power of the executive, and I think this is a critical point. I think, in principle, we have a good idea with the bill, but a lot of work will be needed at committee to ensure that this executive power would be checked and that it would fit within the parameters of the law. We absolutely must have that kind of parliamentary oversight.

I also know of the Canadian Civil Liberties Association, which said:

The problems with the Bill lie in the fact that the new and discretionary powers introduced by C-26 are largely unconstrained by safeguards to ensure those powers are used, when necessary, in ways that are proportionate, with due consideration for privacy and other rights. The lack of provisions around accountability and transparency make it all more troubling still.

I think, at this stage, we want to ensure, with the minister's powers to order or direct service providers, and the requirement to comply with these orders, that these powers are being subjected to the appropriate safeguard mechanisms. They are quite broad, as currently written.

In conclusion, I want to see a bill that protects vulnerable groups from cyber-attacks. So many Canadians rely on these critical systems, and we know so many have been targeted and are being targeted as we speak, and we know these dangers are going to multiply and get worse the longer we go on. We want to make sure they are protected, but we want to make sure that we do not have broad unchecked ministerial powers with no public oversight. That is the balance that must be achieved.

I must express, in my closing minute, my personal frustration with how the Liberals draft their bills. The idea behind Bill C-26 is a good one, but the problem with how the Liberals drafted the bill is that it would give huge sweeping amount of power to the executive branch. I just wish they would have had the foresight to understand that, of course, these provisions would be met with opposition. It seems the Liberals are putting the work on committee members to fix the bill for them, rather than having had the foresight and intuition to understand that these are problematic elements of the bill.

I think a lot more work could have been done on the government's side to have presented a better first draft. I guess we have what we have to work with, but a lot of work is going to be needed to be done at committee, and I look forward to seeing members do that work.

I also look forward to voting for the bill at second reading and sending it to committee. I welcome any questions or comments from my colleagues.

Madam Speaker, Bill C-26 would assist in empowering our laws and legislators to ensure there is a higher sense of Canadian confidence in the digital world, given the importance of the critical systems that are at work. Whether they are in health care services or consumer purchases, we have witnessed a great deal of advancement over the last number of years in cyberspace.

I am wondering if the member could provide his thoughts on why it is so important that legislation is brought forward to support Canadian confidence and protect privacy at the same time, and deal with the issue of the security of our Internet.

Madam Speaker, it is quite clear that legislative gaps exist. Many of my remarks were focused on detailing the threat landscape out there.

The good people who work at CSIS, CSE and Public Safety Canada are dedicated professionals who treat this threat very seriously. Every day they go to work, they are determined to keep Canadians safe. The problem lies in the fact that so much of our critical infrastructure, those systems that our society relies on every single day, lies in the private realm. We want to ensure that the government is there as a partner to help them beef up their cyber systems so that, if any one of them is attacked, we can pool resources, address the threat and also learn from it to prevent ones in the future.

There is a need there, but again the crux of my comments is that we have a good idea in this bill. There is a need. It is just the details and specifics that need to be hammered out.

Madam Speaker, I am going to build a little on the last question to the member. I know he sat on the public safety committee for a while. From his viewpoint, what does he think is the greatest cyber-threat to Canadians?

I would ask him to speak again to why getting this legislation right is so important, but I am interested in his take on what he perceives to be the greatest cyber-threat to Canadians.

Madam Speaker, in my opinion, based on what I have heard, it is artificial intelligence and its capabilities in the hands of nefarious actors.

We heard from Caroline Xavier, the chief of the Communications Security Establishment, at committee. She identified China, Russia, Iran and North Korea as countries that are actively trying to undermine Canada's national security. If we combine that with what Mr. Jérémie Harris has identified as what AI is capable of now and what it could be capable of, I am very concerned that those countries that are actively trying to undermine Canada's national security interests will use this emerging technology to construct malware, the likes of which we have never seen.

That is why a bill such as Bill C-26 is important, but it is important that we get it right. We absolutely must make sure that our critical systems are beefed up and secured against not only those particular nation states, but also others that are actively trying to undermine our interests.

Madam Speaker, I heard loud and clear what the bill is missing. It lacks teeth and, of course, accountability mechanisms.

I heard my colleague opposite talk about the purpose of this bill, which could restore some degree of public trust. It is safe to say that trust is being undermined at the moment. My colleague is concerned not only about the fact that people's safety must not be compromised, but also about the impact on democracy and the need to ensure that it is not undermined.

Does my colleague agree that this bill has been crafted well enough to deal with the serious problems we are facing in terms of cyber-attacks and interference in our elections?

Madam Speaker, the hon. member has a point. I would identify the system that deals with our democratic process, including all of the actors involved, as being a critical system. It is probably the most critical system. However, while I do acknowledge there are definitely state actors who are trying to undermine our system, they are trying to undermine democratic systems all over the world. We see evidence of that.

I have a lot of confidence in the public servants who work at Elections Canada and who work for the office of the Commissioner of Canada Elections. They are doing their utmost to protect the sanctity of our democratic system. That being said, we cannot rest on our laurels, and it is up to us, as parliamentarians, to acknowledge these evolving threats and to equip our dedicated public servants with the tools they need to counteract these threats actively.

I would agree with the member's saying that these threats are real. They do need to be acknowledged. We owe it to ourselves to get Bill C-26 right so our public servants have the tools to counteract those threats.

Uqaqtittiji, given that there are concerns about our privacy rights being infringed upon and that Bill C-26 is not doing enough to protect our privacy rights, I would like to hear what the member thinks needs to happen to make sure this bill is improved.

Madam Speaker, a 20-minute speech does not give a lot of time to go over the multitude of concerns with Bill C-26. Yes, there are a lot of privacy concerns with this bill. We have had those concerns outlined not only by the Canadian Civil Liberties Association, but also by OpenMedia.

The way we allay those concerns is that we empower committee members on the public safety committee to give this bill a thorough going-over, and to make sure those expert witnesses are brought forward so they can identify the specific clauses of this bill that are problematic. We need to give members of the committee enough time to draft the amendments.

What I ultimately want to see when this bill is reported back to the House is an acknowledgement that there is a very real threat; that the bill would empower the government to counteract that threat; and that the bill would also provide a very important layer of parliamentary oversight and accountability, which I think should include some of our dedicated public servants, like the Privacy Commissioner and others.

Madam Speaker, the member for Cowichan—Malahat—Langford shared some concerns in his speech. I am sure he saw the open letter from eight groups, including the Canadian Civil Liberties Association, the National Council of Canadian Muslims and OpenMedia. One of their concerns is power without accountability for the CSE, or Communications Security Establishment, our cybersecurity agency.

Can he share more about what could be done to address this concern in Bill C-26?

Madam Speaker, there have been serious concerns about how, within the telecommunications infrastructure, Bill C-26 would allow Canada's national security and spy agencies to permanently implant themselves within that infrastructure, have access to all kinds of sensitive data and possibly share it.

I do not know what the specifics are at this point. I think the committee will be empowered to look at that. I want to make sure that, everywhere in Bill C-26 where ministers are able to issue these types of orders, or if they are kept secret, there would be accountability mechanisms built into the bill.

Can we give the standing joint committee on regulations the ability to review those orders, since they could be prevented from being published in the Canada Gazette? That is one particular example, but there are many others.

I agree with the premise of the member's question in that there is a lot of work that needs to be done with Bill C-26 at committee.

Madam Speaker, I am pleased to be able to rise in this place today and speak to Bill C-26, a bill that we as Conservatives are supporting to get to committee.

I have a lot of concerns around the bill itself, in terms of making sure that the government did not make a number of errors in judgment in putting it together. These concerns are based on the feedback we have received from Canadians and from organizations, especially on the issues surrounding privacy and the costs that have been offloaded to the private sector.

I also have to raise my concerns. Here we are, eight long years under the Liberal government, and we know that, when it has come down to cybersecurity, it has been slow in responding. A good case in point was banning Huawei from our critical infrastructure, our 5G network. We know that the Liberals sat on their hands and tried to do nothing for most of the past seven years, before they were finally forced to act after a great deal of pressure was brought upon them by our allies, especially within the Five Eyes.

Cybersecurity and national defence go hand in hand. When we talk about our national defence and national security, we know that hybrid warfare has evolved.

It is now about more than just targeting military assets; it is about targeting the entire government as it is at play. All we have to do is look at what is happening in Ukraine today, as well as what has happened to a number of other allies we have, through NATO, in eastern Europe.

We see the troll farms in St. Petersburg constantly attacking, on Facebook and on Twitter, the military individuals, the soldiers and troops, serving there. They also attack things like critical infrastructure in countries where Canadians are currently deployed, like Latvia. As we have witnessed in Ukraine and Estonia, they have not just gone after them through direct kinetic means to take out critical infrastructure, but they have also gone through cyberwarfare as well.

The Russians have done this very effectively in knocking down financial systems, knocking down transportation systems, and taking out power and water infrastructure in places like Estonia. As a prelude to the war in Ukraine, before they had actually started bombing these civilian targets in Ukraine, they were attacking them on cyber. It is part of hybrid warfare and it is the evolution of war.

There is a responsibility upon the Government of Canada to ensure that we are protecting not just our national infrastructure and the Government of Canada, that we are not just using CSE, or Communications Security Establishment, to protect national defence, but that we are also using a plethora of capabilities to ensure that our infrastructure here in Canada is protected.

That includes preventing our adversaries from going after our soft targets. That is what I think Bill C-26 is trying to accomplish, to ensure that telecommunications companies in Canada are stepping up to do their share to protect Canadians from cyber-attacks. We know that cyber-attackers have gone after things like our health care systems. They have gone after the medical records of Canadians. They have gone after the education records of students at schools and at universities. They go after retailers. They can go in through a retailer's back door, harvest all sorts of personal data, especially credit card information, and then use that for raising money, for transnational criminal gangs or for ransomware, as we have witnessed as well.

We must remember that we have a number of a maligned foreign actors at play here in Canada now and against our allies. It was just reported, again, that the People's Liberation Army was found guilty of hacking into U.S. critical infrastructure.

We know that the People's Liberation Army, under the control of the communist regime in Beijing, continues to attack cybersecurity assets around the world, including trying to break through the Canadian cybersecurity walls of our government and national defence on a daily basis.

As I mentioned, Russia has become very good at this. That does not mean that it is concentrating only on its near sphere of influence, NATO members in eastern Europe like Estonia, Latvia and Lithuania, but it is also targeting Ukraine. We know that it is targeting Moldova. We know that it has gone after countries like Romania, but it also does cyber-attacks here in Canada and in the United States.

Russia continues to be an adversary and we have to stand on guard to protect Canadians from those attacks.

We know that Iran, the regime in Tehran, is continuing to be a government that attacks its neighbours and attacks Israel and Canada through cyber-means. North Korea has developed an entire cybersecurity and cyberwarfare unit and continues not to just wreak havoc with the democratically elected, peaceful South Korea, but has also gone after Japan and the Phillippines, and is going after U.S. infrastructure as well. Therefore, we have to take the necessary steps to make sure we can deal with transnational criminal organizations, with nefarious foreign states and with those who are trying to get rich through ransomware.

Here in Canada just a couple of years ago, we saw a situation in regard to the Royal Military College in Kingston, which the member for Kingston and the Islands is certainly aware of. The Department of National Defence stated that RMC had been a target. It originally called it a mass phishing campaign, but a month after the incident, it was established that the phishing campaign was actually a cyber-attack going after financial information and personal data of cadets. These had been compromised and published on the dark web, and were made available to a lot of people who participate on the dark web to profiteer from that information.

According to several observers who looked at the hack of RMC Kingston, it was attributed to a cybercriminal group called DoppelPaymer that did not seem to be connected to a nation-state actor. There are criminal organizations out there that are going about their criminal activities in such a way as to extract dollars from governments, retailers and private citizens, as well as from other corporations, to line their pockets and continue doing other nefarious things that sometimes go beyond the cyberworld.

I have said in the past, when we have talked about other legislation here dealing with cybersecurity, that we not only need the ability to defend, but also that the government has the responsibility, especially under national defence, to attack using cybersecurity. We cannot just be here deflecting the arrows; sometimes we have to be able to shoot down the archer. The way we do that is by having a very robust cybersecurity system. We need the best capabilities and the best personnel who are able not only to sit here and defend, that is to put up shields and fight off the attacks, but also are able to go out there and take out the adversaries, to knock out their systems, so that we are safer here at home.

With regard to some of the criticisms that have come out, I know that letters have come in from the Canadian Civil Liberties Association, and the Business Council of Canada wrote a very detailed brief, as did the Citizen Lab in looking at the bill. When we read through the documentation, we see that one of the concerns that has been raised, especially by the Business Council of Canada, is that there seems to be an imbalance. We are telling members of corporate Canada to go out there and make sure they have the proper cybersecurity systems in place, but at the same time we realize that it is not just up to them to do the defending. What we see is that the corporations are saying that either they have to do it or we are going to fine them up to $15 million or five years of jail time, and that the individuals who work for them could also be held criminally responsible for not doing enough.

Sometimes resources are not available. Sometimes there are new companies that may not have the ability to put in place the proper security systems. I look at a lot of the Internet service providers that we have, for example. They are covered under the Telecommunications Act, yet, as new start-ups, they may not have the personnel or the equipment to properly defend their networks. Would we go ahead and fine these companies up to $15 million? Then what would we do in regard to jail time and fines for those criminal organizations that are profiteering through cyber-attacks? Where is the balance in this? That is one of the concerns we have and one of the things we have to look at through our study at the industry committee when it brings this forward.

A huge concern has been raised, especially by the Canadian Civil Liberties Association, on how this would be implemented and how it may affect the privacy rights of Canadians at the individual level. Corporations have broader responsibilities and do not necessarily fall under the charter, but their clients who they are going to protect and the information they are going to be required to share with the Government of Canada could very well be violations of their clients' privacy rights.

When we look at section 7 of the Charter of Rights, we have to balance the right to life, liberty and security of a person with section 8 of the charter which says that we have freedom from search and seizure. When we drill down on section 8 and go to some of the legal analysis of our charter, as all the rights and freedoms are laid out, it tells us that the underlying values of freedom from search and seizure when it comes to individual privacy is the value of dignity, integrity and autonomy. Again, I think we are all concerned that when we look at Bill C-26 at committee, we ensure the bill balances those rights of the individual to be both secure and safe from cyber attacks, but do it without compromising privacy rights and charter rights as described in freedom from search and seizure. The way we do that is through warrants.

We know that through National Defence, the Communications Security Establishment, or CSE, which has a long-standing history of defending the Canadian Armed Forces, has to comply with the charter. It has to comply with all Canadian legislation and it cannot do indirectly what it is prohibited doing directly. Therefore, CSE cannot go to the National Security Agency, or NSA, of the United States, say that it is concerned that a Canadian maybe talking to a terrorist organization offshore and ask the agency to spy on that individual because CSE is prohibited from spying on the person and listening in through the Communications Security Establishment. CSE cannot go to the NSA and ask it to violate Canadian law on its behalf to find out what is happening in the same way CSIS cannot go to the FBI or the CIA and ask it to spy on Canadians. It cannot do indirectly what it is prohibited from doing directly under Canadian law. The way to get around that is to apply for warrants.

Judicial appointments are made to have supernumerary justices over these organizations to ensure that charter rights are protected, even when conversations take place inadvertently. In the past, CSE has listened in on people who may have been in Afghanistan funding the Taliban or al Qaeda. They may have family in Canada and were talking back and forth about something that had nothing to do with operations on al Qaeda or the Taliban. However, because it involved a Canadian citizen, it had to go through the proper processes to ensure that his or her charter rights were protected by getting a warrant to listen to those conversations. Whether they were listening electronically or through wire taps, it is all mandated to watch that we do not trip over the rights of Canadians under legislation.

Bill C-26 would not address this like we have under the National Defence Act, under the Criminal Code and under the whole gamut of cybersecurity that has been in place up to date. The privacy rights are paramount.

To come back to Bill C-26, the Supreme Court of Canada said in 1984, as well as in 1988, that privacy was paramount and was “at the heart of liberty in a modern state”. Again, did the Liberal government ensure the bill was tested first to ensure those privacy rights were protected? This is what we will have to find out when we get Bill C-26 in front of committee.

We can look at information that has come from places like the Business Council of Canada. One of the concerns it raises goes back to this whole issue of huge fines on Canadian corporations, as well as the employees of those corporations, if they are found to have been not responsible enough to put in place proper security protocols to protect their clients from cyber attacks. Because it goes against individual employee as well, we will create another brain drain from Canada.

We are unfairly targeting Canadian employees who are going to be working for these cybersecurity firms, working in the telecommunications sector and in our financial institutions. If they are found to have erred, which a lot of times it is by error or by a lack of resources, then they are held criminally responsible and they are fined. The question becomes why they would want to work in Canada when they are afforded better protections in places like the United States, the European Union, the United Kingdom or Australia, which was held up by the Business Council of Canada as the gold standard we should be striving to achieve, and what it has done through their own cybersecurity protocols.

We want to ensure that we protect critical infrastructure, but we do not want to chase away very good Canadian employees and force them, with their skills, to go offshore where they have better protection and probably better pay. We want to ensure we keep the best of the best here. We want to ensure we do not go through a brain drain, as we have witnessed before when the Liberals have targeted professionals in Canada, such as lawyers, accountants, doctors or anyone who set up a private corporation. Now I fear the Liberals are going after individuals again who we need in Canada to protect us here at home, that they are creating a toxic work environment and those individuals will want to leave.

The Citizen Lab wrote a report entitled “Cybersecurity Will Not Thrive in Darkness”. It brought forward a ton of recommendations on how bad this bill was. It suggested that there needed to be 30 changes made to the act itself.

We realize that the government has not done its homework on this. We need to ensure we get experts in front of us who are going to look at everything, such as there is responsibility upon government to help corporate Canada ensure we have the proper security mechanisms in place to prevent cyber attacks. We have to ensure that those corporations are not being coerced into sharing private information with the Government of Canada that could be a violation of private rights, which may be a violation of the Personal Information Protection and Electronic Documents Act, PIPEDA. We want to ensure that privacy rights will be cohesive, but, at the same time, collectively, we need to balance all federal legislation that is in contravention of each other.

We need to bring in the legal experts. The Canadian Civil Liberties Association needs to be before committee. The Citizen Lab, which is very concerned about individual privacy rights, has to be front and centre in the discussion. We need to ensure the Business Council of Canada, the Canadian Chamber of Commerce and others are brought forward, along with the department officials who were responsible for drafting this bill at the direction of the Liberal government.

I will reiterate that I will be voting in favour of the bill to ensure it goes to committee and the committee can do its homework. I would hope that the government will allow the committee to do a thorough investigation, as well as a constructive report with recommendations on how to change and amend the legislation.

Finally, I would remind everyone that the Supreme Court of Canada said, “privacy is at the heart of liberty in a modern society”, and we have to take that to heart to ensure we protect Canadians from cyber attacks, as well as to ensure they have their privacy, dignity, integrity and autonomy respected.

Madam Speaker, when look at Bill C-26, I want to assure the member that the government has made very clear the importance of privacy rights. In fact, it was a Liberal administration that brought in the Charter of Rights, understanding and appreciating just how important privacy rights were. The legislation, which the Conservative Party is voting in favour of, and I grateful for that, is there to protect the integrity of the system. As we move more and more into that digital world, cyber-threats are very real and can have a profoundly negative impact. That is why we have to bring forward the legislation.

Given the potential threats to things such as the delivery of health care services to interactions on the net by Canadians, would the member not agree that it is important that legislation of this nature continue not only to deal with the threats but to build confidence in the system with Canadians?

Madam Speaker, I have a lot of trouble putting any confidence in the Liberal government. It took seven years for it to ban Huawei. It is a government that sat on its hands and did nothing about cybersecurity for the past several years. I know this is a government I cannot trust. When I look at Bill C-11, the Liberals are now trying to censor Canadians online. They are trying to control what people see online, which violates charter rights, especially when it comes down to freedom of expression, freedom of association and the ability to actually have discourse online about our political situation in Canada and around the world. When the Liberals try to put veils over certain parts of our information system, I have to be very concerned.

I look at Bill C-21 and how the Liberals have gone after responsible firearms owners like hunters, sport shooters and farmers. To me, that builds no trust in the government to get the job done.

Madam Speaker, I thank my colleague for his speech. It was eminently sensible, and he made some good points. I am glad the Conservatives are going to vote in favour of the bill so that it can go to committee, and I hope we will all approach that work in good faith, as we should.

Over the past few weeks, I have had the opportunity to serve as a substitute at the Standing Committee on Public Safety and National Security. I had a chance to question a witness, and one of the things we talked about was quantum computing, a new and rapidly evolving technology that Canada is absolutely not ready for. My sense is that it will take a massive investment up front to prepare the country for future cyber-attacks by systems that could crack passwords at lightning speed.

Does my colleague see this as a priority issue? Does he think that the committee should discuss making a massive investment in R and D and creating a technical team to get ready for these new technologies?

Madam Speaker, we all have to be concerned about the rapid deployment of new technologies and how they can be used nefariously to attack Canadians. This comes back to Bill C-26 as well. Again, the government would be putting all the onus on corporate Canada to protect us, but at the same time, I wonder who will do the R&D, who will step up to ensure our technology and our ability to defend ourselves is deployed across the spectrum, whether it is government agencies, government departments, our provincial and territorial partners or corporate Canada. How are we going to ensure the safety of Canadians when it comes down to their personal information and ID, especially if we are seeing new malware out there that will harvest and hack passwords in a matter of seconds?

We have to be investing in R&D. The government has a responsibility and role to get it done, but we do not see that in Bill C-26.

Uqaqtittiji, I agree that there needs to be better privacy protections to ensure our rights are not violated. I wonder if the member could share with us whether he agrees there needs to be greater parliamentary oversight built into the bill.

Madam Speaker, I agree. Right now, this will be studied only at the industry committee, but it involves a huge component of national security and national defence. I hope that as legislation comes forward, we will see other studies come into play that look at the impacts of it as it applies not just to industry but to our national security. One would hope that the public safety committee would also undertake a study. There might be a requirement to split this bill, and perhaps OGGO, the government operations committee, needs to look at this as well.

There are multiple departments within the Government of Canada, like Shared Services Canada, but how do we make sure that they are fully up to scale with all of the technologies that are currently available and that they are developing the new technologies needed to defend Canadians here at home? We know that the Government of Canada already collects a pile of personal information from Canadians and that they have been targeted by nefarious foreign actors, transnational criminal organizations and cybercriminals right here in Canada.

Madam Speaker, this is a very interesting debate and something we should be discussing thoroughly here in the House.

As my colleague has spent a lot of years as a defence critic and in the defence milieu, he is knowledgeable, so I want to ask him a bit about the People's Liberation Army's units 61486 and 61398. We know from public reports that these units have thousands and thousands of people working for them. The entire Canadian Armed Forces is somewhere around 60,000 to 70,000 people, so we would be outnumbered by their cyber-divisions alone.

Given the fact that AI is now in the public domain, does the bill go far enough in addressing the legitimate concerns that foreign actors create in everyday life here in Canada? What could be improved upon in the legislation?

Madam Speaker, my colleague is dead right that the People’s Liberation Army in Beijing has established a number of different cybersecurity units and that their whole goal is to cyber-attack. Canada is not an ally of China, so we have been attacked by the regime in Beijing. It will continue to attack us here and attack NORAD, as we just witnessed with the high-altitude balloons going around doing surveillance on military installations across North America.

We have to be ready, and the cybersecurity command we have here in Canada has been slow to get off the ground under the leadership of the Liberals. We need more resources. We need to use our reserves to find the right type of personnel out there, who are currently working in the private sector. Maybe we can also put them to work part time to defend Canada's interests so that both the corporate world and our national defence will be under better control and better command, with ultimately better protection for all Canadians.

Madam Speaker, I had some interesting discussions with many people last week in the wake of the TikTok ban. Obviously, one of the reasons that the platform was banned was because the Chinese state could take advantage of the personal information that goes along with using that platform. Someone was telling me that Facebook and Instagram are already doing it, yet no one seems to be concerned.

Of course, the concern with TikTok is that it is the Chinese state that could use the information. However, Facebook's business model is to take our information and give it to private companies that then use it to sell products. I have a bit problem with that.

I think we have all had the experience of talking openly about a product with someone and seeing an ad for that product two minutes later on our phone. Obviously, there are all kinds of ways to avoid that, but I think a lot of people have no idea how to go about it. We could create legislation to try to tighten up the use of these platforms.

Does my colleague agree?

Madam Speaker, my colleague from the Bloc was spot on when he started talking about Canadians being very trusting. All consumers are very trusting when using social media like Facebook, TikTok and Instagram. When I was at the ethics committee, we looked at Clearview AI, which scraped images off of Facebook and Instagram to build up its databases to profile criminals. On top of that, we found out that it was racialized.

As Canadians and as consumers, we have to be very diligent with where we are sharing our information. I agree that we have to ask questions around social media platforms like Facebook, not just TikTok.

Madam Speaker, it is my pleasure to rise in the House today to share my thoughts and those of my constituents on Bill C-26. I am very pleased to have this opportunity.

Bill C-26 is a risky and tricky piece of legislation. On the one hand, we have serious and growing issues of cybersecurity, and on the other hand, we have the importance of personal privacy. We also have questions related to government accountability and oversight. I am sorry to say that the government has not done a stellar job on either one of those fronts to date. I am hopeful that members of this House can work together collaboratively to craft a piece of legislation around what has been proposed in Bill C-26 that balances both of those vital yet often competing priorities.

I grew up in the 1960s under the spectre of the Cold War. When I was a kid, the threat of foreign attack came from the air above us, from nuclear missiles from Russia or China. While our adversaries remain the same and current events have sadly brought the spectre of nuclear disaster to the forefront again, the method of attack to which we are most susceptible today is far more sophisticated and far more insidious.

Rather than bombs from the air above us, the weapons of our enemies are in the air all around us: Men and women are sitting at computers in dark rooms, in government agencies or at the local library sending out digital viruses. These cancers attack the Internet, telecommunication waves and the platforms we have become reliant on to what I would consider to be an unhealthy degree.

That is where I will pause for a moment, because I think the best thing we can do, the first step to securing our national security and the well-being of Canadians, is what nobody wants to do, which is to take a little step backwards to take a look at this. We need to divest ourselves of our all-consuming reliance on digital platforms, devices and infrastructure, and ensure that our most vital infrastructure always has a physical fail-safe to fall back on.

Let me give an example. Let us talk about digital currency for a second. Digital currency exists. Most Canadians have a credit card, a debit card and online banking. I do and I use them; it is convenient. However, that is not to say for a minute that I think progress demands that we do away with hard currency. It is exactly the opposite. Canadians have become more reliant on digital currency, forms of digital ID, smart phones, smart cars, smart homes, smart cities, smart bombs, smart banking and smart hospitals, and the really smart thing to do is ensure that we always maintain physical infrastructure and ensure we are in control and not crippled by the worst that could happen.

Nothing is impenetrable. No matter how good or amazing the technology that we create is, no device, no platform and no code has been created that cannot be hacked. Anything people make, people can break, and if they cannot, they will develop a machine that can break it.

I was reminded of a story last week of a military computer virus called Stuxnet. Stuxnet single-handedly destroyed one-fifth of Iran's nuclear centrifuges. Actually, that is not totally correct. The worm that Stuxnet was caused these sophisticated machines to self-destruct. It got into their systems, learned how they operated and then caused the powerful turbines to spin in reverse, shredding the machines. We have artificial intelligence so advanced that it can make decisions, and the people who created the technology do not even know how the decisions came about. It cannot even tell them. It is a little scary.

Digitized records are important. We have all come to rely on them, but I believe keeping a hard copy is also important. Ensuring that we maintain a hard physical currency is very important too, as is recognizing the value of currency produced by the Royal Canadian Mint. We need to ensure that our power grid still has a physical switch and that our hospitals and banking systems cannot be crippled by a bright kid with a laptop or a foreign actor with a more malicious intent.

The government has been very slow to address cyber-threats. Under its watch, the CRA was hacked. It said 5,000 accounts were affected, yet that number turned out to be 50,000. It did not address the issue. There were lots of excuses from the minister, but what really happened? One year later it happened again, and another 10,000 Canadians had their personal data accessed by hackers. Last year, the National Research Council was hacked.

I am sure that after this past week, the government is tired of talking about foreign interference in our elections, so I will not belabour that point, except to say that we did have foreign interference in our elections. The Prime Minister knew about it and he did nothing. Worse than that, he still refuses to tell Canadians the truth about what he knew and when he knew it. Like everything else, he refuses to take responsibility. I wonder sometimes just how much longer those on the government benches will allow him to do so. I would bet that right now the Reform Act is looking pretty attractive to them.

Last year, Rogers' network went down suddenly. Canadians could not access their banking. Businesses could not function. Emergency services were affected. Rogers and the government said it was a glitch, a hack. We will probably never know for sure, but the effect was the same: chaos. That is what our enemies want, and we do have enemies, both foreign and domestic, people who want to see anarchy and to cause chaos, fear and division. It sounds eerily familiar.

What legislative response have we seen from the government to date? I am seriously asking, because when I think back over the past seven years that the Liberals have been in power, I am not aware of any substantive action, either proactive or reactive, that they have taken to address our cybersecurity and the glaring vulnerabilities that exist with respect to it. To that end, I am glad that we are now finally having this important discussion. We need to beef up our security systems, beef up our cybersecurity system and keep Canadians safe.

As the government always says, Canadians have a right to be safe and to feel safe. The obvious irony is that it only says it when it is clear that Canadians are neither safe nor feeling safe. Canadians should be able to feel safe, should be safe and should have confidence in the cybersecurity system they rely on.

My time is almost gone, and that is a shame because there are so many things we need to talk about with respect to this bill, although I am confident that my colleagues will be able to further articulate some of the concerns. However, I do want to say one word about privacy.

Many Canadians are concerned about the ever-increasing size, scope and reach of government in this country. The Prime Minister has increased the size of government by some 30%, and this bill gives such sweeping powers to the government that it has prompted numerous civil liberties groups, including the Canadian Civil Liberties Association, the International Civil Liberties Monitoring Group and the Privacy and Access Council of Canada, in addition to several other groups and academics, to express their very serious concerns about this legislation. They call it “deeply problematic” because it “risks undermining [the] privacy rights [of Canadians], and the principles of accountable governance and judicial due process”. That is a lot to unpack in just one sentence.

Had this legislation come forward three years ago, I would have probably said that it was a no-brainer and that we should get it done as national security trumps personal privacy. However, after the violations of civil liberties, even basic liberties, that we have witnessed over the past three years from the government, I would not be so eager to say that we should just get it done. There is also the government overreach, the control and the abject absence of even a semblance of accountability.

As vital as our national security is, the government, the ministers and the Prime Minister simply cannot be trusted with more power, and that is what this bill does. It gives the government of the day more power through the Governor in Council and through its agencies to establish regulations and to further limit and restrict the freedoms and privacy of individual Canadians.

It is my hope that as members in this House, we can strike the right balance after hearing from all sides and craft a piece of legislation that accomplishes everything we want and need in it. However, as it stands, Bill C-26 gives way too much power to a government that has proven time and time again that it is unable and unworthy to wield it.

Madam Speaker, I am glad the member brought up the issue of foreign interference and the rhetoric the Conservatives have been spreading the last little while. I want to read a quote from Fred DeLorey, who was the Conservative Party's 2021 campaign manager. He said, “I can confirm, without a shadow of a doubt, that the outcome of the election, which resulted in the Liberals forming government, was not influenced by any external meddling.”

Can the member comment on that quote, given the context and the comments he made during his speech?

Madam Speaker, this is an important question. Some time ago, I did a term on the National Security and Intelligence Committee of Parliamentarians, and what I learned there was that we have phenomenal security agencies in this country. One of those is the CSE, the Communications Security Establishment, which monitors cybersecurity. It does phenomenal work.

I was coming back from a meeting one day, driving down the highway. It happened to be a Friday, and I noticed vehicles pulling campers and boats, with roof racks and bicycles attached to their bumpers. I thought, is it not wonderful that we live in a country where we have absolutely no idea about the existential cyber-threats that are out there? Why is that? It is because our security agencies are doing a phenomenal job at keeping us safe and providing this kind of environment.

The obligation of the government, when it gets advice from our security agencies, is to act on it.

Madam Speaker, unfortunately, we have seen that, when it comes to everything that affects all citizens, the government is ignoring security issues and the threats that foreign interference can pose. We are seeing partisanship everywhere. We are talking here about cybersecurity. We want our electoral system to be airtight. We also do not want democracy to be affected.

Is this the right time for this bill? Is it designed well enough that we can do the same as our Five Eyes colleagues who took the bull by the horns far in advance?

Madam Speaker, this is a very relevant question. Is it the right time for a bill like this? I would like to give a very brief answer: Yes, it is absolutely the right time for this. Is it the right bill yet? No, it is a good starting point. That is how we can look at this bill. I am happy to vote in favour of this bill, to get it to committee. I am hopeful, from the comments I have heard from members of the Bloc and the NDP, that they are eager to give this bill a robust study and make the necessary amendments that will address the cybersecurity requirements in our country to keep critical infrastructure and our citizens safe, but also to respect the privacy of Canadians. Those are equally important elements. I am looking forward to the study on this bill.

Uqaqtittiji, I would like to thank the member for his very informative intervention, where he very clearly stated his concerns with the broad powers the government seems to want to grant itself.

Can the member talk about what concerns regular Canadians might have, regular Canadians who have not done anything wrong, and how they may be impacted by the extreme ministerial powers that might emerge from this bill if it is not changed?

Madam Speaker, I am just going to read an excerpt from the bill, because it really encapsulates the answer to the member's question. It states the bill would authorize the Governor in Council, which is cabinet, “to designate any service or system as a vital service or vital system”. It would also authorize the Governor in Council “to establish classes of operators in respect of a vital service or vital system”. It also “provides for the exchange of information between relevant parties”.

We cannot currently do that. Our security and law enforcement agencies cannot transfer information without a judicial warrant. Why would we allow the government and cabinet to do that?

Madam Speaker, it is an honour, as it always is, to rise in the House of Commons of the Canadian people and speak to Bill C-26, an act respecting cybersecurity, which seeks to amend the Telecommunications Act and make subsequent amendments to others acts.

I want to say from the outset that cybersecurity is a critically important issue. For those of us who have been watching the news, we have even seen bookstores like Indigo impacted by ransomware, and we know that no Canadian, business or government agency is immune to cybersecurity threats. As Conservatives, we obviously support taking robust action on cybersecurity and we look forward to the bill going to committee, where we can hear from stakeholders who have expressed uncertainty about what the impact of the bill is going to be. Certainly, I hope we can work across lines to make a better piece of legislation and address the very real challenges we are facing in this cybersecurity age, in this cyber age that we are facing.

I am going to go into a bit of background on the bill, because my constituents might not have heard of this legislation. For their benefit, I am going to give a bit of summary of what I understand the changes to be.

The threat of malware in our telecommunications sector and critical infrastructure does pose a serious threat to Canada. It is important that we respond to these threats proactively, in light of the inevitable future attacks that will happen in our cyberspace. As I said, Conservatives will support legislation to defend our telecommunications sector and our other critical infrastructure from threats, the likes of which, as I stated earlier, have been levied against Canadian individuals, corporations and government agencies repeatedly.

In order to evaluate this legislation, I would like to take some time to consider how the proposed bill might impact our economy, our national security and our commitment to protecting the civil rights of Canadians. Although legislation relating to cybersecurity threats is now long overdue, we should remain vigilant to protect the rights of Canadians and our domestic corporate actors, who could be seriously impacted by the unintended consequences of this legislation. Notably, I am somewhat concerned by the sweeping discretionary powers that are granted to the minister and the Governor in Council in this legislation. I would also like to talk about some of the objectives of the bill and then describe how this current proposed legislation could fail in achieving its intended purpose.

The bill is presented in two parts. The first would amend the Telecommunications Act to promote the security of the Canadian telecommunications sector, and the second part of the act would enact the critical cyber systems protection act. The amendments to the Telecommunications Act are intended to protect against ongoing threats of malware, which poses a threat to the Canadian telecommunications system, and the critical cyber systems protection act aims to strengthen the cybersecurity systems that are so vital to our national security and public safety, and it would allow the government to respond to these cyber-threats.

The aim of this legislation would implicate operators in a broad variety of fields, including the finance, telecommunications, energy and transportation sectors, just to name a few, all critical parts of our infrastructure. With these aims in mind, it is important to consider how expansive the government powers being talked about here are, new powers to the government, how these new powers will affect all these sectors that affect our day-to-day lives, and whether these new measures are proportionate and necessary to be implemented.

To begin, the powers afforded to the minister present economic and financial risk for critical systems operators and telecommunication system providers. The first consideration is the minister's ability to direct telecommunication service providers to comply with an order to prohibit a provider from using or providing certain products or services to a specific individual or entity. Those are pretty broad powers. The bill would implicate the operations of private telecommunications organizations, and therefore the legislation requires safeguards to protect the economic viability of these companies. The bill would also allow the minister to compel telecommunications companies to obey government directives or face the consequences of significant monetary penalties.

In giving the minister such expansive powers, the government may have failed to consider the potential economic impact of these unchecked provisions on service provisions. Telecommunications revenues contribute over $50 billion to Canada's GDP, yet the government has not provided clear and adequate safeguards in this legislation to limit the extent to which or the frequency with which it might use these service provisions and how they might be restricted under the instance of even a minor cyber-threat.

Large, medium and small regional market players would be impacted by this legislation if appropriate safeguards are not adopted in the amendment stage. Large telecommunications service providers make up about 90% of the market share, and any directive to suspend a service by these large market players could impact a significant amount of the Canadian population. Although we hope that such orders will seldom be issued, the vagueness of the language in the bill does not guarantee this.

Meanwhile, we see small and medium-sized players who disproportionately service under-serviced areas in Canada; I am thinking of rural and remote communities. These small and medium-sized players often have trouble dealing with the regulatory complexity and the financial investments needed to meet regulatory thresholds, and we could see these small and medium-sized players just fold up or get bought out at a fraction of what their value would have been. We would really see this as a consequence for rural and remote communities, which are struggling, even today, to get access to basic services like high-speed Internet.

For these reasons, the overbroad provisions in the bill do not lend themselves to a standard of proportionality.

A stakeholder group, Citizen Lab, released a research report on Bill C-26 from the Munk School, authored by Dr. Christopher Parsons. The report outlines, in its recommendations, that the legislation should be amended to allow telecommunications service providers to obtain forbearance and/or compensation for orders that would have “a deleterious effect on a telecommunications provider’s economic viability”.

The Business Council of Canada is likewise concerned about the CCSPA requiring that all critical systems operators undertake the same precautionary actions to protect themselves from cyber-threats. The Business Council of Canada notes that the legislation would require a singular standard of all service providers “irrespective of their cyber security maturity”. We know that there are highly funded firms with a lot of resources that have highly superior cybersecurity systems, and then we have our more infant, junior tech companies that are trying to grow so that they can attract capital. These regulatory requirements of holding them to the same standard could have a negative effect on growing the tech ecosystem here in Canada.

Moreover, the Business Council of Canada notes that the legal threshold for issuing the directives is too low. The low threshold to issue these orders to an operator would allow the possibility of lost revenue for operators because of an absence of due diligence on the part of the government, a government that has had its own cybersecurity problems. I have serious reservations that a government that is unable to run its own IT systems will have a better capability of telling private companies how to run their IT systems.

The council further notes that the monetary penalties are unduly high and are not proportionate, given the benefits of compliance in the event of a perceived or actual cyber-threat. These companies in Canada want to live by the rules. They want to work with the Canadian government. Their reputations are at stake, yet the government is treating them like they are bad actors by putting these fines in place, when maybe we should be looking at working and engaging more with our telecom sector to have a more friendly relationship on this issue.

Another group, Norton Rose Fulbright, noted that there is still considerable uncertainty as to how detailed the cybersecurity plans must be and how it would alter industries' existing policies and agreements. Clearly, there is a lot of uncertainty about this, but it is too important to let it go aside, so I am looking forward to this coming to committee, where we can have some of these stakeholder witnesses come and talk about things so that we can clear up the uncertainty and we can have targeted cybersecurity measures that actually result in benefits to Canadians.

Other technical experts, academics and civil liberties groups have serious concerns about the size, scope and lack of oversight around the powers that the government would gain under this bill. Civil liberties groups are particularly concerned about the government's ability to direct telecommunications providers to do anything needed by secret order. While the legislation lists what might be included by the minister or Governor in Council, the ambiguity of the wording leaves open the possibility of compelling a telecommunications company to do more than is officially stated. This is particularly noteworthy because of the significant monetary penalties that can be levied against these companies, to the tune of up to $10 million a day.

Liberals, in many cases, have perhaps neglected to consider the privacy of Canadians through this legislation.

Bill C-26 would allow the government to bar any person or company from receiving specific services, which raises concerns about the discretion the government has in making these decisions. Again, it is very unclear. This is too important. We should bring the bill to committee and vote on it, but there are lot of things we need to get right in the legislation. We look forward to looking at that.

Mr. Speaker, my colleague had a very insightful speech and talked a bit about how there are some concerns related to the oversight that would be associated with the wide and sweeping powers the government may be granting itself in the bill. I am wondering if he could expand a bit more on why it is important that, through the processes of debate in this place and through committee work, we ensure that we have the appropriate balances in place to ensure we get that oversight side of things right.

Mr. Speaker, Parliament exists to defend the rights and liberties of the Canadian people. Oftentimes, I find this legislation is highly technical. The technical legislation is often where we see the biggest changes that would impact people's lives. When the government proposes to give sweeping powers to the minister to have control over sectors that impact every facet of Canadian lives, we need to do our due diligence as parliamentarians. We need to bring forward the stakeholders, the witnesses and the civil liberties advocates to ensure that the rights and liberties of Canadians are protected.

Madam Speaker, it took eight long years for the Liberal government to recognize that cybersecurity threats exist in this country and around the world. Congratulations to them for coming to the party a little late.

The Liberals have now presented a bill to try to address issues of cybersecurity in the country. As I said, it took them eight years to get there, but I have to say I am pleased that the Liberals have decided to finally do something. I look forward to this bill being passed so that it can be extensively studied at committee.

There are some things in this bill that are good. I know praising the Liberal government is strange territory for me, but I will say that the bill would give the government some tools to respond quickly to cyber-threats. There is currently no explicit legislative authority in the Telecommunications Act to ensure that telecom providers are suitably prepared for cyber-attacks. This is a good reason why this bill should probably move forward to committee to be studied.

The challenge I have, though, includes a whole number of things. My issue with the government is trust. While I do want this legislation to go to committee, I have extraordinary concerns about this bill. Many of these concerns have been raised by many groups across the country, and I do want to speak to some of those in the probably somewhat whimsical hope that the government will listen and take some of these amendments seriously.

There has been a very bad track record of the government responding to concerns from the opposition or from outside organizations with respect to legislation. There is a view that the Liberals are going to do what they want to do on pieces of legislation and that they really do not care what other people have to say. I am very concerned that the government is not going to listen to the very serious concerns that have been raised about this bill.

I have my own concerns when I look at how the government has behaved with respect to other pieces of legislation. We have to look at Bill C-11. There has been a multitude of organizations that have said the bill needs further amendment. Margaret Atwood has said that she has grave concerns about the legislation, that she supports the intent but has grave concerns about the implementation and how it is going to affect artists and content creators. We have had folks who compete in the YouTube sphere who have raised all kinds of concerns about Bill C-11, and the government's response has been that it does not care what they have to say, and that it is going forward with the legislation as it is.

The Senate has made a number of amendments to Bill C-11. I suspect the government's attitude is going to be the same, which is that it does not care what the amendments are and that it is going to proceed with the bill as it sees fit.

We also have only to look to Bill C-21 as well. We had the minister clearly not aware of what constituted a hunting rifle and a hunting gun. The Liberals introduced amendments at committee, and it took extraordinary push-back from Canadians from coast to coast to coast to get them to wake up and withdraw those amendments that they had put in at the last minute.

What it speaks to is that, despite having at its disposal the entire apparatus of the Canadian government, the Liberals are still unable to get legislation right. It takes an enormous amount of effort and hue and cry across the country saying that this has to stop and that this has to be changed. If there is not a massive uprising, the government tends not to listen to the legitimate concerns of other constituents or other groups when it introduces legislation.

With that context, it is why I have real concerns that the government is not going to listen to some of the serious concerns that have been raised with respect to Bill C-26. I am going to go through some of those.

The Canadian Civil Liberties Association has some very serious concerns. It has issued a joint letter that says that the bill is deeply problematic and needs fixing, because it risks undermining our privacy rights and the principles of accountable governance and judicial due process. This is a big bell that is going off, and I hope the government is listening. As I have said, I do not have a lot of faith, given other pieces of legislation where thoughtful amendments have been put forward and the government decided not to do anything with them.

I want to enumerate a few of the concerns from the Canadian Civil Liberties Association. On increased surveillance, it says that the bill would allow the federal government “to secretly order telecom providers” to “do anything or refrain from doing anything necessary...to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption”.

That is a pretty broad power. Where is the government putting the guardrails in that would limit the effects of this or protect the privacy rights of Canadians? That is something I think is incredibly concerning.

On the termination of essential services, Bill C-26 would allow the government to bar a person or a company from being able to receive specific services and bar any company from offering these services to others by secret government order.

Where are we going to have the checks and safety checks on this? Unfortunately, I am not in a position where I think I can trust the government to do the right thing on these things. We have seen it through vaccine mandates, in the legislation on Bill C-21 and in how the Liberals are trying to push through Bill C-11 without listening to reasoned amendments. If reasonable concerns are raised about Bill C-26, I just do not have faith the Liberals are going to take those concerns seriously and make the amendments that are necessary. I really hope they do.

On undermining privacy, the bill would provide for the collection of data from designated operators, which would potentially allow the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations. When someone takes the de-identified personal information of Canadians and does not say how they are going to deal with it or what protections they have in place to make sure it is not misused, what happens in the event that they take that information and somehow there is a government breach? Where does that information go? These are things I think we should be extraordinarily concerned about.

There was also an analysis provided with respect to this by Christopher Parsons, in a report subtitled “A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”. Parsons raises concerns about vague language. The report notes that key terms in the bill, such as “interference”, “manipulation” and “disruption”, which trigger the government's ability to make orders binding on telecom service providers, are unidentified.

Where are the guardrails in the legislation to prevent government overreach and therefore protect Canadians? This is something that I think all Canadians should be watching and be very concerned about. They should be letting their voices be heard by the government on this.

The report talks about how the minister of industry's scope of power to make orders is also undefined. We would be giving a whole host of undefined powers to the minister and the government that would allow them to have all kinds of sensitive information. These are things that may be necessary, but I do not know. They are highly concerning to me. They should be highly concerning to Canadians, and I hope the government will hear from real experts at committee.

Let us not have a two-day committee study where we think Bill C-26 is perfect as it is and bring it back to the House of Commons, bring in time allocation or closure and pass it through. We have seen that story before, and we do not want to see it with the piece of legislation before us. My really big hope is that the government is going to take the time to really consider the seriousness and breadth of Bill C-26 and make sure we have the ways to protect Canadians.

I just want to add that the Business Council of Canada has released its own letter to the Minister of Public Safety, expressing its incredibly deep concerns with respect to the bill: there is a lack of a risk-based approach, information sharing is one-way and the legal threshold for issuing directions is too low.

There are three reports, right there, that are outlining significant concerns with Bill C-26, and I, for one, just do not believe the government is going to listen or get it right. It does not have the track record of doing so, but I am hoping it will, because cybersecurity is incredibly serious as we move toward a digital economy in so many ways. I really hope the government is going to listen to these things, take them seriously, do the hard work at committee and bring forward whatever amendments need to be brought forward, or, if the amendments are brought forward by the opposition, listen to and implement those amendments.

Madam Speaker, the NDP sees the growing threat of cybersecurity, and we also see that Canada is far behind. However, we have concerns about transparency, and I know that the NDP member for Cowichan—Malahat—Langford has been instrumental in strengthening and making bills that the Liberals have brought to the floor more appropriate, so I have more than enough confidence that the NDP will ensure Canadians get the transparency and protection they believe in.

My question for the member is whether he could speak to the point that the government legislation before us would allow for a complete exemption from the Statutory Instruments Act. That would mean such orders could not be reviewed by Parliament through the scrutiny of the regulations committee. I wonder if I could get some comments on that.

Madam Speaker, I would just add that to the list of things I am concerned about with this particular piece of legislation. I am glad and encouraged that the member has stated that New Democrats are going to try to strengthen this piece of legislation. I hope they do that. They talk about wanting transparency and I hope they are going to work really hard for transparency on this.

Conservatives would love to see transparency at a different committee, where we are trying to get someone to come and testify. Maybe the New Democrats can bring their love for transparency to that other committee and we can have PMO officials testify there.

Madam Speaker, one of the things I have heard in talking to universities and different groups is that one of the faults of this piece of legislation is that they have to share this information with the government when they have been attacked, but it is a one-way street. When they see an attack happen, they share it with the government, but there is no information given to other businesses to help them protect against attacks similar to that in nature.

Could the member talk about why it is important and what it means to companies when they are attacked and how it can hurt not only their bottom line? Indigo, for instance, would be a good example of what happens when there is a cybersecurity attack.

Madam Speaker, everyone here knows how serious cyber-attacks are. I often get a notification from Google that says it believes one of my passwords was exposed in a hack of some other organization and that I should take steps to make sure the password is not used in any other applications. We know that the threat of cyber-attacks exists and we know the damage caused.

What I go back to is that we know we need to do something, and I am glad that the government is doing it. It has taken it eight years, but it is finally here trying to deal with this issue. What it has to do is make sure that every voice on this is heard, whether it is industry saying it needs some information back, or whether it is others saying the threshold for some of these things is too low or asking what guardrails are put in place on some of the things.

The government has a lot of work to do and I hope it is willing to do it at committee.

Madam Speaker, I think everybody in the House agrees that we need to up our game in this country to protect Canadians and our society from cyber-attacks.

My specific question has to do with certain specific vulnerable groups. I am thinking of young people, particularly teenagers between the ages, say, of 13 and 19. Even more particularly I am thinking of young girls and women who may be subject to all sorts of cyber-bullying and other offences, as well as seniors who can be victims of cyber-fraud.

I am wondering if my hon. colleague has any thoughts as to how Bill C-26 might impact those particularly vulnerable groups and what suggestions he may have legislatively to help protect them.

Madam Speaker, that is a pretty tough question to answer in about two minutes.

As the father of a 16-year-old daughter, I am constantly worried about what is going on in the cybersphere for her, whether or not there is an instance of bullying going on. There have certainly been episodes of bullying in her real life. I know that at one point she was eating her lunch in the bathroom because she was being bullied by some folks. Online harassment and bullying are serious problems. I do not know enough about this particular piece of legislation to know if it would actually deal with that, but if not, I really hope that it would.

We have a lot of work do for seniors who are vulnerable to these things. This is something the government has to take on. Whether or not it is just waking up to it now as part of this bill, we need to educate seniors. I host events like this with seniors, where we let them know about the threats of cybersecurity and other things. The government needs to pick up the ball on that a little more as well.

Madam Speaker, I am proud to rise in the House today to speak to this important legislation on behalf of the good people of Barrie—Springwater—Oro-Medonte. I am pleased to see Bill C-26 come forward in the House. Improving the resiliency of our critical infrastructure is of the utmost importance to our national security and the everyday safety of Canadians.

This legislation consists of two separate parts. The first portion, among other things, would give the Governor in Council powers to order telecommunications providers to secure their systems against threats and to remove malicious actors from our telecommunications infrastructure. The second portion would create the critical cyber systems protection act, which would establish a cybersecurity compliance framework for federally regulated critical infrastructure operators. This would specifically regulate the sectors of finance, telecommunications, energy and transportation.

I believe that in principle, this legislation appears promising. I think we can all agree that we need a robust cybersecurity framework in Canada. However, it is worth noting that under the current government, we have done the least to bolster our resilience to cyber-attacks compared to all other Five Eyes partners. We lag behind our western allies in national security, and as such, Canada has failed to secure our critical infrastructure against complex and ever-evolving cyber-threats in the modern world. Therefore, before I get into the specific merits and deficiencies of this legislation, I want to speak about the emerging threats to our critical infrastructure and the pressing need to protect our national security.

Threats to our critical infrastructure are real and imminent. In fact, Caroline Xavier, chief of the Communications Security Establishment, or CSE, recently testified before the public safety and national security committee and stated, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses.” She also noted, “Critical infrastructure operators and large enterprises are some of the most lucrative targets.”

While there are several forms of cyber-attacks that our critical infrastructure operators are vulnerable to, the Canadian Centre for Cyber Security has noted in its most recent annual national cyber-threat assessment that ransomware is the most disruptive form of cybercrime facing Canadians and that critical infrastructure operators are more likely to pay ransoms to cybercriminals to avoid disruption. For example, in 2018, cybercriminals deployed a malicious software and successfully held the city hall of a municipal government in Ontario hostage, which resulted in that government paying $35,000 to the hackers to avoid disruption. However, this is not always an effective strategy. A survey of Canadian businesses found that only 42% of organizations that paid ransoms to cybercriminals had their data completely restored.

In 2021, the CSE stated that it was informed of 304 ransomware incidents against Canadian victims, with over half of them in critical infrastructure. However, it acknowledged that cyber-incidents are significantly under-reported, and the true number of victims is much higher.

The enormous economic toll that these cyber-breaches have on Canadian companies is worth noting. According to IBM, in 2022, the average cost of a data breach, which includes but is not limited to ransomware, to Canadian firms was $7 million. There is currently no framework to ensure that companies report when they are victims of these attacks. I will acknowledge that the legislation before us takes steps to address this pervasive issue that Canadians are facing; however, it is certainly an overdue effort.

We saw the damage a cyber-attack of this magnitude can cause in May 2021, when a U.S. energy company was subject to a ransomware attack carried out by a Russian-based criminal group that successfully extorted roughly $4.3 million in coin-based currency. As members may remember, this attack disrupted the largest fuel line in the U.S. for five days and led to President Biden calling a national state of emergency. In 2021, at the U.S. Senate committee on homeland security, the CEO of that company testified that he had no emergency preparedness plan in place that specifically mentioned “ransom or action to ransom”. This incident underscores the fact that we as a country must enhance preparedness and improve the resiliency of our critical infrastructure in order to avoid similar incidents.

Therefore, I am pleased to see this proposed legislation come forward. However, it is worth noting that this is the first substantive legislative response to this issue during the government’s tenure, despite a steady increase in cyber-threats over the years.

The entirety of our federally regulated critical infrastructure is connected to the Internet in some way, and it is extremely important to prevent malicious actors from setting up on our infrastructure and attacking it. Previously, there has been no mechanism for the government to formally remove a company from our telecommunications networks.

The clearest example of the need for this mechanism would be the controversy surrounding Huawei, a company that was part of the design of our 5G networks despite glaring national security concerns related to its activities and relationship to the Communist Party in Beijing. It is a significant move that this company will be kicked off our servers, but it is a delayed one. We know that under China's national intelligence law, the CCP has the authority to instruct any company to hand over information to support, assist and co-operate with state intelligence work. Accordingly, we ought to be cautious and avoid contracting with companies that could potentially compromise the security of our critical infrastructure.

It is certainly positive that Canada will be able to kick malicious actors such as Huawei off our networks. However, many have noted that we lessened our credibility among the Five Eyes nations due to our delayed response to this issue. Indeed, the United States lobbied Canada for years to exclude Huawei from our 5G mobile networks and warned that it would reconsider intelligence sharing with any countries that use Huawei equipment.

In some respects, this legislation is a positive step toward establishing a baseline standard of care for organizations whose functions are integral to our critical infrastructure. As I have previously mentioned, incidents of cyber-attacks often go unreported or under-reported. This legislation's mandatory reporting mechanism, which specifies that a designated operator must immediately report an incident to the CSE and the appropriate regulator, is a welcome step toward addressing this issue. However, the act does not prescribe any timeline or give any other information as to how “immediately” should be interpreted by an operator.

As I have just laid out, there are aspects of this legislation that my Conservative colleagues and I fully support. However, I have concerns with several elements of the bill.

First and foremost, there is a complete lack of oversight over the sweeping new powers afforded to the cabinet ministers, regulators and government agencies mentioned in this legislation. Alongside a lack of oversight, there is little information on the breadth of what the government might order a telecommunications operator to do.

It is evident that this bill draws on much of Australia's legislative model, which was first introduced in 2018 and eventually amended. However, we did not follow suit in terms of the oversight measures Australia included in its critical infrastructure protection act. Notably, Australia introduced political accountability mechanisms alongside its legislation, including a requirement for regular reporting, an independent review and the production of a written report. The Conservatives would like to see annual reporting from the minister on what actions have been taken and a public disclosure of the orders that the government is making under these newly afforded powers.

In terms of concerns from the public, we have heard from a number of organizations that are concerned that elements of this legislation undermine the privacy rights of Canadians. In September of last year, several privacy rights organizations signed an open letter to the Minister of Public Safety, which laid out their concerns with Bill C-26. For example, they were concerned about the sweeping new powers this legislation would give to the government over access to the personal data of Canadians and the data of companies. They noted that Bill C-26 “may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.”

I think we can all agree that while enacting measures to improve the resilience of our critical infrastructure is of the utmost importance, civil liberties and privacy must be fully respected when drafting those measures. On the other hand, we have heard from stakeholders who are concerned about the regulatory burden this legislation may have on businesses, especially small and medium enterprises.

Many stakeholders have noted that the high costs and business impacts of a cyber-incident already incentivize companies to ensure rigorous cybersecurity protocols. Recent statistics released by Statistics Canada found that in 2021, Canadian businesses spent over $10 billion on cybersecurity, a 41% increase compared to 2019. Many stakeholders have noted that the proposed penalties related to this act, which reach up to $15 million and five years of jail time, are touted as being intended to promote compliance rather than to punish. However, I think we can all agree that a $15-million fine would indeed be unduly punitive on a small business that may be subject to this act. Therefore, we must ensure that fines and compliance costs are distributed evenly so as not to stifle competition and endanger the viability of small and medium enterprises in our critical infrastructure sectors.

Finally, we face a problem related to definitions and the scope of this bill. Various terms are not defined, including what constitutes a cyber-incident, and it is not immediately clear how the government will determine who is subject to this legislation. I look forward to receiving an explanation from the government to demystify some of the vague language found within it.

To conclude, a threat to our critical infrastructure is a threat to our national security. I think all parties agree that the government must take strong and immediate action against cyber-attacks. We support this bill in principle, but we believe that it needs to be amended significantly to ensure greater transparency and accountability from the government and future governments. I look forward to studying and amending this bill at the public safety committee with my colleagues across all parties.

Madam Speaker, like my colleague, I think we are broadly supportive of the aims and principles of this bill but have some significant concerns about many of the details. This includes that the bill would open the door to new surveillance obligations; would allow the termination of essential services, perhaps without due process; may undermine privacy; lacks guardrails to constrain abuse; and has some relatively disturbing secrecy provisions that would obviate the minister from having to be accountable to Parliament by publishing the measures he takes.

Among the many concerns expressed about the bill, which ones does the member find the most troubling that he would like addressed at the committee stage?

Madam Speaker, all of those are legitimate concerns that we will be addressing at the public safety committee if and when this bill gets there. I do not know if I can rank them today, because I think they are all significant. Everybody has different issues that come to mind based on what is most important to them. Obviously, privacy is one of the most important things to people.

What I mentioned in my speech was the ability for companies to still manage themselves once these fines have been imposed. We do not want to put out of business the small and medium-sized companies that have already had cyber-attacks, and then give a fine on top of that.

There are many things we need to address in committee. I am looking forward to studying the bill with my colleagues from all sides when it gets there.

Madam Speaker, there has been a lot of talk about TikTok and the fact that it could be used as a tool for interference. In fact, I closed my account at that time and, like everyone else, removed the app from my device.

What does my colleague think about apps like WeChat, which are known to be spying platforms? What does he think about the fact that a G7 parliament, like Canada's, has been using Zoom for years, a Chinese app that once interrupted a live meeting of Chinese dissidents? It is disturbing, to say the least.

Madam Speaker, to be quite candid, I have two teenage boys who are always kidding that I am a bit of a dinosaur when it comes to different social media platforms. I have never had TikTok. I do not know much about it, but I understand there have been a lot of issues with it. I think with all of our social media platforms, we need to stop, review them and look at who is taking information from them, because a lot of information can be gleaned from them.

We jumped into this new media method many years ago without knowing the direction and road it was going to take. Now that we are well down it, I think it is time we looked at all these different platforms and realized what information is being taken from them.

Madam Speaker, it is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will be addressing elements of the legislation that deal with securing Canada's telecommunications system.

As Canadians rely more and more on digital communication, it is critical that our telecommunications system is secure. Let me assure the House that the Government of Canada takes the security of that system seriously. That is why we conducted a review of 5G technology and the associated security and economic considerations. It is clear that 5G technology holds lots of promise for Canadians: advanced telemedicine, connected and autonomous vehicles, smart cities, clean energy, precision agriculture, smart mining, and lots more.

However, our security review also made it clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system. The Canadian Security Intelligence Service recognized this in its most recent public annual report. The report said, “Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada’s national security, its interests and its economic stability.”

The report said that cyber-actors conduct malicious activities to advance their political, economic, military, security and ideological interests. These actors seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities. The CSIS report also highlighted the increasing cyber-threat that ransomware poses.

The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish victims' data or block access to it unless a ransom is paid. It is not just cybercriminals doing this. CSIS has warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution.

To be sure, Canadians, industry and government have worked hard to this point to defend our telecom system, but we must always be alert and always be guarding against the next attacks. This has become more important as people are now often working remotely from home office environments, and the challenges are accentuated by the 5G technology. In 5G systems, sensitive functions will become increasingly decentralized to be able to be faster where speed is needed. We all recognize cell towers in our communities and along our highways, and 5G networks will add a multitude of smaller access points in order to increase speeds. The devices the 5G network will connect to will also grow exponentially. Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with the older technology. Bad actors could have more of an impact on our critical infrastructure than before.

The security review we conducted found that, for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technology and the threat environment.

Now, for these reasons, we are proposing amendments to the Telecommunications Act. The amendments would ensure that the security of our telecommunications system remains an overriding objective. This bill would add to the list of objectives set out in section 7 of the Telecommunications Act. It would add the words “to promote the security of the Canadian telecommunications system.” It is important to have these words specified in law. It would mean that the government would be able to exercise its power under the legislation for the purposes of securing Canada's telecommunications system.

The amendments also include authorities to prohibit Canadian telecommunication service providers from providing and using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary after consultation with the telecommunications providers and other stakeholders. They would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks, upon which all critical infrastructures depend.

We have listened to our security experts, Canadians and our allies, and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canadian competitiveness, economic stability and long-term prosperity.

It is clear that the telecommunications infrastructure has become increasingly essential, and it must be secure and resilient. Telecommunications present an economic opportunity, one that grows our economy and creates jobs.

The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve designated organizations' ability to prepare, prevent, respond to and recover from all types of cyber incidents, including ransomware. It will designate telecommunications as a vital service.

Together, this legislative package will strengthen our ability to defend telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day.

The legislation before us today fits with the Government of Canada's telecommunications reliability agenda. Under this agenda, we intend to promote robust networks and systems, strengthen accountability and coordinated planning and preparedness.

Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of the network has never been more crucial. They are fundamental to the safety, prosperity and well-being of Canadians.

We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that.

Madam Speaker, I thank my colleague for his speech. In January, I requested a meeting with the Université de Sherbrooke, which has a research chair in cybercrime. I learned a lot about how behind the times Canada is.

This bill is good, but it comes at a time when we are at greater risk than ever before. The federal government does not seem to be taking cybercrime seriously, yet many European countries have other models and have made headway against cybercrime. How can we address the fact that we need to catch up?

We have to act faster to protect ourselves from cyber-attacks. There is also the whole issue of Hydro-Québec and the fact that those are interprovincial lines. How are the authorities going to be able to manage all that given the agreements and the importance of respecting Quebec's and the provinces' jurisdiction over certain types of critical infrastructure?

It is high time this critical infrastructure was included in a bill to protect it. I would like to hear my colleague's thoughts on that.

Madam Speaker, I share the member's sense of urgency in making sure that we advance opportunities to make the networks safer. The technology has developed very quickly in recent years, so it is important that we stay ahead of that technology.

On the relationship between the provinces and the federal government, I think it is important that we develop reliable agreements where appropriate, but telecommunications is the responsibility of the federal government, and we are not going to shirk from our responsibilities in making sure that the network is safe for our citizens.