No, you do not.
Evidence of meeting #28 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was security.
A recording is available from Parliament.
Evidence of meeting #28 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was security.
A recording is available from Parliament.
12:20 p.m.
Conservative
Greg Kerr Conservative West Nova, NS
Thank you, Mr. Chair.
Thank you very much for being here. There's quite a learning curve this morning.
A lot has been covered, and your explanations are very good. Obviously we are left with questions as well as directions. Beyond what you've said, are there other things the committee should be doing as we wrap up our study?
When I hear about the things that can happen, I am wondering if it would be to our advantage to bring in some of those representatives of the private sector who develop these marvellous machines and technology so we could have a conversation with them about the kinds of things that do take place or could take place. They're outside the security issue, but they do develop the expertise that goes into it. Would that be something we should consider?
12:20 p.m.
Clerk of the House of Commons
If I may say, Mr. Chairman, to you and to Mr. Kerr, it's up to the committee to decide where it wants to take this investigation, in terms of a learning experience as much as anything else.
Certainly one of the things Louis was pointing out is that we make it our business to have contacts with the various authorities and with private industry so that we are constantly apprised of the developments in technology as well as the flip side of that, which is the developments of the evildoers. Even as a certain type of anti-virus solution is worked out, there are hackers who will try to circumvent that, and so forth. I don't know whether you would find those discussions helpful.
Certainly I can assure you that since we're plugged into various networks, we're privy to the best practices and latest information about things that are going on, which we can use to inform our own security posture and provide better security for members and the House of Commons.
12:20 p.m.
Conservative
Greg Kerr Conservative West Nova, NS
I appreciate that, but your answer didn't quite get to where I had hoped. Our job is to represent the public in the various parts of the country we come from. Obviously this is important to the public, as is what is going on beyond our security system and beyond our scope. That's why I was wondering if you'd suggest that it would be a good idea to hear from the security people, perhaps those who deal with the police and so on, as well as from the industry experts who develop it, or whether that would add to the scope of what we're looking at.
I know you've answered. I'm just wondering if that seemed like an appropriate thing for us to look at before we finished our study?
12:20 p.m.
Clerk of the House of Commons
As I said, I think that is up to you to decide. As far as I'm personally concerned, you have the two House of Commons experts here that you need.
As for what exists out there in terms of authorities, you might find it helpful to pursue things in camera about specific situations you have lived through and so on. I'm not quite sure where the committee is taking its study.
12:20 p.m.
Conservative
12:20 p.m.
NDP
Joe Comartin NDP Windsor—Tecumseh, ON
Thank you, Mr. Chair.
Mr. Bard, I'm looking right now at the e-mails that were sent to Mr. Toews from Anonymous. There's a web address on them. I'm asking about the specific case. If I came to you as a member of Parliament and asked you to trace this back to a source and then back through that to the actual source, would you be able to do that, and would you provide that as a service to members of Parliament?
12:20 p.m.
Chief Information Officer, House of Commons
With regard to any request from members about e-mails they receive, if they were received on the mail system of the House of Commons, we maintain logs of e-mails and logs of Internet access. All of these logs are maintained for a certain length of time, and we are able to do some investigations.
For example, with regard to all of these videos on YouTube you referred to, there's no doubt that we've done due diligence to scan the computer environments, and I can affirm that none of those videos was posted from any computer from the House of Commons. That's very clear.
That's the extent of it. If it crosses the boundaries of the House and is outside, I don't have access to those tools.
12:25 p.m.
NDP
Joe Comartin NDP Windsor—Tecumseh, ON
Do we have a protocol in the House with CSE to ask them to do that?
Let me just say that I know from the experience I've had with the Department of Public Safety, and the work we've done in particular with child pornography sites and tracing them back to source, that at least some of this technology is available. CSE is quite frankly one of the better agencies in the world in terms of being able to do this. So do we have a protocol with them such that if you're not able to trace it back, we can ask them to trace it back?
12:25 p.m.
Chief Information Officer, House of Commons
I can perhaps answer the first part of this question.
CSE does not have really any authority on Parliament Hill. However, it will cooperate, upon request, to help me manage my environment. If it's beyond monitoring or beyond managing the precinct, if it crosses the line and may be something criminal, that's beyond my boundaries, and I refer to Kevin on those matters.
12:25 p.m.
NDP
Joe Comartin NDP Windsor—Tecumseh, ON
Mr. Vickers, do we have a protocol with CSE in a situation where we at least suspect it's a criminal event and we want to try to trace it?
12:25 p.m.
Sergeant-at-Arms of the House of Commons
First of all, Mr. Comartin, CSE's mandate is very, very specific. They run under very tight legislative...what they can do and what they can't do, especially if Canadian citizens are involved.
The RCMP, for example, would have competencies there and international relationships. In the case you just mentioned, for example, child pornography, they could try to drill down, if they have an IPO address, and find the source of whoever is distributing that child pornography, just as they would be distributing a video on YouTube.
So it does exist. As you referred to earlier, there are some cases of success. As the clerk has mentioned, it's a very complicated, sophisticated world they operate in, and it's getting difficult, but as you pointed out, there are examples of some success.
12:25 p.m.
NDP
Joe Comartin NDP Windsor—Tecumseh, ON
I'm sorry, Ms. O'Brien; I'm going to run out of time, and I want to be clear here on where the responsibility lies.
If I believe that I've been the victim of a criminal event, am I the one who goes to the RCMP as a member of Parliament, or do we have a protocol that says it would be you, Mr. Vickers, or someone else here on the Hill? Whose responsibility is it to approach the RCMP to conduct the—
12:25 p.m.
Sergeant-at-Arms of the House of Commons
It would be your responsibility, as the complainant, to make an official complaint with the RCMP.
12:25 p.m.
Clerk of the House of Commons
Just to tie that up, when Monsieur Bard was saying that if you, for example, receive an e-mail on your Hill account, and for whatever reason you want to know where that came from, we can provide that information to you. Then, as to what you decide to do with it, if you feel that it infringes your rights such that you want to lodge a complaint with the RCMP, as Kevin says, it's up to you to do. We don't step in as an institution, in between, to make those decisions.
12:25 p.m.
Conservative
The Chair Conservative Joe Preston
All right.
That completes my speakers list. I'd be happy to take any one-off questions that anyone has.
Mr. Lukiwski, you have one? Sure.
12:25 p.m.
Conservative
Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK
This is just quick one—and excuse me, because I'm pretty much a technological Luddite when it comes to these things.
Monsieur Bard, you mentioned that 70% of e-mails are blocked coming in. Would that be to the main parliamentary number? We all have personal e-mail addresses as well. There's the office number, where most of my e-mail comes from, but we all have personal e-mail addresses as well.
If there's someone who somehow gets hold of an MP's personal e-mail address, is there any way you would be able to detect anything or block any communication in that event?
12:30 p.m.
Chief Information Officer, House of Commons
If it's a personal address outside of the environment, if it's—
12:30 p.m.
Conservative
Tom Lukiwski Conservative Regina—Lumsden—Lake Centre, SK
No, it's one of the ones we're all granted here.
