Bill C-26

Thank you very much, Mr. Chair.

This is regarding the issue of Bill C-26 and to ask whether it needs operators to immediately report a cybersecurity incident.

The reality is that we heard testimony from the Canadian Chamber of Commerce and other witnesses about a 72-hour reporting period, with “immediate” being defined as 72 hours.

It's important to note that in the U.S., the Cyber Incident Reporting for Critical Infrastructure Act also talks about a 72-hour reporting time frame.

Our witnesses said very clearly that “immediately” made it potentially difficult for them to resolve the issue and to respond to the cyber-attack, because they would be concerned about the impacts of not reporting in that immediate time frame. A 72-hour window would provide the ability to combat the cybersecurity incident and do the reporting in a very timely way.

I'd like to move what we heard from witnesses and move NDP-10 to essentially provide an amendment such that the designated operator must report the cybersecurity incident within 72 hours from the time the operator reasonably believes the incident occurred.

I call the meeting to order.

Welcome to meeting 101 of the House of Commons Standing Committee on Public Safety and National Security.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely by using the Zoom application.

I would like to make a few comments for the benefit of the witnesses and members.

Please wait until I recognize you by name before speaking. To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings. I will remind you that all comments should be addressed through the chair.

I will also quickly remind you of an informal meeting with the Norwegian delegation at 5:30 today, for those interested.

Pursuant to the order of reference of Monday, March 27, 2023, the committee is resuming its study of Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. Today the committee resumes its clause-by-clause consideration, beginning with clause 12.

I will now welcome the officials who are with us. They are available to answer questions regarding the bill, but will not deliver any opening statements.

From the Department of Industry, we have Andre Arbour, director general, strategy and innovation policy sector; from the Department of Public Safety and Emergency Preparedness, we welcome Colin MacSween, director general, national cybersecurity directorate, and William Hartley, acting manager; and from the Communications Security Establishment, we have Stephen Bolton, director general, strategic policy, and Richard Larose, senior technical adviser.

Thank you for joining us today. With that, we will begin—

Yes, Mr. Shipley, please go ahead.

Thank you, Mr. Chair.

This is another key decision point, and it's what we've repeatedly heard is the best route forward to improve Bill C-26. We heard from members of the coalition, and I'll remind you that the organizations involved include the Privacy and Access Council of Canada, OpenMedia, the National Council of Canadian Muslims, the Ligue des droits et libertés, the International Civil Liberties Monitoring Group and the Canadian Civil Liberties Association. All of them have said that an important component for ensuring that the public interest is protected is a provision for special advocates.

What this would do is add, after line 13 on page 8, the following:

(a.1) the judge must appoint a person from a list established by the Minister to act as a special advocate in the proceeding after hearing representations from the applicant and the Minister and after giving particular consideration and weight to the preferences of the applicant;

It would also add, after line 28 on page 8, the following:

(c.1) on the request of the Minister, the judge may exempt the Minister from the obligation to provide the special advocate with a copy of information if the judge is satisfied that the information does not enable the applicant to be reasonably informed of the case made by the Minister;

I won't read all of the amendment. I know that my colleagues around the table have had a chance to thoroughly review NDP-9, but the reality is that special advocates are top secret, security-cleared private practice lawyers, independent of government. We've already seen special advocates protecting the interests, for example, of permanent residents or foreign nationals subject to a security clearance certificate or other proceedings under the Immigration and Refugee Protection Act.

Currently, there is a list of special advocates who are cleared to defend individuals in matters like this, with the Immigration and Refugee Protection Act. There are apparently 10 special advocates available.

This is clear testimony we heard from numerous witnesses among the coalition members I mentioned. They are some of Canada's most reputable groups, and there is no doubt that having in place a special advocate would improve the legislation, so I want to move NDP-9.

I'll just follow up on that.

I know there are often exceptions for national security and whatnot. How can Canadians trust that, when an exception is laid out in Bill C-26...? This is larger than the conversation about this current proposed section. The minister is given discretion quite often to ensure they can use information if it's related to national security, etc. How can Canadians trust that the right balance is struck? This is a bigger conversation, but I think it will help speed up some of the forthcoming amendments.

Could you outline the processes in place to ensure that privacy is in fact protected and that, when an exemption is laid out in legislation, it's not opening it up for abuse?

Thanks very much, Chair.

My other committee is the access to information, privacy and ethics committee. While it notably prosecutes Liberal scandals, it also does a lot with privacy.

I would ask the officials if they could weigh in. I appreciate Ms. O'Connell's statement about it not being necessary, but I would ask if the officials could weigh in on the specific application of the privacy-related sphere in this and whether the amendments would make a notable difference compared to what is currently listed in the act versus what is in Bill C-26, as well as its applications of the myriad privacy rules that overlap here.

Thank you, Mr. Chair.

The Conservatives did agree to go through Bill C-26 without filibustering. I hope Mr. Kurek now has a copy of that memo because we really need to get through this bill.

Thank you, Chair.

G-3.2 is similar to G-1.2. We are concerned about being too prescriptive and limiting the ability to consult with required people as to threats. Obviously, when we look at administrative law, there's a zone of expertise that we allow the agencies to have.

I move to amend Bill C-26, in clause 2, by replacing line 28 on page 2 with the following, which is referring, I assume, to the Minister of Emergency Preparedness:

Emergency Preparedness and with the persons the Minister considers appropriate,

Thank you, Chair.

This is coordinating with G-1.1, which the committee agreed to. We're saying that Bill C-26, in clause 2, should be amended by replacing lines 25 and 26 on page 2 with the following:

tem against any threat, including that of interference, manipulation, disruption or degradation, the Minister may, by order and af-

Thank you.

Thank you, Mr. Chair.

I apologize to my Conservative colleagues in advance for CPC-4 not being able to be moved if we adopt NDP-3.

We had a persistent theme in testimony before the committee that we need to ensure transparency around Bill C-26. What NDP-3 would accomplish is ensuring that orders are published “in the Canada Gazette within 90 days after the day on which it is made”. This has been suggested by coalition members who appeared before the committee, and it would ensure more transparency in the bill.

I move the amendment, Mr. Chair.

As we know, Bill C‑26 enables the government to issue confidential orders applicable to telecommunications service providers. While confidentiality can certainly be justified in certain situations, it shouldn't be the default rule. A number of civil liberties organizations have told us as much.

These organizations recommend a mandatory Federal Court order as a check and balance against government overreach. This could be an effective way to ensure that the government isn't hiding disproportionately intrusive actions. It adds some checks and balances to the legislation.

I'll read amendment BQ‑2, which proposes an amendment by replacement:

(2) On application by the Minister, the Federal Court may, by order, prohibit any person from disclosing some or all of the order's contents if it is satisfied that there are reasonable grounds to believe that such disclosure could be injurious to international relations, national defence or national security or endanger the safety of any person.

I'm wondering about part of line 3 of the amendment. The wording is “disclosing some or all of the order's contents.” That sounds funny to me. Again, I think that the legislative clerks are the experts on how to write this. If it sounds good in the legislative language, so much the better. I just wanted to make sure.

I have a question for the officials before we move on with the discussion.

I want to make sure that adopting this amendment wouldn't add lengthy delays to the process. Would it?

Thank you, Chair.

This is related to NDP-1 but has alternative language in G-1.2. We're moving that Bill C-26, in clause 2, be amended by replacing line 17 on page 1 with the following:

cil may, by order and after consultation with the persons the Governor in Council considers appropriate,

That's the amending language. Again, this is alternative language to NDP-1.

(Amendment agreed to)

I actually thought you were talking about interpretation for a different language. It's okay. They speak English very well.

All right. Now we have our study on Bill C-26.

Pursuant to the order of reference of Monday, March 27, 2023, the committee resumes its study of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts. Today, the committee commences clause-by-clause consideration.

I will now welcome the officials who are with us. They are available for questions regarding the bill but will not deliver any opening statements. From the Department of Industry, we have Andre Arbour, director general, strategy and innovation policy sector, and Wen Kwan, senior director, spectrum and telecommunications sector. From the Department of Public Safety and Emergency Preparedness, we have Colin MacSween, director general, national cyber security directorate, and Kelly-Anne Gibson, acting director, national cyber security directorate.

Thank you for joining us today.

We're going to move right into clause-by-clause.

The chair calls clause 1. Shall clause 1 carry?

Mr. Lloyd.

Thank you, Mr. Chair.

I was saying that I signed the request made under Standing Order 106(4) allowing us to hold today's emergency meeting for the sole purpose of dealing with the specific issue of Luka Magnotta's prison transfer. The purpose wasn't to re-examine Paul Bernardo's case. We've already met a number of times on that. I more or less agree with what Mr. Julian said. This study shouldn't be a continuation of the one we've already done, in my view.

In this case, I think it's really about setting the record straight and reassuring the public. In the past few days, a lot has been said about this transfer, which took place in 2022, by the way. It didn't just happen. Luka Magnotta was transferred from a maximum-security facility to a medium-security facility a few years ago now.

As I see it, the motion is more about the process, which—may I remind the committee—is apolitical. The Correctional Service of Canada has a protocol in place for the transfer and security classification of inmates. As per the statement that came out earlier in the week, Canada's corrections system is fundamentally based on rehabilitating offenders, even if they remain incarcerated for the rest of their lives. That is the legislative mandate of the Correctional Service, which says that it regularly balances factors such as risks to public safety; safe, secure and humane treatment; and victims' rights.

The Correctional Service of Canada's policy dictates that a security classification review be completed at least every two years for inmates classified at maximum or medium-security level and that they be placed at an institution with the corresponding level of security.

Understandably, then, a whole protocol is already in place, and that's what the Correctional Service officials told us when they appeared before the committee with respect to Paul Bernardo's case. I think it's important to have the officials back so they can explain it to us again.

We also need to hear from the warden of the La Macaza Institution, so she can explain how it operates. Is it true that inmates there live more comfortably than most Canadians? Is it true that they can take part in tennis, skating and other such activities? What conditions do inmates there live in? I think we need to hear that directly from someone at the La Macaza Institution.

I don't want to make this into a big to-do. I don't see the need to hold six meetings and hear from multiple witnesses on this specific issue.

There is, however, something that bothers me about Luka Magnotta's transfer. In the past, he had asked more than once to be transferred, but his requests had always been denied. Apparently, his last request was granted because he said he was transgender. He was assessed by a team of psychologists at McGill University, and they were skeptical of his claims, but that seems to be the reason why he was granted a transfer to a medium-security facility. If we should be questioning anything about Luka Magnotta's transfer, that may be it.

As parliamentarians, we can't start meddling in the transfer of every inmate in Canada. We cannot do that, and it's not our job.

This is probably a good opportunity to have Correctional Service of Canada officials explain to us again the protocol and legislation they have to follow when assessing and transferring offenders.

For those reasons, I have a number of changes I'd like to propose to the motion. I will read the motion and flag the parts I would amend.

The beginning would stay the same, in other words, “That, in light of the transfer of sadistic killer Luka Magnotta out of a maximum security prison to a medium-security prison”. I would then remove everything up to “the committee”.

I would delete the word “immediately” before “undertake”. I would replace “study in priority order, of no less than six meetings” with “study of one meeting”. Then I would delete “, and that these meetings begin this week,” but I would keep the part that says, “on how the decision to make this transfer was made, the prisoner transfer process for prisoners in maximum-security facilities, and the committee report its findings to the House”.

The part that says that the committee “call the following witnesses to appear” would stay, as would bullet (a), “the Commissioner of Correctional Service Canada, Anne Kelly”. It's important for the committee to hear what she has to say. Bullets (b), (c), (d), (e) and (f) would come out, but I would keep bullet (g)—“the Warden of La Macaza Institution”—and bullet (h)—“representatives from the Union of Canadian Correctional Officers”. Bullet (i) would come out, as would the parts added further to Ms. O'Connell's amendment. Lastly, I would add a representative from the McGill medical team that examined Luka Magnotta's case to the list of witnesses to be called.

I hope my fellow members will agree with me that this isn't the time to play politics. That seems to be what some parties are trying to do, and it's wrong.

I think the way to better understand the process and reassure the public is to figure out whether Luka Magnotta's psychological or psychiatric evaluation was flawed and why he was transferred. We could certainly question his medical team about it, and we could get answers about the transfer process from the Correctional Service of Canada officials, but that's all. We cannot start challenging every prison transfer of every federal inmate. Otherwise, it will never end. As I already said, that is not our job as parliamentarians. We are talking about an apolitical process. Turning it into a political issue is wrong.

As I said, I think we should get rid of the part about the committee holding six meetings on the matter. One meeting is enough, in my view. Furthermore, this study shouldn't take priority over our other work. We are in the midst of examining Bill C-26, and we should finish that study before we meet on this issue. The same goes for our car theft study. It should take precedence over this one.

I repeat, Luka Magnotta was transferred in 2022. If Mr. Caputo hadn't visited the La Macaza Institution, we wouldn't be here today. I, myself, visited the Port-Cartier penitentiary two years ago, but I didn't make a big fuss about the individuals I saw there.

Again, the process has to remain apolitical.

I hope that my fellow members will agree with me that we need to narrow the scope of the motion to address the core issue—Luka Magnotta's transfer.