Bill C-26

I have the honour to inform the House that a message has been received from the Senate informing this House that the Senate has passed the following bill with an amendment to which the concurrence of the House is desired: C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.

Copies of the amendment are available on the table.

Madam Speaker, I appreciate the question and especially that it is coming from a Conservative member.

He is asking us what thoughts we have in regard to legislation. I made reference in my comments to Bill C-63, the online harms act. I made reference to Bill C-26, which deals with cybersecurity. I made reference to Bill C-27, which deals with updating a framework so that we have regulations that address many aspects of the report.

The biggest barrier is not a lack of ideas or legislation. The biggest barrier is, in fact, the Conservative Party of Canada, which continues to prevent legislation from ultimately becoming law. On the one hand, the Conservatives talk about the importance of privacy for Canadians and the importance of cyber-related issues, but when it comes time to advance legislation, they are found wanting. If my colleague believes that we should have legislation, I would encourage him to allow legislation to get through.

Madam Speaker, it is a pleasure to rise and speak on an issue that I know is very important to all Canadians. I wanted to make note of a couple of things before I really get under way. When we think of the Internet, I think that we need to put it into the perspective of how things have changed over time in a very significant way. I would suggest that applies more to the industry of technological changes related to the Internet and computers: it is virtually second to none, and it is something we all need to be much aware of. It is an issue our constituents are very concerned with. I think, at the end of the day, we need to recognize just how much things have changed and the importance of governments to show that not only do they understand the issue, but they also have taken tangible actions in order to address the many different concerns out there.

I will start off by saying there are a number of pieces of legislation that are all related to that technological change. If we canvass Canadians, we will find that there is a wide spectrum of ways they use the internet. There are many benefits to it, and there are many drawbacks.

The legislative agenda that we have put forward and advanced over the last number of years deals with both sides: How important it is to have a framework that enables us to protect, for example, the marketplace; and how important it is that we have laws that protect the victims of the abuse that takes place over the Internet.

I would like to cite three pieces of legislation and where they are at today. It is not necessarily because of the government's will to constantly push opposition members in trying to get through the legislation, but I believe that these are the types of legislation that a vast majority of Canadians would ultimately support. I can make reference to the issue of protection, for example. I think there have been four concurrence reports from the Conservative Party, this is either the second or third from the Bloc and I know the New Democrats have done a concurrence report. This is all during government business. Then we have had the issue of the matters of privilege. No Conservative is standing up saying, “Why are we doing these concurrence reports when we should be dealing with the privilege?” This is because the privilege is actually being used as a tool to prevent the discussion of legislation.

Why is that important to highlight right now? It is because one of the pieces of legislation we have been trying to push out of second reading is Bill C-63, the online harms act. That is a piece of legislation that ultimately protects individuals and our communities from inappropriate behaviour taking place on the Internet and creating victims. These are the types of things to which I question, what role does government have? This particular report raises a number of concerns on the impacts of AI and facial recognition. Imagine all the images on the Internet today that Canadians do not want on the Internet.

I am thinking of a breakup where one spouse is, without the consent of the ex, putting inappropriate pictures on the Internet. Bill C-63 is legislation that addresses an issue of that nature, yet it continues to be frustrated in terms of getting through the House of Commons on second reading. However, I know that a majority of members of Parliament who are sitting in the House of Commons actually support Bill C-63.

We have Bill C-26, which deals with the important issue of cybersecurity. When we think of cybersecurity, we can imagine the data banks out there collecting information and how critical that information is. We are defending and supporting Canadians, where we can, through issues related to privacy and the potential leak of data bank information.

There was a time when a data bank was paper-driven, and the shredders might have had good business at the time. I remember going into an embassy where I saw containers full of correspondence. Containers are disappearing as more and more things are becoming digital, and that applies in many different forms. In literally seconds, millions of data points can actually be lost and ultimately acquired by someone who might have malicious intent. However, we are still waiting for Bill C-26 to ultimately get that royal assent, not to mention Bill C-27.

Bill C-27 has a great deal to do with what we are talking about today. I think members need to fully understand, when we look at how important this issue is, that the last time we actually had a modernization of the acts that are in question, and I am referring to Bill C-27, was back in 2000, over 20 years ago, when iPhones did not exist. Can members imagine a time where iPhones did not exist? I can, and it really was not all that long ago.

When I was first elected, when I turned on the computer, the first thing I heard was a dial tone, a ding-dong, and then I was logged onto the Internet type of thing, and it took quite a while to get that connection. People used five-and-a-half-inch floppy disks. However, from 1995 to 2001, we really started to see an explosion of Internet advancement and technology, and it continues today.

Let us think about where the government has put its investments. It is not only toward protecting Canadians, but toward ensuring that communities have access to the Internet because of how critical it is to all of us.

We can look at one of the largest expenditures in my own province of Manitoba, which expanded broadband Internet into rural communities. It is being financed through the Canada Infrastructure Bank. Ironically, it is the same Canada Infrastructure Bank that the Conservatives say is doing nothing and has no projects. The leader of the Conservative Party has said he is going to get rid of the Infrastructure Bank. However, in Manitoba, we have seen the Internet expand through the Canada Infrastructure Bank.

The Internet is an absolutely essential service today. Back in the late eighties and going into the nineties, some might have said it was an option. Today, it is not an option. The year 2000 was the last time the act was updated. For almost a decade, Stephen Harper chose to do absolutely nothing to protect individuals' identifications from being consumed through the Internet.

This government, for a number of years, has been looking at how we can modernize the protection of Canadians through the Internet and how we can maximize the benefits of the Internet, while minimizing harms to society. Those are the types of initiatives the Government of Canada has been taking to show, in a very real and tangible way, whether with legislative or budgetary measures, that it understands the technology. We are going to continue not only to be there but also to invest in it. It is one of the reasons that Canada virtually leads the rest of the world in many areas, especially on AI and facial recognition. It is because we understand, looking forward, the role that they are going to play.

That is why it is so important to bring forward legislation and, ultimately, look across the way. In a minority situation, we need a sense of co-operation coming from all opposition parties. It does not take a majority of members to prevent things from happening in the House. All it takes is one political party. Any political entity in the House that has 13 or 14 members can cause a great deal of frustration, even though a majority inside the House might want to see actions taken. In the last federal election, a minority government was elected, but that does not take responsibility away from all political parties to take the actions necessary to support what is in the best interests of Canadians.

That is why I am standing up to speak to the report, which had a lot of work. I was not at the committee, but I can assure everyone that a great deal of effort would have been put into coming up with the report.

Having read some of the comments provided by the minister's office in response to the report, obviously the government has taken the report very seriously. If members want to get an appreciation for the content of the report, I would encourage them to take a look at it. They should also look at the response the government has provided to the report. I suspect that if they were to take a look at the response, they would find that once again, much as in the many comments I have put on the record thus far, we have a government that understands the issue and the report and has taken action, not only today but previously, to deal with the concerns being raised.

All we need to do is take a look at Bill C-27. In his response, even the minister made reference to Bill C-27. If members are genuinely concerned about the report, they should be sympathetic to at least allowing Bill C-27 to get out of committee. Why would that not happen? I can assure members, contrary to what the member across the way said, that as a government, we are constantly listening to Canadians. That is why we will find within our measures, whether they are legislative or budget measures, the thoughts and ideas of the people of Canada being reflected.

The Speaker's constituents, my constituents and all of our constituents are genuinely concerned about what is happening on the Internet today. To amplify that fact and the need for change, I quickly made reference to the year 2000, when we last had legislation. We had a big gap when absolutely nothing was done. I call that the Stephen Harper era. Then we had a government replace that era and it immediately started to work with Canadians to get a better understanding of the types of legislation and regulations that are necessary.

The best example that I can come up with, because of the explosion of iPhones out there today, is the issue of Facebook and how many people participate in Facebook. How many people own an iPad or iPhone or are on Facebook, Instagram or the many other social media, which did not exist in 2000? None of them existed. If that is the case, as I stated, I think a good question to pose is why there is resistance to supporting what Canadians want to see. Why would anyone oppose the framework legislation that we are bringing forward that would protect the interests of Canadians?

As I said, it is not like the Internet is an option nowadays. Today, it is an essential service. People will go to the Internet for a wide spectrum of reasons, whether it is streaming a favourite show from the past or something more recent, or looking at issues related to health conditions. I am always amazed at how the general knowledge of the population continues to grow on health-related issues.

That area has great potential, and it will incorporate AI and facial recognition. Non-profit and private organizations and even governments will use the Internet as a tool to deliver health care services and provide health care advice. Many people are taking that up and looking into it. That is one of the reasons that people will be living longer lives in the future. It is endless. That is—

Mr. Speaker, for a moment there, I thought, for once, we were going to get away without a preamble, but we had a lot of amble there, a lot of post-amble.

I can assure my hon. friend that the law that is coming this fall would protect every single Canadian who draws their income from a paycheque, and 0.13% of Canadians would pay a modest amount of additional tax on capital gains over a quarter of a million dollars garnered in a single year.

Tax fairness not only will be written into the law, but also will continue to be the thing we talk about in the House.

Tomorrow, we will complete the report stage study of Bill C-40, Miscarriage of Justice Review Commission Act, which is also known as David and Joyce Milgaard's law.

I would like to request that the ordinary hour of daily adjournment of the next sitting be 12 midnight, pursuant to order made Wednesday, February 28.

Our priorities next week will be to complete report stage and third reading of Bill C-69, the budget implementation act, and second reading of Bill C-65, the electoral participation act. We will also give priority to other important bills, namely third reading of the aforementioned Bill C-40 and report stage and third reading of Bill C-26, the critical cyber systems protection act.

Finally, there have been discussions amongst the parties and, if you seek it, I think you will find unanimous consent for the following motion:

That the motion standing on the Order Paper in the name of the Leader of the Government in the House of Commons related to the appointment of Christine Ivory as Parliamentary Librarian, pursuant to Standing Order 111.1(2), be deemed adopted.

This committee just did a review of Bill C-26. During that testimony, we heard that there were about 5.2 million cyber-attacks in four months in 2023, from September to December. I think that's correct. Of those, 62% targeted critical infrastructure.

In our testimony during our last meeting, Michel Juneau stated that “86% of our national infrastructure is either owned or operated by the private sector”. It's going to become a very serious issue, or it already is a very serious issue. We may not even be aware of what's transpiring underneath. What's the best way to go about delivering that message and ensuring that there are safeguards in place within this bill?

You talked a bit about 40 items that you guys did a report on. Can you talk a bit about them, and give us a couple of examples and their relevance?

Thank you, Ms. Michaud.

I have a chair's ruling that I'm going to read.

The purpose of Bill C-26 is to help protect critical cyber systems in order to support the continuity and security of vital services and vital systems. The amendment would allow any law of the province relating to cybersecurity that provides for more stringent rules than those prescribed by regulations to prevail in that province. As House of Commons Procedure and Practice, third edition, states on page 770, “An amendment to a bill that was referred to committee after second reading is out of order if it is beyond the scope and principle of the bill.”

In the opinion of the chair and for the above-mentioned reason, giving precedence to a provincial law constitutes a new concept which goes beyond the scope of the bill as adopted by the House at second reading. Therefore, I declare the amendment inadmissible.

Thank you, Ms. Michaud.

We're at CPC-50.1, reference 12922438.

This is a similar amendment, although the wording is slightly different. That tells me where my fellow members stand, but I will move it anyways.

The amendment would add the following provision:

(2) Any law of a province relating to cybersecurity that provides for more stringent rules than those prescribed by regulations made under subsection (1) is to prevail in that province.

Quebec, for instance, has a ministry of cybersecurity and digital technology. It's reasonable to think that Quebec's rules are pretty relevant, if not more stringent, as may be the case in other provinces. If so, the amendment would ensure that the rules of the province in question overrode the federal rules set out in Bill C-26.

Thank you very much, Mr. Chair.

This is regarding the issue of Bill C-26 and to ask whether it needs operators to immediately report a cybersecurity incident.

The reality is that we heard testimony from the Canadian Chamber of Commerce and other witnesses about a 72-hour reporting period, with “immediate” being defined as 72 hours.

It's important to note that in the U.S., the Cyber Incident Reporting for Critical Infrastructure Act also talks about a 72-hour reporting time frame.

Our witnesses said very clearly that “immediately” made it potentially difficult for them to resolve the issue and to respond to the cyber-attack, because they would be concerned about the impacts of not reporting in that immediate time frame. A 72-hour window would provide the ability to combat the cybersecurity incident and do the reporting in a very timely way.

I'd like to move what we heard from witnesses and move NDP-10 to essentially provide an amendment such that the designated operator must report the cybersecurity incident within 72 hours from the time the operator reasonably believes the incident occurred.

I call the meeting to order.

Welcome to meeting 101 of the House of Commons Standing Committee on Public Safety and National Security.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely by using the Zoom application.

I would like to make a few comments for the benefit of the witnesses and members.

Please wait until I recognize you by name before speaking. To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings. I will remind you that all comments should be addressed through the chair.

I will also quickly remind you of an informal meeting with the Norwegian delegation at 5:30 today, for those interested.

Pursuant to the order of reference of Monday, March 27, 2023, the committee is resuming its study of Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. Today the committee resumes its clause-by-clause consideration, beginning with clause 12.

I will now welcome the officials who are with us. They are available to answer questions regarding the bill, but will not deliver any opening statements.

From the Department of Industry, we have Andre Arbour, director general, strategy and innovation policy sector; from the Department of Public Safety and Emergency Preparedness, we welcome Colin MacSween, director general, national cybersecurity directorate, and William Hartley, acting manager; and from the Communications Security Establishment, we have Stephen Bolton, director general, strategic policy, and Richard Larose, senior technical adviser.

Thank you for joining us today. With that, we will begin—

Yes, Mr. Shipley, please go ahead.

Thank you, Mr. Chair.

This is another key decision point, and it's what we've repeatedly heard is the best route forward to improve Bill C-26. We heard from members of the coalition, and I'll remind you that the organizations involved include the Privacy and Access Council of Canada, OpenMedia, the National Council of Canadian Muslims, the Ligue des droits et libertés, the International Civil Liberties Monitoring Group and the Canadian Civil Liberties Association. All of them have said that an important component for ensuring that the public interest is protected is a provision for special advocates.

What this would do is add, after line 13 on page 8, the following:

(a.1) the judge must appoint a person from a list established by the Minister to act as a special advocate in the proceeding after hearing representations from the applicant and the Minister and after giving particular consideration and weight to the preferences of the applicant;

It would also add, after line 28 on page 8, the following:

(c.1) on the request of the Minister, the judge may exempt the Minister from the obligation to provide the special advocate with a copy of information if the judge is satisfied that the information does not enable the applicant to be reasonably informed of the case made by the Minister;

I won't read all of the amendment. I know that my colleagues around the table have had a chance to thoroughly review NDP-9, but the reality is that special advocates are top secret, security-cleared private practice lawyers, independent of government. We've already seen special advocates protecting the interests, for example, of permanent residents or foreign nationals subject to a security clearance certificate or other proceedings under the Immigration and Refugee Protection Act.

Currently, there is a list of special advocates who are cleared to defend individuals in matters like this, with the Immigration and Refugee Protection Act. There are apparently 10 special advocates available.

This is clear testimony we heard from numerous witnesses among the coalition members I mentioned. They are some of Canada's most reputable groups, and there is no doubt that having in place a special advocate would improve the legislation, so I want to move NDP-9.

I'll just follow up on that.

I know there are often exceptions for national security and whatnot. How can Canadians trust that, when an exception is laid out in Bill C-26...? This is larger than the conversation about this current proposed section. The minister is given discretion quite often to ensure they can use information if it's related to national security, etc. How can Canadians trust that the right balance is struck? This is a bigger conversation, but I think it will help speed up some of the forthcoming amendments.

Could you outline the processes in place to ensure that privacy is in fact protected and that, when an exemption is laid out in legislation, it's not opening it up for abuse?

Thanks very much, Chair.

My other committee is the access to information, privacy and ethics committee. While it notably prosecutes Liberal scandals, it also does a lot with privacy.

I would ask the officials if they could weigh in. I appreciate Ms. O'Connell's statement about it not being necessary, but I would ask if the officials could weigh in on the specific application of the privacy-related sphere in this and whether the amendments would make a notable difference compared to what is currently listed in the act versus what is in Bill C-26, as well as its applications of the myriad privacy rules that overlap here.

Thank you, Mr. Chair.

The Conservatives did agree to go through Bill C-26 without filibustering. I hope Mr. Kurek now has a copy of that memo because we really need to get through this bill.

Thank you, Chair.

G-3.2 is similar to G-1.2. We are concerned about being too prescriptive and limiting the ability to consult with required people as to threats. Obviously, when we look at administrative law, there's a zone of expertise that we allow the agencies to have.

I move to amend Bill C-26, in clause 2, by replacing line 28 on page 2 with the following, which is referring, I assume, to the Minister of Emergency Preparedness:

Emergency Preparedness and with the persons the Minister considers appropriate,

Thank you, Chair.

This is coordinating with G-1.1, which the committee agreed to. We're saying that Bill C-26, in clause 2, should be amended by replacing lines 25 and 26 on page 2 with the following:

tem against any threat, including that of interference, manipulation, disruption or degradation, the Minister may, by order and af-

Thank you.

Thank you, Mr. Chair.

I apologize to my Conservative colleagues in advance for CPC-4 not being able to be moved if we adopt NDP-3.

We had a persistent theme in testimony before the committee that we need to ensure transparency around Bill C-26. What NDP-3 would accomplish is ensuring that orders are published “in the Canada Gazette within 90 days after the day on which it is made”. This has been suggested by coalition members who appeared before the committee, and it would ensure more transparency in the bill.

I move the amendment, Mr. Chair.

As we know, Bill C‑26 enables the government to issue confidential orders applicable to telecommunications service providers. While confidentiality can certainly be justified in certain situations, it shouldn't be the default rule. A number of civil liberties organizations have told us as much.

These organizations recommend a mandatory Federal Court order as a check and balance against government overreach. This could be an effective way to ensure that the government isn't hiding disproportionately intrusive actions. It adds some checks and balances to the legislation.

I'll read amendment BQ‑2, which proposes an amendment by replacement:

(2) On application by the Minister, the Federal Court may, by order, prohibit any person from disclosing some or all of the order's contents if it is satisfied that there are reasonable grounds to believe that such disclosure could be injurious to international relations, national defence or national security or endanger the safety of any person.

I'm wondering about part of line 3 of the amendment. The wording is “disclosing some or all of the order's contents.” That sounds funny to me. Again, I think that the legislative clerks are the experts on how to write this. If it sounds good in the legislative language, so much the better. I just wanted to make sure.

I have a question for the officials before we move on with the discussion.

I want to make sure that adopting this amendment wouldn't add lengthy delays to the process. Would it?

Thank you, Chair.

This is related to NDP-1 but has alternative language in G-1.2. We're moving that Bill C-26, in clause 2, be amended by replacing line 17 on page 1 with the following:

cil may, by order and after consultation with the persons the Governor in Council considers appropriate,

That's the amending language. Again, this is alternative language to NDP-1.

(Amendment agreed to)

I actually thought you were talking about interpretation for a different language. It's okay. They speak English very well.

All right. Now we have our study on Bill C-26.

Pursuant to the order of reference of Monday, March 27, 2023, the committee resumes its study of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts. Today, the committee commences clause-by-clause consideration.

I will now welcome the officials who are with us. They are available for questions regarding the bill but will not deliver any opening statements. From the Department of Industry, we have Andre Arbour, director general, strategy and innovation policy sector, and Wen Kwan, senior director, spectrum and telecommunications sector. From the Department of Public Safety and Emergency Preparedness, we have Colin MacSween, director general, national cyber security directorate, and Kelly-Anne Gibson, acting director, national cyber security directorate.

Thank you for joining us today.

We're going to move right into clause-by-clause.

The chair calls clause 1. Shall clause 1 carry?

Mr. Lloyd.

Thank you, Mr. Chair.

I was saying that I signed the request made under Standing Order 106(4) allowing us to hold today's emergency meeting for the sole purpose of dealing with the specific issue of Luka Magnotta's prison transfer. The purpose wasn't to re-examine Paul Bernardo's case. We've already met a number of times on that. I more or less agree with what Mr. Julian said. This study shouldn't be a continuation of the one we've already done, in my view.

In this case, I think it's really about setting the record straight and reassuring the public. In the past few days, a lot has been said about this transfer, which took place in 2022, by the way. It didn't just happen. Luka Magnotta was transferred from a maximum-security facility to a medium-security facility a few years ago now.

As I see it, the motion is more about the process, which—may I remind the committee—is apolitical. The Correctional Service of Canada has a protocol in place for the transfer and security classification of inmates. As per the statement that came out earlier in the week, Canada's corrections system is fundamentally based on rehabilitating offenders, even if they remain incarcerated for the rest of their lives. That is the legislative mandate of the Correctional Service, which says that it regularly balances factors such as risks to public safety; safe, secure and humane treatment; and victims' rights.

The Correctional Service of Canada's policy dictates that a security classification review be completed at least every two years for inmates classified at maximum or medium-security level and that they be placed at an institution with the corresponding level of security.

Understandably, then, a whole protocol is already in place, and that's what the Correctional Service officials told us when they appeared before the committee with respect to Paul Bernardo's case. I think it's important to have the officials back so they can explain it to us again.

We also need to hear from the warden of the La Macaza Institution, so she can explain how it operates. Is it true that inmates there live more comfortably than most Canadians? Is it true that they can take part in tennis, skating and other such activities? What conditions do inmates there live in? I think we need to hear that directly from someone at the La Macaza Institution.

I don't want to make this into a big to-do. I don't see the need to hold six meetings and hear from multiple witnesses on this specific issue.

There is, however, something that bothers me about Luka Magnotta's transfer. In the past, he had asked more than once to be transferred, but his requests had always been denied. Apparently, his last request was granted because he said he was transgender. He was assessed by a team of psychologists at McGill University, and they were skeptical of his claims, but that seems to be the reason why he was granted a transfer to a medium-security facility. If we should be questioning anything about Luka Magnotta's transfer, that may be it.

As parliamentarians, we can't start meddling in the transfer of every inmate in Canada. We cannot do that, and it's not our job.

This is probably a good opportunity to have Correctional Service of Canada officials explain to us again the protocol and legislation they have to follow when assessing and transferring offenders.

For those reasons, I have a number of changes I'd like to propose to the motion. I will read the motion and flag the parts I would amend.

The beginning would stay the same, in other words, “That, in light of the transfer of sadistic killer Luka Magnotta out of a maximum security prison to a medium-security prison”. I would then remove everything up to “the committee”.

I would delete the word “immediately” before “undertake”. I would replace “study in priority order, of no less than six meetings” with “study of one meeting”. Then I would delete “, and that these meetings begin this week,” but I would keep the part that says, “on how the decision to make this transfer was made, the prisoner transfer process for prisoners in maximum-security facilities, and the committee report its findings to the House”.

The part that says that the committee “call the following witnesses to appear” would stay, as would bullet (a), “the Commissioner of Correctional Service Canada, Anne Kelly”. It's important for the committee to hear what she has to say. Bullets (b), (c), (d), (e) and (f) would come out, but I would keep bullet (g)—“the Warden of La Macaza Institution”—and bullet (h)—“representatives from the Union of Canadian Correctional Officers”. Bullet (i) would come out, as would the parts added further to Ms. O'Connell's amendment. Lastly, I would add a representative from the McGill medical team that examined Luka Magnotta's case to the list of witnesses to be called.

I hope my fellow members will agree with me that this isn't the time to play politics. That seems to be what some parties are trying to do, and it's wrong.

I think the way to better understand the process and reassure the public is to figure out whether Luka Magnotta's psychological or psychiatric evaluation was flawed and why he was transferred. We could certainly question his medical team about it, and we could get answers about the transfer process from the Correctional Service of Canada officials, but that's all. We cannot start challenging every prison transfer of every federal inmate. Otherwise, it will never end. As I already said, that is not our job as parliamentarians. We are talking about an apolitical process. Turning it into a political issue is wrong.

As I said, I think we should get rid of the part about the committee holding six meetings on the matter. One meeting is enough, in my view. Furthermore, this study shouldn't take priority over our other work. We are in the midst of examining Bill C-26, and we should finish that study before we meet on this issue. The same goes for our car theft study. It should take precedence over this one.

I repeat, Luka Magnotta was transferred in 2022. If Mr. Caputo hadn't visited the La Macaza Institution, we wouldn't be here today. I, myself, visited the Port-Cartier penitentiary two years ago, but I didn't make a big fuss about the individuals I saw there.

Again, the process has to remain apolitical.

I hope that my fellow members will agree with me that we need to narrow the scope of the motion to address the core issue—Luka Magnotta's transfer.

Thank you very much, Mr. Chair.

Of course, my thoughts are with the victims today as well.

I support the discussion we're having. I appreciate that we've added additional witnesses. I think that is very important. Certainly, thinking of the victims today and the fact that we started this study last fall, my concern is that we have yet to report.... If the objective of our committee is to put in place recommendations that we oblige the government to follow to ensure that the concerns raised about victims and victims families, about the notification process around transfers and about how transfers are effectuated.... There are also the broad concerns that have been raised in the testimony we've heard so far in this study about correctional officers being consulted. They are the ones who know best the offenders who are in the institutions. We've heard from correctional officers that they haven't been consulted.

For all those reasons, it is important to continue this study. I would like the motion to reflect that we are continuing a study that we began last November and that what we're really doing is adding an additional six meetings for a total of no less than 11 meetings on this issue. As my Conservative colleagues have indicated, they see no distinction between the study we started last fall and the proposal to extend or continue that study we're hearing today.

I believe that we as a committee have made the decision to move ahead on clause-by-clause on Bill C-26. Cybersecurity is an issue that is of fundamental importance. I believe we can potentially wrap up the clause-by-clause study of this bill, which has been stuck out in no man's land now for two years. The reality is that we need to complete our work on that. I'm assuming that's the intent as well. We could potentially start the study this week. We would sit on clause-by-clause for cybersecurity, complete our work on that bill, which has been delayed for far too long and is far too critical for Canada's infrastructure, and then come back to this study. I have no objections to that. I believe the additional names Ms. O'Connell offered are valuable.

I have a further concern that's not reflected in the motion. I believe we need to clarify in the motion the fact that we're continuing this study. My further concern is the number of escapes we saw in previous years. I'm talking about the previous government, the Harper government. The number of escapes from federal institutions was at its highest level. In fact, the three worst years for prison escapes in recent memory were under the Harper government.

At the same time, we saw proposals to cut—to slash—funding to correctional services by $290 million. That was proposed by the Conservatives in December. That's a total of $290 million out of the overall Correctional Service Canada budget. I think that is a matter of some concern too. We've seen a higher level of escapes. If we're talking about public safety, it's important to keep in context that slashing the budget, as proposed and voted on in December, is not something that helps to reassure Canadians or to ensure public safety. That's an element that I think needs to be considered as part of continuing our study.

Overall, with those adjustments or changes, I think the most important element is that we proceed to hearing from witnesses, take a break around cybersecurity so we can complete the work that has been delayed for far too long and then come back and complete the study. Most importantly, I hope that we issue a report in the House of Commons that ensures victims are taken into consideration before transfers are put into place and ensures correctional officers are consulted in a meaningful way before transfers take place.

We can't defend at all the horrible, horrific, sadistic acts of Paul Bernardo and Luka Magnotta. The important thing is that the public have confidence in the correctional service and our prison system and see that they are working on their behalf. It is crucial that we get to a report and to recommendations, table them in the House, have a debate in the House of Commons and ensure that the government is being pressured to put into place the recommendations we are making.

In general, I support the motion. I think there is some tweaking required to ensure that people are aware that this is a continuation of a study we started last November. However, above all, I believe that we need to complete this study, make the recommendations and ensure that they are respected and put into place so that the concerns raised over the last few months are finally met with the response of the public safety committee.

Thank you.

Thanks, Chair.

I'm glad we have this motion. From our perspective, we have no issue with looking further into transfers of prisoners and classifications and working with this committee to put forward reasonable, worthwhile recommendations on how we can advance victims' rights in this country and improve the system. However, I think what we learned from the last few days of the study we did on this...because it's important to note that this isn't new. This isn't something the Conservatives are bringing forward today. We, as a committee, have already held several meetings on this and heard testimony, and this would be a continuation of that.

I hope that today is not just Conservatives performing for clips and that this committee is actually serious about working together to put forward serious, legitimate policy recommendations on how we can move things forward. That's exactly what we want to do and what we did as a committee when we all came prepared to ask questions of CSC and the witnesses we had before on this very issue. Again, there's no issue. We've participated and asked tough questions, as I think all Canadians want us to.

I think it's important that we look into this. It was stated by the earlier speaker that this was somehow related to Liberal legislation or a change, and that's simply not true. In fact, some of the years with the highest number of prisoner classification changes from maximum to medium were under Harper Conservative governments. In 2012-13, there were 291 reclassifications from maximum to medium. In 2013-14, there were 319 from maximum to medium.

If there's a question of how this is happening and what policies are in place for the Correctional Service of Canada, I think that's a fulsome conversation we need to have, but putting it out there that this was somehow a change in legislation or policy is, frankly, just not accurate. It's important that Canadians understand that there are certain politicians trying to use the most heinous and horrendous crimes in this country as a fearmongering tactic to suggest that current policies are somehow different from when Conservatives have held office. I think it's important that we get this data on the table so that Canadians can see exactly how decisions are made.

If this committee wants to make recommendations to the government to make changes or to review policy, I think that's absolutely appropriate, but if there's a suggestion.... If we're starting off with a base of misinformation that there was a policy change, I've just outlined that the highest number of maximum to medium reclassifications in the Canadian justice system happened in 2013-14 under the Conservatives' so-called tough-on-crime language.

It's important that we get the facts. That's why we're very happy to continue to hold meetings on this, to make legitimate fulsome policy recommendations based on what we hear and to ensure Canadians' voices are at the table. However, as I said, I think it's incredibly important that we start from a place of truth and honesty. I hope the continuation of this meeting does that, because I think we have a number of policy insights and things that every member of this committee would want to share.

I'll just raise a couple of points about the motion as drafted. I want to hear from colleagues, so please add me to the list again, because I'd like to hear other opinions.

As for doing the study immediately and in six meetings, my issue is not with studying this but with whether or not we need six meetings. We're open to the idea, but based on the witnesses listed in this motion, that wouldn't equate to six meetings. I think the Conservatives are maybe being a little disingenuous in terms of what this motion says and what they hope to accomplish, but we can debate the numbers in terms of what's needed and whether it's immediate.

Based on this, the Conservatives are abandoning the auto theft study. They also don't want to complete Bill C-26, which, as we heard from witnesses, would actually have direct impacts on Canadians' safety, for example, during a weather event when phone lines could go down and there wouldn't be protections in place to ensure that telecommunication companies or banks would have robust procedures to avoid cyber-attacks. I guess Conservatives don't care about those impacts.

This committee can determine the timing, but we had determined the sequence of meetings. Auto theft would being abandoned. Cybersecurity would being abandoned. The other studies we were looking at would be as well, given timing. I assume the minister's visit on the mandate, which was scheduled for next week, would also be abandoned if this motion passed as is.

I have concerns with some of that given the other committee priorities we've talked about, but, as I said, I'm prepared to listen to other opinions about priority and sequencing. We're not opposed to this study.

Mr. Chair, I'm going to move one amendment for now, and that is to add the following witnesses: Howard Sapers, the former correctional investigator for Canada; the John Howard Society of Canada; the Canadian Association of Elizabeth Fry Societies; Aboriginal Legal Services; the Black Legal Action Centre and the Canadian Civil Liberties Association. I'll give those names to the clerk.

I may have other amendments later, Mr. Chair, given my concerns about sequencing and the number of meetings. We're more than happy to move forward with this study, but I want to take into account other people's comments before making any additional amendments. I think it's important that we add some additional witnesses.

Thank you, Mr. Chair.

Thank you.

Okay. So leave that with the chair, please.

For Bill C-26, on Monday the clerk distributed the draft budget in the amount of $14,500.

Are there any questions or comments?

Thank you, Chair.

Just so we're clear, amendments are due on February 26. For February 26 and 29, the recommendation is to have the auto theft study. That is what the majority of the opposition side has come up with. Then on Monday, March 18 we would begin clause-by-clause of Bill C-26 with the idea that on that particular day, Monday the 18th if possible, we would extend those hours for a reasonable time depending on resources. I think that would be very reasonable, to begin Bill C-26 on that date.

I think there's kind of an understanding, at least among the majority of the committee, that we want to do two auto theft days next week and then we would start using extended hours in March on Bill C-26. That's my understanding.

I just don't want to get surprised when the notice comes out, Mr. Chair, and we have a huge extended February meeting coming out of nowhere when it's not very clear that the committee has agreed to that.

Chair, I'm sorry, but just to sort of recap, it's a riding week next week. The first week back both meetings would be on auto theft, and then when we returned after that we would do extended sittings for Bill C-26. Is that what I'm hearing, Mr. Julian?

Thank you.

I would like us to recap our discussion on dates.

I don't think that it's a bad idea to extend meeting hours. That said, sitting until midnight seems a bit like a closure procedure.

I agree that we could do more over four or five hours, such as Monday evening from 4:30 p.m. to 8:30 p.m. or 9:30 p.m. I don't see any issue with that.

Mr. Chair, please confirm that we can set the date for submitting amendments for February 26, and that the February 26 meeting will focus on car theft.

At the meeting on Thursday, February 29, we would begin the study of Bill C‑26. By then, the clerk would have already sent us the amendments proposed by the other parties, because we need to take time to study these amendments.

Since it will be on Thursday morning, we can't really extend the meeting. That brings us two weeks later, to Monday, March 18. I imagine that this meeting would be extended a bit. On Thursday, we would meet with Mr. LeBlanc.

We would continue the study of Bill C‑26 on April 8.

Is that right, Mr. Chair?

What I find rather interesting is that this has been on the books since June 2022, so we're 20 months into this, and now we want to rush through a process that we have heard many witnesses.... We also have significant recommendations to make in clause-by-clause to go through and fix this, and it's the responsibility of this committee to do that.

I don't know why there is the rush of an extra day or week or two to go through this. I don't support the extra length of meetings. We have other responsibilities as well, so I definitely don't support the need to sit extra.

I think we should get at the study on auto. When we're done with our recommendations and have them submitted, then we can go back and work on the clause-by-clause of Bill C-26. That, for sure, is going to take a lot longer than a couple of meetings of extended time.

I agree with my colleagues.

We could start our study on car theft in a week and a half. By next Tuesday, we could submit the list of witnesses for Ms. Michaud's proposed study on car theft. We could set the deadline for submitting amendments for the following week.

I would like to suggest something for the following week. In the next seven weeks, there are just two sitting weeks. If we conduct our study on car theft next week, I suggest that the committee hold longer meetings to discuss the proposed amendments to Bill C‑26.

Honestly, I find it difficult to discuss amendments for two hours and then to continue our discussion three days later. The amendments are often connected. I think that it would be more useful to hold a meeting from 3.30 p.m. to midnight, for example. If we did that, we could finish studying the bill that week. I'm talking about the second sitting week in March.

I propose that we hold longer meetings, extend the deadline for submitting amendments and start our study on car theft the week after next.

Thank you.

Before we go any further, we have some administrative housekeeping that the clerk would like to get some answers on.

We talked about this at our last meeting. If the committee wishes to start clause-by-clause consideration of Bill C-26, on Monday, February 26, I recommend to establish the deadline for submitting amendments as Wednesday, February 21, at noon.

I know there was some conversation surrounding this, so I'll ask if that's still good.

Mr. Shipley.

Thank you, Mr. Chair.

The Auditor General's report on the ArriveCAN application speaks specifically about this bad practice for handling confidential information.

This is something we need to learn from.

On Bill C-26 we've had testimony from The Citizen Lab at the University of Toronto. One of the recommendations was that relief should be available if the government mishandles confidential, personal or de-identified information, and that the legislation should be amended to enable individuals and telecommunications providers to seek relief if the government has mishandled that information.

I'll direct this question to Minister LeBlanc.

Do you believe that it's appropriate that we incorporate into that legislation lessons learned from ArriveCAN?

Thank you, Mr. Chair.

The issues that often came up during the consultations held here in the committee obviously concerned transparency and privacy.

Some colleagues have already addressed these issues. According to the Office of the Privacy Commissioner of Canada, it might be a good idea for the government to consult the office before making any decisions on Bill C‑26. Perhaps this would reassure Quebeckers and Canadians.

Obviously, Bill C‑26 currently doesn't set out a time frame from when the government accesses personal information held by companies, for example, to when it deletes this information under the bill. We also know that there are many data leaks, and that the government isn't necessarily immune to these leaks either.

How can we strike a balance between the right to privacy and the highly confidential power grabs and orders?

Where does the balance lie in all this? How can you reassure Quebeckers, Canadians and SMEs?

That's very much at the heart of the exercise that I think all of us are trying to achieve in Bill C-26.

Our federation gives our partners in provinces and territories jurisdiction over things as important as health care systems and highway infrastructure. We're all thinking of examples where these particular critical infrastructure sectors can be subject to these cyber-attacks. I've spoken to mayors of cities. Saint John, New Brunswick, it was reported—a small Canadian city—was subject to a pretty concerning cyber-attack.

The only way we're able to do that work is in partnership with provinces and territories and, of course, they are responsible in the case of municipalities as well. We would be wide open to signing agreements with provinces and territories. We think Bill C-26, if it's adopted and receives royal assent, can be a model for some other provincial legislation that should be companion pieces to this federal legislation.

As colleagues would want, we're always looking to respect provincial jurisdiction.

This is certainly a priority for us. However, we won't shy away from being a partner and a leader or from sharing information, as long as it's safe to do so. We'll be signing agreements with the provinces specifically to enable us to share information.

That said, we acknowledge that urgent situations arise in areas of provincial jurisdiction. That's why I gave the example of Newfoundland and Labrador. At the time, the premier of Newfoundland and Labrador told us that the province was completely overwhelmed in terms of resources. He asked the Government of Canada to step in. Of course, we did everything possible at the time to help them resolve the situation.

Thank you.

My follow-up question is to Minister Champagne.

ISED has given GC Strategies 25 contracts. Were any of these contracts related to cybersecurity or to provisions in Bill C-26?

Thank you, Mr. Chair.

Minister LeBlanc, Bill C-26 deals with cybersecurity. We know that the government's in-house IT capabilities are limited, and they are often dependent on contractors and consultants. We learned yesterday that GC Strategies has received $258 million from your government in contracts.

Has this two-person IT company working out of their houses received any contracts from your department related to cybersecurity and measures in this bill?

Thank you for that.

Other testimony we heard from Electricity Canada—and Madame Michaud noted that just a few minutes ago—was the fact that there are different regulations around NERC, the North American co-operative of energy, and what would be required in terms of Bill C-26. The recommendations from Electricity Canada were to ensure there wasn't a doubling up of regulations or requirements.

To what extent did the government consult with industry groups, such as NERC, over the course of the production of the bill? Is the government open to having more harmony between regulations that are already put in place by the industry groups and the provisions of Bill C-26?

Thank you very much, Mr. Chair.

The coalition of national groups, including the Canadian Civil Liberties Association, la Ligue des droits et libertés, and the Privacy and Access Council of Canada, have been critical of the bill, but have also proposed some concrete solutions.

One of those, given the fact it is clear in their understanding that Bill C-26 would restrict the applicant's access to evidence, is to create a special advocate to enable evidence to be tested in a court of law without being disclosed to outside parties. This recommendation, of course, borrows from the Immigration and Refugee Protection Act.

I have two questions for you, Mr. LeBlanc, on their suggestion around a special advocate. First, why didn't the government consider creating that special advocate in the legislation initially? Second, does the government now support the idea of improving this legislation, which has some major weaknesses, by the creation of a special advocacy?

Thank you, Mr. Chair.

Ministers, I'll be honest with you. I think you already know this. When studying a bill, the Bloc Québécois likes to make sure that the jurisdictions of the provinces and Quebec are respected.

There's a concern about Bill C‑26. Electricity Canada officials told the committee about this concern. Bill C‑26 includes interprovincial and international power line networks in its list of critical systems. We can read between the lines that an organization such as Hydro‑Québec could be affected by this bill. Correct me if I'm wrong.

The Electricity Canada officials said that they would like to see the bill amended to avoid duplication, overlap or redundancy with the jurisdictions of the provincial agencies already involved.

For example, Hydro‑Québec, the pride of Quebeckers, could receive a financial penalty of up to $15 million for failing, for any reason, to comply with certain ministerial orders.

Is that right?

What does Bill C‑26 mean for Hydro‑Québec, for example?

Thank you, Chair.

Thank you, ministers, for being here.

We heard a lot about privacy and privacy concerns, and we heard that from witnesses, certainly. I think my colleague across the way misquoted the Privacy Commissioner, but there was a conscious effort in this legislation to provide foundational legislation here, in Bill C-26, and then a conscious effort to deal with some of the specifics through regulations. What the Privacy Commissioner spoke about was wanting to be involved in the development of those regulations to specifically address concerns of privacy, details around SMEs and indigenous communities that may need specific help and foundational work to actually implement the goals of this objective. Can you speak to how regulations and the work with the Privacy Commissioner would be engaged to deal with privacy concerns?

Thank you very much.

Mr. LeBlanc, one of your other portfolios is foreign interference in our election process. We've been talking about the Communications Security Establishment. They flagged late last year that Russia's, China's— and I think we can add to that allegations of India's—cyber-threat activity includes “attempts to conduct...attacks against election authority websites, accessing voter personal information or information relating to the election, and vulnerability scanning on online election systems.”

We've seen foreign interference have a dramatic impact in the United States in the election of Donald Trump and in the United Kingdom in the Brexit referendum. In what way would Bill C-26 reinforce our election system, our democracy, to protect against those cyber-attacks that have had such a marked influence in other democracies?

Thank you, but that actually wasn't my question. I certainly understand how Bill C-26 attempts to correct that problem. What I'm asking is what the figures are now? Do you have figures you can share with us, even if they've been reported on a voluntary basis, that indicate the extent and scope of cyber-attacks in Canada?

Thank you, Mr. Chair.

Thank you, Ministers, for being with us this morning.

First, I want to talk to you about an article published in La Presse entitled “Quand Ottawa veut jouer au gérant d’estrade”. The article appeared in 2022, shortly after you tabled Bill C‑26. The bill was tabled some time ago—over eighteen months. One wonders if cyber security is indeed a priority for the Canadian government.

The article was written by Ms. Célia Pinto Moreira, a public policy analyst at the Montreal Economic Institute.

She begins her article as follows: “Imagine a referee at a Habs game approaching a player to explain how to shoot the puck into the net. He’d likely lose his job: it’s neither among his duties nor his field of expertise.”

She goes on to say that this is what Ottawa is doing with Bill C‑26. She says, “Instead of minding its own business, the federal government wants to interfere in the implementation of companies’ digital security plans.”

She adds, “In digital security, things move at breakneck speed. When a company discovers a flaw in its system, it knows full well that it has every incentive to fix it quickly; otherwise it exposes itself to significant legal, reputational and financial risks […]”

She goes on to say that the federal government is slow or inefficient, citing the passport saga.

We remember that saga. It’s been a while. Other examples include Phoenix, Canada Life, the border. I think the government has been slow and inefficient in those situations.

All in all, it seems likely that Canadian companies are currently well prepared. They already have to deal with cyber security incidents. It’s said that in 2021, Canadian companies invested over $10 billion to prepare for this type of breach. So they’re already doing the work.

In practical terms, what will Bill C‑26 change for Canadian companies?

Thank you very much, Minister.

Mr. Leblanc, the same question is for you.

I'm glad that you mentioned our Five Eyes partners. With the interconnectedness of our economy growing day by day, how important is it for Canada to do our part to advance our cybersecurity protection efforts, specifically with relation to Bill C-26?

Thank you very much, Mr. Chair.

I’d like to thank the witnesses for being here today.

Mr. Champagne, drawing on your experience, having worked with our economic partners around the world, including the U.S. and Europe, can you walk the Committee through the importance of passing C‑26 to protect not just our own businesses, but the businesses we work with every day under free trade?

Thank you.

We heard almost unanimously that this is an important bill, but this is also a poorly drafted bill. Business groups, civil liberties groups and cybersecurity firms are all united in the fact that Bill C-26 gives the government too much power with almost zero oversight. There's no requirement for regular reporting, no independent review and no requirements for production of written reports. In fact, most of the powers in this bill would be exercised in secret.

Do you think that the sweeping powers that you're attempting to give yourself have enough oversight mechanisms attached to them?

Thank you, Chair.

Thank you to the ministers and the officials for being here this morning.

We are definitely talking about a very serious issue here with cybersecurity and Bill C-26.

Minister LeBlanc, Public Safety Canada recognizes 10 critical infrastructure sectors, one of which is government. A recent NSICOP report noted that several departments and Crown corporations are not subject to Treasury Board policies related to cyber-defence or they apply those cyber-defence policies to their departments inconsistently. This leaves them vulnerable to cyber-attacks. In fact, just recently it was revealed that Global Affairs Canada was suffering from a massive data security breach.

Minister LeBlanc, why is your own government not adhering to the same cybersecurity standards as the designated operators listed in this bill whose confidential business and personal information you're planning to collect and store?

Thank you, Mr. Chair.

It is a great privilege to appear before you today. It’s been over eight years since I had the privilege of becoming a Member of Parliament and testifying before committees. This morning is particularly important, especially as I have the privilege of testifying with Minister LeBlanc. For the people watching us, Canadians from across the country, it demonstrates the significance of the issue.

We should first ask ourselves why we are here this morning. Minister LeBlanc outlined the reasons. People should be reassured to see Minister LeBlanc, and his department, working in concert with the Department of Industry on an issue that affects not only all Canadians, but Canadian businesses across the country.

The issue of cyber security affects our small and medium-sized enterprises, or SMEs, families, all institutions across the country and even internationally. I can tell you that in the various international forums I’ve attended, the issue of cybersecurity is of paramount importance, especially when you add in everything to do with quantum technologies and artificial intelligence. That’s why I’m proud to testify today with Minister LeBlanc, a great friend who also sees the importance of our two teams working hand in hand to accomplish this today.

As I was saying, I’m pleased to be able to discuss a legislative text of paramount importance with you, dear colleagues. People across the country expect us to respond quickly to a situation that is evolving just as quickly.

One of the most important things we can do as legislators is to protect our critical infrastructure across the country.

As Minister of Innovation, Science and Industry, I take a particular interest in securing Canada's telecommunications system. Telecommunications networks are vital to the safety, prosperity and well-being of Canadians. When you've seen disasters striking around the nation, citizens expect their telecom networks to work. That's why adding, as we would be doing in this law, the concept of security as an objective under the Telecommunications Act is so crucial. It's not only about cybersecurity, but it's about protecting Canadians in the times they need it most. That's why we are committed to protecting the telecommunications system that underpins much of our critical infrastructure in the country.

Take the emergence of new technologies, such as 5G, as one clear reason we need to redouble that focus. As you know, 5G is going to have a network that is far more decentralized. You're talking about the Internet of things, you're talking about connecting almost everything. The object will become intelligent and connected. If you think about the impact of cybersecurity you'll understand the size of the problem, and not only the emergency powers we need but also the duty to act we all have as parliamentarians.

The threats targeting these technologies and systems are increasing in number. I’m talking, among other things, about threats to our supply chains and cyber security threats from state and non-state actors, of course.

With these threats in mind, the government undertook a thorough review of 5G technology. In fact, I’d like to thank all the Ministry of Industry officials and the Ministry of Public Safety and Emergency Preparedness officials who are here today. They carried out extensive consultations with stakeholders across the country.

We carefully examined the issue from a technical and economic standpoint, as my colleague Minister LeBlanc said, as well as from a national security standpoint.

It is clear that while this technology will bring significant benefits, it will also introduce new security concerns that malicious actors could exploit, as 5G networks are more interconnected than ever. Therefore, threats will have a more significant impact on the safety and security of Canadians, including our critical infrastructures, than in previous network generations.

It is in light of this security examination that the Government of Canada found serious concerns about suppliers such as Huawei and ZTE. You will recall that in May 2022 we announced the intention to prohibit Canadian telecommunications service providers from using Huawei and ZTE products and services in their 5G and 4G networks.

Our statement specified that the proposed measures would be subject to consultation.

However, the risks associated with telecommunications go far beyond cybersecurity, as I was saying. We took action in May 2022, when we made this announcement.

Canadians watching will remember the famous Rogers outage in the summer of 2022, which probably impacted 12 million Canadians for a number of hours. With the after-effects of Hurricane Lee in Atlantic Canada in September 2023, my colleague, Minister LeBlanc, was really involved in restoring the services that people need.

I want colleagues to understand that this is not just about national security, but the role of the industry minister is to ensure resiliency. If you think about hurricanes, if you think about the network outage we had, in the case of Rogers we were successful in getting a voluntary undertaking in the memorandum we signed with them in September, but I think Canadians will be reassured that the minister would have legislative power to compel companies to do what's right.

We know that these risks are not something the market can solve on its own, that's why we need rules for industry, rules that protect Canadians, our networks, our businesses and our data.

Bill C‑26, which we are discussing today, is designed to address those risks and evolving threats. It will enable the government to act quickly, if necessary, to ensure network security.

In my opinion, the powers granted to the Minister of Industry would enable him to act quickly. In an emergency, temporary measures must be adopted, but it must be done quickly to prevent bigger problems across the entire network.

The second part of Bill C‑26 will also strengthen the protection of our critical cyber systems. I believe Minister LeBlanc was heavily involved in that portion.

Our telecommunication network is probably the backbone of infrastructure. I know people at home may think of infrastructure as bridges that we need to protect, they may think about nuclear power stations, but the telecom network, which is basically enabling everything else, is one of the key networks that we need to protect.

Mr. Chair, we want to make sure we get it right. As Minister LeBlanc said, that's why we listened carefully to the debates in the House of Commons and comments from stakeholders and colleagues, who are here because, when it comes to national security, that's not a partisan issue. That's why we are committed to making sure that we do that in the best possible way.

I am happy to see that there seems to be broad support for the bill and the objective of securing our telecom network.

We want to work constructively to get the best possible bill, but I must add that action is urgently needed. People who would like to inflict harm on Canada are obviously seeking potential loopholes in the system. So it’s urgent to provide the government with the powers it needs to do things right. That’s important.

I therefore eagerly await the passage of Bill C‑26 to better protect our critical infrastructures.

Mr. Chair, my colleague Minister LeBlanc and I will be pleased to answer our colleagues' questions.

Thank you.

I will with pleasure, Mr. Chair—with a lot of pleasure.

Thank you, Mr. Chair.

Thank you, colleagues, for inviting me to speak about Bill C‑26, which pertains to cyber security.

I am pleased to be here with my colleague François Philippe Champagne and the other officials kindly named by the Chair.

Our critical infrastructure is becoming increasingly interconnected, interdependent and integrated with cyber systems. Canada's critical infrastructure plays a vital role in the delivery of essential services and the necessities of daily life. In order to safeguard our economic and national security, we need to take a more complete picture of the cybersecurity threats facing Canadians. We believe that Bill C-26 would be an important step in accomplishing that task.

This proposed legislation will protect Canadians and bolster cybersecurity across the federally regulated financial, telecommunications, energy and transportation sectors. These sectors are all critical contributors to both Canada's economy and the security of Canadians. Because of their vitality, they are also, obviously, attractive targets for malicious cyber-enabled activity, such as espionage, data and intellectual property theft, and of course sabotage itself.

These concerns are not just hypothetical. Recently the Canadian Centre for Cyber Security joined Five Eyes' operational partners in warning that People's Republic of China state-sponsored cyber-actors are seeking to pre-position themselves for disruptive or destructive cyber-attacks against the United States' critical infrastructure in the event of a major crisis or conflict with our neighbour to the south.

Cyber incidents are happening in our critical infrastructure sectors on almost a daily basis. In January 2023, CBC News reported that a territorial and Crown corporation, and the sole energy distributor in Nunavut, fell victim to a cyber-attack. In June of last year, the Calgary Herald reported that Canadian energy company Suncor suffered a serious cyber incident that shut down debit and credit processing at Petro-Canada gas stations across the country. We all remember the cyber incidents that paralyzed the Newfoundland and Labrador health care system in 2021.

Bill C-26 would help to defend our critical infrastructure and the essential services that Canadians and Canadian businesses rely on every day. This new act would increase collaboration and information sharing between industry and government and would require designated operators to report cybersecurity incidents to the Communications Security Establishment, which, as colleagues know, is an agency within the Department of National Defence.

By improving the government's awareness of the cyber-threat landscape in these critical, federally regulated sectors, we can warn operators of potential threats and vulnerabilities so they can take action to protect their systems and to protect Canadians as well.

However, the government can’t do it alone. That’s why we’re committed to working closely with our industry partners, through the formal regulatory process, to create a clear, consistent and harmonized regulatory regime across all provinces and territories.

We must and we will work alongside our allies, in particular the United States, to make sure that our interconnected critical infrastructure is protected.

This legislation is consistent with the cybersecurity approaches of our allies, and we have been engaging with international partners to identify opportunities for further collaboration. As recently as Tuesday of this week I participated in a Five Eyes ministerial call, during which Secretary Mayorkas, the U.S. Homeland Security secretary, raised many of the issues we're going to talk about this morning.

We found that stakeholders broadly support the intent of the bill and agree that we must work together to protect our critical infrastructure from cyber threats. However, some expressed concerns about certain aspects of the bill. We have, of course, listened carefully to the points raised by our colleagues in the House of Commons and others concerning transparency, accountability and the protection of Canadians’ privacy.

Fundamentally, this bill will help protect the privacy of Canadians’ personal information. Canada’s critical infrastructure systems, while secure, are not impenetrable. By requiring Canada’s critical infrastructure operators to maintain high levels of cyber security, we are also reducing the likelihood of personal data breaches on their systems.

I look forward to working with you, Mr. Chair, and Committee members, on all these issues. Of course, if the Committee deems it necessary, we are prepared to consider amendments that could strengthen the bill. In addition, we look forward to working with you to ensure that this bill is passed and that Canada remains a safe, competitive and connected country in a more secure environment.

Thank you.

I look forward to hearing what my colleague Mr. Champagne has to say—which is why I’m here this morning—and to answering questions from Committee members.

I call this meeting to order.

Welcome to meeting number 95 of the House of Commons Standing Committee on Public Safety and National Security.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely using the Zoom application.

I would like to make a few comments for the benefit of witnesses and members.

Please wait until I recognize you by name before speaking.

To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings.

As a reminder, all comments should be addressed through the chair.

Pursuant to the order of reference of Monday, March 27, 2023, the committee resumes its study of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts.

Appearing before us today are the Honourable Dominic LeBlanc, MP and Minister of Public Safety, Democratic Institutions and Intergovernmental Affairs; and the Honourable François-Philippe Champagne, MP and Minister of Innovation, Science and Industry. Welcome.

Witnesses from the Department of Public Safety and Emergency Preparedness include Patrick Boucher, senior assistant deputy minister, national cyber security branch; Colin MacSween, director general, national cyber security directorate; and Kelly-Anne Gibson, acting director, national cyber security directorate.

Witnesses from the Department of Industry are Éric Dagenais, senior assistant deputy minister, spectrum and telecommunications sector; and Mark Schaan, senior assistant deputy minister, strategy and innovation policy sector.

Please note that the ministers will be with us for one hour and 30 minutes. The officials will stay for the rest of the meeting in order to answer questions from members.

Colleagues, we need about 10 to 15 minutes before the end of the meeting to deal with committee business items, such as budgets and the committee schedule.

Welcome to all.

I now invite Minister LeBlanc and Minister Champagne to make an opening statement of up to 10 minutes each.

Thank you.

Minister LeBlanc, will you start?

Thank you, Ms. Michaud.

We're right on schedule.

I appreciate the witnesses today.

Before asking for adjournment, I want to make people aware that our last meeting for Bill C-26 is Thursday. We're contemplating having the amendments in and ready for clause-by-clause when we come back, so that will be by Wednesday noon next week. I know there is some discretion, so we'll likely have further discussions on that on Thursday. That is the outline.

We're adjourned.

Thank you, Mr. Chair.

I have a fairly simple question. It's the same question that I've asked various stakeholders at other meetings.

Bill C‑26 sets out quite heavy financial penalties for organizations that fail to comply with decisions or demands imposed by the government. We don't know what these demands might be, because the power granted is quite broad.

I asked the stakeholders whether these penalties were excessive. Some said that, instead of imposing penalties, incentives should be introduced to encourage organizations to comply with the government's demands. Others said that the penalties should be maintained, but that incentives for organizations should still be implemented.

Mr. Smith or Mr. Ghiz, what do you think of the penalties targeting companies such as the ones represented by your association?

Thank you for that.

What you're saying is that there are some major difficulties with Bill C-26 that need to be responded to, that the bill itself needs to be considerably improved, and that there are a number of amendments that need to be considered for the bill to do what it purports to do but also to ensure that the protection of information and the transparency are there. Is that not true?

Thank you.

I'd like to move on to Professor Clement.

You signed on, along with a number of important organizations—the Canadian Civil Liberties Association, la Ligue des droits et libertés, the National Council of Canadian Muslims, OpenMedia, the Privacy & Access Council of Canada—pushing for a series of amendments, 16 recommendations that would help to, in the words of the briefing, “restrain ministerial powers”, “protect confidential personal & business information”, “maximize transparency”, “allow special advocates to protect the public interest”, and “enhance accountability for the Communications Security Establishment”. These are very valuable recommendations that you've brought forward to us, that the coalition has brought forward to us.

What are the most important ones, the ones that we need to be absolutely cognizant of in putting forward amendments to Bill C-26?

Okay. Thank you very much.

Ms. Mason, I have the same question for you. To what extent was the Canadian Bankers Association actually consulted on the drafting of Bill C-26?

Okay.

To what extent were you consulted around the drafting of Bill C-26?

Yes, it did, Mr. Smith. Thank you.

I would like to put the same question to the representatives of the Canadian Bankers Association.

According to the Office of the Superintendent of Financial Institutions, banks are increasingly the target of cyber attacks. We've seen some examples in recent months. I imagine that this may lead customers to worry about the protection of their personal information. As in the case of telecommunications companies, I imagine that banks already have certain mechanisms in place and that, as Mr. Smith was saying, they're already meeting the requirements of Bill C‑26.

What does this mean for banks? Is it a relief or a burden?

In your opinion, what should be better regulated?

Thank you, Mr. Chair.

I want to thank the witnesses for joining us.

I would like to put my first question to the representatives of the Canadian Telecommunications Association. I'll then put a similar question to the representatives of the Canadian Bankers Association.

Almost everyone agrees that Bill C‑26 is a step in the right direction, and that it's relatively good news that the government wants to tackle the cybersecurity issue. However, there are fairly widespread concerns about the protection of personal information and privacy, in addition to the government's sweeping regulatory and order‑making powers in particular.

You represent carriers and companies that invest in telecommunications networks, such as Vidéotron, Rogers or Bell. I imagine that these large companies are already investing in ways to protect themselves against any cyber-attacks. They have the workforce to do so.

You may also represent slightly smaller companies with fewer customers. This could mean an additional workload for them. Some of them may have already endured cyber-attacks.

At this time, how do the companies that you represent protect themselves against cyber-attacks? What will Bill C‑26 change?

If the bill isn't amended, for example, to better regulate the government's powers, will somewhat smaller companies—such as small and medium‑sized businesses—consider it a burden or a relief?

I know that it's a fairly broad issue.

We're basically seeing an incident of that magnitude every two weeks or less at this point. Are you concerned about that number growing? As some witnesses have indicated, if we don't put in place protections, for example with Bill C-26, Canadian financial institutions may increasingly be targets.

Thank you, Mr. Yalkin.

I'll turn my questions over now to Ms. Robertson. Thanks for being with us today.

I'm very interested in hearing more about some of the oversight mechanisms you would like to see put in place. You mentioned them earlier in the line of questioning. Can you expand on those and perhaps comment a bit on how Bill C-26 intersects with the Privacy Act?

Is there anything in there that you see as problematic? How can that be mitigated here in committee? What can we do?

Thank you.

I'd like to go to you, Mr. Yalkin.

You raised some important issues through OSFI. I have two questions for you.

First off, have you been consulted at all on Bill C-26? Was the banking sector consulted before the legislation was tabled, or afterwards?

Second, how many cyber-attack incidents have we had in the financial institutions covered by OSFI's mandate? How many cyber-attacks were there in 2023? Is that number increasing, decreasing or staying stable?

Thank you, Mr. Chair.

Thank you, Mr. Dufresne, for your service as law clerk and parliamentary counsel of the House of Commons, as well as your work in your current role as the Privacy Commissioner of Canada.

Thank you to all the witnesses for the information they have shared with the committee.

Commissioner, I have two questions for you.

You mentioned the importance of having Bill C-26 require government organizations to conduct privacy impact assessments.

First, have government or non-government organizations ever consulted your office? The bill was introduced in June 2022, so certainly, there will be an impact.

Second, has an organization consulted your office to learn how to conduct the assessments? What impact will Bill C-26 have?

Thank you, Mr. Chair.

Thank you to the witnesses for being with us.

In your opening remarks, Mr. Dufresne, you raised your concerns with respect to privacy. Most of the witnesses we've heard from actually share your concerns.

What you're recommending—that your office be consulted—differs from what most of the other witnesses have proposed. The mandate of the Office of the Privacy Commissioner is to oversee “compliance with the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act”.

You are recommending that, should Bill C-26 be passed, the Department of Public Safety or the minister responsible consult your office.

In the case of other bills, do departments or ministers consult your office on privacy considerations? If so, can you provide an example? It would give us a sense of how things would work.

We know that during the course of the committee's study on Bill C-26 so far we've heard a lot of stakeholder reaction around privacy rights and information sharing. You touched a bit on this in your opening testimony as well. Do you have any suggestions for how these concerns can be mitigated through regulations, especially when the data is crossing national boundaries?

Thank you, Chair.

I would just like to point out that if it weren't for Conservative filibusters, we would have been finished with Bill C-26 and we would be on auto theft right now.

If this were such a serious issue, they wouldn't have brought up Emergencies Act motions—at least six of the same thing, just changing how many meetings—and they would have gotten to the point. I believe that, just at the last meeting, it was the first time a Conservative member actually asked witnesses a question on Bill C-26. If it were such a concern, we would have already been studying auto theft—which was Ms. Michaud's motion to begin with, which we all agreed with.

I think it's crucially important that we finish Bill C-26 and move forward with auto theft, and we can do that. We still have to submit amendments and things like that and then get to clause-by-clause, but we can go to auto theft in the meantime.

I will just confirm that the ministers, both Minister LeBlanc and Minister Champagne, are scheduled on Bill C-26 for February 15, and Minister LeBlanc is also confirmed for his appearance for the week when we're sitting in March. He's there on his mandate, and that's been confirmed to the clerk. Those are both scheduled.

I would like to point out that the minister was available sooner, but we were in a different study, and it was decided to invite other witnesses to come before that. I recognize the frustration in terms of scheduling the minister. I have been taking that back, but if it weren't for all of the continuous filibusters, we would have been in a very different place as a committee.

We need to finish Bill C-26. We have only two meetings left after this. We have the ministers and then one more, I believe, and then we can move forward, but if we continue to get filibustering motions from the Conservatives and they're not serious about talking about Bill C-26, then we're not going to be able to get to auto theft. It's a shame that they've done that, since it's really important.

I would very much hope that we can finish this study and move to auto theft, which was always the plan. Again, we would have been there if it weren't for Conservatives wasting committee time and taxpayer money talking about motions that they actually never even wanted to vote on.

Thank you, Mr. Chair.

I want to welcome the students from Saint‑Hyacinthe high school and thank them for joining us today.

The motion covers a number of elements, and my preference in those cases is always to have the steering committee discuss the matter. I'm all for inviting the minister, but I think it's unlikely that he'll be able to make time in his schedule on Thursday.

While I think it's important to get started on Ms. Michaud's study, which we all support, as soon as possible, doing so would delay our study of Bill C-26. For the past month, we've had a number of challenges in holding discussions and meeting with witnesses. I think we need to improve Bill C-26 right away. Then, we could move on to the auto theft study, which I think is important.

For that reason, I will be voting against the motion, but I will raise it with the steering committee. I think the committee should meet as soon as possible.

That said, I think we need to work out a schedule and invite the minister again. Mr. Shipley rightly pointed out that the minister has hardly been here, and that needs to change. We can discuss the auto theft issue as soon as we wrap up the study on Bill C-26.

Thank you, Mr. Chair.

I'd like to comment on the motion, if I may.

It's been a while since we've had a chance to discuss a motion. I just want to say that it is true that the minister still hasn't been here to talk about his mandate generally, even though that should happen at the very beginning of the year—and even in the middle of 2023, after he was appointed. I therefore agree with that part of the motion.

Since I proposed the auto theft study, I'm certainly not opposed to moving it up. I do want to say, however, that my intention is not to hold up the study on Bill C-26 either. I think it would be reasonable to do both at the same time.

I'm not sure whether the plan was to vote on this motion today, but I would support the motion.

Thank you, Chair.

Thank you to the witnesses for being here today.

Bill C-26 is a very important issue. I'm going to ask for a little time on this. I have no intention of infringing on anybody else's time today, Chair, but I would like to quickly move a motion that's on notice, and hopefully get back to Bill C-26 quickly. It's a short motion.

I move:

That the committee acknowledge that auto theft is a pressing issue facing Canadians and pursuant to the motion agreed upon regarding auto thefts on October 23, 2023, the committee commence this study on Monday, February 26, 2024 and dedicate the following six Monday meetings to this study, while reserving the committee’s Thursday meetings for the study of Bill C-26. Additionally, pursuant to the motion agreed upon regarding the Rights of Victims of Crime, Reclassification, and Transfer of Federal Offenders on Monday, October 23, 2023, that the committee extend its meeting on Thursday, February 15, 2024 for an additional hour and the Minister be invited to appear for the full three hours in order to discuss all matters related to his mandate.

Chair, I feel this is a reasonable approach and motion to prioritize a serious issue. I think all of us around this table agree that auto theft is a serious issue.

The reason we added trying to get a little extra time with the minister is that we have not had a minister report to this committee since May 30, 2023. The last time a minister came for estimates was May 19, 2022. We all passed a motion on October 23, 2023, “that the committee invite immediately the Minister of Public Safety and department officials to appear for two hours to discuss his mandate.” I was hoping to consolidate some of those meetings together and make our time work a little better. Perhaps the minister, if he can fit it in his schedule, could find the time to talk to us about many pressing issues that are going on here right now.

With that, I will cede the floor, Chair.

I call this meeting to order.

Welcome to meeting number 94 of the House of Commons Standing Committee on Public Safety and National Security.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely using the Zoom application.

I would like to make a few comments for the benefit of witnesses and members.

Please wait until I recognize you by name before speaking. To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings.

Pursuant to the order of reference of Monday, March 27, 2023, the committee resumes its study of Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.

Today we have two panels of witnesses. I would now like to welcome our witnesses for the first panel.

In person, from the Office of the Privacy Commissioner of Canada, we have Mr. Philippe Dufresne, Privacy Commissioner of Canada. By video conference, from the Office of the Superintendent of Financial Institutions, we have Mr. Tolga Yalkin, assistant superintendent, regulatory response sector. From The Citizen Lab, we have Ms. Kate Robertson, senior research associate at the Munk School of Global Affairs and Public Policy, University of Toronto.

Welcome to all.

Up to five minutes will be given for opening remarks, after which we will proceed with rounds of questions.

I now invite Mr. Dufresne to make an opening statement.

Go ahead, please.

Thank you very much.

At the Foreign Interference Commission, a number of experts said that Canada was probably one of the least transparent countries when it comes to national security. We know that the Communications Security Establishment, or CSE, reports to National Defence.

The Standing Committee on National Defence has already made recommendations to the effect that the CSE should be a little more transparent and that it should provide people with more information when there are cyber attacks, for example.

The Standing Committee on Public Safety and National Security is currently studying Bill C‑26, and there are expectations of the private sector. Don't you think that National Defence should set an example and be a little more transparent and proactive when it comes to whistleblowing when there are attacks or computer computer-related issues, instead of that information being somewhat concealed, in a way?

I do understand that you're a quasi-judicial body, and that limits what you can respond to here, but we're here to study Bill C-26 to make it better so that when it is delivered out into the world, it does its job. Is there anything you can offer us that will help us do that?

I would encourage you to consider the question to see whether there is an impact.

We also know that Bill C-11 and Bill C-18 gave sweeping new powers to the CRTC. We've heard from witnesses that Bill C-26 as written also grants too much power, mainly ministerial power. How do you recommend amending the act to give Canadians the confidence that there will be proper oversight without overreach and that transparency and accountability will be balanced?

Thank you very much, Chair.

I'll focus my questions on the CRTC. Last year, the Auditor General reported that the CRTC was not doing enough to track the affordability of Internet and cellular services, particularly in rural and remote areas. Has the CRTC undertaken any sort of analysis of the impacts of Bill C-26 as written on the prices that Canadians pay for Internet and cellular services?

Mr. Chair, I'll ask a question on behalf of Mrs. Normandin. I would appreciate some flexibility with my speaking time. If you don't mind, I'll ask her question first and then move on to my own questions.

Ms. Wright, my question concerns the recommendation that the committee received from Citizen Lab, which suggested that we provide relief for smaller telecommunications providers.

Should Bill C‑26's regulatory framework be implemented in a manner that takes into account its impact on smaller telecommunications providers? Should the implementation of this regulatory framework be flexible enough to ensure that smaller companies can easily comply with the components of the bill?

Okay.

I guess I'll ask you one last question before my time is up.

Is there anything that is not in Bill C-26, Ms. Wright, that you would like to see that could provide greater support for the work you're doing?

Would you be able to comment on how Bill C-26 will intersect with the Privacy Act? Is there anything in the bill that affects the applicability of the act?

One of the main focuses in this committee is on improving the bill and looking for things that are not included in it but that we could include to strengthen it.

Is there anything our trading partner and ally, the United States, is doing that we are not doing and that is not included in Bill C-26 but that you believe should be included?

I'll follow up on that.

Given the interconnectedness of the energy sector in Canada and that of our largest trading partner and ally, the United States, how important is it, in Bill C-26, for Canada to strengthen our cybersecurity protection?

Thank you.

I think that somewhere in there there was a little bit of good news for us. As I said, with that number of 5.2 million at the beginning, hearing yours at considerably less than that obviously will help us sleep a little better at night.

How will Bill C-26 change the way you do business overall? Will it help your members and help you? What's the main implication, if and when this is passed, for how it's going to change?

Thank you, Mr. Chair.

I'd like to congratulate Mr. Motz on asking the first question for the Conservatives on Bill C-26, a month into the study.

I'd like to go back to you, Ms. Quaid, on the issue of consultation.

There's also the question of whether or not we're increasingly a target because of the lack of action and delay around important legislation.

My third question comes back to your recommendation around expenses for joining, if I have this correctly, the Canadian Cyber Threat Exchange. To what extent would that be a cost? You said there is no cost, but I'm sure there would be. Have you evaluated what that would be and what the advantages are from that?

Those are three questions for two minutes.

Thank you, Mr. Chair.

My question is for all the witnesses. They should feel free to answer it.

Bill C‑26 strikes a type of balance between the items already enshrined in the bill and the regulations. I gather that many definitions will come from the regulations, penalties, all the people involved, and so on.

Cybernetics is a fast‑paced sector. While regulating a good portion of the sector can provide some flexibility, it can also hamper efforts to keep smaller companies up to date and informed of the latest developments.

I would like you to comment on the balance between the two.

Thank you very much, Mr. Chair.

Thanks to our witnesses. You've given us a lot of food for thought. I have a lot of questions. I hope that there are no further disruptions because, quite frankly, my Conservative colleagues haven't asked a single question on Bill C-26 to date, and I think that has to change. This is important legislation.

I have two questions for all three of you.

First, Ms. Quaid, you mentioned that further delays would cause loss of the faith of our partners. The government introduced this in June 2022. We're now in February 2024. We're seeing delays and disruption from the official opposition in trying to process this legislation. Beyond losing the faith of our partners, what are the other consequences? We've had previous witnesses say that, basically, Canada is increasingly becoming a target because we don't have legislation in place. What are the consequences of further delay? That is for all three of you.

My second question is based on your excellent brief, Mr. Bradley, talking about doing consultation during the regulatory process. To what extent has the industry been consulted by the government in the legislation to date? To what extent was there input so that we get this bill right?

I'll start with Mr. Bradley and then go to Mr. de Boer and Ms. Quaid.

Thank you.

I would like to hear from anyone who wants to address the responsibility issue, even if it means a second round.

I'm concerned that, if we completely remove the responsibility of large companies, which could have a team to do the job properly, they may somehow avoid feeling the need to comply with Bill C‑26.

Is there a risk of completely removing the idea of responsibility?

Thank you.

Ms. Quaid, you recommended that the bill be expanded to include voluntary collaboration among companies. However, this would mean a greater need for workers to implement Bill C‑26.

Was this part of your thought process? Is the widespread labour shortage a potential issue? I put this question to the committee earlier, and to the Communications Security Establishment, or CSE. I was told that this could be an issue.

I want to know whether this is an issue for you too, and if so, whether you have any possible solutions.

That's excellent. Thank you so much.

Thank you so much to the witnesses for being here.

It's truly disappointing to see, on issues of such importance, the Conservatives attempting to hijack this once again when they stand up and pretend to care about security.

Mr. de Boer, you mentioned mandatory reporting, not only here but with respect to the executive order in the United States. Bill C-26 requires mandatory reporting for affected sectors when there is a cybersecurity incident. Do you believe that this is important, and if so, why?

Thank you, Mr. Chair.

I want to thank all the witnesses for coming today, and for their testimony. We're taking notes, and we'll be taking everything you've said under advisement in our consideration of this bill.

Going forward, though, we do have another urgent issue that we're facing in this country, and it is the issue of auto theft. In the interests of allowing this committee to continue working on Bill C-26, but also to walk and chew gum at the same time and deal with the urgent issue of auto thefts in this country, I plan to be moving my motion that I put on notice at the last committee meeting to discuss. However, given that there have been some discussions with the other parties present, we have come forward with proposed amendments to this motion so that we can program this committee to work simultaneously on Bill C-26 while also working on the very important issue of auto theft.

We know that in 2022, the latest year that auto theft insurance statistics were made available, $1.2 billion in auto theft claims were made. We know that over 100,000 vehicles were stolen in Canada last year. This is a growing issue. It has increased, year over year, 50% in the provinces of Ontario and Quebec. It's a cross-Canada issue. Alberta is the third highest on the auto theft issue. This is a very important issue in my riding and I am very concerned.

We do need education to help people know what tools are available to them to help protect their vehicles from auto theft. However, at the same time, if the federal government does not take action to secure our ports and to put these repeat offenders behind bars, I fear that we are going to see an increase in the brazenness of these criminal acts, including violence committed against our citizens, if we don't take action to immediately put a chokehold on this unprecedented flow of Canadians' vehicles out of, particularly, the port of Montreal.

I understand, Mr. Chair, that my colleague, Larry Brock, is on the speaking list and will be next to speak. In the interests of ensuring that this committee can continue with its very important study of Bill C-26, but also continue and accelerate the study that was already agreed upon by this committee on October 23, on the motion put forward by our colleague in the Bloc Québécois, Ms. Michaud, I will cede the floor to my colleague, Mr. Brock, so that he can move the appropriate amendment.

Thank you, Mr. Chair.

I call this meeting to order.

Welcome to meeting number 93 of the House of Commons Standing Committee on Public Safety and National Security. Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely using the Zoom application.

I would like to make a few comments for the benefit of witnesses and members.

Please wait until I recognize you by name before speaking.

To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings.

All comments should be addressed through the chair.

Pursuant to the order of reference of Monday, March 27, 2023, the committee resumes its study of Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.

I would like to welcome our witnesses for the first panel.

From Blackberry, we have John de Boer, senior director, government affairs and public policy, Canada. From the Canadian Cyber Threat Exchange, we have Jennifer Quaid, executive director. From Electricity Canada, we have Francis Bradley, president and chief executive officer.

Up to five minutes will be given for opening remarks, after which we will proceed with rounds of questions.

Welcome to all of you.

I invite Mr. de Boer to make an opening statement, please.

Thanks so much.

I reached out to a friend of mine who's in the know, and her response was it's false that there are only five officers who are engaged in this. So we don't have the facts. There's dispute about the facts. The importance of the public safety study, which the Conservatives are filibustering, and Bill C-26 focuses on cybersecurity, which I know....

I take Ms. Gallant at her word in terms of being worried about money going to terrorist entities or state actors that Canada is not allied with. That's actually happening on the cyber front. That's being filibustered to prevent us to get to a thorough study. It's great to take a headline and put it into a motion and say, “This is fact.” We could have witnesses here, but the Conservatives don't want that.

It was interesting to hear Mr. Strahl talk about the good old days of the 41st Parliament. I'm sure he remembers fondly the Conservative cuts to CBSA. I believe it was about a thousand CBSA jobs that were cut during their time in office. That's interesting. You can send to my personal email account the motions like this that I'm sure he voted on, which were NDP motions like this that were just to set up a concurrence debate. I'm sure that was permitted quite a bit.

There is work being done by the government and in Parliament. I know the Liberal government is working with the Conservative government in Ontario on a big announcement in terms of money for a response to this. I'm looking forward to the outcome of the auto theft summit, and I really want to get to the public safety study on auto theft. Let's hear from all of these witnesses.

Mr. Strahl is right. A concurrence motion is an appropriate tool—it's in the rules—but the way the Conservatives are using it is to just shut down debate and the important work that Canadians expect us to do.

The motion at public safety was unanimous in terms of having a thorough study on the subject. Let's get to that. I'm sure Mr. Strahl, after this meeting, is going to get on the phone with his colleagues on the public safety committee, insist that they end their filibuster tactics and get us to a point at which we can actually debate something important and come up with actual recommendations from actual experts rather than gripping a headline that may or may not be true and using it as the basis for a motion for a concurrence debate in the House of Commons, which I guess Mr. Strahl is now admitting is the tactic in play.

I can't support this motion since it's based on incorrect information, despite being a serious issue. Let's do it properly. Let's get to the study at public safety.

Thank you so much.

There are a lot of statements being made that. They don't want to call experts. They're making these statements, and perhaps they're true, but if these statements are true, like combatting terrorism and this money's going to foreign governments to fund wars, I think Ms. Gallant will want to speak to her Conservative colleagues on the public safety committee, who are filibustering at every opportunity our attempts to get to that study. They're even filibustering bringing in additional motions similar to this, even though there's a study on the books already. It's just the Conservatives flailing their arms, trying to cripple Parliament. That's what we're seeing here.

Ms. Gallant accused me of filibustering. It must have been the world's worst filibuster—I think I spoke for five minutes. I think she has spoken for longer than I have. However, I really think she needs to speak to her colleagues on the public safety committee, because that's where this motion and a comprehensive study on it is currently sitting.

We need to get through Bill C-26, which is on cybersecurity. In that case, we've heard from experts that money from cyber-attacks is being used to fund foreign governments, to fund wars and conflicts, and to fund countries like North Korea. What are the Conservatives doing on that, a Conservative Party that cares about security or pretends to, anyway? They're filibustering it. They're filibustering witnesses who appear, whom Parliament's paying to fly in. They're making them sit there and watch filibuster debates, one after another.

I appreciate the crocodile tears from the Conservative Party that those of us on the other side of the table aren't taking this seriously. When the chips are down on the public safety committee, it's the Conservatives who don't care, who are not showing that they want to see action and hear from experts. Here we just have a motion, which is a one-liner that we can send to the House of Commons to cripple debate and continue their obstruction in the House of Commons. It's disappointing. Canadians deserve better.

Again, I ask the members here—and maybe it's not Ms. Gallant but the other Conservative members—to please speak to their members on the public safety committee. I really want to get to that study, and I don't want to do this piecemeal, like a one-line report. Let's hear from the RCMP, CBSA, port officials and experts on criminal justice. Let's actually find out. Maybe Ms. Gallant is right. Maybe this money is going to fund terrorism. If that's the case, why doesn't she want her colleagues to stop filibustering in the public safety committee to get to that thorough study that Mr. Strahl—and I believe him—says he wants? Even though his motion for a study is, I think, one meeting with two witnesses.... It's pretty weak tea from the Conservatives, who pretend to care about public safety. Clearly, the Liberals, the NDP and the Bloc care about this issue and want a significant study to look at the actual details so we can provide recommendations.

We need to be better on this, as a country, at all levels of government: municipal police forces, provincial police services, RCMP and CBSA. We need to be looking at this from a holistic perspective. It's easy and great for fundraising emails to say, “It's the federal government's fault.” There are some opportunities that we need to address, but if you're not going to do it in a serious way, it just shows how unserious the Conservative Party is on issues of security and on a lot of different issues. Pound the table. Get angry.

Housing is another example. During question period, there are 45 minutes when the Conservatives pretend to care about housing and security, but when it gets to actual tangible items, they're nowhere to be found.

Filibustering and obstructing, that's all this motion is. It's truly disappointing, once again, to watch the Conservatives go down this path. They used to be serious on issues of public safety, but not anymore.

Thank you so much.

I sit on the public safety committee, and this is on the agenda for that committee.

Unfortunately, what we're seeing here is that the Conservatives will delay. They talk a good game in terms of an important issue of public safety, which this is. I don't think there's anyone here at this table who believes that this isn't fundamentally important. However, even though there's a study at public safety, we're seeing Conservatives filibuster day after day. We can't get to that study. Here, what do we have? We're taking a headline, and I'm sure it's true, but the Conservatives don't want to have a study. They don't want to look into evidence. They just want to make a statement to bring a concurrence motion in the House of Commons to delay debate, to further the crippling of the House. This is what this is being used for—not for anything productive, not to get to the bottom of things, not to make a reasonable suggestion. This is all this motion is to do.

Even at this committee they're furious about the Infrastructure Bank, and have to find a way to filibuster to get to a report, which is something they want to do. Even their filibusters are conflicting in terms of where they find themselves.

You can see right through this. Again, I appreciate that this is a very fundamental concern for our constituents across the country, but they're not calling for a study. They're just accepting at face value a line from a newspaper report, which again may be true, but they don't want to get to the bottom of it. They don't want to look into things. They just want to have a concurrence debate in the House of Commons to delay legislation that is fundamentally important to Canadians. Again, they don't want to get to the bottom of it.

Really, what they should do is ask their Conservative colleagues on public safety to stop filibustering Bill C-26, so that we can actually get to a study on public safety and speak to not just the CBSA, but to the RCMP, to police chiefs in the greater Toronto area, to port officials.

With respect, this is not the effort that I would expect for a party that says this is a crisis. This is making a statement and delaying debate in the House of Commons, which will produce no recommendations. It's sad actually, if the Conservatives actually believe this is a serious issue and their response is to filibuster in the committee that's seized of the matter, and to have a throwaway motion in this committee so they can delay debate in the House of Commons, not get any evidence, not listen to the experts, because they have all the answers—not the RCMP, not CBSA, not local police chiefs. They have all the answers on this, and it's disappointing to see.

Madam Speaker, one of my Conservative colleagues was honest enough to tell me how he felt about this. These are tactics.

The Bloc Québécois is an opposition party. As everyone knows, the Bloc Québécois will never come to power in Ottawa. We are here to represent the interests of Quebeckers. Even though the current government is not our favourite and we do not always agree with it, we try to study and improve each bill as much as possible and make gains for Quebeckers.

My Conservative colleague told me that his party, as the official opposition, would oppose any bill introduced by the Liberal government to stop it from passing.

The Standing Committee on Public Safety and National Security is studying Bill C‑26 on cybersecurity, which is extremely important, and the Conservative Party is doing everything it can to delay it. The Conservatives always have an issue or a concern that is more urgent, or a motion to move. They are always filibustering, which is unfortunate. People elected us to do important work here in Ottawa, and we are being prevented from doing it because of these tactics. I want people who may be watching at home to realize this, but it is extremely difficult to get the message across.

In any case, we in the Bloc Québécois continue to do our job, and we are very proud of that.

Madam Speaker, I am delighted to have the opportunity to elaborate on this subject. As I was saying earlier, the Conservatives are finally paying attention. They now realize that this is an important topic and that it might be a good idea to add it to their arsenal of election slogans.

As my colleague from Saanich—Gulf Islands was saying a little earlier, it is true that investigative journalism brought this problem to our attention a few months ago. There are also organizations that come to Ottawa to tell us about certain issues and raise awareness about them.

Last April, I met with people from the Corporation des concessionnaires automobiles du Québec and the Canadian Automobile Dealers Association and they talked to me about this. It is wrong to say that they do not care about this phenomenon because they make money and they will be able to sell a car if a customer has theirs stolen, since they are reimbursed by the insurance company. It is not true that they do not care, because they are here in Ottawa to talk to us about it. They want the government to do something about this problem.

I first became interested in the subject a few months ago. I met with global car manufacturers, who also spoke to me about it. In October, following the feature story aired in J.E, a television program on TVA, and after the numerous news reports of the Journal de Montréal’s investigations bureau, I announced that I was going to move a motion at the public safety and national security committee. I talked to my colleagues about it, because we often see members of certain parties come totally out of left field with a motion on any given subject, thinking everyone is going to accept it as is. It is important to discuss these things with colleagues first and to make them aware of the issue. That is how I came to talk to my Conservative colleagues about the auto theft problem. They seemed to be very interested. When I moved the motion, all parties voted in favour of it. Everyone had a story to tell, everyone had a friend or colleague who had their vehicle stolen. A Conservative colleague even told me that he personally had his car stolen. There was definitely a consensus that this was something we should look into as soon as possible.

At the public safety and national security committee, we were looking at Bill C-20. That was significantly delayed by the Conservative Party for reasons we may or may not be aware of. The same thing is happening now with Bill C-26. The process has been delayed, and our committee agenda has us looking at the bill on auto theft after that. I do not really understand why the Conservatives are trying to delay this study as much as possible, when they are making it a priority today by talking about it. If it were that important to them, they would be working hard on the public safety and national security committee to finally get it done.

With today’s motion, they may be trying to get material for pre-election, or even election, slogans, because we get the impression that the Conservative Party may already be on the campaign trail. The Bloc Québécois did not get the memo. The Conservatives’ new slogan is in today’s motion, which states, “after eight years of soft on crime policies, this Prime Minister has created the auto theft crisis”. Who knew? The Prime Minister himself created the auto theft crisis. He sure has broad shoulders. I am not saying this to defend him. It is true that the Liberals have not done much in recent years to combat this problem. However, that the Prime Minister single-handedly created the crisis is something we cannot take very seriously.

I would even go so far as to say that the entire argument laid out in the Conservatives’ motion is completely disconnected from reality, despite the fact that the problem is all too real. If one looks at the problem with a minimum of seriousness, it is immediately clear that the COVID 19 pandemic in 2020 caused significant disruptions in the logistics chain around the world. One of the most hard-hit sectors was the industry producing the semiconductors needed for all microprocessors. The microprocessor shortage led to a worldwide reduction in auto manufacturing, which made demand go up. This increased the cost of used vehicles. Crime gangs jumped on the opportunity and quickly specialized in car theft and shipment to other markets. This was already happening on a smaller scale, but the pandemic and the impact it had on supply chains accelerated the phenomenon. Because of its geographical location, Montreal became an auto theft hub.

Why was that? Because Montreal is home to the largest port in eastern Canada that provides access to the rest of the world. Of course other ports are involved as well, such as those in Halifax and Vancouver. However, these ports have not been as affected as the port of Montreal. It is truly a gateway, a hub. As I was saying, the pandemic exacerbated the situation but, on top of that, new technological developments have made auto theft more appealing.

For example, consider the increasingly frequent use of smart keys, which make it easier to steal vehicles. Several news reports have shown how thieves go about it. All they have to do is use a relay to amplify the signal of a smart key inside a house by standing next to the front door. With an accomplice, the thief can then open the car door and start the engine.

They can also connect a computer to the onboard diagnostic port in the car, which enables them to use another key. All they have to do then is force open the door.

It is child’s play for people who know what they are doing.

In Montreal, as in the rest of the country, we have seen people using Denver boots or steering wheel locks to make it harder for thieves to steal their car. I say harder, because thieves have found other ways to remove these devices and leave with a car in no time at all.

This phenomenon is truly becoming a scourge, especially in Quebec and in Montreal. Auto theft has increased over the years. According to Équité Association, roughly 70,000 vehicles were stolen in Canada in 2022. That is huge. Between 2021 and 2022, the number of thefts increased by 50%, or half, in Quebec, by nearly half in Ontario, or 48%, by 34% in Atlantic Canada, and by 18% in Alberta. 2022 was a record year for auto theft. The numbers are not yet known for 2023, but by all indications auto theft has increased yet again.

The reported losses are in the billions of dollars for insurers, and we have seen premiums go up for ordinary people. Le Journal de Montréal reported that between 2012 and 2022, the average car insurance premium increased by 50% as well. This increase is in part tied to auto theft.

Given these facts, one of the questions we need to ask ourselves is why there is this growing interest in auto theft.

It must be said that auto theft is one of the easiest and least risky sources of revenue for gangs, which then use part of the proceeds to finance other criminal activities, such as gun trafficking and human trafficking. Those are the two reasons. It is easy and low-risk.

I explained earlier why it is easy. One reason it is so low-risk is that sentences are so light. In an article in La Presse, Jacques Lamontagne, director of investigations for Quebec and the Atlantic region at Équité Association and a retired Montreal police force criminal investigator, explained—

Madam Speaker, I will start again. Unfortunately, I do not think anyone heard me. If the member would put his earpiece in, I think that would work even better.

I am pleased to see that the Conservatives have finally realized that there is an auto theft crisis in Canada. I for one have been talking about it since October. I moved a motion at the Standing Committee on Public Safety and National Security to study this issue. The Conservatives agreed to it. They thought it was a good idea, but all they have done since then is hold up the committee's work. That is what they did with Bill C-20 and Bill C-26.

Why are they doing that? The reason is that they do not think that the auto theft crisis is all that important after all.

Why do they want to talk about it today? Is it because it makes for a good campaign slogan? Is it because they want to crack down on crime? Why has this become a priority for the Conservative Party today?

Thank you, Mr. Chair.

Thank you to all the witnesses for being here today.

My line of questioning will be mostly for Ms. Robertson and Mr. Hatfield.

I'm very concerned by the testimony you've shared with me today, in light of the fact that the government itself certainly has been victim of hacking. I recall that Global Affairs was the victim of a recent hack.

I think this is one of the dilemmas of increasing centralization of information, as Bill C-26 purports to do in collecting information on the cybersecurity plans of the designated operators. Is there any guarantee that, when government collects all of this very confidential and powerful information, it is better equipped than some of the best companies in the world to protect that information from hackers?

Thank you, Mr. Chair.

Ms. Bahr‑Gedalia, you spoke earlier about introducing a 72‑hour deadline to give companies time to report an incident to the government.

In the current version of Bill C‑26, it says that incidents must be reported as soon as they occur. You believe that the deadline you are proposing could give businesses a boost. I also think that 72 hours would be a good time frame, particularly to manage the additional paperwork that this bill will create.

As a chamber of commerce representative, you surely talk to companies and must know their opinion on this bill. What are you hearing from them?

What are the arguments behind the proposal to give them a little more time?

Thank you, Mr. Chair.

Once again, the Conservatives talk tough on crime. Mr. Brock can raise whatever supposed conversation he claims to have heard, because I guarantee it didn't exist, but I heard him talk about not even knowing what committee he was coming in to filibuster or what issues it was on.

It's been demonstrated very clearly that the Conservatives had time to ask questions and didn't bother.

I'll move to the witnesses on Bill C-26.

Mr. Shipley, you talked about the importance of this legislation. You raised examples of a natural gas pipeline that was hacked and what that does for critical infrastructure, including workers who might work in the energy industry. What happens if Canada is not prepared for a cyber-attack in our energy industry?

I'm actually really pleased that my colleague did that, because it just goes to show the immaturity the Conservatives are showing every day that we have been studying Bill C-26. They haven't asked a single question.

I overheard Mr. Brock, after his filibuster the other day, ask what we were studying and whether this was the first day we were on it.

They don't care about security or safety.

Thank you, Mr. Chair.

Once again, it's fake outrage for the Conservatives while the cameras are rolling. Once we get through Bill C-26, auto theft is the very next study, which Madame Michaud brought forward, that we would be dealing with. I also find it incredibly ironic that—

Thank you.

I find it hard to understand why the Conservative Party wants to table a notice of motion on auto theft in the Standing Committee on Public Safety and National Security, when the committee has already voted in favour of a motion on auto theft that I tabled a few weeks ago. I don't understand that. In addition, we are supposed to study this subject in a few weeks, possibly after the study of Bill C‑26. So I'm wondering about the need to table a new notice of motion on the same subject.

Thank you.

I would ask the clerk to take a recorded division, please.

(Motion agreed to: yeas 6; nays 4)

We will move on and get back to Bill C-26.

We'll start with six minutes for questions.

I believe Mr. McKinnon is first.

Thank you, Mr. Chair.

Mr. Motz seems to want to read the entire text of the judge's decision. At our last meeting, he didn't give his colleagues an opportunity to speak to his motion. I don't know if he intends to do the same thing today. I guess we won't have time to ask the witnesses questions.

I'm wondering if he can tell the committee how long he intends to speak on this. We must not waste the witness' time. They made the effort to come here to give us their comments on Bill C‑26.

If not, I will move that we vote on Mr. Motz's motion so that we can get back to studying the bill. That said, I don't know if he agrees with my proposal.

I'll ask the clerk for a recorded vote on that, please.

(Motion agreed to: yeas 6; nays 4)

We will start with Bill C-26.

I have a nice preamble here to introduce everybody. To save some time and to give you folks a little bit more time, maybe you could—I know this is very informal—say your name at the beginning of your five minutes, and that will hopefully give you guys a little bit more time, because we've already lost some time going into this.

We will start with our witnesses.

Mr. Shipley, do you want to go first? It rolls off the tongue nicely, doesn't it, Mr. Shipley?

I move my motion that we move to the business of Bill C-26.

Mr. Chair, I move that we move to the business of Bill C-26.

If you want to move a dilatory motion not to go to Bill C-26 and deal with that, then I think you can explain that to Atlantic Canadians today, too.

Thank you, Mr. Chair.

Mr. Motz just made the point. He moved to suspend the debate. There was no clarification on when that debate would then continue. We moved on to Bill C-26. The meeting was not suspended; the meeting was adjourned.

There is a new notice of meeting. Therefore, if you would like to lift the suspended debate back to the floor, you would require a dilatory motion. It doesn't just continue, because the meeting was adjourned and the debate was suspended. However, there was no time and place given, and there was no agreement that it would start off at the beginning. If you can point that out in the blues, I'm happy for you to read that, but I know it doesn't exist.

Therefore, you require a motion to bring the suspended debate back to the floor. Otherwise the notice of meeting is here, and that's what we move forward on, because the meeting itself was adjourned.

Again, we have witnesses here. The Conservatives don't seem to care about safety. I find it interesting, Mr. Chair, on this point, that today we're seeing historic snowfalls in Atlantic Canada, where Canadians, the people there and in Cape Breton in particular, are worried about being able to get out, being able to access resources. In Bill C-26, actually part of this legislation deals with ensuring the sustainability of telecoms so that in the event of a natural disaster, like what we're seeing in Atlantic Canada right now, there are literal lifelines still available—

Thank you, Mr. Chair.

Thank you to the witnesses for giving their valuable time to be here with us on this study.

Mr. Shull, I liked your opening remarks. You cut to the chase, as they say. I appreciate that.

I've spoken to a few groups outside this committee, and most of them think that Bill C‑26 is a great step forward. Overall, they feel it's a good thing.

However, they have two key criticisms.

First, they are criticizing the fact that government is being given a great deal of power. This bill gives certain ministers the freedom to issue orders in council and interim orders, but it doesn't necessarily provide any details on that. We don't know how that might look.

Second, they find the sanctions too severe. You talked about tax incentives. If I'm not mistaken, rather than imposing sanctions, you're proposing that tax benefits or incentives be put in place for companies that would be required to set up a cybersecurity framework, for example. You look at the issue from another angle: We should make participation a little more voluntary, while ensuring compliance and making sure the information exchanged is protected.

Can you tell us a little more about that?

Thank you very much, Mr. Chair. I would like to add my thanks to the witnesses for being here today in person and virtually.

Mr. Shull, I want to start with you.

First, thank you for using your opening remarks to provide solutions and ideas. In fact, that's why we're here. We're looking for ways to improve on Bill C-26 and ensure that we have a bill that protects Canadians while also ensuring that we protect their constitutional rights.

My first question for you is with regard to mandatory reporting for affected sectors and when there's a cybersecurity incident. Why is it important that we have that mandatory reporting?

Yes.

I know he's an NDP colleague, but I actually like Peter. If we could adjourn this debate on this motion, and in the time that we have remaining go to Bill C-26, I'm fine with honouring his request.

We will continue with the meeting, but before we go any further, Mr. Holland and Mr. Neiman have other engagements, so I'm going to ask....

First of all, thank you for coming. Your testimony will be extremely important for Bill C-26.

I will ask you a question in case we don't have an opportunity to have you back, if that's appropriate, Mr. Clerk, and I hope it is. If we could ask for a brief of your notes that you were going to discuss with us today, we would certainly appreciate that so that we could put those into the report.

I have a point of order, Mr. Chair.

I'm listening to Mr. Motz, and it seems to me that the motion he's introducing today could be presented to another committee, such as the Special Joint Committee on the Declaration of Emergency, which has already studied the invocation of the Emergencies Act. Do you know that Mr. Motz himself is vice-chair of that committee? He could very well introduce this motion to that committee. That way, the Standing Committee on Public Safety and National Security could focus on studying Bill C‑26. I suggest he do that. It would be much more efficient if this motion were studied by the Special Joint Committee on the Declaration of Emergency.

I don't know. It could be a couple more days, to be honest with you, and I apologize to the witnesses.

The issue that we as a committee and that government should be seized with is remedying the egregious overreach of the act, so quite honestly....

I again apologize to the witnesses. Bill C-26 is important, but to me, this issue supersedes it. Bill C-26 has been on the books since 2022, so—

Thank you.

I don't know if Mr. Motz could tell us how much longer he will be. I understand that the purpose of introducing his motion today is to delay the study of Bill C‑26 . However, we have guests here who have prepared to testify, who have prepared a brief and who have interesting information to share with us to help us do our work on the study of Bill C‑26. That would be of great benefit to all committee members. We have only a few minutes left to ask them questions. According to the schedule, we will change panels for the next hour of the meeting.

In short, I don't know if Mr. Motz can tell us how much longer he will be. Personally, I find that this shows a great lack of respect for the witnesses here today.

Thank you very much, Chair.

Thank you to the witnesses for being here.

While I and my colleagues certainly agree that Bill C-26 is an important piece of legislation that has been a long time coming, and that we need to protect our critical infrastructure, I'm going to take this opportunity to move the following motion, which has been properly placed before the committee:

That in light of the recent Federal Court ruling, which found that the government's use of the Emergencies Act in February of 2022 was illegal and that the special criminal laws subsequently created by the Liberal Cabinet were an unconstitutional breach of Canadians' Charter rights, the Committee undertake a study, pursuant to Standing Order 108(2), of the Department of Justice's role in supporting the government's illegal and unconstitutional decisions concerning the Emergencies Act, together with the consequences which follow the Court's decision, provided that

(a) the Committee invite the following to appear, separately, as witnesses for at least one hour each:

(i) the Honourable David Lametti, the Minister of Justice and Attorney General of Canada at the time;

(ii) the Honourable Marco Mendicino, the Minister of Public Safety at the time;

(iii) the Honourable Arif Virani, the Minister of Justice and Attorney General of Canada;

(iv) representatives of the Canadian Civil Liberties Association, and

(v) representatives of the Canadian Constitution Foundation; and

(b) an order do issue for all legal opinions which the government relied upon in determining that

(i) the threshold of “threats to security of Canada”, as defined by section 2 of the Canadian Security Intelligence Service Act, required by section 16 of the Emergencies Act, had been met;

(ii) the thresholds required by paragraphs 3(a) or (b) of the Emergencies Act concerning a “national emergency” had been met;

(iii) the situation could not “be effectively dealt with under any other law of Canada”, as required by section 3 of the Emergencies Act;

(iv) the Emergency Measures Regulations were compliant with the Canadian Charter of Rights and Freedoms, including the analysis relied upon by the Minister of Justice in discharging his responsibilities under section 4.1 of the Department of Justice Act, and

(v) the Emergency Economic Measures Order was compliant with the Canadian Charter of Rights and Freedoms, including the analysis relied upon by the Minister of Justice in discharging his responsibilities under section 4.1 of the Department of Justice Act,

provided that these documents shall be deposited with the Clerk of the Committee, without redaction and in both official languages, within seven days of the adoption of this order.

Now, it's critically important that we understand why we are bringing this motion forward. It is very important to remember that the Federal Court rendered a decision last week that was critically important, and it should have been a landmark for this country and for this government.

In order for us to have a clear understanding of what the Emergencies Act was about—how it came to be—and of the decision of this Federal Court and all those sorts of different nuances, I want to take some time just to provide a very paraphrased version, a summary, of the Federal Court—just a couple of pages.

In Ottawa on January 23, the Honourable Justice Richard Mosley of the Federal Court issued his decision. In part, it read as follows:

Summary: Four groups applied for judicial review of the decision by the Governor in Council [GIC] to declare a Public Order Emergency under the Emergencies Act....

The February 14, 2022 Proclamation Declaring a Public Order Emergency [the “Proclamation”] and the enactment of temporary special measures in order to deal with protests in various parts of the country—which included the occupation of the downtown core of Ottawa and blockades of ports of entry—were under review.

The decision went on to say:

This was the first time the Act was invoked since its enactment in 1988. The Proclamation, the Emergency Measures Regulations [the “Regulations”] and the Emergency Economic Measures Order [the “Economic Order”] adopted under the Act had a threefold impact: a) they prohibited a range of activities relating to protests in designated areas, b) they required third parties to assist police in ending the protest and c) they authorized financial institutions to disclose information on designated persons and entities to federal officials, and to suspend their accounts.

The Applicants/Parties raised issues which lead to the following...questions:

1. Was the Proclamation unreasonable?

With respect to the first question, the Court considered the decision under the reasonableness standard of review and concluded that the answer was yes, the Proclamation was unreasonable and illegal (“ultra vires”) of the Act.

Those of you who are lawyers will understand “ultra vires”.

The court said that they acted “beyond one's legal power and authority”. That's what the Latin term “ultra vires” means. It literally means that it's beyond the scope, or in excess of, power and authority.

Judge Mosley's decision continued:

While the Court recognized that the occupation of downtown Ottawa and the blockades of the ports of entry were matters of serious concern calling for government and police action, the threshold of national emergency required by the Act was not met. Under paragraph 3(a) of the Act, a national emergency is an urgent and critical situation that exceeds the capacity or authority of the provinces to deal with it, and that cannot be effectively dealt with under any other law of Canada. The Proclamation applied the temporary special measures in all of Canada's provinces and territories, despite the lack of evidence that it was necessary. Apart from the situation in Ottawa, the police were able to enforce the rule of law by applying the Criminal Code and other legislation.

While the conclusion that the Proclamation was illegal (“ultra vires”) was sufficient to dispose of the applications, the Court addressed the other issues should it be found to have erred in its findings on the first question.

Second, the Court considered the threshold for “threats to the security of Canada.” Section 2 (c) of the Canadian Security Intelligence Service Act [CSIS Act] defines threats to the security of Canada as “activities...directed towards or in support of the threat or use of acts of serious violence against persons or property for the purpose of achieving a political, religious or ideological objective.”

Under s. 17 of the Emergencies Act, the GIC required reasonable grounds to believe that the standard set out in section 2 of the CSIS Act had been met.

The evidence in the record before the Court did not support a finding that the impugned activities reached that threshold.

The second question as put forward by Justice Mosley was as follows:

2. Did the powers created by the Regulations and the Economic Order violate sections 2(b)(c)(d), 7 or 8 of the Canadian Charter of Rights and Freedoms, and, if so, could they be saved under section 1 of the Charter?

What do those sections actually say in the charter? Section 2 says:

Everyone has the following fundamental freedoms:

(a) freedom of conscience and religion;

(b) freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication;

(c) freedom of peaceful assembly; and

(d) freedom of association.

Section 7 talks about “Life, liberty and security of person”:

Everyone has the right to life, liberty and security of the person and the right not to be deprived thereof except in accordance of the principles of fundamental justice.

Section 8 of the charter deals with “Search or seizure”:

Everyone has the right to be secure against unreasonable search or seizure.

Justice Mosley asks if they could “be saved under section 1 of the Charter”. Section 1 says:

The Canadian Charter of Rights and Freedoms guarantees the rights and freedoms set out in it subject only to such reasonable limits prescribed by law as can be demonstrably justified in a free and democratic society.

Justice Mosley continues:

Concerning the Charter, the Court found that the Regulations infringed the guarantee of freedom of expression under s. 2(b), as they were overbroad in their application to persons who wished to protest but were not engaged in activities likely to lead to a breach of the peace.

The Economic Order infringed s. 8 of the Charter by permitting unreasonable search and seizure of the financial information of designated persons and the freezing of their bank and credit card accounts.

The infringement of sections 2(b) and 8 of the Charter were found to be not minimally impairing, and could not, therefore, be justified under s. 1 of the Charter.

The Court found that there was no infringement of the rights to freedom of peaceful assembly and of association in paragraphs 2(c) and (d) of the Charter. Any infringement of s. 7 respecting the liberty interests of the individual was found to be in accordance with the principles of fundamental justice and thus not a breach of the Charter.

Now, I think it's important to understand how things transpired, why we had a protest and how we got to this point in the first place. It has to do with the increasing degrees of overreach and abuse of power by the Liberal government and its trampling of the charter rights of Canadians.

In January 2022, nearly two years after the start of the COVID pandemic, Canadians were growing frustrated with government restrictions and mandates. The straw that broke the camel's back was the order that truckers—cross-border truckers, especially—and other essential workers would no longer be exempted from vaccine requirements. This was a threat to their livelihoods and a violation of their rights. For them, enough was enough.

They gathered from across Canada and came to Ottawa and other locations not just to voice their frustrations but also to be heard by this government. I think it's important to understand that this government had no interest in listening to them, and I know that first-hand.

I personally worked vigorously behind the scenes to arrange meetings between the then-minister of transportation, Omar Alghabra; the then-minister of public safety, Marco Mendicino; and protest organizer Tamara Lich, with the understanding that such a conversation would result in the protest being dismantled. However, they refused all attempts to make that happen personally with them, even on a phone call. The government completely refused.

I think, quite honestly, that their unwillingness to dialogue from the very beginning.... Had they changed their attitude, the situation would certainly have been totally different, and it could have been avoided.

The Prime Minister also added to this. He seemed to be fine stoking division, calling people names and allowing frustrations and tensions to grow to the point that he and his cabinet decided to take their overreach and disregard for charter rights to the next level by stepping outside of the law and their lawful authority by invoking the Emergencies Act for the first time in history.

What exactly what did that order say? I think it's important that Canadians are reminded of what the Emergencies Act actually said.

I will quote from the February 14, 2022, Government of Canada bulletin, which reads:

Whereas the Governor in Council believes, on reasonable grounds, that a public order emergency exists and necessitates the taking of special temporary measures for dealing with the emergency;

And whereas the Governor in Council has, before declaring a public order emergency and in accordance with subsection 25‍(1) of the Emergencies Act, consulted the Lieutenant Governor in Council of each province, the Commissioners of Yukon and the Northwest Territories, acting with consent of their respective Executive Councils, and the Commissioner of Nunavut;

Therefore, Her Excellency the Governor General in Council, on the recommendation of the Minister of Public Safety and Emergency Preparedness, pursuant to subsection 17‍(1) of the Emergencies Act, directs that a proclamation be issued

(a) declaring that a public order emergency exists throughout Canada and necessitates the taking of special temporary measures for dealing with the emergency;

(b) specifying the emergency as constituted of

(i) the continuing blockades by both persons and motor vehicles that is occurring at various locations throughout Canada and the continuing threats to oppose measures to remove the blockades, including by force, which blockades are being carried on in conjunction with activities that are directed toward or in support of the threat or use of acts of serious violence against persons or property, including critical infrastructure, for the purpose of achieving a political or ideological objective within Canada,

(ii) the adverse effects on the Canadian economy—recovering from the impact of the pandemic known as the coronavirus disease 2019 (COVID-19)—and threats to its economic security resulting from the impacts of blockades of critical infrastructure, including trade corridors and international border crossings,

(iii) the adverse effects resulting from the impacts of the blockades on Canada’s relationship with its trading partners, including the United States, that are detrimental to the interests of Canada,

(iv) the breakdown in the distribution chain and availability of essential goods, services and resources caused by the existing blockades and the risk that this breakdown will continue as blockades continue and increase in number, and

(v) the potential for an increase in the level of unrest and violence that would further threaten the safety and security of Canadians; and

(c) specifying that the special temporary measures that may be necessary for dealing with the emergency, as anticipated by the Governor in Council, are

(i) measures to regulate or prohibit any public assembly—other than lawful advocacy, protest or dissent—that may reasonably be expected to lead to a breach of the peace, or the travel to, from or within any specified area, to regulate or prohibit the use of specified property, including goods to be used with respect to a blockade, and to designate and secure protected places, including critical infrastructure,

(ii) measures to authorize or direct any person to render essential services of a type that the person is competent to provide, including services related to removal, towing and storage of any vehicle, equipment, structure or other object that is part of a blockade anywhere in Canada, to relieve the impacts of the blockades on Canada’s public and economic safety, including measures to identify those essential services and the persons competent to render them and to provide reasonable compensation in respect of services so rendered,

(iii) measures to authorize or direct any person to render essential services to relieve the impacts of the blockade, including measures to regulate or prohibit the use of property to fund or support the blockade, to require any crowdfunding platform and payment processor to report certain transactions to the Financial Transactions and Reports Analysis Centre of Canada and to require any financial service provider to determine whether they have in their possession or control property that belongs to a person who participates in the blockade,

(iv) measures to authorize the Royal Canadian Mounted Police to enforce municipal and provincial laws by means of incorporation by reference,

(v) the imposition of fines or imprisonment for contravention of any order or regulation made under section 19 of the Emergencies Act; and

(vi) other temporary measures authorized under section 19 of the Emergencies Act that are not yet known.

I think it's also important for Canadians to appreciate that the Emergencies Act laid out requirements for the government to do certain things during and after the invocation. Subsection 62(1) of the Emergencies Act says that there needs to be a review by a parliamentary review committee. It says, “The exercise of powers and the performance of duties and functions pursuant to a declaration of emergency shall be reviewed by a committee of both Houses of Parliament designated or established for that purpose.” I'll get back to that in just a minute.

The other thing that was required was an inquiry. Subsection 63(1) says, “The Governor in Council shall, within sixty days after the expiration or revocation of a declaration of emergency, cause an inquiry to be held into the circumstances that led to the declaration being issued and the measures taken for dealing with the emergency.”

I think it's important also to appreciate that Justice Rouleau's decision did not provide Canadians with the confidence they were seeking on both sides of this discussion. He made a decision that the very high threshold required was met; however, he did so reluctantly, very reluctantly, and he says so in his decision. He accepted the government's broader interpretation of the Emergencies Act without being given an opportunity to see it. He was troubled by that particular move. He also included in his report that he did not come to this decision easily, and interestingly, he states that the facts that he based his decision on were not overwhelming.

To me, the statement that says it all about how Canadians should lack confidence in his decision is that a reasonable and informed person could reach a different conclusion than he arrived at. That does not actually give Canadians much confidence.

Now, getting back to the parliamentary review committee, it was called the special....

Mr. Chair, with regard to the commentary over there, if the member wishes to participate in this debate, I invite him to do so after I'm done.

Thank you.

I call this meeting to order.

Welcome to meeting number 91 of the House of Commons Standing Committee on Public Safety and National Security.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely by using the Zoom application.

I would like to make a few comments for the benefit of the witnesses and members.

Please wait until I recognize you by name before speaking.

To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from the microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings.

This is a reminder that all comments should be addressed through the chair.

Pursuant to the order of reference of Monday, March 27, 2023, the committee is resuming its study of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts.

Today we have two panels of witnesses. I would like to welcome our witnesses for the first panel.

From the Business Council of Canada, we have vice-president of policy and legal counsel Trevor Neiman. From the Canadian Internet Registration Authority, we have Byron Holland, president and CEO.

Up to five minutes will be given for opening remarks, after which we will proceed with rounds of questions.

Welcome to all.

Now I invite Mr. Neiman to make an opening statement, please.

I understand that certain businesses can be designated as owners or operators of critical cyber systems covered by the bill. However, others will fall into a grey zone, meaning it will be unclear if they own or operate this type of infrastructure. According to the way Bill C‑26 is drafted, will it be enough to push some undesignated businesses into complying independently and voluntarily with the cybersecurity directions outlined in the bill?

If applicable, is there any opportunity for smaller businesses that fall into a grey zone to take advantage of the essence of Bill C‑26? Again, it brings us back to the labour shortage issue; if ever there’s a kind of appetite for this, is there a plan to be able to respond?

Thank you very much, Mr. Chair.

I thank the witnesses for being here.

I’d like to ask a question about the current context of labour shortages. That subject, among other things, was raised at the Standing Committee on National Defence. Often, we might have a good bill, but its implementation is a problem if, for instance, we don’t have sufficient resources to apply cybersecurity directives to certain businesses.

While the private sector currently seems to have an easier time recruiting staff than the public sector, are you concerned that a lack of staff would make implementing Bill C‑26 difficult, given the additional burden the cybersecurity directives represent?

Okay.

What new authorities will the government receive under Bill C‑26?

Thank you so much, Mr. Chair.

Again we see Conservatives filibustering. They talk a big game when it comes to public safety, but we have before us officials who are here on cybersecurity, something that the Conservatives pretend to care about but will filibuster at the same time. They don't want to hear from witnesses. They don't want to hear from experts. They come to ask for a motion. A different version has already been adopted—Madame Michaud's motion with respect to auto theft—by members, understanding that this is an area of concern. That has been adopted. That's something we want to go forward on. But no, let's burn half a meeting. That's the Conservative viewpoint on this. They don't care. It's just about chaos at this point.

We see Mr. Brock throwing municipal police services under the bus. He knows that the federal government isn't responsible for the resourcing of municipal police services. Mr. Motz promotes American-style laws and at the same time says they don't work. I guess when you just go on and talk about nothing in an attempt to filibuster, that's the type of stuff you'll get.

It's truly shocking, Mr. Chair, but that's what we've seen the Conservative Party come to. When there is an issue of security before the committee, an issue of national security and cybersecurity—we spent months talking about it in question period, and here it is, legislation to take action on it—it's delay, delay, delay.

They're right that auto theft is a concern. It was adopted by this committee, I believe unanimously, that we study this. The best way to get to that study, the quickest, is to get through debate on Bill C-26 so that we can get to a study that we all want to get to, but the Conservatives want to delay.

Mr. Chair, I move that we adjourn debate on this subject so that we can get back to the witnesses.

Thank you. All this feels oddly familiar.

I call this meeting to order. Welcome to the public portion of meeting number 90 of the House of Commons Standing Committee on Public Safety and National Security.

Pursuant to the order of reference of Monday, March 27, 2023, the committee commences its study of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts.

I would now like to welcome our witnesses today. From the Communications Security Establishment, we have Sami Khoury, head, Canadian Centre for Cyber Security, and Daniel Couillard, director general of partnerships and risk mitigation at the Canadian Centre for Cyber Security.

To support the Communications Security Establishment, from the Department of Public Safety and Emergency Preparedness, we have Colin MacSween, director general of the national cybersecurity directorate; and Kelly-Anne Gibson, director of the cyber-protection policy division. From the Department of Industry, we have Andre Arbour, director general of the telecommunications and Internet policy branch.

I now invite Mr. Khoury to deliver his opening statement.

Please go ahead.

My apologies, Dr. Lewis. The floor is yours.

As I was saying, what is very concerning is that Canada is one of the few G20 nations without a firm regulatory framework around cybersecurity. It's essential at this point, when we're looking at Bill C-33 and Bill C-26, that we keep in mind the need for Canada to act to protect the nation's critical infrastructure and the interconnectedness of these two bills.

We also know that in 2016, member states of the EU passed what was called the most comprehensive cybersecurity bill in the history of the EU. The bill was called the NIS Directive. The EU cybersecurity rules, which were introduced in 2016, were updated and later ratified in 2023. They continue to modernize and create this legal framework, which I think is quite instructive in the Canadian context. It keeps up and it increases the digitization...and the evolving cybersecurity threat, which is something we are attempting to grapple with in the present bills we are contemplating.

Expanding the scope of cybersecurity rules in the new sectors and entities further improves the resilience. We have dealt with resilience in the infrastructure context in this committee. This is also a very important part of what we're talking about in Bill C-33.

We have seen the problems that a huge infrastructure gap can cause, and one of the problems is the ongoing lack of transparency. We have seen, in our situation with the taxpayer-funded Canada Infrastructure Bank, an unacceptable performance over the last seven years. We want to build mechanisms into Bill C-33 to make sure we're not falling into the same traps and shortcomings we've had with other legislation.

Moreover, we have provisions in Bill C-33 that also raise concerns on cybersecurity and response capabilities of the public and private sector entities and competent authorities. In the case that I was discussing before, the EU as a whole can be used as an example of a model that Canada could adopt. When we're contemplating this bill, I think we should look at enabling legislation from different jurisdictions.

We know that most G7 member states are under the umbrella of the EU. The U.S. and the U.K. and Japan have separately implemented cybersecurity regulations to differing degrees, which I think are also instructive in how we confuse Bill C-33 with Bill C-26.

We also have to look at Canadian businesses and how they continue to be impacted by malicious cybersecurity and cyber-activity. This ranges from cyber-attacks to ransomware, and even things that we are exposed to on an everyday basis.

Many of these attacks include those on critical infrastructure. That accounts for nearly half of the attacks, and many of those go unreported.

This is very concerning. The Canadian Centre for Cyber Security has identified attacks on operations networks. They've also identified attacks on how it would impact the physical safety of Canadians. That was published in their biennial publication, the “National Cyber Threat Assessment”.

Now, in this context, when we look at the Ministry of Public Safety, we know that they acted to introduce new legislation, Bill C-26, an act respecting cyber security. I believe it was at the first stage in Parliament sometime in November 2022, and it went through second reading, I think, on March 27, 2023. Bill C-26 currently sits in committee. I believe it's going into law, if it hasn't done so already. When we look at where it is, going through the committee stage, and we look at the fact that Bill C-33 is contemplating sections of this bill, we know that it's very important for us to focus on it, because it may have the capacity of adding teeth to the governance and compliance structure of cybersecurity in Bill C-33.

It's very important that we look at the interconnectedness of these two bills, especially inasmuch as is needed in the area of operational technology where critical infrastructure lies.

Although we don't know how the bill is going to necessarily impact on Bill C-33, between the absence of similar legislation in Canada.... We don't know what the impact is going to be, because this is new. This is untested territory, but we know there is an increasing trend toward increased cybersecurity regulation among our international peers.

Having practised international law for a number of years, I can see the importance of Canadian businesses being prepared. Contemplation of this aspect of the bill and how it will be infused in Bill C-33 is very important at this time.

Canada does not have an overarching governing cybersecurity legislation, let alone require the reporting of vulnerabilities in critical infrastructure breaches, which is extremely problematic. Bill C-26 would empower some regulators to impose fines or issue some summary convictions to ensure governance and compliance. This is something that my colleague, Mr. Kurek, spoke about. It's critical to turn our minds to that, especially as we contemplate this bill.

Now I'll go back to Bill C-26. In its current form it includes four critical infrastructure sections, which I think are related to the transportation aspect of Bill C-33. When we look at the transportation corridors that are contemplated in Bill C-33, we see, in Bill C-26, that it's very important to look at these four critical infrastructure sectors: telecommunications, finance, energy and transportation.

The requirements for organizations in these sections are threefold.

First is to implement, maintain and report on the cybersecurity program, which will essentially address the risks across organizations. It will address the risk in third party services. It will address the risk in supply chain—

However, I would get back to the Bill C-26 conversation here, and how it is directly—

Sure. Thanks, Chair.

You're right, I was getting a little bit off topic there.

I'll tell you, it's easy to be passionate about the billions of dollars in economic impact that my people have—the people I'm proud to represent. It's billions of dollars that they have, yet, unfortunately, the Liberals seem to disregard that. They would toss it away for some dream that certainly is more of a dream than any reality, especially when we could be supplying our partners like Ukraine with clean, green Canadian natural resources.

When it comes to Bill C-26 and its relevance here on the Bill C-33 conversation, we have this connection that exists. Why I went down the path of talking about how proud I am of Canada's energy industry is that it's not always recognized how closely connected physical infrastructure and the security associated with that are to the cyber elements of how that works.

I would provide a local example, Chair.

A pipeline company just opened up a new control centre in Hardisty. This example is very relevant to both the physical infrastructure that Bill C-33 represents and the reference that it has to cybersecurity, which is referenced in Bill C-26. There's this close connection that exists. We cannot dismiss that. It goes further when it comes to our rail systems. It's not out of the realm of possibility to see how there's that close connection that exists between the cyber and physical security side of things.

If we don't see Bill C-26 addressing those things appropriately, if it's not responsive to the economic needs, if it doesn't take into account the privacy concerns of Canadians, if it gives too much power to a few individuals in our nation's capital who may not be responsive, or if, likewise, when it comes to Bill C-33 there's not this appropriate delegation of authority that takes into account.... I often refer to the word “tension” or what could be referred to as the Aristotelian mean. We have to find that correct tension or that mean place where we have that balance. I'm fearful that we simply don't get it when it comes to Bill C-26 and some of the elements that we have discussed at length, although most of the clauses have in fact passed.

There's been a change in who is in charge of the public safety file. I won't get into the host of criticisms that have been levelled by Conservatives against the ministers of public safety. They seem to come and go at an alarming rate.

I would, however, like to read from the Canadian Civil Liberties Association when it comes to some of the concerns surrounding Bill C-26. Then I will be happy to cede the floor to my colleagues, who I know have a tremendous amount to add to this conversation as well.

Although this letter is dated September 28, 2022, there's particular relevance to what we're discussing here today. It's written to the former minister and the leaders of the opposition parties, including Ms. May as the parliamentary leader of the Green Party. I think she's now co-leader of the Green Party.

It is titled, “Joint Letter of Concern regarding Bill C-26”, and I'll read it directly into the record, Mr. Chair:

Dear Minister,

We, the undersigned organizations, are writing to express our serious concerns regarding Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.

In your press release announcing this legislation, you were quoted as stating “In the 21st century, cyber security is national security.” We agree, and we share your goal of helping both the public and private sector better protect themselves against cyber attacks.

Isn't this very agreeable up until this point?

The Canadian Civil Liberties Association goes on to say:

However, in its current form, Bill C-26 is deeply problematic and needs fixing.

I would note—because the stickers on my iPad triggered certain members of this committee, I won't show you—that it's actually bolded. Those previous words are bolded because the CCLA wanted to make sure they were emphasized in the context of this conversation.

It says:

As drafted, it risks undermining our privacy rights, and the principles of accountable governance and judicial due process which are the fabric of Canadian democracy. The legislation needs to be substantively amended to ensure it delivers effective cybersecurity protections while safeguarding these essential democratic principles.

As you know, Bill C-26 grants the government sweeping new powers over vast swathes of the Canadian economy. We believe these powers need to be strictly delimited and accompanied by meaningful safeguards and reporting requirements to ensure Canadians can hold their government and security agencies to account.

Next, this is in bold again, Mr. Chair, and I reference that because it's obvious that the CCLA wanted to ensure that this was emphasized:

Put simply, with great power must come great accountability.

With a view to improving this legislation, we share with you the following specific areas of concern:

Opens the door to new surveillance obligations: Bill C-26 empowers the government to secretly order telecom providers “to do anything or refrain from doing anything.” This opens the door to imposing surveillance obligations on private companies, and to other risks such as weakened encryption standards—something the public has long rejected as inconsistent with our privacy rights.

Termination of essential services: Under Bill C-26, the government can bar a person or company from being able to receive specific services, and bar any company from offering these services to others, by secret government order. This opens the door to Canadian companies or individuals being cut off from essential services without explanation. Bill C-26 fails to set out any explicit regime, such as an independent regulator with robust powers, for dealing with the collateral impacts of government Security Orders.

It goes on to mention that it:

Undermines privacy: Bill C-26 empowers the government to collect broad categories of information from designated operators, within any time and subject to any conditions. This may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.

I would just note, Chair, that when it comes to the de-identified side of things, that's often an excuse that gets used. I know from my role on the ethics committee that we had a study that was undertaken when it was learned that the government had purchased a huge amount of data on movements during the COVID-19 pandemic. Although it was claimed to be de-identified, there were massive question marks associated with the amount of data the government received. I know that there was an overwhelming amount of concern that I certainly heard.

A number of people reached out to us when they did not hear back from Liberal members of the committee who didn't echo some of the concerns about how much information was being gathered: things like people knowing that the government could determine when people were going to the grocery store and liquor stores and other things. Certainly, in a free and democratic society, there were concerns about it. It was unclear. Canadians are pretty trusting, but they want to be respected. I talk about that tension or that Aristotelian mean that needs to be found, and I fear that this government has pulled that tension totally out of whack.

However, I digress. I will get back to what the CCLA has to say.

It goes on to say that there are “No guardrails to constrain abuse”.

Bill C-26 lacks mandatory proportionality, privacy, or equity assessments, or other guardrails, to constrain abuse of the new powers it grants the government — powers accompanied by steep fines or even imprisonment for non-compliance. These orders apply both to telecommunications companies, and to a wide range of other federally-regulated companies and agencies designated under the Critical Cyber Systems Protection Act.... Prosecutions can be launched in respect of alleged violations of Security Orders which happened up to three years in the past.

I would just note that in a late show that I was a part of yesterday—and I know that my colleague was actually there, too—I was shocked that the parliamentary secretary from Winnipeg North talked in support of a policy that actually sent farmers to prison. Now, I wouldn't want to go off topic here, so I won't get into the conversation around the Wheat Board, but my goodness, how concerning is it that the government would support policies that threw farmers into prison for wanting to sell their grain without the government controlling it? It is unbelievable that that's the point that these Liberals would go to, and that they still support it even after it was very clear that Canadians and farmers wanted the ability to sell their grain without the government controlling them. Truly it was an unbelievable level of control, which was specifically targeted at the west. It's quite something to have heard, and I'm sure my colleague here would agree with me that it was unbelievable to hear that be brought up in conversation in the House of Commons yesterday, that they would prefer to throw farmers in prison than to have a legitimate conversation around the impacts of, in that case, the carbon tax.

Thank you very much, Mr. Chair.

I hope everybody was able to have a good short break. I know that was seven or eight minutes of freedom that people had, but I'm sure they're thrilled to get back to the important conversation that we have here before us.

Mr. Chair, specifically due to the two-hour time change, of course, back in Alberta and the riding I'm proud to represent, I would note that my wife has probably just finished putting my kids to bed. To my boys, I love you guys; hopefully you're listening to your mama as she puts you to bed. I look forward to connecting with my wife post 11:30, after this committee wraps. That's one of the big things, when our families are back home holding down the proverbial fort.

Mr. Chair, I left off talking a bit about the wide-sweeping powers associated with Parliament when we live in a democracy where the idea of parliamentary supremacy is absolutely paramount. I believe I unpacked it adequately in the context and certainly I have a whole host of other things to say about that but wouldn't want to dive too deep into that in the short time that we have here.

However, I want to make sure that I get to the recommendations that this article references in terms of Bill C-26. It goes on to say...and I'll summarize this and then have a few other important interjections that I look forward being able to make.

The article said: “Given that the Bill has just been introduced,”—this article is a bit dated, but nonetheless very relevant—“its passage is not guaranteed, and additional changes to the draft law”—or in the Canadian context, bill—“may occur. However, and in the interim, if you are a provider of vital services”—which speaks to that vital connection that we have with Bill C-33 here before us—“and systems as described in the Bill, we recommend that you consider taking the following steps to improve your cyber resilience:

The first is:

Preemptively improve your security posture and processes to conform with the CSE’s best practices and guidance, or industry practices, and ensure that your contracts contain sufficient cybersecurity provisions to protect all parties in the supply chain; and

given the secrecy and potential immediacy of Government orders and directives, Telcos and Designated Operators should draft contracts to flow down potential cyber security risks appropriately.

That's almost unique in terms of some of the recommendations that have been made in the context of this bill. The authors go on to talk about how, if you are a supplier of products and services related to critical systems of designated operators as described in the bill, we recommend that you take the following steps:

Preemptively improve your security posture and processes as described immediately above in anticipation of more strenuous cybersecurity requirements requested by Designated Operators; and

I'll make a final point on this one, and then I'll look forward to getting into a few other aspects of debate here. The final point is:

anticipate shouldering more risk when contracting with Designated Operators and consult with your insurance provider accordingly.

A big thank you to Lisa R. Lifshitz—I believe I'm saying that appropriately—and Cameron McMaster, the authors of this. I believe it provides a good summary and a few very relevant recommendations in terms of the context.

I would note here as well, we're talking about critical infrastructure and, I know, specifically some of the larger conversations surrounding Bill C-33. We have the need for resiliency throughout every aspect of that, whether it's in relation to security, which is very important, or some of the challenges associated with climate. There has to be that security that does exist there, and we have to be mindful of that in the larger context of everything that we are discussing and how relevant that is.

On that note, Michael Den Tandt, if I'm correct on this—and I'm certainly happy to stand corrected—in an opinion piece to the Ottawa Citizen, which I believe is relevant especially for the Bill C-26 aspect here.... Michael Den Tandt ran for the Liberal Party in the 2019 election, if memory serves. He entered on December 4, so it seems like it's been more than a couple of weeks. Just last week, a column by him was published in the Ottawa Citizen.

Although it seems as if it's been more than a couple of weeks, he published this column in the Ottawa Citizen last week. I believe it would be very valuable to this conversation.

Den Tandt said the following in his column, “Canadian government must take the time needed to get its cyber security bill right”:

Bill C-26, the federal government's stab at shoring up the country's cyber readiness, passed first reading in the House of Commons on June 14, 2022. The legislation has two thrusts: first, to keep hardware from adversarial states out of Canada's telecom networks; second, to ensure our critical infrastructure is hardened against a plethora of new digital threats.

Nearly a year later, in late March of 2023, C-26 limped through second reading. The bill now rests with the Standing Committee on Public Safety and National Security, for review and possible amendment.

That this law continues to languish at committee, 16 months after it first saw the light of day, encapsulates one of its core failings which, in fairness, is not unique to this piece of lawmaking: Despite showing signs of having been written in a hurry, presumably in hopes of keeping pace with technological change, it's emerging too slowly.

By the time it passes third reading, then meanders its way through the Senate to Royal Assent, C-26 may well have been overtaken by events. The threats it is intended to counter are multiplying far more quickly than the glacial pace of the legislative process appears able to match.

What are these threats? The latest National Cyber Threat Assessment from the Canadian Centre for Cyber Security encapsulates them in language that, for a government document, is remarkably direct.

Cyber-criminals are rapidly scaling up, evolving ransomware and other attacks into a trans-national enterprise, while state actors—specifically China, Russia, Iran and North Korea—are deploying vast resources to attack and undermine open economies and societies by eroding trust in public institutions and the factual foundation on which their credibility rests. “You may be tempted to stop reading halfway through,” writes CCSE Head Sami Khouri in the foreword, “disconnect all your devices and throw them in the nearest dumpster.”

As a note, Mr. Chair, I had the opportunity to serve on the public safety committee for a short time in the 43rd Parliament. Hearing briefings from experts was eye-opening, to say the least, when we had examples. I believe it was CSIS, in their public report, that said there are 4 billion attempted attacks on Canadian cyber infrastructure in the course of a year. That's absolutely mind-boggling—the growing sophistication of the enemies of freedom and Canada, and the steps they will take to attack us and our infrastructure.

Den Tandt goes on to say the following:

To counter this, the draft bill offers two pillars: first, a revamp of the Telecommunications Act, giving the federal minister of Innovation, Science and Industry sweeping powers to order companies to ban certain products, clients or service providers, with possible daily penalties of up to $15 million a day if they don't comply; and second, the Critical Cyber Systems Protection Act (CCSPA), which would allow the minister and an appointed official to order cyber measures in federally regulated parts of the private sector considered essential to national security.

These include telecom, energy and power infrastructure such as pipelines, nuclear plants, federally regulated transportation, banking, clearing and settlement.

For all those questioning the relevance of this conversation, Den Tandt himself speaks about how closely connected this is to the conversation surrounding Bill C-33.

Seen from 10,000 ft. up, the broad scope of the legislation will appear justified to some; after all, don't significant threats justify dramatic action? But there's a difference between action that is on point, and action so riddled with gaps that it'll need a reboot the day it becomes law.

Christopher Parsons, in a dissection for The Citizen Lab, outlines six major concerns, any of which should be grounds for disqualification. These include an excess of arbitrary power, too much secrecy, inadequate controls on information-sharing within government, potentially prohibitive costs for smaller firms (the legislation draws no distinctions based on scale, or industry sector), vague language, and no recognition of Charter or privacy rights.

Brenda McPhail, in an October, 2022 analysis for the Canadian Civil Liberties Association, echoes many of Parsons’ criticisms, noting wryly that the law joins “an increasingly long line of legislation that would fill a clear need, if only it were better.”

If the goal, broadly, is governance that promotes prosperity, security, accountability, diversity and equity in a democratic society—then C-26, as drafted, should not pass.

Is legislation urgently needed? Absolutely. But have its drafters gotten it right? No. Given the blitzkrieg pace of growth in cyber threat vectors, it makes sense to continue to manage these threats on an ad hoc basis, as the minister has been doing, with assistance from The Communications Security Establishment (CSE) and the CCCS, and take the time needed to get the legislation right.

Thank you, Chair, for indulging me in that, because it's important context, and I would just note that the specificity of the criticisms that Den Tandt brings forward and the fact that he ran for the Liberal Party a short four years ago speak to two things I'd like to reference. I'm sure there's more, which maybe my colleagues would be interested in following up on, that references indirectly, first, that disconnect that exists between Parliament and executive government.

I would just note—and I know my colleague Mr. Strahl referenced this in a different context a number of times—that we had the conversation surrounding Huawei. Parliament, in fact, spoke up a host of times, telling the government that it needed to act. It wasn't a recommendation. It wasn't a suggestion; it was demanding action, yet we see still, in relation to the security of essential cyber networks in our country, that lack of action. The unwillingness for that action to take place sets Canada back what would be a... The pace that technology advances has set Canada back very significantly.

I know that it is key to ensuring that government is responsive not only to the demands of what Parliament is in terms of institution.... There's no other place in the country—and this is something that I think bears special emphasis—that every part of Canada is truly represented. I find it interesting that there seem to be a plethora of advisory boards and consultations, some of which have more legitimacy than others, but it's truly Parliament that is that voice for Canadians.

I'm always a bit hesitant, and maybe more than just a bit, when an advisory panel is set up. Specifically, I know that there are other bills that are before Parliament that set up some of these advisory panels, and this speaks to the disconnect that exists between Parliament and executive government. They set up these panels that sometimes are so disconnected from those who are impacted, and again, fearing that I would venture into something that would not be relevant, when it comes to critical infrastructure and specifically when you look at rail.... I have three main line rail lines that run through my constituency, and I represent about 53,000 square kilometres of what I refer to as God's country. It is a beautiful area in east central Alberta. It's a large area; in fact, it's about the same size as the province of Nova Scotia, just for context for those around the table.

I always find it very concerning when these advisory panels get set up, and they certainly don't often have the best interests of my constituents in mind, and we saw that and are seeing that played out in the so-called just transition.

Truly, there's no justice for my constituents, including the thousands and thousands who work in the energy industry. We saw that this was very directly the case when it came to the coal phase-out. The federal government promised to be there, and yet they were not. They failed my constituents. They failed the people who were told the federal government would have their backs.

I think that speaks to a disconnect between the role that Parliament should be playing—that ability to represent the people of our country—and the fact that quite often these so-called advisory panels end up being nothing more than a platform for the government to spout its same talking points. That's a deeply, deeply concerning trend that we have. One doesn't have to look any further than the appointments of these so-called independent panels.

Chair, there's a reason I bring this up. There's a specificity in relation to this. If we want to ensure that we are passing legislation, when it comes to Bill C-33 or some of the criticisms we've levelled at Bill C-26 and how the government clearly references both here....

They're expecting both to pass, although Den Tandt certainly has a host of criticisms to level at Bill C-26. I'm hopeful that my colleagues in the public safety committee will be fully engaged when this debate comes forward, but I would suggest that one needs to take very, very seriously the role that we have to play here.

That's part one of the criticisms I would suggest when it comes to where some of these things are. The second part here comes to how, as we develop an infrastructure, we have to take seriously our responsibility to ensure that this is done not only in terms of the demands of today, which is key, but also in building that for tomorrow.

I would actually reference something that I am quite familiar with. There are two industries that I am very, very proud to represent—and a pretty significant portion of it. Had we had the opportunity to debate the motion that I was so unfortunately shut down on, I would have talked at length about the impact agriculture has in the close to 5,000 farms, most of which are family-owned small operations or small businesses, not the big successful ones that the Prime Minister referenced in question period today. I'm not quite sure what metric he uses for that when they're paying the carbon tax, but certainly it's small operations.

We see how there is this demand for that infrastructure to be secure. That includes the cyber element of that. We've seen attacks that have shut down significant portions and left critical infrastructure in our country at risk.

I believe I was in junior high at the time, so this is going back a little while, when a power outage took place in the northwestern United States. It was deemed to be an accident, but it shut down New York City in terms of the power. It shut down a host of other jurisdictions, including some in Quebec and Ontario. It spoke to some of the interconnectedness that existed in our infrastructure.

More recently, a cyber-attack shut down the pipeline system on the eastern seaboard of the United States. Certainly, I mentioned agriculture before, but I also represent another significant portion: 87% of Canada's crude oil transits through Battle River-Crowfoot. Some of it is produced there, but 87% of Canada's crude transits through Battle River-Crowfoot.

When my colleagues wonder why I'm so passionate about our energy industry, it's because I get it. Unfortunately, we seem to have what my father would suggest is “city ignorance”. I won't venture too far down that path, but it's unfortunate that sometimes there's not a better understanding of how important some of this critical infrastructure is. That's not only in terms of our economy and the billions of dollars. In fact, if I look at the community of Hardisty, for those from Hardisty....

Who knows? They might be watching this right now. I know they're passionate about educating Canadians on the importance of energy infrastructure and how it is so unfortunate that—

Thank you very much, Chair. I certainly look forward to hearing what Dr. Lewis has to say about this. I know she has a great familiarity with this subject matter.

Chair, perhaps I could continue, because I do want to ensure that this is added to the record. I just mentioned how telcos will not be compensated, and I believe I provided a brief interjection about some of the commentary that has been provided at other committees in relation to compensation for financial losses.

Certainly, in the highly regulated telecom environment that Canada finds itself in, that would be a massive conversation that we could have at some point, but that would be venturing into the territory of not being relevant, so I wouldn't want to go there.

I will, however, continue with this summary, which talks about how:

The Amendments introduce new enforcement powers for the Minister of Industry to monitor the Telcos' compliance with the orders or future regulations, including investigatory powers and issuing AMPs of up to $25,000...per day for individuals (such as directors and officers)....

Chair, that summary relates to a significant ability and discretion, and this summarizes from a legal perspective some of the commentary that was in the brief Mr. Strahl provided. I want to ensure this is part of the record, because they're endeavouring not to take a specific position but rather to ensure theirs is non-partisan. As hard as that is for certain members of the committee to believe, if they have seen my debates in the House, it's important and valuable that such a perspective be included.

It then goes on to say, in regard to information sharing and secrecy:

The CCSPA and the Amendments require Designated Operators, Telcos, and any other person to share confidential information with the Appropriate Regulators, and Governor-in-Council and Minister, respectively, in furtherance of the objectives of the Bill. This confidential information may be shared with multiple federal government organizations, provincial and foreign counterparts, as well as international organizations, to pursue the objectives of the CCSPA and the Amendments. While these information exchanges will be governed by agreements and memorandums of understanding between the parties, the Minister may disclose the information if [it] is necessary in the Minister's opinion to secure the telecom system.

Given the national security purpose underlying this Bill, the secrecy of the orders is paramount. The orders from the Governor-in-Council and Minister may be subject to non-disclosure requirements. Moreover, for the sake of secrecy and expediency, the orders and directions of the Governor-in-Council and Minister do not follow the complete process outlined in the Statutory Instruments Act, and thus, are not registered, published, or debated in an open manner.

Certainly when it comes to that relationship, it's important to acknowledge—I know we've had a number of discussions, including on one of the clauses we passed here when I think there was a desire for further debate, but it ended up being moved forward—that a tremendous amount of latitude is being given to executive government when it comes to some of the powers that are associated with Bill C-26 as it relates to Bill C-33, and one has to be aware of the granting of power to executive government. That is certainly something that Parliament is able to do under our Westminster system.

However, it's important to keep in mind the larger tension that needs to exist to ensure that we do not forget at the very foundation—and this is incredibly relevant, not only to this but to everything we do here—that the government is only a function of Parliament.

I know that's something that can be a bit lost in the midst of conversation. I know that this very statement has even been deemed controversial at different points in time. Earlier this week we celebrated the Statute of Westminster, the point at which we brought home the Constitution, and I would note that it was an incredibly significant moment in Canadian history. That is relevant to the conversation here today, because it's Parliament that enacts laws that give the government its authority.

I would just note how we have seen various instances throughout our recent history—in particular the last eight years—where there has been more latitude given than I would suggest is appropriate. There are times when we could ensure that Parliament is able to better fulfill its job by a government that respects the fact that whether it's committees, or whether it's the role that the House of Commons and the Senate play in terms of our bicameral Parliament in ensuring that it is the ultimate arbiter of the land....

In fact, our Constitution and the Charter of Rights and Freedoms actually ensure that that is, in fact, the case with the notwithstanding clause, which I know the Liberals have.... In fact, I believe it was Paul Martin in a previous election—I was getting back to that. I couldn't even vote at the time, if members around the committee table can believe that. It was Paul Martin who, during a press conference, announced that he was looking at getting rid of that. I'm not sure that he understood the consequences, both in terms of the constitutionality or the amending ability of Parliament to be able to do that.

However, when it comes to the relationship to the issue before us, we have these wide-sweeping powers being given to executive government. If there is not the appropriate accountability, as the American Bar Association, in this article, is highlighting, it would be the.... We need to have clear direction to every element of what government is, to ensure that there is that check on executive government.

I do find it interesting. I'll get right back into the ABA. This article has a number of recommendations. I would just note that there are two quite distinguished lawyers who put together this article, which gives this overview of Bill C-26, and how it applies in the context of where Bill C-33 is.

Specifically, Chair, one can never assume that one will be in power forever, whether that's the Liberal Party or the Conservative Party. If we have the honour—and I certainly hope we do—we look forward to those days when we'll have the opportunity to govern on behalf of Canadians.

However, I find one always needs to look in the mirror. In fact, I've asked in the House quite a number of times about what the government would think, if they were in the opposition benches, about something that they were doing. It would not necessarily be the policy, because policy is one thing. You can disagree with policy. However, you need to be very mindful about how you approach the ability for a parliament to function in a manner that respects the very basis of what our democratic system is meant to be.

Chair, when it comes to the wide-ranging powers that are given to executive government, we do have to be very mindful that there's certainly a role that executive government needs to play in the administration of infrastructure, the administration of security and intelligence, and all of the aspects of what we're talking about here. However, when it comes down to it, Parliament is supreme in our country. We cannot forget that.

To ensure that I don't venture off into an area that would be deemed not relevant, I certainly won't spend time talking about a few examples of that, but there are some very pressing issues—one of which would be the designation of the IRGC as a terrorist entity.

Parliament spoke on that, yet we have an executive government that refuses to acknowledge.... I use that as an emphasis, not to get into the details of that issue, although it's certainly one that dominates a lot of our time in light of the atrocities that took place against Israel, and how Iran, and the IRGC specifically, funded and supports Hamas as a terrorist entity.... The fact that there's that disconnect is the point I'm making here. That speaks very closely to why we need to be very circumspect in the way we approach the role of executive government. There's that understanding. It has to come back to respecting Parliament.

If I had had the opportunity to talk about Bill C-234, I certainly would have, at length, talked about how that bill saw a great deal of support, including Liberal support by a few brave Liberals who were willing to support that bill.

Unfortunately, it was not able to get the support that it, I believe, should have received from the other place. Again, I wouldn't want to go into the area of not being relevant. When it comes to recommendations, I would—

Thank you, Chair.

I'm happy to address the point of order that was just raised. You know, it was not Conservatives who wrote this bill. When the Liberals did so, they did it with a reference to Bill C-26. If that member has concerns about the wider application of this bill, I would suggest he has an opportunity to get on the speaking list to ask those very questions. When it comes to the way in which there is that cross-application, certainly it bears relevance to it. Because of the way it was written, it provides that very application.

I will continue with regard to Bill C-26, Mr. Chair, as follows:

report cybersecurity incidents to the Canadian Security Establishment (the “CSE”);

comply with and maintain the confidentiality of directions from the Governor-in-Council; and

keep records related to the above.

To enforce these new obligations, the CCSPA grants to the Appropriate Regulators investigatory, auditing, and order-making powers, including issuing administrative monetary penalties (“AMPs”) of up to $1 million per day for individuals (such as directors and officers), and $15 million per day for other persons. Additionally, Designated Operators, and their directors and officers, may also be fined—or imprisoned if a director or officer—if either contravene specific provisions of the CCSPA; the amount of a fine is at the discretion of the federal court.

Now, that's the critical cyber systems protection act, but this article goes on to reference, in its summary of Bill C-26, the Telecommunications Act amendments. I found it very valuable in terms of that conversation and how, of course, when we talk about the application to Bill C-33, there is a tremendous amount of overlap when it comes to telecommunications and the critical infrastructure that our country depends on.

It goes on to say the following:

The amendments to the Telecommunications Act (the “Amendments”) establish new order-making powers for the Governor-in-Council and the Minister of Industry (the “Minister”) to direct Telcos to take specific actions to secure the Canadian telecommunications system. Specifically, the Governor-in-Council may, by order,

prohibit a Telco from using all the products and services offered by a specified person; and

direct a Telco to remove all products provided by a specified person.

The Minister, after consultation with the Minister of Public Safety and Emergency Preparedness, may, by order,

prohibit a Telco from providing services to a specified person; and

direct a Telco to suspend any service to a specified person.

Additionally, the Amendments grant the Minister the power to direct Telcos to do anything or refrain from doing anything that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including the following:

It then includes a number of points there.

I would just note and make the connection to some of the evidence that Mr. Strahl brought into the conversation, and some of the briefs entered into the committee, in the context of some of the concerns, especially from civil liberty and privacy groups. I know that there's been a host of experts. Again, as a member of the ethics committee, which deals with privacy, I know there's been a host of concerns brought forward. We have a great deal of them, especially because of the tech industry that has found its home both in my province of Alberta, where there's a huge boom in the high-tech sector, and in other areas across the country. In fact, I stand to be corrected here, but I believe the Ottawa area was known as “Silicon Valley north” at one point in time.

There's certainly the privacy and also the security related to that. There's a specific tension there. Some of the evidence that Mr. Strahl read into the record I think bears specific relevance to this larger conversation and how that applies to the transportation infrastructure of our nation.

The summary goes on to talk about Bill C-26, and it includes a number of summaries here that really succinctly identify some of what Bill C-26 talks about.

It starts off by saying:

prohibiting Telcos from using any specified product in or in relation to Telcos’ network or facilities, or part thereof;

prohibiting Telcos from entering service agreements for any product or service;

requiring Telcos to terminate a service agreement;

prohibiting the upgrade of any specified product or service; and

subjecting the Telcos’ procurement plans to a review process.

Mr. Chair, it goes on to say:

Interestingly, Telcos will not be compensated for any financial losses resulting from these orders.

As was noted, I believe, in the debate surrounding Bill C-26, they wouldn't anticipate there to be a large number, unless it started getting into the firms.... That's certainly an open question that I trust will be answered as Bill C-26 is further studied at their committee, but I wouldn't want to venture off the topic that we have before us.

It goes on to say:

The Amendments introduce new enforcement powers for the Minister of Industry to monitor the Telcos’ compliance with the orders or future regulations, including investigatory powers and issuing AMPs of up to $25,000–$50,000 per day for individuals (such as directors and officers), and up to $10–$15 million per day for other persons. Moreover, contravention of orders or regulations may result in prosecution whereby the Telcos, and their directors and officers, may have to pay fines (whose amount is at the discretion of the court) or face imprisonment.

Certainly, it's not only Conservatives who don't have confidence in those Liberals, but also an increasing number of Canadians who don't have confidence in the Liberals' ability to manage the country. I hear that on a regular basis. Again, if that member wants to be serious, I'm happy to have that conversation.

When it comes to Bill C-26, I'm glad to have the opportunity, after that member's push towards talking in circles, to get back to the matter at hand.

I have an article from the business law section of the American Bar Association that I think bears particular relevance to the conversation we are having. Chair, if you would indulge me, I believe it has context that is important to the discussions we are having. In particular, I find it interesting—and I'll jump into this article in a moment—how this provides important context.

The way the Liberals wrote the legislation does provide a great deal of latitude. There are two separate bills before Parliament, and certainly, they're taking great liberties when it comes to the assumption that things will pass, especially in a minority Parliament. That issue aside, the way the legislation was written, in particular, speaks to the larger conversation and especially to how it's different committees that study different aspects of these bills.

With Bill C-26, there was certainly some concern brought forward. I am a regular member of the ethics committee. There are some challenges in relation to this, and Mr. Strahl, in some of his interventions, referenced this. There are some specific noteworthy impacts. When it comes to the critical infrastructure being addressed in the context of Bill C-33, and the way the Liberals have taken liberty in writing the bill, which has a wide swath of expectations through to another bill, it certainly creates that context as to why this is so relevant.

This article that I will be referencing, Chair, and that I look forward to making part of this discussion, talks about the critical cyber systems protection act. It goes as follows:

The CCSPA introduces a new cybersecurity compliance regime for designated operators of critical cyber systems related to vital services and systems (“Designated Operators”). A critical cyber system is defined as a cyber system that, if its confidentiality, integrity, or availability were compromised, could affect the continuity or security of a vital service or system. Currently, the list of vital services and systems is comprised of the Canadian telecommunications system, the banking systems, and other federally regulated industries, such as energy and transportation. However, the Governor-in-Council may add new vital services and systems, and such Designated Operators will be governed by the CCSPA.

I would just take a brief pause there. I think the introductory paragraph of this article, which I am entering into the conversation, speaks to that direct relevance to the larger conversation related to Bill C-33.

The article goes on to say:

Under the CCSPA, Designated Operators must:

establish a cybersecurity program (details of which are more fully provided in the CCSPA and its regulations) within ninety days of an order being made by the Governor-in-Council;

implement and maintain a cybersecurity program, as well as annually review it;

mitigate cybersecurity threats arising from their supply chains, or products and services offered by third parties;

share their cybersecurity programs and notify appropriate regulators (namely, the Superintendent of Financial Institutions, the Minister of Industry, the Bank of Canada, the Canadian Nuclear Safety Commission, the Canadian Energy Regulator, and the Minister of Transportation) (the “Appropriate Regulators”) of material changes related to the business of Designated Operators and their cybersecurity programs—

Thank you very much, Chair.

It's interesting that the member says to keep it serious. I would suggest that when he shut down my earlier conversation about Bill C-234 and the impact that has on my constituents, that was of the utmost seriousness. That member refused to allow that discussion to take place, about the impact that has on my constituents. He should look in the mirror if he thinks it is simply a joke that there are farmers going bankrupt in my constituency and across Canada because of the imposition of that party's carbon tax upon Canadians.

When it comes to the issue at hand and specifically how Bill C-26 has a clear relevance in relation to the—

Thank you very much, Chair.

I appreciate the remarks that my colleague Mr. Strahl made, especially in light of the interconnectedness of Bill C-33 and Bill C-26 and how, in light of those connections, it becomes incredibly relevant.

To address a few of Mr. Badawey's previous points, I find it perplexing myself how the Liberals seem to have this tendency to find concern with anyone who is unable to buy what they're selling hook, line and sinker.

Certainly when I hear from constituents, which I do on a very regular basis, they encourage me to do everything I can to ensure I am being their voice in the nation's capital. When it comes to some of the legislation that may not always garner the headlines it deserves—and certainly Mr. Strahl mentioned it in the brief he presented before this committee—I think it is important for Canadians to know how, with the discussions we have, whether before the transport committee or the various other duties that all of us undertake on a regular basis in the nation's capital, there are important connections that do in fact take place.

Just to note, if you would permit me, Mr. Chair, I endeavoured to have a discussion—and I even had an object lesson—on 2019 rural Alberta special areas wheat. I looked forward to discussing that in the context of Bill C-234. Now, I wouldn't want to be off topic from the conversation around the bill we have before us today, but certainly I would express my disappointment that we didn't have the opportunity to discuss that common-sense Conservative bill that would have brought needed relief to families and support to our great farmers from coast to coast.

I want to ensure that I stick to the conversation we have before us when it comes to the way that the bill this committee is studying and the impact that some of the.... As Mr. Strahl stated, when you have a bill that references a previously passed bill, one of the concerns that were highlighted—and certainly it's not limited to this one—is that when briefs are submitted, sometimes they don't get the due opportunity to be engaged in. The fact that Bill C-26 is currently being studied at committee, I think, speaks to this interconnectedness. I know that Conservatives have endeavoured to—

Thank you, Mr. Chair.

Thank you for giving me a reference point to begin my comments again, which start with:

Furthermore, excessive secrecy surrounding existing orders or regulations would further undermine accountability, as courts or oversight bodies wouldn’t be able to assess whether collection or sharing of information was reasonably necessary and proportionate in furtherance of those secret orders or regulations. In short, it is unclear how the proposed confidentiality and secrecy provisions align with the need for accountability measures to ensure there is not an inappropriate intrusion into s. 8 Charter rights.

27. The Charter statement notes various information sharing agreements that are contained in the legislation. However, there are broad information sharing powers in Bill C-26 that are not subject to any information sharing agreements, or limitations on how the information may be used once shared. Furthermore, the majority of the Supreme Court has previously noted (in the context of other information disclosure powers accompanying supervised warrant provisions in the Criminal Code), that information sharing agreements are not “a panacea”, given that there is “always a risk that a foreign law enforcement agency may misuse the information disclosed.”

Part 3. Towards More Secure, Transparent, Accountable Governments and Telecommunications Networks in Bill C-26

28. This Part 3 summarizes recommendations identified in Cybersecurity Will Not Thrive in Darkness, as well as supplementary comments and recommendations flowing from the Charter analysis set out in Part 2. The report, including its specific textual recommendations, is enclosed as Appendix B. Where recommendations are identified in this brief for the first time, they are numbered with letters (i.e., Recommendation 1A) to maintain the original numbering of the report.

Here are some recommendations:

I. Limiting powers to order modifications to organizations’ technical or business activities

29. To include appropriate safeguards surrounding compulsion powers under Bill C-26, Cybersecurity Will Not Thrive in Darkness makes the following recommendations:

a. Recommendation 1: Orders in Council and Ministerial Orders Must be Necessary, Proportionate, and Reasonable. Currently, the legislation allows the government to issue an order when necessary to secure the Canadian telecommunications system. However, necessity is an insufficient curb on the government’s power; Bill C-26 should impose more conditions regarding the specific circumstances under which the government can exercise its power.

b. Recommendation 2: Orders Should Include a Reference to Timelines. The draft legislation should be amended to include a requirement that telecommunications providers must implement cybersecurity demands or orders within a reasonable period of time in situations where compliance with a demand or order would require significant or material changes to the recipients’ business or technical operations.

c. Recommendation 3: Government Should Undertake Impact Assessments Prior to Issuing Orders. Government assessments of its orders should identify secondary- or tertiary impacts that would have the effect of worsening an organization’s cybersecurity practices or stance. These assessments should be presented to telecommunications providers along with any demands or orders or regulations that are based upon these assessments. Such assessments should be included in any and all proportionality analyses of government demands or orders.

d. Recommendation 4: Forbearance or Cost/Cost-Minus Clauses Should Be Inserted. The government may issue a direction that could severely alter how a telecommunications provider is able to offer a service to customers. The legislation should be amended such that telecommunications providers can seek forbearance of certain orders where implementing them would have a material impact on the providers’ economic viability. Alternatively, if an order or regulation would have a deleterious effect on a telecommunications provider’s economic viability and the government demands that the order be fulfilled regardless, the provider should be compensated on either a cost or cost-minus basis.

e. Recommendation 5: The Standards That Can Be Imposed Must Be Defined. Without a clear definition of what a “standard” in the draft legislation entails, it becomes difficult to assess what kinds of standards the government is seeking to implement and whether it is adopting them safely. The legislation should be amended such that it is clear what kinds of standards are within and outside of the scope of the legislation. The evidence and analysis in Finding You underscore that urgent action is needed to establish mandatory security and privacy standards for telecommunications providers to require security postures that address the vulnerabilities in signalling protocols that enable mobile geolocation surveillance threats.It should also be made explicit that an order or regulation compelling the adoption of particular standards cannot be used to deliberately or incidentally compromise the confidentiality, integrity, or availability of a telecommunications facility, telecommunications service, or transmission facility. The intent of this recommendation is to prevent the government from ordering or demanding that telecommunications service providers deploy or enable lawful access-related capabilities or powers in the service of “securing” infrastructure by way of adopting a standard.

II. Secrecy and Absence of Transparency or Accountability Provisions

30. As noted above, Bill C-26 has “extensive and overly onerous secrecy and confidentiality requirements.” Laws that impose meaningful limits on the freedom of expression must be balanced and reasonably justified. While some confidentiality will be appropriate to ensure that unresolved security vulnerabilities are effectively brought into control, certain powers in Bill C-26 go further than what is required to accomplish cybersecurity and national security objectives. Furthermore, certain powers proposed are unaccompanied by reasonably available measures to protect the public’s interest in access to information concerning an important area of government action. In light of identified deficits concerning excessive secrecy or the absence of accountability provisions, we reiterate the following recommendations from Cybersecurity Will Not Thrive in Darkness:

a. Recommendation 6: Orders Should Appear in The Canadian Gazette. In Bill C-26, orders are required to be published in the Canadian Gazette, but the Minister has the authority to “direct otherwise in the order.” As such, “the result is that the government might issue orders that never appear in the Canadian Gazette, and there is no requirement for the order to ever be published in a complete and non-redacted format.” The potential effect could unjustifiably restrict meaningful public debate on a matter of public importance and, as a consequence, the freedom of expression. The legislation should be amended such that orders must be published within 180 days of issuing them or within 90 days of an order being implemented, based on whichever condition is met first. The legislation should also expressly define circumstances that justify secrecy.

b. Recommendation 7: The Minister Should Be Compelled To Table Reports Pertaining to Orders and Regulations. To better safeguard the public interest, privacy, and the freedom of expression, the legislation should further be amended such that the Minister of Industry is required to annually table a listing of:

the number of orders and regulations that have been issued

the kinds of orders or regulations that have been issued

the number of telecommunications providers that have received the orders

the number of telecommunications providers that have partially complied with the orders

the number of telecommunications providers that have completely complied with the orders

a narrative discussion of the necessity, proportionality, reasonableness, and utility of the order-making power

c. Recommendation 8: Non-Disclosure Orders Should Be Time Limited. Bill C-26 also proposes gag provisions with respect to Orders in Council or Ministerial Orders, which are not limited either temporally (i.e., how long is secrecy necessary?) or substantively (i.e., what circumstances justify secrecy?). As noted at paragraph 15, non-disclosure orders affect not only the recipient of the gag order, but, also, the public's right to information that informs democratic debate. The legislation should be amended to include time constraints surrounding non-disclosure orders.

d. Recommendation 8A: The Circumstances Purporting to Justify Confidentiality in a Non-Disclosure Order Should Be Defined In The Legislation.

e. Recommendation 9: The CRTC Should Indicate When Orders Override Parts of CRTC Decisions. The legislation should be amended to, at a minimum, require that the CRTC post a public notice attached to any of its decisions where there is a contradiction between its decision and an Order in Council or Ministerial Order or regulation that has prevailed over part of a CRTC decision.

f. Recommendation 10: An Annual Report Should Include the Number of Times Government Orders or Regulations Prevail Over CRTC Decisions. The legislation should be amended to require the government to annually disclose the number of times it has issued orders or regulations that prevailed in the case of an inconsistency between a given order or regulation and a CRTC decision, as well as denote which CRTC decision(s) were affected.

g. Recommendation 11: All Regulations Under the Telecommunications Act Should Be Accessible to The Standing Joint Committee for the Scrutiny of Regulations. The legislation should be amended such that the Standing Joint Committee for the Scrutiny of Regulations is able to obtain, assess, and render a public verdict on any regulations that are promulgated under the proposed draft reforms to the Telecommunications Act, as well as on regulations pertaining to the Telecommunications Act and that are modified pursuant to s. 18 of the Statutory Instruments Act.

III. Deficient Judicial Review Process

31. Bill C-26 contemplates that telecommunication providers may initiate judicial review proceedings in respect of orders or regulations issued under the proposed legislation. In pages 22-24 of his report, Dr. Parson identified problems that would arise if Bill C-26 is passed without amending section 15.9. As drafted, section 15.9 would permit a series of mandatory limits on open court principles, which would prevent judges from exercising judicial discretion in balancing the need for secrecy or confidentiality with the public's interest in disclosure. As noted at paragraph 15 in this submission, the Charter protects open court principles that apply in the context of judicial review, including Charter protections for the freedom of expression.

32. Cybersecurity Will Not Thrive in Darkness recommends (Recommendation 12) that Bill C-26 should explicitly enable appointment of amicus curiae or a special advocate during judicial review. The legislation should be amended such that, at the Court's pleasure, amicus curiae or a special advocate can be appointed to contest and respond to information provided by the government in support of an Order in Council, Ministerial Order, or regulation under s. 15.8 in when evidence is sufficiently sensitive to bar a telecommunications provider's counsel from hearing it.

33. We also recommend:

a. Recommendation 12A: Section 15.9 Should Be Amended To Ensure The Judge Retains Authority To Balance The Public Interest In Disclosure Against The Interest In Confidentiality: In general, mandatory limits on open courts (which prevent the judge from balancing the public interests at stake), are generally viewed as excessive infringements on section 2(b) rights. For example, even in analogous provisions of the Canada Evidence Act (permitting secrecy in judicial proceedings for matters injurious to international relations, national defence or national security or endanger the safety of any person), the judge retains the authority to determine that “the public interest in disclosure outweighs in importance the public interest in non-disclosure”. The same safety valve should be incorporated into section 15.9 of Bill C-26, in order to ensure that any limits to openness minimally impair freedom of expression.

b. Recommendation 12B: Where Summaries Are Provided Of Evidence And Information Received By The Court, Pursuant To Section 15.9(1)(C), These Summaries Must Also Be Available To The “Applicant and the Public”. As noted at paragraph 15, the open court principle protects the public’s and the media’s interest in the openness of court proceedings. Practically speaking, the public’s right of access to judicial summaries of this nature is typically accomplished by marking such summaries as an exhibit to the proceedings. The public’s right of access to exhibits is a corollary of the open court principle.

c. Recommendation 12C: The Triggering Threshold Justifying Limits On The Openness Of The Proceedings Should Not Be Higher Than That Which Is Already Contained Under Analogous Provisions Of The Canada Evidence Act. In that regard, we recommend mirroring the language from the Canada Evidence Act through the following amendment:

Section 15.9(1)(a) “…if, in the judge’s opinion, the disclosure of the evidence or other information would [changed from “could”] be injurious to international relations, national defence or national security or endanger the safety of any person”.

IV. Extensive Information Sharing Within and Beyond Canadian Agencies

34. Bill C-26 proposes to create broad information sharing powers within and beyond Canadian government agencies, without accompanying those powers with necessary limits, oversight, or accountability mechanisms. As noted at paragraph 24, the absence of reasonable procedural safeguards to review government powers that infringe upon privacy interests can render legislation invalid under section 8 of the Charter. To impose more appropriate guardrails on the proposed powers to share information within and beyond Canadian agencies, Recommendations 13-20 of Cybersecurity Will Not Thrive in Darkness are the following:

a. Recommendations 13 and 14: Relief Should Be Available If Government Mishandles Confidential, Personal, or De-Identified Information. The legislation should be amended to enable individuals and telecommunications providers to seek relief should the government or a party to whom the government has disclosed confidential, personal, or de-identified information loses control of that information, where that loss of control has material consequences for the individual, or for a telecommunication provider's business or technical operations.

b. Recommendation 15: Government Should Notify Telecommunications Providers How It Will Use Collected Information, and Which Domestic Agencies Information Will Receive The Information.

c. Recommendation 16: Information Obtained from Telecommunications Providers Should Only be Used by Government Agencies for Cybersecurity and Information Assurance Activities. Information should not be used for the purposes of signal intelligence and foreign intelligence activities, cross-department assistance unrelated to cyber-security, or active or defensive cyber operations. These restrictions should apply to all agencies.

d. Recommendations 17 and 18: Data Retention Periods Should Be Attached to Telecommunications Providers’ Data and to Foreign Disclosures of Information. The legislation should be amended to highlight that confidential information will be retained only for as long as necessary to make, amend, or revoke an order under section 15.1 or 15.2 or a regulation under paragraph 15.8(1)(a), or to verify the compliance or prevent non-compliance with such an order or regulation. Similarly, an amendment should also require that the government attach data retention and deletion clauses in agreements or memoranda of understanding that are entered into with foreign agencies. Retention periods should be communicated to the affected telecommunications providers.

e. Recommendation 19: Telecommunications Providers Should Be Explicitly Informed Which Foreign Parties Receive Their Information. Given that foreign parties can use information to launch investigations and bring non-penal charges against providers, the government should provide some notice when telecommunications providers’ information is being, or has been, shared for cybersecurity purposes.

f. Recommendation 20: Legislation Should Delimit the Conditions Wherein a Private Organization’s Information Can Be Disclosed. As drafted, section 15.7(1) appears to set an excessively low threshold for disclosing information, and could enable significant sharing of private, if not confidential, information, to address unspecified threats that are not set out in the legislation. Proposed textual amendments are found on page 30 of Cybersecurity Cannot Thrive in the Darkness (Appendix A to this brief).

V. Costs Associated with Security Compliance

35. As noted above, imposing substantial costs of compliance on telecommunications providers may have the potential to impact upon the accessibility of telecommunication services, the digital divide, and Charter-protected rights or interests. To address concerns surrounding the costs associated with security compliance, Cybersecurity Will Not Thrive in Darkness makes the following recommendations:

a. Recommendation 21: Compensation Should Be Included for Smaller Organizations. There should be a mechanism whereby smaller telecommunications providers (e.g., those with fewer than 250,000 or 500,000 subscribers or customers) that have historically been conscientious in their security arrangements can seek at least some temporary relief if they are required to undertake new, modify existing, or cease ongoing business or organizational practices as a result of a government demand or order or regulation. Such relief may be for only a portion of the costs incurred and, thus, constitute a “cost-minus” expense formula.

b. Recommendation 22: Proportionality and Equity Assessments Should Be Included in Orders or Regulations. The results of these assessments should be taken into consideration by the government prior to issuing an order or regulation, should be provided to telecommunications providers alongside associated orders or regulations, and should be included in any evidentiary packages that may be used should a telecommunications provider seek a judicial review of any given order or regulation.

c. Recommendation 23: Government Should Encourage Cybersecurity Training. The government should commit to enhancing scholarships, grants, or other incentives to encourage individuals in Canada to pursue professional cybersecurity training.

VI. Vague Drafting Language

36. The last set of recommendations pertain to ambiguities in Bill C-26. Notably, Bill C-26 does not specify the kinds of security threats that might be addressed by orders or regulations; fails to define key concepts like “interference”, “manipulation”, and “disruption”; provides the Minister with unnecessarily open-ended powers; and lacks clear guidelines as to how personally identifiable information that is obtained from telecommunications providers is to be treated. As a result, Cybersecurity Will Not Thrive in Darkness makes the following recommendations:

a. Recommendation 24: Clarity Should Exist Across Legislation. The government should clarify how the envisioned threats under the draft legislation (“including against the threat of interference, manipulation or disruption”) compare to the specific acts denoted in s. 27(2) of the CSE Act (“mischief, unauthorized use or disruption”), with the goal of explaining whether the reformed Telecommunications Act would expand, contract, or address the same classes of acts as considered in the CSE Act.

b. Recommendation 25: Explicit Definitions for “Interference,” “Manipulation,” and “Disruption” Should Be Included in the Legislation or Else Publicly Promulgated.

c. Recommendations 26 and 27: Ministerial Flexibility Should Be Delimited (i.e., remove open-ended language around powers such as “among other things”). In the event that a corresponding amendment is needed for Ministerial powers constrained to emergency circumstances, those powers should be subject to judicial review in Federal Court, including assessment for necessity, reasonableness, and proportionality. Decisions emergent from review should be published by the Federal Court.

d. Recommendation 28: The Legislation Should Make Clear That Personal Information and De-identified Information is Classified as Confidential Information. As noted above, the federal government's Charter statement appears to conclude that it is not the intent of Bill C-26 to authorize the collection and sharing of personal information. If that is the case, the legislation should expressly say so. Alternatively, personal and de-identified information should be treated as confidential.

e. Recommendation 28A: Individuals Should Be Explicitly Informed If Their Information Has Been Collected Or Shared. If the federal government does not expressly state that personal and de-identified information should not be included in collection and sharing powers, it should ensure that notice obligations are extended to individuals whose information is impacted by the collection and sharing powers under Bill C-26.

f. Recommendation 29: Prior Judicial Approval Should Be Required for the Government to Obtain Personal or De-identified Information from a Telecommunications Provider. The information is further to be used exclusively for the purposes of making, amending, or revoking an order under s. 15.1 or 15.2 or a regulation under paragraph 15.8(1)(a), or of verifying compliance or preventing noncompliance with such an order or regulation.

g. Recommendation 30: The Government Cannot Disclose Personal or De-identified Information to Foreign Organizations.

Part 4. Concluding Remarks

37. We urge this Committee to take seriously the recommendations that were identified in Cybersecurity Will Not Thrive In Darkness. We note that most of these recommendations have been either reiterated or expanded upon by the Joint Submission to this committee submitted by civil society organizations and individuals. In detailing these recommendations for this Committee's study, we also urge the Committee to consider the additional Charter interests that are engaged by Bill C-26, including equality, non-discrimination, freedom of expression, and privacy, as described in Part 2 of this Brief. We echo Dr. Parsons' view that “cybersecurity efforts through Bill C-26 should seek to build trust between the government and non-government entities, including the general public,” and that independent bodies (including the Privacy Commissioner of Canada, National Security and Intelligence Committee of Parliamentarians, or National Security and Intelligence Review Agency) should be integrated into the government's assessments of the necessity, proportionality, and reasonableness of Orders in Council, Ministerial Orders, or regulations.

38. Citizen Lab's recent report, Finding You (enclosed as Appendix C), documents continuing vulnerabilities at the heart of the world's mobile communications networks. The report's findings underscore that cybersecurity has not thrived in darkness. Historical and continuing deficiencies in oversight, transparency, and accountability of network security have led to serious geolocation-related threats associated with contemporary networks. The report notes that the “failure of effective regulation, accountability, and transparency has been a boon for network-based geolocation surveillance.”

39. While Canada needs to move forward in combating threats to its telecommunications and critical infrastructure, it should not do so at the expense of democratic norms and safeguards, public transparency and accountability, or respect for the Charter and human rights. Rather, a human security and human rights approach to cybersecurity requires the recognition of the importance of accessible and inclusive cybersecurity, public accountability, and public transparency when regulating telecommunications and cybersecurity.

The rest of it is just a bit of a biography of the individuals who were involved in putting that together.

I think I've given you a fairly comprehensive.... It's a lot for the committee to think about when we want to go back to clause 124, which deals specifically with Bill C-26.

I certainly recognize that there are some who didn't want to have this conversation, but I think this provision, with Bill C-26 being such a key part of this clause.... We need to consider whether or not we should support a clause that contains linkage to a bill that clearly has so many glaring errors. So many critical civil society organizations have come forward and said this is something we need to amend. We need to make changes, because there are significant concerns about the impact on privacy, data sharing and government reporting when they collect information from individuals or other entities. I believe we should give strong consideration to voting against this particular clause. The information I provided should formulate part of that discussion, but I know other members have some concerns they want to share with the committee.

Therefore, Mr. Chair, I will turn the floor over to the next speaker. However, while I still have the floor, I would indicate that I would like you to put me at the end of the speaker list, as well. I'd like to hear what my colleagues have to say, and then have the opportunity to follow up. Could you add me to the list and perhaps give us all a reminder, as I turn the floor over, what that list looks like, to make sure I have a place at the end of it?

Thank you, Mr. Chair.

I am just getting started, Mr. Chair.

I will read this document to the end. Then I will probably have some other briefs that are very important and give some great insight into Bill C-26, which is extremely relevant. I will speak until I believe my point has been made. Evidently, I still have some work to do to convince some members of the committee that we should be concerned about this bill and its link to Bill C-33.

I'll continue reading this document until it ends. At the end of every brief that I submit to the committee and read into the record, I kind of take stock then and determine whether I believe the point has been received or whether there is further relevant information.

I'm sorry, but I can't give a more specific answer. I know we're eight minutes away from Mr. Iacono's next break. I will continue reading this particular document, because I know many of my colleagues are interested in my picking that back up.

The next section of this brief talks about privacy impacts and section 8 of the charter.

20. Bill C-26 proposes several new information collection and sharing powers, and may include the collection or sharing of personal information. Many of these powers are insufficiently bounded or defined. The potential privacy risks posed by the powers are heightened by the absence of key accountability and oversight mechanisms. The breadth of the unsupervised information collection and sharing powers heightens the risk that the legislation, if passed as drafted, could unreasonably interfere with section 8 of the Charter in at least three [or] four ways.

21. First, the federal government's Charter statement posits that Bill C-26 does not interfere with section 8, in part, as a result of the fact that the “the information being gathered and shared in this context relates to the technical operations of TSPs, which are commercial entities”, as opposed to “personal biographical information that attracts a heightened privacy interest”. However, Bill C-26 does not explicitly draw this distinction between technical information or other forms of personal information when defining collection or information sharing powers in the bill.

22. Instead, Bill C-26 provides authority to compel a broad array of information-holders to disclose a broad array of information. While the Charter statement for Bill C-26 emphasizes the regulatory nature of the scheme in Bill C-26, unlike other statutory inspection powers that have been subject to Charter challenges historically, there is no reason to interpret the statutory powers in Bill C-26 as applying only to information in which there is a low expectation of privacy. Rather, section 15.4 would provide authority to compel “any person” to provide “any information” under “any conditions that the Minister may specify,” so long as the Minister believes it is relevant to its order making powers. The persons and entities subject to this provision in many circumstances play an integral role in the lives of people in Canada, and may well be information-holders in respect of highly sensitive or personal information.

23. Second, while some aspects of Bill C-26 are regulatory in nature, Bill C-26 also creates criminal offences punishable by imprisonment for non-compliance with specified orders or regulations. Statutory powers authorize collecting and sharing information for the purposes of “verifying compliance or preventing non-compliance” with those orders or regulations. The legislation therefore creates risks that information will be compelled or shared during investigations pertaining to the criminal offences created by Bill C-26, or other offences. Furthermore, the breadth of the order making powers under Bill C-26 mean that the collection of information for the purposes of making such orders may cause serious consequences that are separate and apart from any regulatory or criminal prosecution.

24. Third, section 8 also protects privacy by requiring adequate accountability and review mechanisms to accompany information collection powers, even in administrative or regulatory contexts. The Supreme Court states that “[w]hile less exacting review may be sufficient in a regulatory context, the availability and adequacy of review is nonetheless relevant to reasonableness under s. 8.” Canadian constitutional law has long recognized that without clearly defined safeguards (often including prior judicial oversight), legislation that authorizes intrusions on reasonably held expectations of privacy is inconsistent with s. 8 of the Charter. In some circumstances involving searches that are not subject to warrant requirements, the Court still expects that additional safeguards will be established to ensure the requisite level of transparency and accountability, and to help ensure that such powers are not abused. For example, requiring notice to the persons whose information is affected allows the affected individuals to identify and challenge invasions of their privacy, as well as seek a meaningful remedy. Appellate courts have recognized a range of accountability measures when assessing the reasonableness of search and seizure powers, such as: notice requirements (including after-the-fact notice); reporting obligations (to independent institutions or Parliament); the availability of clear mechanisms for review of the exercise of collection powers; clear rules limiting collection powers to what is necessary, reasonable, and proportionate; and record-keeping requirements.

25. Part 3 of this brief will identify several mechanisms that are necessary to improve accountability surrounding the proposed powers in Bill C-26. For example, the draft legislation proposes broad information sharing powers with no notice requirements. This would mean that individuals and organizations whose information has been collected would have no way of knowing of the fact that information has been shared, thus thwarting review and challenge. Individuals who have private information held by, and collected from, third-party organizations would also not be aware that their information has been collected in the first place, let alone shared with other government entities.

26. Fourth, the extensive confidentiality provisions in Bill C-26 may actually further undermine accountability mechanisms surrounding the bill's proposed information collection powers in ways that would be difficult to reasonably justify under s. 8. Section 15.4 of the proposed Telecommunications Act authorizes the Minister to require “any person” to provide “any information” under “any conditions that the Minister may specify.” These conditions would foreseeably include conditions to extend confidentiality obligations to the Minister's use of collection powers. The secrecy provisions in Bill C-26, and the authority to extend those secrecy obligations through further “conditions”, could effectively chill or silence individuals or entities from notifying other persons that their personal information has been collected, or from challenging the exercise of government power. Furthermore, excessive secrecy surrounding existing—

Thank you very much, Mr. Chair.

Of course, I believe it's quite fortunate that the rights of members to speak are being upheld in this case by the chair and by the clerks. I certainly understand, as has been said, that I'm no longer capturing Mr. Bachrach's attention or offering him something that he feels is compelling, but it's not really my job to keep him entertained. My job is to speak to the bill.

As you said, there is a direct link, whether or not the government now regrets putting it in there, because we're now talking about it. Maybe they hoped that this would be breezed past or that Bill C-26 would be considered irrelevant, even though it's the title of the clause we are debating and even though it specifically refers to what will happen if Bill C-26 receives royal assent.

To somehow believe that it's irrelevant to be talking about a bill that is specifically named and specifically referred to as having an impact on this piece of legislation is truly unfortunate. I appreciate the chair recognizing the relevance of the discussion, despite the fact that Mr. Bachrach and some others clearly might not enjoy the conversation. I don't operate for Mr. Bachrach's enjoyment, entertainment, captivation or any of the other things he's talked about. I will continue to read from the relevant information about the relevant—

Thank you, Mr. Chair.

I think this is important. Again, the title in Bill C-33 says “Coordinating Amendment”, and then the subtitle is “Bill C-26”. If Bill C-26, which was introduced in the first session of the 44th Parliament and is entitled “An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments other Acts”, receives royal assent, that is what I am talking about. The title does not say, “if clause 18 of that act receives royal assent”, but it talks about the bill, and clause 18 cannot be considered in isolation from the rest of the bill.

I'm sorry. Perhaps, Mr. Bachrach, when he gets the floor in a more extended way, can indicate why he thinks we should focus solely on a certain section. It's very clear in my reading of Bill C-33 that we are discussing whether or not we believe there should be coordinating amendments with a piece of legislation, Bill C-26, which, as the witness just said, is about cybersecurity. Clause 18 is about cybersecurity and it's about how we deal with threats to cybersecurity in the transportation space.

I've highlighted numerous briefings that referenced the transportation sector as being one of the key sectors that are impacted by Bill C-26. Certainly, I don't think we can consider one section of a bill. It's not a private member's bill that amends one section of a bill that we're considering here; this is the entire bill, as is said in the title, “Bill C-26”. If Bill C-26 receives royal assent, then these following issues happen.

I'm expressing, and putting on the record, some very serious concerns about Bill C-26. I remain hopeful as I continue to read these things from people who are very concerned about things like the implications on the rights of Canadians under the charter.

I know Mr. Bachrach is a fan of the charter. Certainly he would want to ensure, in any clause he voted on, that the concerns of individuals who spend their lifetimes defending charter rights are considered. He would want to have knowledge of the impact that this bill, which is referenced directly—the entire bill, not just one section, but the entire bill—could have on the charter rights of Canadians.

I will continue to talk about Bill C-26 in its entirety, because that is a piece of legislation that includes the relevant section that he's talking about. It's not a stand-alone clause that has been introduced by the government. This does not specifically indicate that if clause 18 remains unamended or if it's taken on its own, it could receive royal assent. It talks about Bill C-26 receiving royal assent.

I appreciate the latitude given to members of Parliament to raise their concerns and to share the concerns of Canadians when we're considering a piece of legislation as important as Bill C-33, which cross-references specifically, purposely, Bill C-26, which is also currently before the House.

I appreciate the spirit in which Mr. Bachrach's comments were made. However, I simply don't believe that you can consider clause 18 in isolation when considering Bill C-26. We would do Bill C-26 and what it means to Canadians a disservice if we simply talked about clause 18. I will get to that part when we break down the detailed analysis of the clause, but this is the information that I believe is relevant when considering whether or not we can support clause 124.

I will continue, because I know that it would be extremely out of order to rule that we weren't allowed to talk about a bill in our deliberations here that is specifically referenced by title in the first part of this clause,.

I will hopefully not omit any of the information that I had here. If so, I apologize to Citizen Lab for not getting all of their words in there.

I'll start back again at the text under Freedom of Expression and Section 2(b) of the Charter”, which states that:

14. The current draft of Bill C-26's excessive secrecy and confidentiality provisions jeopardizes the right to freedom of expression under section 2(b) of the Charter. The government's Charter statement focuses on the speech of the commercial entities who will be directly regulated under Bill C-26. The Charter statement posits that because restrictions on commercial speech do not tend to implicate the core values of section 2(b), restrictions can be more easily justified. However, this analysis fails to account for how individuals' Charter rights may be impeded under the current drafting of the legislation. The excessive secrecy and confidentiality provisions in the bill also restrict the public's and media's expressive freedom in Canada.

15. The principles of open courts and open government are derivative components of section 2(b) of the Charter (the freedom of expression). The open court principle requires that court proceedings, including judicial reviews in federal court, presumptively be open and accessible to the public and to the media. Access to information about government actions can also arise as a derivative right to section 2(b), if a denial of access to government information effectively precludes meaningful public discussion on a matter of public interest. Where restrictions on access substantially impede meaningful discussion and criticism about matters of public interest, the government must reasonably justify its infringement of the freedom of expression.

16. Telecommunications and cybersecurity law and policy is undoubtedly a matter of public interest. There is a close nexus between human rights and public policy concerning the regulation of telecommunication services. Canada's telecommunications policy is intimately linked with the “social and economic fabric” of Canada and its regions. Equitable access to telecommunication services is sometimes described as a mechanism for “digital self-determination”, which speaks to the need to protect the potential for human flourishing in the digital era.

17. The recent Citizen Lab report, “Finding You”, highlights several ways in which excessive secrecy surrounding telecommunications oversight has itself endangered the public. The authors note historical deficiencies in oversight and accountability of network security, which have led to geolocation-related threats associated with contemporary networks. Excessive secrecy has contributed to the persistence of the “low-hanging geolocation threat” identified in “Finding You”:

Decades of poor accountability and transparency have contributed to the current environment where extensive geolocation surveillance attacks are not reported. This status quo has effectively created a thriving geolocation surveillance market while also ensuring that some telecommunications providers have benefitted from turning a blind eye to the availability of their network interconnections to the surveillance industry.

18. The geolocation surveillance threats discussed in “Finding You” disproportionately jeopardize human rights defenders and other individuals who face heightened risks of targeted security threats (e.g. corporate executives, military personnel, politicians and their staff, senior bureaucrats, etc). Industry has historically charged large amounts of money to receive information about well-known industry threats, with the effect of impeding non-industry groups such as security researchers and civil society from obtaining and disseminating information about the nature of the threats faced by at-risk individuals, or from advocating for the remedies that would benefit the security and privacy of civil society. The authors note that, in many instances, individuals cannot determine whether their own telecommunication provider has “deployed and configured security firewalls to ensure that signalling messages associated with geolocation attacks, identity attacks or other malicious activity are not directed towards their phones.”

19. Citizen Lab's research highlights the substantial public interest—

Mr. Chair, on my point of order, I would be happy to discuss and debate that aspect of clause 124, but it feels like the debate we're currently having does not relate to clause 18. Clause 18 is the only section of Bill C-26 that is referenced in clause 124.

I want to bring it back to the core. This is a very important clause and obviously worthy of detailed debate. I'm hoping you can encourage Mr. Strahl to come back to this very important clause, clause 18, which deals with administrative monetary penalties.

I know. Bear with me.

It seems like he's reading references to the act that don't pertain to clause 18.

Man, it's hard for me to maintain my train of thought here.

I'm quite fixated on clause18 of Bill C-26. I wonder if the witnesses could help us understand what is in clause 18 so that the chair may determine whether what Mr. Strahl is contributing is relevant to that clause, seeing that Bill C-26 is referenced in clause 124 in Bill C-33.

No, but on a serious note, it refers to clause 18 of Bill C-26. I don't think it's in order to refer to the entirety of Bill C-26, but rather only to the portion that is referenced in the clause we're currently debating, which is clause 124. I'm wondering if the clerk or one of the legislative personnel or our witnesses could help me determine—

I know. Is he off camera at least? I won't go further down that line of thought—but I digress, Mr. Chair.

Clause 124 just references clause 18 of Bill C-26. I was looking for Clause 18 on my phone, but I'm struggling to make a connection between....

I'm worried you're not going to be able to rule on my point of order, Mr. Chair, if you're not listening. I demand your attention.

To this committee and to all Canadians, Mr. Chair, we're grateful for that service. I'm just going to make sure I don't miss any of this important article here.

Following the process of the proposed legislation...and its passing, Federal Government departments will communicate with the companies impacted in the focused sectors with details on how breaches are to be reported and the required timeline for reporting. Furthermore, the companies must “keep records of how they implement their cybersecurity program, every cyber [security] incident they have to report, any step taken to mitigate any supply-chain or third-party risks and any measures taken to implement a government-ordered action.”

Let’s be very clear, although only the four key sectors—Telecommunications, Finance, Energy, and Transportation—are considered in scope by Bill C-26, sectors such as agriculture and manufacturing are likely to be included later, as is the case in the EU. The Federal Government of Canada hopes this legislation will serve as a model for provinces and territories to implement similar legislation that regulates cybersecurity requirements for entities under their purview, including hospitals, police departments, and local governments.

To help companies comply with the requirements of Bill C-26—

They're now talking about their services, and I don't need to give them that free plug, Mr. Chair. I think we have an idea of what they think the merits of Bill C-26 are, as well as some concerns about it. You will note that the transportation sector obviously is mentioned as a key part of Bill C-26, which is likely why there is a reference in Bill C-33 in clause 124 to that piece of legislation. Again, we need to fully understand whether or not Bill C-33 should be coordinating amendments with a piece of legislation on which so many concerns have been raised.

I want to raise some other concerns. Obviously any time you're dealing with cybersecurity and so on, a charter analysis is going to be done. I referred to an article by the Citizen Lab in the Munk School of Global Affairs & Public Policy at the University of Toronto, but I also want to get into the details of a submission that was made to the Standing Committee on Public Safety and National Security concerning a charter analysis of cybersecurity and telecommunications reform in Bill C-26. This again was referenced in the previous article. This is the base documentation that gave rise to that article. I want to make sure we're not just hearing an interpretation of a report but also considering it directly.

This report goes on to say that:

On June 14, 2022, Bill C-26, an Act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other Acts, was introduced in Parliament for the first reading by Canada's [now former] Minister of Public Safety, Marco Mendicino. Hearings on Bill C-26 are scheduled to begin in SECU on December 4, 2023.

That was very recently, Mr. Chair.

Kate Robinson, a Senior Research Associate and Lina Li made a written submission to the Standing Committee on Public Safety and National Security...regarding Bill C-26.

With an emphasis on privacy in particular, this submission tackles the issues Bill C-26 brings up regarding civil liberties and human rights. The fundamental tenets of accountable governance, due process, and our right to privacy are all at risk of being compromised by Bill C-26 in its current form. In order to better protect people’s right to privacy, this submission offers recommendations for how Bill C-26 can be implemented in terms of how the government and telecom companies define, manage, and safeguard people's personal information. The submission suggests that safeguards for the new government powers that the Bill establishes be included in order to address general shortcomings, such as issues with secrecy and transparency.

There is evidence that signaling protocols used by telecom companies for facilitating roaming services also enable networks to obtain incredibly detailed user data. Such extent of access with the telecom service providers poses an unprecedented risk to the privacy of individuals. Owing to the extent of data available with the telecommunications providers, the telecom sector has become a primal target for surveillance actors. In an attempt to address the concerns in the telecom ecosystem, this submission to the Standing Committee on Public Safety and National Security provides a critical response to the federal government’s Charter statement on Bill C-26.

The Citizen Lab welcomes the opportunity to submit to the Standing Committee on Public Safety and National Security. Our submission highlights how Bill C-26 will impact equality rights and freedom of expression while providing recommendations to address a series of thematic deficiencies identified in Bill C-26. To ensure that its actions adhere to Canada’s democratic values as well as the standards of accountability and transparency, the government must make changes to its legislation.

Below is the Citizen Lab’s full submission to SECU regarding Bill C-26.

The next part is called “Part 1. Introduction and Summary”.

1. Citizen Lab researchers routinely produce reports concerning technical analyses of information and communications technologies (ICTs), the human rights and policy implications surrounding government surveillance that occurs using ICTs, as well as the cybersecurity threats and digital espionage targeting civil society. Citizen Lab research has also examined the openness and transparency of government and organizations, including telecommunications providers, with respect to the collection, use, or disclosure of personal information and other activities that can infringe upon human rights.

2. This month, the Citizen Lab published “Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure”, authored by Gary Miller and Christopher Parsons. The report provides a high-level overview of geolocation-related threats sourced from 3G, 4G, and 5G network operators. Evidence of the proliferation of these threats shows how the signalling protocols used by telecommunications providers to facilitate roaming also allow networks to retrieve extraordinarily detailed information about users. These protocols are being constantly targeted and exploited by surveillance actors, “with the effect of exposing our phones to numerous methods of location disclosure.” Risks and secrecy surrounding mobile geolocation surveillance are heightened by layers of commercial agreements and sub-agreements between network operators, network intermediaries, and third-party service providers. Ultimately, vulnerabilities in the signalling protocols have “enabled the development of commercial surveillance products that provide their operators with anonymity, multiple access points and attack vectors, a ubiquitous and globally-accessible network with an unlimited list of targets, and virtually no financial or legal risks.”

3. “Finding You” highlights the importance of developing a cybersecurity strategy that mandates the adoption of network-wide security standards, including a requirement that network operators adopt the full array of security features that are available in 5G standards and equipment. The report’s findings also underscore the importance of public transparency and accountability in the regulation of telecommunications providers. As the authors note, “[d]ecades of poor accountability and transparency have contributed to the current environment where extensive geolocation surveillance attacks are not reported.”

4. In short, it is long overdue for regulators to step in at national and international levels to secure our network services. However, Canada's approach to the regulation of telecommunications and cybersecurity also needs to be transparent, accountable, and compliant with applicable human rights standards. One year ago, Citizen Lab published “Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act”.... The report was authored by Dr. Christopher Parsons. Dr. Parsons critically examined the proposed draft legislation under Bill C-26, including identified deficiencies. In doing so, Dr. Parsons provided necessary historical and international context surrounding the federal government's proposed telecommunications sector reform. Canada is not the first of its allies to introduce new government powers as a result of heightened concern and awareness surrounding real and pressing risks to critical infrastructure. However, Dr. Parsons identified that although the draft legislation may advance important goals, its current iteration contained thematic deficiencies that risked undermining its effectiveness. This report is set out in Appendix B, and is the focus of this brief.

The main submissions in this brief are set out in two parts:

a. Part 2: Bill C-26 and the Canadian Charter of Rights and Freedoms (“Charter”):

You will be very concerned about that.

Part 2 of this Brief discusses the nexus between Bill C-26 and the Charter. It—

Thank you, Mr. Chair.

Continuing from the Canadian Civil Liberties Association's submission on Bill C-26—which, just to remind colleagues, is referred to in clause 124—we are deciding whether or not we believe that there should be a coordinating amendment with Bill C-26 in Bill C-33.

I am building the case for why I have concerns with that, and I'll just continue reading. Perhaps I'll go back just to make sure that information wasn't missed. It says:

Further, personal data can be anonymized or de-identified, but de-identified information requires additional protections. Anonymization involves permanently deleting identifying data, while de-identification involves stripping away and separating different bits of identifying information from one another or protecting identifying information through encryption or key (but not permanently deleting it). Anonymizing data is irreversible, while de-identified data can be re-identified. De-identified data requires greater protection than anonymized data, so Bill C-26 should ensure de-identified information is explicitly acknowledged as confidential.

As it stands, Bill C-26's proposed amendments to the Telecommunications Act do not designate personal and de-identified information as confidential under section 15.5(1). Nor for that matter does the Critical Cyber Systems Protection Act (CCPSA), which under section 6(1) does not flag personal or de-identified information as confidential. In order to protect this information, both Acts contained within C-26 need adjustment to better align with our privacy rights, freedoms, and democratic values.

“Handling Personal Information” is a new section.

Bill C-26 gives the Minister overbroad powers for handling personal information. Telecommunication companies, and companies likely to be designated under the CCSPA, collect, process, and store vast amounts of personal data and metadata, including call logs, messages, financial data, and location data. But as worded, Bill C-26 allows the Minister to share this type of personal information with anyone they designate...or who is prescribed by regulations..... It is one thing for government to ask designated operators for information about themselves and how they are complying with orders, but there needs to be a significantly higher standard when ordering companies to hand over information about their customers. This is especially important for telecommunication companies, given the high volume of personal information they hold about the public, and how telecommunications data can be used to identify individuals, track their movements, and monitor their communications. Bill C-26 should better protect the privacy of personal information and communications by creating a more effective stopgap between this information and the Minister’s ability to disclose it. The legislation should be amended so that the government must first obtain a relevant judicial order from the federal court before it can compel a telecommunications provider to disclose personal or de-identified information.

Further, Parliament should strengthen the Bill’s privacy protections when it comes to telecommunication providers and designated operators sharing information with foreign parties. In the proposed new section 15.7(1) of the Telecommunications Act:

“Any information collected or obtained under this Act, other than information designated as confidential under subsection 15.5(1), may be disclosed by the Minister under an agreement, a memorandum of understanding or an arrangement in writing between the Government of Canada and the government of a province or of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, if the Minister believes that the information may be relevant to securing the Canadian telecommunications system or the telecommunications system of a foreign state, including against the threat of interference, manipulation or disruption.”

The provision's breadth and vagueness would allow not only for tremendous ministerial overreach, but it could also lead to privacy risks that cross provincial and national borders, resulting as well in potential risks to life and security for affected individuals and groups. CCLA strongly urges the amendment of the Bill to preclude the Minister from sharing personal or de-identified personal information to foreign governments or organizations, and that the Minister should inform telecommunications providers and designated operators when—and to whom—information may be disclosed when the receiving party is a foreign state, agency, organization, or party.

Finally, Bill C-26 lacks strong provisions around data retention periods. Data should only ever be kept for as long as they are useful, and storing data indefinitely can increase the risks and harms of potential data breaches. Data retention periods are crucial for ensuring that any information obtained under either the Telecommunications Act or the CCSPA would be held only for so long as is necessary to make a legislative order, or to confirm compliance with such an order. CCLA recommends that the legislation be amended to make this data retention period as limited in duration as possible, and that the legislation include—to the extent that the legislation permits any data sharing—a requirement to attach data retention and deletion clauses in agreements or memoranda of understanding that are entered into with foreign governments or agencies.

The next section is “Ensuring Accountability for Mishandled Information”:

Bill C-26 lacks key accountability measures for privacy issues. Accountability is a core principle of effective government and should similarly be a core principle of Bill C-26.

A key accountability concern pertaining to privacy is that Bill C-26 does not allow individuals to seek relief if the government mishandles personal or de-identified information. Allowing for this recourse is an important step toward accountability for privacy violations. CCLA recommends that Bill C-26 be amended to enable individuals to seek relief if the government or a party to whom the government has disclosed their personal or de-identified information negligently loses control of that information and where that loss of control impacts the individual.

Their conclusion states:

In its current form, Bill C-26 undermines personal privacy and violates due process. Privacy and due process are not only essential to cybersecurity and the protection of our critical infrastructure but are also part of the very fabric of our democracy. The Bill gives government the power to collect broad categories of information about people, without adequate protections for information that should be deemed confidential. The Bill also threatens personal privacy and creates other serious risks and dangers to people by allowing government to distribute this sensitive information to domestic and foreign organizations without proper checks and balances. And the Bill contains inadequate mechanisms for people to seek appropriate redress in cases where their private information has been mishandled and abused.

In this submission, CCLA has recommended remedies to address these concerns while still enabling the legislation to fulfill its stated goals: bolstering cybersecurity across the financial, telecommunications, energy, and transportation sectors, and helping organizations better prepare, prevent, and respond to cyber incidents. We urge the Committee Members to adopt these proposals for strengthening Bill C-26.

The Canadian Civil Liberties Association has very grave concerns and has proposed some significant changes to Bill C-26.

Once again, for the purposes of clause 124, the first words are that if Bill C-26 receives royal assent, then on that day.... We go into whether or not there should be changes to Bill C-33. I think it's very important that we discuss whether or not we believe this clause should be passed, given the incredible concerns there are with Bill C-26.

IT World Canada is another one. If Mr. Iacono wants to go to that website, it's itworldcanada.com. I'll be reading a bit from that.

They have an article here, under their Industry Voices section, entitled “The Bill-C-26 Regulation and Its Implications for The Critical Infrastructures’ Cybersecurity in Canada”. It's by Frank Lawrence and Eric Jensen of Fortinet.

The article states:

As the last G7 nation and one of the few G20 nations without a firm regulatory framework around cybersecurity, Canada must act to protect the Nation’s critical infrastructure assets.

In 2016 member states of the European Commission (EU) passed what was called the most comprehensive cybersecurity bill in the history of the EU; the bill was called the NIS Directive. The EU cybersecurity rules introduced in 2016 were updated by the NIS2 Directive, ratified in 2023. NIS2 continues modernizing the legal framework to keep up with increased digitization and an evolving cybersecurity threat landscape. Expanding the scope of the cybersecurity rules to new sectors and entities further improves the resilience and incident response capacities of public and private entities, competent authorities, and the EU as a whole. Most G7 member states are under the umbrella of the EU; the US, UK, and Japan have separately implemented cybersecurity regulations to differing degrees.

Canadian businesses continue to be impacted by malicious cyber activity, ranging from cyberattacks to ransomware. Many attacks, including those on critical infrastructure that account for nearly half, go unreported. Concerningly, the Canadian Centre for Cyber Security (CCCS) has identified attacks against OT networks as “the most pressing [threat] to the physical safety of Canadians” in their biennially published National Cyber Threat Assessments.

In this context, the Ministry of Public Safety acted to introduce new legislation, Bill C-26 An Act Respecting Cybersecurity. Bill C-26 passed its first step in Parliament in November of 2022 and went through its second reading on March 27th, 2023. [The bill]...sits in committee and is believed to go into legislation and law in the calendar year of 2023.

I'd say the article was a little optimistic there.

The primary focus of Bill C-26 is to add teeth to the governance and compliance of cybersecurity, especially in the much-needed Operational Technology (OT) area where critical infrastructure lies. Although the Bill has not yet received royal assent...between the absence of similar legislation in Canada and the trend towards increased cybersecurity regulation amongst our international peers, Canadian businesses would be wise to prepare.

Canada has yet to pass laws that govern cybersecurity, let alone require reporting vulnerabilities and critical infrastructure breaches; Bill C-26 would empower the regulators to impose fines or issue summary convictions to ensure governance and compliance.

Bill C-26, in its current form, includes four critical infrastructure sectors—Telecommunications, Finance, Energy, and Transportation. The requirement for organizations in these sectors is threefold:

1. Implement, maintain, and report on a cybersecurity program to address risk across the organization, third-party services, and supply chains.

2. Report any cyber incidents involving critical systems to the appropriate regulator and the Canadian Center for Cyber Security.

3. Use, or discontinue any specified product, service, or supplier.

The intended outcome of these requirements is to improve the standard of cybersecurity amongst critical operators and deepen the level of visibility the federal government has into the security operations of these organizations. It is known today that certain companies that are considered high-risk and vital to national security would become the federal government's focus.

Following the process of the proposed legislation (Bill C-26) and its passing, Federal Government departments will communicate with the companies impacted in the focused sectors with details on how breaches are to be reported and the required timeline for reporting. Furthermore, the companies must “keep records of how they implement their cybersecurity program, every cyber incident they have to report, any step taken—

Thank you.

As I was saying, the Canadian Civil Liberties Association has raised significant concerns with regard to Bill C-26, which, again, is as referenced in clause 124. I'll just read their submission here so that we can consider it in our deliberations on whether or not we believe that we want to approve this coordinating amendment clause in the legislation. They state:

The Canadian Civil Liberties Association...is an independent, national nongovernmental organization that was founded in 1964 with a mandate to defend and foster civil liberties, human rights, and democratic freedoms of all people across Canada. Our work encompasses advocacy, research, and litigation related to the criminal justice system, equality rights, privacy rights, and fundamental constitutional freedoms. Working to achieve government transparency and accountability with strong protections for personal privacy lies at the core of our mandate.

In this submission, CCLA speaks to Bill C-26, the Government of Canada's telecommunications and cybersecurity legislation. This submission addresses the concerns Bill C-26 raises for human rights and civil liberties, with a particular focus on privacy. Cybersecurity is an essential part of national security, and the digital ecosystem in which we increasingly live our lives needs to be safe, reliable, and secure from threats. Cybersecurity is also crucial for our democratic institutions, the economy, critical infrastructure, national defence, and the privacy of our online life. It is important that Canada take steps toward protecting the digital foundations on which modern life is built. However, in its current form, Bill C-26 risks undermining our privacy rights, due process and the principles of accountable governance—all of which are part of the very fabric of our democracy. [Bill] C-26 must not pass without substantial revisions to protect fundamental rights and due process.

This submission makes recommendations for how Bill C-26 can improve the way government and telecommunication companies define, handle, and protect individuals' personal information and thus protect individuals' right to privacy. Privacy is, after all, an essential component of individuals' personal sense of security, both off- and online, and stands to be positioned more centrally in [Bill] C-26. CCLA believes that our recommendations enable the legislation to better fulfill its stated objectives: bolster cybersecurity across the financial, telecommunications, energy, and transportation sectors, and help organizations better prepare, prevent, and respond to cyber incidents.

The amendments outlined in this submission echo the Joint Letter of Concern that CCLA sent with civil society partners in September 2022. In addition, our recommendations are consistent with those contained within the “Fixing Bill C-26 Recommended Remedies Package”, of which CCLA is a signatory, as well as with the recommendations in Christopher Parsons' report, “Cybersecurity Will Not Thrive In Darkness”.

It's the second time that's been referenced. I think we'll be bringing that up again shortly.

The next section is “Defining Personal Information”.

As it stands, Bill C-26 undermines privacy by empowering the government to collect broad categories of information from designated operators, at any time, subject to any conditions, or even no conditions at all. This may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.

Given the sensitivity of the information people in Canada provide to designated operators, this provision poses an extraordinary risk to individuals’ privacy. Measures must be established to constrain the government’s collection, use, and distribution of individuals’ sensitive information.

In general, the privacy of personal information is one of the keys to strong cybersecurity protections. Building privacy into cybersecurity legislation will go a long way toward ensuring the cybersecurity protections proposed in Bill C-26 are successful. Some degree of monitoring is required to protect telecommunications infrastructure from attack, but this should not come at the expense of personal privacy. There is no excuse for governments to surveil and analyze online activity without clear safeguards for personal privacy and individuals' fundamental rights.

One way to reasonably restrict the government's capacity to collect information is to refine how Bill C-26 conceives of information worth protecting. This would involve codifying personal and de-identified information as confidential. Personal information is any information that can be used to identify an individual through association or inference. Many kinds of information qualify as personal in their capacity to identify an individual; these, according to the European Union's (EU) General Data Protection Regulation (GDPR), include names, ID numbers, location data, online identifiers, or “factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity” of a person.

Further, personal data can be anonymized or de-identified, but de-identified information requires additional protections. Anonymization involves permanently deleting identifying data—

It's okay. I'll get this quote read eventually.

It reads:

Today's report should set alarm bells ringing on Parliament Hill. As written, Bill C-26 gives the government and its spy agencies a blank cheque to intrude on our private lives and endanger our fundamental Charter rights. Frankly, as currently drafted it is little more than a spy agency wish list. MPs need to fix this risky and deeply-flawed legislation so that it delivers the cybersecurity we need, while protecting the freedoms we hold dear. Canadians deserve nothing less.

That's from Matthew Hatfield, executive director, OpenMedia.

One of the groups he referred to in that article is the Canadian Civil Liberties Association. They have also provided some detailed information on their concerns with Bill C-26, “an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts”.

They made a submission that I'd like to share with the committee as well, because when we're talking about civil liberties and how this bill will be coordinated into Bill C-33, I think it's important that we consider whether or not we believe that we should—

Yes. You're referencing Bill C-26, which is on page 79 of the piece of legislation we are currently looking at.

I'm just sharing that with Mr. Iacono, so he can follow along.

Mr. Strahl has just said that he was reading something. If that is the case, then he simply needs to provide us with what he is reading.

Mr. Chair, he made a comment about my colleague Mr. Barsalou‑Duval and myself that I find a bit out of line. Both of us have raised points of order to say essentially the same thing, but the member is starting over again.

He says he is reading something. Could we have a copy of what he is reading, so we are in a better position and are better able to follow what he is saying? He has said that Bill C‑26 is referred to in Bill C‑33. If that is the case, why not simply provide us with the document he is referring to?

Mr. Chair, I would strongly object to anyone suggesting that they get to choose for another member what they bring to the table in terms of background information that should inform us on how we address a specific clause. The first three words.... If my copy of the bill is correct, the title of clause 124 is “Bill C-26”. There's the link for you.

Clause 124 says, “If Bill C-26”, and it continues on. I am talking about a bill that is specifically referenced in Bill C-33, and this is a coordinating amendment. I will raise my concerns with Bill C-26 and the idea that if we pass this clause, we are endorsing Bill C-26 with all of its problems.

Quite frankly, it's not my job to convince other members of Parliament that they, too, should be concerned about that if they're not listening to what I have to say, but I will continue to address the concerns related to this bill, which is specifically referenced in clause 124.

I will just go back to this particular thing that I was reading from. I will start the quote again:

“Today's report should set alarm bells ringing on Parliament Hill—

In fact, I had the chance earlier to raise the fact that my colleague was not talking about Bill C‑33, he was talking about Bill C‑26. He told us that he intended to get around to explaining the connection between the two, but I see that he is still telling us about Bill C‑26, not Bill C‑33 or the clause we are now considering.

I don't know whether you have the authority to intervene, Mr. Chair, for him to get around to making a connection with the bill now being considered.

Thank you, Mr. Chair.

Of course, if we wanted to.... Perhaps during one of the adjournments this evening I can share some information, including Bill C-26, which is clearly referenced here. This is a coordinating amendment, so we need to be having a discussion about what we're coordinating with and the concerns that have been raised.

I'll just continue on here:

The groups and expert individuals campaigning to fix Bill C-26 are: the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Ligue des Droits et Libertés, the National Council of Canadian Muslims, OpenMedia, the Privacy and Access Council of Canada, Professor Andrew Clement, and Dr Brenda McPhail.

It ends with a quote here. It says:

“Today's report should set alarm bells ringing on Parliament Hill. As written, Bill C-26 gives the government and its spy agencies a blank cheque to intrude on our private lives and endanger our—

Thank you very much, Mr. Chair.

I'll go back, just to make sure that people listening can follow along with the train of thought in the article here:

These recommendations reflect the findings of a previous Citizen Lab report, entitled Cybersecurity Will Not Thrive in Darkness, by Dr. Christopher Parsons which was published last October. The legislation has been subject to fierce criticism for its impact on civil liberties since it was first introduced by former Public Safety Minister Marco Mendicino in June 2022.

The groups and expert individuals campaigning to fix Bill C-26 are: the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Ligue des Droits et Libertés—

Mr. Chair, can you explain this for me, but I am wondering whether Mr. Strahl's speech and comments really relate to the content of Bill C‑33.

In my opinion, everything he has referred to since he started speaking concerns Bill C‑26. If I am not mistaken, that bill is at a later stage. It may even have been enacted.

I would therefore like some reassurance and I would like to know whether the member's comments are in order, according to your interpretation.

I'm just going to continue with the article that expressed some concerns about Bill C-26. It says:

Civil society organizations campaigning to fix Bill C-26 have welcomed Citizen Lab's findings, stating that they reinforce long-standing concerns, and that significant amendments are required to uphold civil liberties and strengthen public confidence in the resulting cybersecurity framework. These organizations recently submitted detailed recommendations to make sure the legislation “delivers strong cybersecurity for everyone in Canada, while ensuring accountability and upholding our rights.”

These recommendations reflect the findings of a previous Citizen Lab report, entitled Cybersecurity Will Not—

Thank you, Mr. Chair.

As we were talking about Bill C-26, which is referenced here, I want to quote from a source called OpenMedia.org, which, on November 28, 2023, had an article called “New report by Citizen Lab finds serious Charter concerns with proposed federal cybersecurity legislation, Bill C-26”. I'm going to read it here. It says:

Civil liberties groups welcome call to make Bill C-26’s impact on equality, freedom of expression, and privacy a central consideration of Parliamentary committee study

It goes on to say:

The federal government’s draft cybersecurity legislation, Bill C-26, contains serious deficiencies and risks impacting the Charter rights of people in Canada to equality, freedom of expression, and privacy.

That’s according to a new report by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto, which highlights that Bill C-26’s Charter implications “should be a central consideration for this Committee, and throughout the Parliamentary process ahead.”

The report has been submitted to the House of Commons Public Safety and National Security Committee which is expected to commence its scrutiny of Bill C-26 shortly.

Again, this is from a few weeks ago.

Among the significant Charter concerns identified by the Citizen Lab report’s authors, Kate Robertson and Lina Li, are:

Equality: The absence of key transparency, accountability, and proportionality requirements in Bill C-26 raises equality risks surrounding its implementation. Bill C-26’s lack of safeguards increases the risk that equality-undermining measures will not be adequately prevented or addressed. For example, adverse impacts could undermine efforts to redress disparities in Internet access between rural and Indigenous communities and the rest of Canada; result in mandated rules that impede access to assistive technologies for persons living with disabilities; or expose certain groups, including journalists, lawyers, and dissidents to a heightened threat of hacking and espionage.

There are also concerns with freedom of expression:

Freedom of Expression: Bill C-26’s excessive secrecy jeopardizes the freedom of expression rights of the public, the media, and commercial entities. Courts and government should be open and accessible or risk impeding meaningful discussion on matters of public interest. Such discussion is especially important in the cybersecurity sphere, and greater transparency in Bill C-26 is required to ensure this.

Privacy: Bill C-26’s new information collection and sharing powers are insufficiently bounded or defined, posing a potential privacy risk exacerbated by the absence of key accountability and oversight mechanisms. The bill permits the government to collect the personal information of Canadians, creates criminal offences which incentivise over-sharing, and its extensive secrecy undermines the ability of courts or oversight bodies to assess whether such information collection is proportionate and necessary.

Civil society—

That bill is clearly still before the industry committee, I would assume. With cybersecurity, perhaps it could be with public safety.

I know that we had some serious concerns with that piece of legislation. I think we want to ensure that the rights of Canadians are always protected. When we're considering Bill C-26, which deals with cybersecurity, we know that this is an evolving field and there's an evolving threat level that comes with that. We know that the government, quite frankly, has failed to protect the rights of Canadians when it comes to their security—both personal security and in our communities. When it comes to the online environment, they've been lax. They've turned a blind eye, quite frankly, to threats to cybersecurity. I think we've seen that again and again.

We saw it when this government refused to ban Huawei from the 5G network for years in spite of overwhelming evidence that the communist regime in Beijing was using that technology in the Huawei network as a way to gain access to personal information. That was a security vulnerability.

We saw that our Five Eyes partners in the security establishment—our international partnerships with Australia, New Zealand and the United States—all took action to protect their citizens and their networks from cybersecurity threats. That's something this government did not do. It took them years and they fought it and fought it before they took the decision—much too late—to exclude Huawei from our cybersecurity networks. That resulted, quite frankly, in embarrassing situations where Canada was excluded from high-level meetings of the Five Eyes.

We saw it very recently, when Australia had its deal with the United States to purchase submarines, for instance. There was an exclusion of Canada because Canada's networks were not deemed to be secure enough to allow us to participate in those very important, high-level meetings. These are examples where the government has failed to take cybersecurity seriously.

As I said, we have grave concerns with Bill C-26. It's troubling to see that this bill would cede power to another piece of legislation or have this coordinating amendment, so there would be two pieces of legislation that we believe are flawed coordinating with one another. I think this is the sort of thing where we should be considering what is in Bill C-26 as we discuss this. We can't simply agree holus-bolus to something in another act if we haven't considered that fully, here at this committee.

I think that this particular clause is one where, perhaps as the evening goes on, we will find a way to bring about an amendment or to look at ways we can make sure that the concerns we had with Bill C-26 are addressed.

The summary of Bill C-26 states:

Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. It also establishes an administrative monetary penalty scheme to promote compliance with orders and regulations made by the Governor in Council and the Minister of Industry to secure the Canadian telecommunications system as well as rules for judicial review of those orders and regulations.

It continues:

Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things,

(a) authorizes the Governor in Council to designate any service or system as a vital service or vital system;

(b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system;

(c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions;

(d) provides for the exchange of information between relevant parties; and

(e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance.

Cybersecurity, as I've said, is a growing concern for Canadians. It remains a national security concern. It remains an economic security concern. We know we lose when things like patents, trademarked information and secrets are lost because of a failure to ensure we have adequate cybersecurity in place. We know the government doesn't have a legal mechanism to compel industry action to address cyber-threats or vulnerabilities in the telecommunications sector.

Bill C-26 is another example of the Minister of Industry being given sweeping powers, as we heard with Bill C-33, where the minister is given sweeping powers to enact orders that, in his opinion, are necessary to protect port infrastructure, port operations, etc. We just dealt with that in a previous clause. I think this is another example where we need to ensure that the powers given in Bill C-26 are proportional—that there are checks and balances, and that the rights of Canadians are always protected when the minister is exercising the rights and powers given to him or her in the legislation. It's another example of giving the minister broad powers to enact the legislation.

Now, cybersecurity is something that Conservatives have been raising the alarm about for a long time. We did it when we first created, under a conservative motion, the Canada–China special committee. That was an issue that was raised there. In the context of Huawei, it is something we raised time and time again: our concerns that our 5G network was not being protected.

There are opportunities to strengthen our cybersecurity protocols. We need to ensure that not only are the privacy rights of Canadians respected, but that there's also no attempt at censorship for Canadian citizens when they are operating in the cyber-environment. We've seen the government go down that road as well, with Bill C-18 and with Bill C-10. They want to control what Canadians see, and control the algorithms of what will show up in their social media, for instance.

We have a hard time trusting the government when it comes to anything to do with cybersecurity or Internet regulations. They've proven time and time again that they're willing to sacrifice the rights of Canadians in order to promote their own narrow agenda.

Bill C-26, unfortunately, increases regulation and red tape, often, we believe, without adequate oversight and without votes in Parliament.

We've seen, even here today, that the rights of members or parliamentarians, the supremacy of Parliament, are things that this government does not put as the highest priority. If Parliament gets in the way, they simply try to bypass it.

I think Bill C-26 is another example of where that has happened. We have grave concerns with that, as I outlined briefly. There is also—

Thank you, Mr. Chair.

In this bill, there is a coordinating amendment—if the copy of the legislation I have is correct—that states:

If Bill C-26, introduced in the 1st session of the 44th Parliament and entitled An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, receives royal assent, then, on the first day on which both section 18 of that Act and section 123 of this Act are in force, subsection 2(3) of the Transportation Appeal Tribunal of Canada Act is replaced by the following:

Jurisdiction in respect of other Acts

(3) The Tribunal also has jurisdiction in respect of reviews and appeals in connection with administrative monetary penalties provided for under sections 177 to 181 of the Canada Transportation Act, sections 127 to 133 of the Critical Cyber Systems Protection Act, sections 43 to 55 of the International Bridges and Tunnels Act, sections 129.‍01 to 129.‍17 of the Canada Marine Act, sections 16.‍1 to 16.‍25 of the Motor Vehicle Safety Act, sections 39.‍1 to 39.‍26 of the Canadian Navigable Waters Act, sections 130.‍01 to 130.‍19 of the Marine Liability Act and sections 32.‍1 to 32.‍28 of the Transportation of Dangerous Goods Act, 1992.

I'm hoping that either the legislative clerk or perhaps some of the witnesses can indicate for me what the status is of Bill C-26. Has it received royal assent? If not, where is it in the process? This is just so we know how likely it is that this coordinating amendment will be utilized with Bill C-33.

Perhaps they could just tell me what the status of that bill is.

Mr. Chair, I believe that my privileges were actually violated by your not giving me a chance to speak to a clause of a piece of legislation that we are debating by simply calling a vote on it and saying there's no speakers list. By not even calling for debate and simply moving to a question.... How are we to know that we were going to go back into the legislation, when Mr. Kurek was in the middle of debating a motion?

By failing to allow for a debate on a clause of a piece of legislation, you have violated the privileges of all members of this committee. I would like to move a motion that we debate whether or not my privileges were violated by the chair when he refused to call for debate on the previous clause before calling for a vote.

That is the motion that I would move. It's that you have violated my privileges by not allowing us to discuss a clause of this bill by simply slamming the door and moving to a vote.

That is not how we have operated for the entirety of this debate. That is not how we operated for the entirety of our consideration of Bill C-33. To get rammy now and start to push this through in a way that we have not operated in.... I recognize that the chair and the government don't like when members of Parliament in the opposition exercise our rights, use the tools at our disposal to hold the government to account, and move duly accepted and duly moved motions at the time of our choosing, as is our right as members of Parliament. They want to simply end that discussion and move on to something that they would rather talk about.

That is not what the rules allow for. The rules call for members of Parliament to have the opportunity to discuss, debate, consider, amend, propose changes from all sides and then make decisions. It is not for the chair to suddenly say “I call the vote” the very second that Mr. Badawey gets his way and a motion gets shut down.

Mr. Chair, I've always respected your commitment to fairness. I've always respected how you have been neutral in that position, but I can't quite believe what is happening here tonight, where there is a departure and a decision to simply ram these motions through without giving us an opportunity to debate.

You've ruled Mr. Kurek's motion out of order. There is another motion that deals specifically with the transport component of Bill C-26. That motion is in order and does specifically deal with this issue.

It is very clear that the rights and privileges of members of Parliament are protected by our Standing Orders. They are protected, quite frankly, by the Constitution. They are to be limited only in very extreme circumstances.

A privilege motion actually takes precedence. We know this in the House. A privilege motion takes precedence over all other matters. When a privilege motion is moved, all other legislation—anything else before the House—is set aside because the rights and privileges of members of Parliament are to supersede the rights and privileges of the government, which might not want them to be exercised. They are sacrosanct. They are, quite frankly, something that we should be very concerned about when any member, not just those who wear our team colours, is impacted by it.

This is the sort of thing, you can bet, that Liberal members of Parliament, when they were in opposition, would have raised hell about. They would never have accepted this sort of thing, clauses being rammed down our throats without the ability to even discuss them for a minute, or to have a single word brought forward before it was voted on. That supersedes, quite frankly, whether or not the chair is sustained by a vote. This is something that is bigger than that. It is something that touches the very core of what we do in this place.

I know the government is frustrated that there have been concerns raised with Bill C-33. We've heard it in the numerous meetings that we've had with testimonies, none of which spoke about the benefits of the legislation. They were all very critical of the legislation. I know the Liberals didn't like that. They didn't like that we were going clause by clause through the bill. They didn't like that a member of Parliament might want to speak about issues related to the cost of living and the cost of transporting goods. That's the sort of thing that Mr. Badawey shut down with the assistance of the chair.

Standing Order 116(1) states:

In a standing, special or legislative committee, the Standing Orders shall apply so far as may be applicable, except the standing orders as to the election of a Speaker, seconding of motions, limiting the number of times of speaking and the length of speeches.

It specifically talks about the end of debate. Standing Order 116(2) states:

(a) Unless a time limit has been adopted by the committee or by the House, the Chair of a standing, special or legislative committee may not bring a debate to an end while there are members present who still wish to participate. A decision of the Chair in this regard may not be subject to an appeal to the committee.

(b) A violation of paragraph (a) of this section may be brought to the attention of the Speaker by any member and the Speaker shall have the power to rule on the matter. If, in the opinion of the Speaker, such violation has occurred, the Speaker may order that all subsequent proceedings in relation to the said violation be nullified.

Mr. Chair, this is a very serious section. It says very clearly, “while there are members present who still wish to participate”, not who are on a list that didn't exist before debate was closed, before it was shut down. This is a very serious issue, and one that we will take very seriously, because, in attempting to get a bill passed by an artificial deadline, there is now clearly a violation of the rights of the members of this committee.

All of the members on the Conservative side of this table were prepared and willing to speak to the clause upon which debate ended artificially. Again, it says, “A decision of the Chair in this regard may not be subject to an appeal to the committee.” Quite frankly, it doesn't matter that once I stop talking there's an attempt to have the chair's ruling sustained, because, again, this is not a matter for a majority vote of the committee. Members' privileges are not subject to the tyranny of the majority. Members' privileges are protected by our Standing Orders, and they are protected by our role to represent the people who sent us here.

It would be quite something if we could, instead of having our rights protected, have our rights dictated to us by the majority of committee members, who find them to be inconvenient tonight. That is, quite frankly, something that we can't tolerate. This is something that should supersede any of the other things that we were going to talk about here tonight.

We have seen time and time again how there has been an attempt to shut down debate. We know that shutting down debate has been done in the House of Commons a record number of times.

There is a process in place for shutting down debate. In their election campaign in 2015, the Liberals promised they would never use the rules of the House to shut down debate. We've seen them break that promise time and time again, both in a majority and with the help of the NDP in a minority government. They've done that on numerous occasions. Hundreds of times they've shut down debate, but that is by a motion. That is using a process that is in place. The Speaker doesn't simply get up and say, “Debate is over. We're having a vote right now.” That is all—

Thanks, Mr. Chair.

Well, we could see the Conservative script being read, and I'm sure the Leader of the Opposition will give bonus points for accurately reading the script. Perhaps my colleague will even get a question or an S.O. 31 for good behaviour. On the topic of the real issues and the real work before this committee, we've already agreed to do a study.

Mr. Chair, I know there's been some disruption—not disruption, but we've been without a chair in place for a few days—so I would encourage you to line up witnesses for Wednesday's meeting on the study of prison transfers and classification, whichever witnesses are available. It should be the priority that we start this work.

We began the work with the good advice from Mr. Julian in terms of trauma-informed training, and I think that we should continue this work. We have a lot of work to do on this committee. We have a lot of things to study, including prison transfers, including Bill C-26, which is crucially important, and including auto theft, which I know is something that was brought forward by our Bloc members and was well supported on this committee.

Any sort of delay only delays serving Canadians. Canned speeches from Conservatives for brownie points are not actually helpful to Canadians and victims, but the work we do is, so I would encourage you to schedule Wednesday's meeting as quickly as possible, with witnesses on the transfer study.

Thank you.

It was, but we've already modified our plan to do the study on Mr. Bernardo's transfer, followed by Bill C-26.

Why don't we talk—

The clerk has taken notice of the deficiencies and will address them.

I would point out that if we were to pass this motion.... When we finish clause-by-clause on Bill C-20, we still have to ramp up for Bill C-26. We don't know when it is, so this might be an opportunity to fill in between the two studies in an effective, useful way. That's how I think we would approach it if we were to pass this motion.

Mr. Julian, do you wish to respond to those questions?

Thank you, Mr. Chair.

We have spent more than six and a half hours debating a number of motions that all deal with the same thing. The opinion of every party represented here has been heard. I think the Liberals proposed a motion in good faith at our last meeting, and I think Mr. Julian has in good faith moved a motion that provides a reasonable compromise so as not to further delay the study of Bill C‑20.

I'm not sure whether my fellow committee members feel the same, but I struggle to look witnesses in the eye because I'm embarrassed to bring them before the committee. I know this is costing taxpayers a ton of money. I'm not sure whether you know how much, Mr. Chair. Perhaps the clerk can send us the information. Our constituents need to know what we're doing here. The study of a very important bill is being held up.

People are writing us. Every single member here has gotten emails from people who are very eager for our study of Bill C‑20. I've even met stakeholders who are also worried about the study of Bill C‑26, which we are supposed to deal with after the study on Bill C‑20. That means the Bill C‑26 study is also being delayed. I think it's tremendously unfortunate, not to mention disrespectful to the people here, who surely have better things to do. Their expertise could be helping us in our study of Bill C‑20.

As I said, I think Mr. Julian has put forward an acceptable compromise, but I do have a few minor technical questions. The French version of the motion starts off, “Que le Comité permanent de la sécurité publique et nationale tienne immédiatement une réunion de 3 heures, à la suite de l’étude du projet de loi C‑20”. I was wondering whether “immédiatement” is really what's meant, as opposed to “après”, meaning after the study of Bill C‑20. The English version says, “immediately after”, so the meaning may have gotten lost in translation. I'm not sure whether we can sort that so the French version is clear as well, without necessarily going through a subamendment.

I also have a question about the one-hour in camera meeting being requested so the committee can be briefed on trauma-informed questioning at committee. I'm wondering what purpose that will serve, since the people we hear from are not necessarily victims. Is that additional hour really necessary?

As for Mr. Shipley's amendment, we'll be back to square one if we hold three meetings on this. I think inviting the minister for one three-hour meeting and another two-hour meeting is an acceptable compromise. That is five hours of debate, after all. When it comes to inviting former public safety minister Marco Mendicino, he lost his portfolio, so I think we can leave him out of this. It's not his job to answer these questions. The motion already calls on the committee to invite the current Minister of Public Safety to answer our questions.

I'm ready to vote on the amendment and the motion so we can move on to studying Bill C‑20, but I would appreciate it if Mr. Julian could answer my questions.

Thank you, Mr. Chair.

As I've said several times since this debate began, I think it's extremely unfortunate that we're spending several hours debating numerous motions that all point in the same direction, when the committee has an agenda to follow: we should be debating Bill C‑20; some people have reminded us of how important it is to them. Indeed, we've all received emails from victims who have been harmed by the Canada Border Services Agency, and they deserve to have parliamentarians take a look at this important bill. Personally, I think it's a shame for these people. I'd even say it's disrespectful to the people who are watching the committee's work, hoping that we'll finally get around to studying this bill. It's also disrespectful to the civil servants who, let's put it this way, are wasting time here while we debate another subject.

I'm not saying this subject isn't important. Of course it's important. There are probably 50 other important topics related to public safety in Canada that we could be debating here. It's just that the timing isn't right. I think we've already wasted too much time and we should be debating Bill C‑20.

That said, I think my colleague Ms. O'Connell has proposed a reasonable compromise in introducing the motion before us. It's the Conservatives' desire to debate this subject, once the study of Bill C‑20 has been completed, and I agree. I would even have gone so far as to say that, since bills are this committee's priority, the debate on this subject could have been held after the study of Bill C-26. However, we agreed to consider this issue directly after the study of Bill C‑20. Ms. O'Connell has proposed a reasonable motion, which I think we could all agree on.

Of course, I'm against the amendments and subamendments proposed by the Conservative Party. We've had ample opportunity to discuss and negotiate behind the scenes so we can't do it here in committee and waste a lot of people's time. The Conservatives always come up with a new proposal to stretch out debate time. They want to politicize the debate and that's really deplorable. It's no secret that they're politicizing the debate. As I've already said, I'd like to take the question even further: should we politicize this process too? The Correctional Service of Canada exists for a reason, it has specific tasks to accomplish, so I don't understand why we're bringing the minister into this.

I agree with a few things Mr. Julian mentioned about public servants, whom we once again allowed to leave after several hours of hearing us debate this.

Out of respect for the people who expect us to do our job, I'd like us to go ahead, vote on the subamendments, on the amendments and on the motion, come to a consensus and proceed with Bill C‑20. There are people who have been waiting for this for a long time.

I said that some of the blame lies with the Conservatives, who are filibustering in Parliament and stretching out debate time on this issue, but it must also be said that the committee spent a lot of time studying Bill C-21 because the government had more or less done its job well. In the case of Bill C‑20, this is the third time in a few years that a similar bill has come before the House of Commons. In the meantime, there has been prorogation and an election; obviously, this is coming from the Liberal side.

So I see political jousting on both sides and I find it deplorable. It's a subject that shouldn't be politicized.

I ask that we vote on the proposal before the committee at this time.

That brings us to one of the points in the report. We agreed in subcommittee that the preliminary witness list, people's nominations for witnesses, should be done by the end of next week.

I bring everyone's attention to the analysts' report, which is a quick summary of Bill C-26, with suggested witnesses. I suggest that as a good starting point. Of course, the clerk will sort out the witnesses according to party standing and the number of meetings, but if we need to extend that, it's open for the committee to do so.

Are we ready to vote? No.

Mr. Shipley, go ahead.

Briefly, I was unable to make it to the subcommittee meeting. Mr. Lloyd was there in my absence. There are just a couple of things I wanted to mention.

First of all, Bill C-26 is a rather large, very in-depth bill, and there is going to be a long list of witnesses. We actually don't have our side's list completely formalized yet. We're working on that as we're transitioning through the offices.

I have a serious concern that five meetings are not going to be enough. This is a very serious bill—just look at what took place this week with our own systems being down—that I think is going to take extra time. I'm concerned that having five meetings is too tight. Perhaps we can check the will of the table to see if we're going to have that set in stone or if we can be more flexible about having five, knowing there could be so many....

Madam Speaker, I am pleased to be able to rise and offer my thoughts on Bill C-21 at third reading.

I say that with a bit of amazement because I cannot believe we have actually made it to third reading. This bill received first reading in this House on May 30 of last year. We got through second reading in fairly short order, but at committee stage, things really got lost and all hell broke loose, so to speak.

I remember participating as the NDP's public safety critic. We had scheduled eight witness meetings to look at the first version of this bill. Things were going along quite well. There were some disagreements around the table, but there was not any of the friction that suggested there would be a major catastrophe in the making.

That all changed in November when we arrived at the clause-by-clause portion of the bill. Before that meeting started, every party was responsible for reviewing the witness testimony, reviewing the briefs that had been submitted, and working with legislative drafters to put together our amendments. Once those were submitted to the clerk, as is the normal course of things, the clerk then distributed them to all committee members.

It was quite a surprise when we saw just how big the amendment package was and just how expanded the scope of the bill was going to be. Most of the amendments came from the government. There were a couple in particular that completely sent the committee off its rails.

The amendments landed on our laps at the 11th hour. It was obvious that there had been no warning to committee members. The Liberal members of the committee were introducing those amendments on behalf of the government. They read them into the record, but I do not think they actually had a clue as to the monumental nature of the amendments.

It was clear that the amendments were not backed by any witness testimony because of the significant nature of how they were changing the bill. We, as committee members, never had the opportunity to question witnesses on the bill taking shape.

That completely derailed things. That started in November 2022, and it is only just recently that the committee stage of the bill was finally able to complete its job. That is an incredible amount of time for one committee to be occupied with a single bill.

If we look at the mandate of the public safety and national security committee, it is one of the most important committees. It is responsible for reviewing the policies and legislation of multiple agencies, whether it is the Canadian Security Intelligence Service, the Officer of the Correctional Investigator or the RCMP.

There are two other bills. Bill C-20 is going to provide an important oversight body for the RCMP and the CBSA. Bill C-26 is going to seek to upgrade our cybersecurity infrastructure. Both of those bills have been held up because of the shenanigans going on with Bill C-21.

I listened to the debate all day yesterday when this bill was going through report stage, and today when it was going through third reading. Unfortunately, because of some of the speeches in this House, there is a lot of misinformation out there and a lot of people have the wrong idea of what is included in this bill.

My Conservative colleagues do make a big deal in their speeches about standing up for hunters, farmers and indigenous communities, and I take no fault with that. I proudly stand here and say the same thing. It is troubling because it is alluding to something that is actually not in the bill. That illusion for hunters, farmers and indigenous communities is that their rifle or shotgun, if it is semi-automatic, is going to be prohibited by this bill.

Let me clearly say this for the record: That is not the case. Bill C-21 is not going to do that. If someone has a current make or model of a rifle or shotgun, they are licensed and legally own that firearm, after this bill receives royal assent, they will continue to be able to use it.

That is a fact. So far, when I have brought it up in questions, my Conservative colleagues have been unable to refute that. I have challenged multiple Conservative MPs to name one rifle or shotgun that is going to be prohibited by Bill C-21. In every single instance, they have deflected and swerved away to go back to comfortable talking points, because they cannot do it. I will tell colleagues why. It is because I am not reading Conservative talking points. I am going to actually read from the text of the bill.

In the new section that is going to add to the definition of a prohibited firearm, it mentions that it is:

...a firearm that is not a handgun and that

(i) discharges centre-fire ammunition in a semi-automatic manner,

(ii) was originally designed with a detachable cartridge magazine with a capacity of six cartridges or more, and

(iii) is designed and manufactured on or after the day on which this paragraph comes into force...

The last point is one that everyone seems to skip over, but it is the key part.

Current makes and models are not going to be affected by Bill C-21. Future makes and models that come into the market after this bill receives royal assent will be affected. However, current owners will not be affected by Bill C-21.

Conservatives will then seek to muddy the waters even further. I have heard a lot of reference to the firearms advisory committee. They say that the minister is going to bring this back and staff it with Liberal appointees, who are going to make suggestions about what firearms should be prohibited and then act on the suggestions. I have a news flash for my Conservative colleagues. This is a power that the government already has. It does not need a firearms advisory committee.

I would direct my Conservative colleagues to the existing section 84(1) of the Criminal Code. It says right there that the government can change the definition of what a prohibited firearm is when it mentions “any firearm that is prescribed to be a prohibited firearm”. “Prescribed” is the key word there, because that means it can be done by cabinet decree. If they do not believe me, how did the government get the authority in May 2020 to issue an order in council? Here, 1,500 makes and models were done through the Canada Gazette under existing powers.

All this ballyhoo over a firearms advisory council, as well as all the hoopla that we have heard in this House about the dangers of that council coming into being, is a complete red herring. It is smoke and mirrors. This is a power the government already has. In fact, I would rebut them on that argument by saying that if the minister currently has that power to do this unilaterally through an order in council cabinet decree, would it not be a good thing to have an advisory council to at least talk to the minister about how maybe that would not be a good idea?

If we can ensure that the advisory council has indigenous representation, representation from the hunting community and representation from the sport shooting community, in my mind, that is a good thing. I will let them continue to say that, but they know they cannot argue with me on those facts. Again, I am reading from the bill and from existing provisions of the Criminal Code. If they are going to try to muddy the waters, they can try to argue their way out of it, but the facts cannot be changed.

I want to turn to something more positive, with the airsoft community. Last summer, I had the pleasure of visiting the Victoria fish and game club. I do not know if colleagues have been to Vancouver Island, but in the middle of my riding is the Malahat Mountain. It is the big mountain that separates the Cowichan Valley from the city of Langford and the whole west shore. It is the traditional territory of the Malahat people, but on top of it is where the Victoria fish and game club is, on a beautiful property. Right beside it, there is an amazing forest setting for the club's airsoft games. I went out there with one of my constituency assistants on a weekend. They invited us to come and see a match. We got to don the referee uniforms, so that we could walk out in the middle of a pitched battle. I think one of my constituency assistants accidentally got shot.

It was so fun to see how much fun these players were having, to talk to them about how passionate they were about their sport and to really understand that this is more than a hobby for them. This is something that allows them to get out into the great outdoors with their family and friends.

They were really worried about Bill C-21 because of a section in the bill that would basically turn their airsoft rifles into prohibited devices. I invited some of them, with other colleagues around the committee table, to come to committee, to submit briefs and to say their piece. I have to say that the representatives of the airsoft industry, the manufacturers and the players associations did themselves proud. They made a good argument, and they convinced those around the committee table. They did what is done in a democratic system. They fought for change, and they achieved it.

The NDP amendment that was put forward to delete the offending sections from the bill was passed. That is a victory for the airsoft community. All they are asking for is not the sledgehammer approach of legislation that was in the original version of Bill C-21, but a regulatory approach. They are more than willing to work with government on the regulatory approach. That message was heard, and that is something that all parliamentarians can celebrate.

Let me turn to the handgun freeze and the amendment that we put forward as an attempt to expand the exceptions of the handgun freeze to allow for other sport shooting disciplines. As the bill is currently written, at this third reading stage, the only exemptions that exist are limited to people who are at an extremely elite level. They are Olympic athletes and Paralympic athletes. I use the terms “exemptions” and “exceptions” interchangeably.

After speaking to members of my community who participate in the International Practical Shooting Confederation and speaking to members who are in single-action shooting as well, I felt that these people are athletes. They train for what they do. They are passionate about their sport. They deserve to have exemptions as well. Therefore, I put forward an amendment to try to expand that. That amendment almost passed. There was a little bit of confusion on the Liberal side when that amendment came to a vote.

When I tuned in to watch the committee hearing at that stage, I was pleasantly surprised to see the Liberal member for Kings—Hants speaking in support of our amendment. It was a wonderful surprise to see, except that when it came to a vote, unfortunately, he abstained. It resulted in a five-five tie; of course, this had to be broken by the Liberal Chair. We came really close.

I have received a lot of flak from certain sectors of society for my stance on this. That is okay; I can take it. I am not going to apologize for standing here and making an attempt to fix the bill on behalf of my constituents who simply want to be able to practise their sport. To those who are arguing against that, I would simply point to the submission that was given to our committee by none other than the Canadian Association of Chiefs of Police. They said:

We believe that a handgun freeze is one method of reducing access to these types of firearms, while allowing existing law-abiding handgun owners to practise their sport.

That is what I was basing my amendment on, as well as the interventions made by my constituents. We tried our best at committee to make that change. Unfortunately, because of the votes falling the way they did with the Liberals and Bloc, it did not pass.

I will give another reason. The top IPSC competitors were telling me that they shoot about 50,000 rounds of ammunition a year. That is an incredible amount. We have to understand that a handgun is essentially a mechanical device. If someone is shooting it 50,000 times a year, it will break down. Sometimes, handguns have to be replaced. In my mind, it was unfair, not allowing an exception for an athlete of that calibre to have the means to be able to replace a tool that they use to compete.

We may have lost this particular battle, but what I would say to members of those sport shooting disciplines is that I will continue to pursue this issue. I will find other avenues to fight to make sure that their sport has an exemption.

We have completed the report stage part of the bill, but there has been some controversy from some women's groups who were unhappy with the red-flag provisions of the law, and I understand that. When I approached the committee hearings on this, I understood the controversy that existed around red-flag provisions. There were some women's groups that felt that adding this extra layer of bureaucracy through the court system did not serve women or other people who were in vulnerable situations where firearms might be present. They felt that we should have a properly equipped and responsive police force, and I agree with them.

I will turn critics' attention to members of the National Association of Women and the Law, because when Bill C-21 was reported back to the House, they made some public tweets, which are all up there for people to read. They said that with all the amendments that were proposed, these are some of the ways that the bill would make women safer: “The provision on licence revocation when someone has committed violence is now strengthened and clarified. A licence must be revoked when there are reasonable grounds to suspect that an individual may have engaged in family violence.” They also said, “people who have been subject to a protection order will now be ineligible to hold a licence if they ‘could pose’ a threat or risk to the safety of another person. This way, safety comes first.” That is the onus test.

They went on to say, “The Bill had no timelines for reacting to danger and domestic violence. Thanks to the adoption of our recommendations, there is now a statutory duty to act within 24 hours. This will protect women at the critical time of separation, when risk of violence is at its highest.”

A lot about the bill has been subsumed by the debate over hunting rifles, shotguns, airsoft and the handgun freeze. However, it is important for us to realize that, in the heart of the bill, there are actually some very important measures, which have now been improved by the committee. I have worked with members of the National Association of Women and the Law, and I respect the submissions they have made. If they are willing to come out and publicly endorse the bill in this way, I am glad to have their support as a stakeholder, and I give it a lot of credence.

I also want to talk about ghost guns, which relate to another “unsung hero” part of the bill. We heard from law enforcement, and I want to read into the record the testimony that came from Inspector Michael Rowe, who is a staff sergeant in the Vancouver Police Department. He said:

In addition to what is already included in Bill C‑21, I would ask this committee to consider regulating the possession, sale and importation of firearms parts used to manufacture ghost guns, such as barrels, slides and trigger assemblies. These parts are currently lawful to purchase and possess without a licence, and they can be purchased online or imported from the United States. The emergence of privately made firearms has reduced the significance of the currently regulated receiver and increased the importance of currently unregulated gun parts that are needed to finish a 3-D-printed receiver and turn it into a functioning firearm.

That is the request coming from law enforcement. We know that this is a growing problem, and they asked for a specific legislative fix to the problem. I am proud to see that the public safety committee delivered on that request from law enforcement.

Much has been said about indigenous communities. They are, of course, the ones who led the way in opposition to the bill. I remember, back in December, when the Assembly of First Nations came out with a unanimous emergency resolution opposing those eleventh-hour amendments that were made by the Liberal government. They said that the amendments went against the spirit of the UN Declaration on the Rights of Indigenous Peoples. They helped us to understand, as parliamentarians, that these are not toys or hobbies; rather, they are a way of life. In some indigenous communities, they are necessary for the protection of life. I am glad to see that the committee listened, and no current make or model of a rifle or shotgun that is currently in use in indigenous communities is touched by Bill C-21. The committee went further and added a clause, which now references section 35 of the Constitution Act to show that indigenous rights are upheld.

I will conclude by saying I can honestly go back to the hunters, farmers and indigenous communities in my riding of Cowichan—Malahat—Langford and tell them their currently owned firearms are safe. I am glad we were able to force the government's hand on this matter.

Madam Speaker, I spoke to this last week when we were debating Motion No. 25. I made reference to the fact that, for the Conservatives, Bill C-21 is the goose that lays the golden eggs. That is why they have wanted to see it stuck in the House; that hoovering sound we can hear is the sound of the Conservative Party's fundraising machine raking in millions of dollars off this bill. I for one am glad to see that the committee has sent it back to the House, because there are two other important bills waiting to be heard. These are Bill C-20, which deals with important RCMP oversight, and Bill C-26, which looks at cybersecurity; these are both very pressing issues. It is high time the public safety committee got to work in addressing those other key issues.

Madam Speaker, it is hard to find the words to start given how long I have personally been involved with this piece of legislation. I know there are a few select members of this House who would agree with me. I think for each one of us, this has been our own personal odyssey, and to get to this point is really remarkable. All of the different twists and turns that this one bill, Bill C-21, has taken are going to be studied in parliamentary procedure for years to come.

I have had the privilege of representing my riding of Cowichan—Malahat—Langford for three terms, now being in my eighth year, and I have discovered that in my time here, Parliament has demonstrated that it is indeed the last place to go for an open, honest and logical debate on firearms. A lot of the debate we have seen on this bill and on firearms regulations, policy and legislation in general has done a very real disservice to Canadians. Both sides of the issue have torqued up their arguments. There has been blatant misinformation and labelling, and this has really descended the level of debate into something that I think a lot of Canadians would quite rightly be disgusted by. It is very difficult in this place, when we have all of these torqued up emotions and political agendas, to have a reasoned debate on firearms. That certainly has been the story.

I know a lot of people on Twitter are following this debate very closely. I would say that the Standing Committee on Public Safety and National Security is probably the most watched committee of them all, and I know that my words right now are being analyzed and tweeted about, even in real time. I just want the people who are listening to brace themselves, because I have equal amounts of criticism for both the Liberals and the Conservatives as to why we now find ourselves in this place.

I first want to start by talking about the committee, because ultimately today's motion is one of instruction to the Standing Committee on Public Safety and National Security. One could be forgiven for thinking that all this committee does is study policy and legislation surrounding firearms, because that is indeed all it has really been consumed with since the bill was referred to the committee late last year. In fact, we started Bill C-21 at committee in October 2022, and here we are now, well into May 2023, and we are still only at the clause-by-clause part of the bill.

I think it is useful for people to understand what the mandate of this committee is. It is responsible for reviewing legislation, policies, programs and expenditure plans of a whole host of different government departments and agencies that are responsible for not only public safety, but national security, policing, law enforcement, corrections, the conditional release of federal offenders, emergency management, crime prevention and of course the protection of our borders. When we are doing things like the estimates for the spending plans of Public Safety Canada, quite often we have representatives included from the Canada Border Services Agency, the Canadian Security Intelligence Service, the Parole Board of Canada and the Royal Canadian Mounted Police.

What I am trying to underline here is that this committee is an extremely important committee of the House of Commons, and all the work it does in all of these different areas in looking after our intelligence gathering, law enforcement and border protection has been sidelined by the incredible amount of time that has been consumed. Time is our most valuable resource in Parliament, and once we spend it we do not get it back.

Because of the shenanigans that have occurred with respect to Bill C-21, the public safety committee has quite correctly been prevented from examining all of these other different areas, keeping tabs on those different departments, examining different pieces of legislation and keeping tabs on what the government's policies and practices are going to be with respect to other key areas. That is an important element that we first need to establish when we are talking about where we are today.

As many members will know, including members in my own community, I used to be our party's public safety critic. I found my time on that committee to be personally quite valuable. I found that the subject matter we were dealing with was quite intellectually challenging and stimulating, and it is important work.

I know from my interactions with other members of the committee, whether on the Liberal, Conservative or Bloc Québécois side, that they all conducted themselves very well, and I enjoyed my working relationships with them. That even goes for our work on Bill C-21.

Believe it or not, there was actually a time when Bill C-21 was progressing through committee in relatively good order. We concluded roughly eight meetings with witnesses. The committee then had time to come forward with its amendments, and there seemed to be an acknowledgement that aside from a few differences with a few clauses here and there, the bill was probably on schedule to be reported back to the House for report stage and eventually third reading sometime in December.

We then got to November, and all hell broke loose. This was when the eleventh-hour amendments were dropped by the Liberals. I should correctly say “the Liberal government”, because I do not think they were, by design, from the Liberal members of the committee. They did come from the government.

I do not want to go into the details of the bill too much, because I think that is a well-trodden path and a well-known story, but allow me to take this moment in my speech to levy what I think are some well-earned criticisms on both the Liberals and the Conservatives. I know some of my colleagues will probably laugh at this, particularly the member for Hamilton Centre, because he has heard me joke about this before.

I often feel like the character Mercutio in Shakespeare's play, Romeo and Juliet, when he is expressing his frustration with the Capulets and the Montagues, because I feel that same frustration with the Liberals and the Conservatives. It is difficult sometimes to watch the shenanigans between those parties and the way our level of debate around this issue descends into the depths and scrapes the bottom of the barrel.

Let me start with the Liberals. One day, someone is going to write a book about this sorry episode, and it is probably going to be titled something like “How Not to Amend One's Own Legislation”. It is going to be a warning guide for governments in the future on what not to do and how not to spring a surprise on an unsuspecting committee when they have not done their homework, when they have not done consultation and, most importantly, when they have not consulted with the members of the committee who are actually responsible for shepherding those amendments through.

I want to caution members: My comments are not, in any way, directed to the colleagues I work with, but more to the Liberal Party brain trust. I understand the reasoning behind where they are coming from. Gun violence in our major urban centres is a very concerning thing. It needs to be dealt with appropriately. I want to take a moment to acknowledge the extreme grief that is out there within so many families who are dealing with a loss due to firearms violence.

Sometimes the road forward for the Liberals has been paved with good intentions, but it has led to some pretty awful results. I would ask them to step back and try and heal some of the wounds that exist in that divide between urban and rural Canada. We need to understand that yes, firearms violence is a big issue, but there also has to be a level of respect afforded to Canadians who are lawful firearms owners, who play by the rules and who have done everything right. I would encourage the Liberals to consult more with their rural MPs.

When the Liberals introduced those amendments, one of the groups that were leading the way was indigenous communities—not only hunters and farmers, but indigenous communities, not the least of which was the Assembly of First Nations. In an extremely rare move, the AFN came out with a unanimous emergency resolution on the last day. That is almost unheard of. They were going after the government for those ill-thought-of eleventh-hour amendments.

No consultation had taken place. One could make a legitimate argument that the Liberals, in bringing in these amendments, were not respecting the United Nations Declaration on the Rights of Indigenous Peoples or even the legislation we have passed that enshrines that within our own laws to make sure that all federal laws are in harmony with the declaration itself. It went against the spirit of that.

Now I will turn to my Conservative friends.

What do we say about the reams of ridiculous hyperbole we have seen from that party on Bill C-21? The bill has been a fundraising boon for the Conservative Party. That giant sucking sound we hear is Conservatives hoovering money from the harvest of their rage-farming operation around the bill, and I think a part of me wonders whether the Conservatives do not want to see the bill go forward because it has been so financially viable for them. The evidence is all out there. I do not think there is any interest at all in trying to move the legislation forward, because doing so would essentially stop the goose from laying golden eggs for them. It has been an incredible money-maker for them.

When I look at some of the misinformation that has been put out by the Conservative Party around the bill, I see they are fanning flames of rage over amendments that no longer exist and incorrectly saying that the government wants to take away all their guns. It is just completely off-the-wall bonkers stuff that can be easily disproven, and it is completely not helping the standard of debate we expect of our parliamentarians. It just makes the rest of our jobs harder when we have to fight that completely untrue disinformation that is being actively fanned on social media.

Yes, it is a sorry state due to the actions of both parties in so expertly playing politics with the bill, and that is a large part of the reason we are here today.

We know that the problematic amendments were withdrawn by the Liberals. That is fact number one. All current owners of long guns in Canada are not going to have those firearms impacted, because the problematic amendments were withdrawn. What we now have being proposed as an amendment to the bill would go after firearms that will be manufactured in the future, after the bill receives royal assent. There is also an important amendment, I understand, that would make sure that nothing in the bill takes away from the rights of indigenous peoples. That is recognized and affirmed under section 35 of our Constitution.

Of course, there are incredibly important amendments dealing with the exponentially growing problem of ghost guns. This is a problem that has been brought to the committee's attention repeatedly by law enforcement agencies. I would hope that more attention is paid to those particular amendments, and of course we, the remaining members of the House of Commons, have to reserve our judgment on the bill until we see the final version that the committee ultimately reports back to us.

Now let us turn to the motion of instruction and what it would do.

First of all, we have to understand that as of this morning, the Standing Committee on Public Safety and National Security had already spent approximately five hours on clause-by-clause consideration. If they had been able to complete their meeting this afternoon, and I know it was interrupted by a series of votes, that would have brought the total to eight hours, which is roughly equivalent to four full meetings. The motion being debated today would add a further 17 hours to that, bringing it to roughly 25 hours, which is the equivalent of 12-and-a-half meetings.

I understand from the member for New Westminster—Burnaby, our member on the public safety committee, that he has tried multiple times to extend the sitting hours of the public safety committee so that Conservatives, the Bloc and New Democrats could have additional time to look at the amendments that are being proposed by various members. I understand that in each of those instances, these attempts were either rejected or filibustered so that the committee ultimately could never get to a vote. To hear Conservatives complain that they are being silenced in the House when they have, in fact, had multiple opportunities at committee to extend the sitting hours of that committee does come across as a bit rich.

I would say that because I have had my staff look at bills similar in size and complexity to Bill C-21, Bill C-18 comes to mind. That particular bill, when it went through clause-by-clause study at its committee, had seven meetings, the equivalent of 14 hours, for clause-by-clause study, so that is more than enough time to get through it.

I know from my own experience, because I used to be a member of the public safety committee and have seen a lot of these amendments, that are a lot of them are very technical, small changes to the bill, especially the parts that deal with ghost guns. Not a lot of debate is going to be required on them. In fact, the committee can probably get through them in short order because they are repetitive and many different areas of the Criminal Code and the Firearms Act have to be updated to make sure that those existing statutes are in harmony with each another.

The other thing I want to turn to in my final three minutes goes back to the earlier part that I mentioned at the beginning of my speech, the overall mandate of the public safety committee. We have two really important pieces of legislation waiting in the wings, waiting for their turn to be examined at the public safety committee. They are Bill C-20 and Bill C-26.

Bill C-20 is going to create our first-ever public accountability and transparency network that is independent of the RCMP and the CBSA. In fact, the CBSA has never had an independent oversight mechanism. Looking at the public safety committee's report from the previous Parliament looking at systemic racism in policing and looking at all of the instances of injuries and sometimes death that have happened to people who had been in the custody of the CBSA, we see that these are important measures. We have had so many racialized Canadians, so many indigenous Canadians who have been calling out for these types of oversight measures for years. Why should those pieces of legislation continue to be pushed back while we draw out this process on Bill C-21?

Bill C-26 is an important piece of legislation, which I will be the first to admit needs a lot of work at committee, but it is going to really bring in line a lot of the cybersecurity requirements that are needed for some of our critical sectors, be they in banking, transportation, energy and so on. It is going to be a requirement for many of those private actors to bring their systems in line with a standard that is acceptable to the federal government. Again, a lot of work is needed, but no one in this House can deny or absolve themselves from the fact that these are important issues that deserve to have their turn at the public safety committee.

My ultimate motivation for this motion today is to get Bill C-21 on its way. We have had enough time at the committee. It has occupied so much time at the public safety committee, and it is time for the public safety committee to move on to other bills that are equally important to many other Canadians.

In conclusion, I ultimately am going to reserve my judgment on Bill C-21 until I see what the committee reports back to the House, but I will not agree to let that committee continue to be bogged down, especially when there is so much other important work to be done.

With that I conclude. I welcome any comments and questions from my colleagues.

Madam Speaker, we miss the member on the committee, although we welcome his colleague. His contributions to this bill have been important and he is absolutely right.

Waiting in line at the public safety committee is Bill C-20, a bill that would provide important oversight for the Royal Canadian Mounted Police and the Canada Border Services Agency, something that, for many year, has been called for to enhance that oversight for the RCMP, but also provide oversight for CBSA for the very first time.

In addition to that, we have Bill C-26, which deals with cybersecurity. The member is absolutely correct. We have two important bills waiting, but we cannot get to them until we finish Bill C-21.

Madam Speaker, I was glad to hear that the parliamentary secretary started her remarks with an acknowledgement of indigenous communities, because they led the way, with the Assembly of First Nations, in fighting against the amendments the government brought in at the eleventh hour. I am glad to see that those amendments were withdrawn. I would also thank committee members for passing my amendment to save the sport of airsoft. We have had a lot of very positive correspondence from that community, which is glad to see that the government will go back to the drawing board on this.

By my calculation, after tomorrow's meeting, the committee will have had eight hours on clause-by-clause. If this motion passes, there will be an additional 17 hours, which will be the equivalent of 12.5 meetings. By comparison, Bill C-18 only had seven meetings. I think there will be enough time to get this bill through.

Could the parliamentary secretary talk about the other bills that are waiting their turn at the public safety committee, like Bill C-20 and Bill C-26, and how important it is to look at those bills?

Mr. Chair, before you start my clock, I want to give notice of the following motion.

That the committee undertake a study of no less than eight (8) meetings to review how the readiness of the Canadian Armed Forces is impacted by Canada’s procurement processes and the capabilities of our defence industry to ensure that the Canadian military’s needs are being met. And that the Department of National Defence, Canadian Armed Forces, Public Service and Procurement Canada, Office of the Auditor General, Parliamentary Budget Officer, Treasury Board, defence industry, military procurement experts and academics be invited to testify before committee on this matter; and that the committee report its findings and recommendations to the House.

We have that in both official languages, and we'll circulate it.

I will start my lightning round of questions.

First of all, I want to thank all the witnesses for being here.

The government has proposed Bill C-26 as a way to encourage industry to have a stronger cybersecurity defence. There have been a lot of concerns raised that the fines and penalties are overly prescriptive and brutal for individuals and companies, but yet these same types of fines and penalties aren't applied to the government itself.

I'd like to get feedback from Mr. de Boer in particular, as he represents a Canadian industry here. I do miss my BlackBerry phone from back in the day.

Who's responsible for protecting critical infrastructure, including in the private sector? Is it the Canadian Armed Forces, the Department of National Defence, CSE or the Government of Canada as a whole, or is it best that it come from the individual companies? You can also touch on the issue around available people, because the Business Council of Canada says that currently we have 25,000 unfilled positions in the cybersecurity world.

Thank you for that.

Yes, it was mentioned within that same lawsuit, in the documents that the BC Civil Liberties Association came out with, the glossary of terms of unselected data and publicly available data and how they are used. Do laws like Bill C-59...? That lawsuit was before Bill C-59. It addressed more the old Bill C-51 problems. Specifically as we look at Bill C-26, do those laws adequately address the threats that civil libertarians are worried about in terms of taking advantage of publicly available data?

It being 3:12 p.m., pursuant to order made on Thursday, June 23, 2022, the House will now proceed to the taking of deferred recorded division on the motion at second reading stage of Bill C-26.

Call in the members.

Mr. Speaker, I rise today to speak on Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. Cybersecurity is of the utmost importance to Canadians, and I am glad to see the topic debated in the House today.

Bill C-26 would amend the Telecommunications Act. I should note that any time the Telecommunications Act is changed, I am very interested. Not only am I the shadow minister for rural economic development and connectivity, but I also have a bill before Parliament, Bill C-288, that would amend the Telecommunications Act to provide Canadians better information when it comes to the service and quality they pay for.

The dependence on telecommunications throughout our society continues to grow. The uses of Internet and cellular services are foundational to both the social and economic success of Canada, so I appreciate seeing the government move forward with a bill to secure our telecommunications network through Bill C-26. However, I must ask this: What took so long?

It was over two years ago when this House of Commons passed a Conservative motion that called on the Liberal government to ban Huawei from our 5G network. Despite this motion passing in the House of Commons and the director of the Canadian Security Intelligence Service warning the government in 2018, it took years to ban Huawei from Canada's 5G network. Therefore, is Bill C-26 important? It absolutely is. Did it take too long to get here? It absolutely did.

I should note that I recently asked if the University of British Columbia continues to work with Huawei in any form. The response was, “Yes, we do”. The government has been warned about the risks to our national security over and over again, yet we fail to see concrete action.

Analyzing Bill C-26, I have a few questions and concerns.

In its current form, Bill C-26 allows the Minister of Industry to obtain and disclose information without any checks and balances. If passed, Bill C-26 would grant the minister the power to obtain information from the Canadian telecom companies. It could, “by order, direct a telecommunications service provider to do anything or refrain from doing anything...that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”

There are no specific details on what information can be collected when it comes to personal consumer data, nor is there any clarity on who the minister could share this personal information with. Could the minister share it with other ministers or other departments? As of now, it does not say the minister could not do so.

A recent research report entitled “Cybersecurity Will Not Thrive in Darkness: A Critical Analysis of Proposed Amendments in Bill C-26 to the Telecommunications Act” stated the following on this matter:

The legislation would authorize the Minister to compel providers to disclose confidential information and then enable the Minister to circulate it widely within the federal government; this information could potentially include either identifiable or de-identified personal information. Moreover, the Minister could share non-confidential information internationally even when doing so could result in regulatory processes or private right of actions against an individual or organization. Should the Minister or [any] other party to whom the Minister shares information unintentionally lose control of the information, there would be no liability attached to the government for the accident.

I think an accident by the current government happens quite a bit.

If Parliament is going to give the minister such powers, it is imperative that checks and balances exist. It is very important that, when we discuss the ability of a government to obtain personal information from Canadians, we ensure that Canadians are protected from the unauthorized use of such information.

I should also add to this conversation the impact Bill C-26 could have on smaller Internet service providers. Small Internet companies are foundational to improving competition within Canada's telecom industry, but they are sometimes left out of the conversation.

Bill C-26 would empower the minister to “prohibit a telecommunications service provider from using any specified product or service in, or in relation to, its telecommunications network or telecommunications facilities, or any part of those networks or facilities” or “direct a telecommunications service provider to remove any specified product from its telecommunications networks or telecommunications facilities, or any part of those networks or facilities”.

We do not know what types of telecom infrastructure and equipment will be deemed a risk to our national security in the coming decades, so imagine that a local Internet service company builds a network using a specific brand of equipment. At the time, no one raises security concerns with the equipment or the manufacturer. The local Internet company is just beginning its operations, investing heavily in equipment to build a network and to compete with larger telecom companies.

Imagine that, five years later, the government deems the equipment the company invested in to be a national security threat, forcing it to remove and dispose of such equipment. The small Internet company trying to compete, which acted in good faith, has just lost a significant amount of capital because of a government decision. There is a strong possibility that this local Internet provider can no longer afford to operate.

I am hopeful this conversation can be had at committee to ensure the government is not unfairly impacting small, local and independent Internet companies. As I said, I am glad the House is debating the issue of cybersecurity, as the discussion is long overdue, but it is imperative that the issues I raised be addressed at committee, it is imperative that the issues my colleagues have raised be addressed at committee and it is imperative that the issues experts have raised be addressed at committee. That is why I will be voting to send Bill C-26 to committee in hopes that these concerns can be addressed.

Mr. Speaker, it is always an honour and a privilege to rise in this place, and it is nice to join the debate on the topic at hand.

When we talk about cybersecurity, there are so many different factors that go into it. I recognize that the bill before us largely has to do with telecommunications companies, bigger companies, and perhaps with government institutions as a whole. However, as we are having this conversation, we need to recognize and address the fact that the risk presented through cybersecurity extends much beyond that. With the current generation of kids being raised, kids are heavily involved in using cellphones, video game systems and computer consoles, for example, and are curious by nature. They are more at risk of clicking on a link that they do not know or realize is harmful. We know that is quite often how a lot of bad actors exploit weaknesses in computer systems in businesses or in homes. It is important to have that context out there early as we start the debate on this bill.

I want to get into a few specific parts of the bill at the start. First, it proposes to amend the Telecommunications Act to make sure the security of our Canadian telecommunications system is an official objective of our public policy, which is not a bad idea in and of itself. Second, it would create a new critical cyber systems protection act. The stated goal is to have a framework in place that would allow for better protection of critical cyber-services and cyber systems, which impact national security and public safety.

Some of the proposals include the designation of services or systems deemed to be “vital” for the purposes of this new act, along with designating classes of operators for these services or systems. The designated operators in question could be required to perform certain duties or activities, including the implementation of security programs, the mitigation of risks, reporting security incidents and complying with cybersecurity directions. Most significantly, Bill C-26 would authorize the enforcement of these measures through financial penalties or even imprisonment.

Anybody hearing these few examples listed in the preamble probably thinks this sounds like common sense, and I would generally agree with them. However, there is a problem, especially with the last one, which has to do with directions, because it is quite vague. These points should raise some obvious questions. How are we defining each of them? What are the limits and the accountability for using these new powers? It is fair to have these general concerns when we consider any government, but Canadians have reason to be especially wary with the one currently in power based on the Liberal record itself.

Unfortunately, the most recent and disturbing revelations related to foreign interference in two federal elections, which allegedly included working with an elected official, are not the only things we need to talk about. Here is another example. For a number of years, the Conservatives were demanding that the Liberals ban Huawei from our cellular networks. Despite all the warnings and security concerns, they delayed the decision and left us out of step with our closest partners in the Five Eyes. We had been calling it out for years before they finally decided to make the right decision thanks to pressure from Canadians, experts, our allies and the official opposition.

It was not very long ago, almost a year, when the announcement to ban Huawei came along. As much as it was the right decision, it should have been made much sooner. To say that is not a complaint about some missed opportunity in the past. The delay caused real problems with upfront costs for our telcos, and it created extra uncertainty for consumers.

Prior to becoming a member of Parliament, I worked for a telecommunications company in Saskatchewan. When we look at how big and vast our country is, we start thinking about how much equipment is required for one single telecommunications provider in one province, like SaskTel, the company I worked for. We can think about how much equipment it would have ordered or pre-ordered and potentially would have had to replace based on the government taking so long to make up its mind on whether or not to ban Huawei. If we look at some of the bigger companies out there, it is the same thing. There are the upfront costs they would have had to incur, and then the new costs if they had to replace all their equipment on top of that. This was simply because the government dragged its feet on such a big decision.

We have learned a lot of other things about foreign interference since then that need to be properly addressed and independently investigated. We need a public inquiry, at the very least, into some of these issues. However, once again, the Liberals are refusing to do the right thing for as long as they possibly can. It is clearer than ever before that we need to get a lot more serious about our cybersecurity, because what we are really talking about is our national security as a whole. These two things are closely intertwined, and having this conversation is long overdue.

We are happy to see the issue get more of the attention it deserves. Canadians have a lot of questions and concerns about it that should not be ignored. That is why it is a priority for Conservatives on our side of the House, and we are not going to let it go.

While we work to carefully review Bill C-26 in this place, we want to make sure that it will be effective and accomplish what it is supposed to do. It needs to protect Canadians living in a digital world. At the same time, it should not create any new openings for government to interfere with people's lives or abuse power.

After all, we are waiting for Bill C-11 to return to the House with all the problems it has, including the risk of online censorship. The problem is that whether it is about Huawei or the latest scandal about foreign interference, the Liberal government has failed to act, and it has undermined trust in our institutions. Therefore, it is hard to take it seriously when a bill like this one comes forward. The government's failure in this area is even more frustrating because we should all agree that there is a real need to strengthen cybersecurity. That is what experts and stakeholders have been telling us over many years. Canadians have had to wait for far too long for the government to bring something forward.

Make no mistake: This bill is flawed, and it will require more work to make sure that we get it right. However, the fact that we are talking about the issue right now is a small and necessary step in the right direction.

There are a few points I would like to mention.

Part 1 of this bill will allow the federal government to compel service providers to remove all products provided by a specified person from its networks or facilities. First of all, that puts a lot of companies at risk of having adversarial agreements signed in the future. If I were a company trying to sign an agreement, I would be doing everything I could to make sure that someone is not going to put a clause in there that if the government forces its removal, there is going to be an extra fine levied on the company. The problem with this bill is that it exposes companies to having these bad contracts negotiated, signed and forced on them by bad actors.

Under the new critical cyber systems protection act, the minister would be able to direct and impose any number of things on a service provider without giving them compensation for complying with the orders. Earlier, I was talking about the upfront costs paid by telcos trying to advance their networks to provide the products and services that their clients and customers want and need, especially as the world moves forward in a more digital fashion. The government is going to force them to do something without any compensation or without the ability to have help dealing with these changes. I think this is something that needs to be reconsidered in this bill.

That leaves service providers in a position where they have to pay for complying with potentially arbitrary orders or face legal penalties, such as the ones I mentioned earlier: fines or even imprisonment.

Again, we do have a desperate need to improve our cybersecurity regime, but these problems show that the bill is poorly written. By seeking to implement personal liability for breaches of the act, it will incentivize skilled Canadian cybersecurity professionals to leave Canada to find jobs elsewhere. This phenomenon, commonly known as the brain drain, is emerging as a severe issue for our economy, in some part thanks to the policies of the government.

Thousands of skilled, highly employable Canadians move to the United States thanks to the larger market, higher salaries and lower taxes, while very few Americans move to Canada to do the same. This issue is bigger than just the cybersecurity sector. Thanks to this government, we are losing nurses, doctors and tech workers to the United States. All the while, professionals who immigrate to Canada are being denied the paperwork they need to work in the field they are trained for because of the ridiculous red tape that plagues our immigration. Given that we are already short 25,000 cybersecurity professionals in Canada, is it wise to keep incentivizing them to go to the States?

Another massive problem with this bill is that it opens the door for some extreme violations of individual privacy. It also expands the state's power to use a secret government order to bar individuals or companies from accessing essential services. While we must improve our framework against cybersecurity attacks, drastically expanding what cabinet can do outside the public eye is always a bad idea. Accountability to the people and Parliament has always been an essential part of how we are supposed to do things in Canada. It is, however, not surprising that the current government would advocate for more unaccountable power. After all, government members have been anything but transparent. They have hidden information from Canadians to protect their partisan interests.

Canadians deserve to know what the government is doing. We must always uphold the principle that everyone is innocent until proven guilty. Giving cabinet the right to secretly cut Canadians off from essential services could threaten to erode this fundamental right.

Madam Speaker, while sitting through this debate, I observed that it has been one of the highest in quality since I have been in the House. It has been a substantive discussion of a very important issue. I am proud today, as I always am, to be a member of Parliament and to be sitting in the House of Commons.

Today, we are speaking to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. More broadly, it is a cybersecurity issue.

From the debate and other academic discussions, we can all agree that this is an area of substantial importance where legislation is required. In fact, it is one of my frustrations, which I think is shared by many Canadians, that this government is not agile enough in responding to a world that is quickly changing. We need to be more agile as a legislature, as the government, to reflect the changes that are going on.

We have had a little bit of talk about important changes, such as artificial intelligence, and the exponential speed in which it is changing is unbelievable. Any type of quick Google search will tell us, from many academics, about the great part artificial intelligence can serve in doing much of the hard work that human beings are now doing. However, those observers also say that its ability to do malicious work is equal, which is obviously very challenging. We see these threats, and as we go forward and see more and more powerful artificial intelligence and computing power, the potential for those threats is growing.

We have certainly seen our share, for lack of a better term, of run-of-the-mill cybersecurity threats just in the last couple of years. I was serving as the shadow minister for national revenue when there were substantial CRA breaches of confidential information. One such breach did not actually transmit any information, but it forced the CRA to shut down its entire system, which shut out over 800,000 people from their My Account or log-in system right around tax filing season, which was obviously a tremendous concern for Canadians who were attempting to file their taxes.

The unfortunate reality, as it stands today, is that we are vulnerable to cybersecurity attacks. My colleague for Kildonan—St. Paul spoke recently about a conversation she had with cybersecurity experts from the minister's department just last year. They warned her about the incredible implications of an attack on our critical infrastructure, such as our electrical infrastructure or pipeline technology.

Of course, it is no surprise to many, but maybe to some of my colleagues from British Columba, that we are in a cold country. We can imagine what the impact could be. Our heating infrastructure, our electrical grid and our ability to get natural gas out to some of the coldest places in the world could literally be a matter of life and death. Members can imagine, for example, a cyber attack on one of our nuclear facilities and what that could potentially mean. All this is to highlight in the House today the significance and importance of cybersecurity legislation.

Another example, which I believe has been discussed and debated but I think deserves highlighting again, was in Newfoundland in October 2020 when cybersecurity hackers stole personal information from health care workers and patients in all four regions, as well as social insurance numbers of over 2,500 patients. This is deeply personal information, and as our information increasingly goes on that magical cloud both in the public and private sector, it is increasingly important that we put the appropriate measures to cybersecurity.

As I said, the spirit of the legislation before us is absolutely right. The intent, I believe, is also right. The timing is a little slow, but we need to get it in place.

The member for Winnipeg North did comment on the need for expediency, and I agree with him in one sense. We need cybersecurity legislation, new cybersecurity legislation, in place yesterday. Unfortunately, they brought this legislation in, and it is not complete. There are a series of regulations that we do not know.

This is our job, and I am honestly not trying to be partisan. Instead, this is a substantive criticism that it would have expedited this legislation if they had brought forward the legislation completely baked to show us the regulations and what they want to do.

Of course, I would feel this way about any government as a Canadian citizen. If we are going to grant them wide swaths of power, and maybe even necessarily, we just want to know what exactly those powers are. Do not do as Nancy Pelosi famously said, as the Speaker of the House of Representatives, to pass the bill and then read the bill.

Let us read it first and understand it because, quite frankly, I think the conversation in the House has been at a very high calibre and the more information one can feed us, the more information we can digest to do our job for Canadian citizens by improving the legislation, especially in matters of, as the member from the Liberal Party rightfully said, not just cybersecurity but also national security. We really, in all candour and all honesty, want to do our due diligence here.

As I said, part one of the act:

amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything

This is obviously a very broad power, and that is what we need to look at and work on at committee. Like I said, this legislation, if fully baked, would have meant less work at committee. It would have meant, perhaps, carrying forward with the debate quicker, but as we are left with many questions, those questions deserve to be answered here in the people's House.

The legislation continues:

Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things,

(a) authorizes the Governor in Council to designate any service or system as a vital service or vital system;

(b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system;

(c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions;

(d) provides for the exchange of information between relevant parties; and

(e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance.

I hope that I have highlighted the fact that this is an important piece of information and that there are gaps within the information, so my substantive ask would be for the government to publish some of those regulations, so that we can review them, perhaps even before committee, and come to it in a spirit of collaboration and discussion. This is a matter of national security.

Perhaps, as I am getting a little bit less young these days, I get a little bit more skeptical. I would love to see some accountability mechanisms where the minister reports back to Parliament or otherwise because the question with the government is always who will watch the watcher.

We have seen that all governments are not infallible and each can commit its own share of foibles, errors and mistakes, unintentional or intentional, so I would love to see some greater accountability come committee.

Madam Speaker, clause 13 of Bill C-26 essentially allows the government to take new measures to protect critical cyber systems by order in council. That gives it a lot of flexibility. There is more flexibility there than in the legislative process.

Does my colleague think that the bill should be amended in committee so that we can be certain the government will be accountable to Parliament?

Madam Speaker, it is an honour to speak today in the House on Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.

With every passing year, Canadians are increasingly moving their lives online. They communicate with loved ones through email, messaging, photo sharing, video calls and more. They can order their entire grocery orders, rent cars for the weekend and book appointments with a click in an app.

As more and more Canadians choose to put more of their lives online, it falls to us, as members of Parliament, to ensure our cybersecurity laws are as protective of their personal and private information as possible.

The next generation of Canadians are increasingly building their professional and personal lives online. At the same time, they face mounting threats from foreign actors, ranging from scammers to state actors. These actors have shown they would use any tactic, from identity theft to cyber-attacks, to exploit Canadians and attack our institutions.

That is why the legislation we have before us today is essential, and why getting it right the first time is even more important. In particular, it must protect our online information while not crushing our small business start-ups under mountains of red tape.

On this side of the House, my Conservative colleagues and I believe that, as currently constructed, Bill C-26 fails to account for the welfare of small business start-ups by adding more red tape and placing burdensome costs on our homegrown technology sector. As constructed, this bill would directly affect start-ups by adding further bureaucracy that would drive up their starting costs. It would overburden with regulation the small telecommunications providers, the companies that provide our families and businesses with access to a global market online.

Wrapping them in red tape could risk our access to competing on the world stage. The Liberal government has already made it hard enough for start-ups, and the Liberal record on small business has been one committed to mazes of bureaucracy, punitive fines and penalties, and rising inflation. A Liberal economy of high tax and wasteful spending has already made it hard enough for start-ups.

Through the overarching premise of this cybersecurity bill, we know that it is needed. We absolutely need to update our cybersecurity laws, while at the same time we cannot allow Bill C-26 to add unnecessary burdens to business, especially small businesses.

I am particularly concerned about how this bill's regulations would also apply to businesses “irrespective of their cyber security maturity”, implying that providers who already have advanced electronic protection measures would still have to comply with the new regulations of the bill. This means that businesses could not continue using their current, possibly more robust, cybersecurity systems. Instead, they would have to disregard their current cybersecurity measures and replace them with the newly proposed government model.

Even Canadian businesses that have already worked hard to protect their customer security at accepted global standards would still incur more cost despite their robust electronic security measures. They would need to invest in government-regulated security measures, incurring costs such as inspection, extra time, installation and further training. They may have to completely overturn their superior standards for the government's preference.

The thing is, we do not know what the regulations would be or how they would affect businesses, because the actual regulations have not been developed. That is how the government does a lot of its bills. There are great titles, with few details. We are expected to just trust the Liberals to figure it all out later, behind closed doors, with no opportunity to study them at committee with expert witnesses.

Imagine if this regulatory framework were applied to any other business. Suppose we were regulating changes in the banking security industry. We would require that every Canadian bank and credit union tear its building down to the ground, brick by brick, and then rebuild itself from scratch. That really does not make sense.

Now is the time when we should be encouraging competition and bringing in more telecommunications companies. We know Canada has some of the highest telecommunications costs in the world. As more and more Canadians move their lives online, whether for banking, social media or work, adding more tape in this bill, as mentioned, would make this transition far more difficult. Costs never remain in the businesses' ledgers forever; they are inevitably always passed on to the consumer.

As a government, we should encourage the next generation of Canadian entrepreneurs who are innovating.

I will mention, as a sidebar, that I was formerly on the industry committee and we did a quantum computing study, which was, frankly, terrifying. It was about how Canada could be exposed to bad actors, which could affect every part of our online lives. As these technological advances develop, we have to be aware of risks and be able to stay ahead of technology.

These enterprises, businesses and telecommunications providers do not need more red tape; they need a stable market without uncompetitive government interference. We know very well how easy it can be for the government to build regulations that only the largest providers of an industry can shoulder. Without attention to scale, a single fault of noncompliance could instantly wipe out a smaller company. The legislation would allow ministers and bureaucrats to levy fines as high as $15 million without special consideration, such as the size of a company's user base.

Nonspecific details like that are music to the ears of our largest telecommunications providers. Monopolization of our telecommunications sector is something Canadians are already concerned about. We must always proceed cautiously, so as not to turn away innovation and new businesses entering the market, which creates healthy competition. For example, these fines could also be enacted under the vague term of “protecting a critical cyber system”. This vague terminology can leave a lot of leeway for government ministers to injure Canadian businesses with rampant fines.

There is already a shortage of online and electronic security professionals in Canada. According to the Business Council of Canada, an estimated 25,000 personnel are needed in the cybersecurity industry. Instead of dissuading these crucial professionals from joining this industry and helping keep Canada safe from domestic and foreign cyber-threats, let us provide a better framework and encourage them to build new businesses in this essential industry. Let us not scare them off with red tape and penalties.