Bill C-33

Mr. Speaker, I have the honour to present, in both official languages, the 16th report of the Standing Committee on Transport, Infrastructure and Communities in relation to BillC-33, An Act to amend the Customs Act, the Railway Safety Act, the Transportation of Dangerous Goods Act, 1992, the Marine Transportation Security Act, the Canada Transportation Act and the Canada Marine Act and to make a consequential amendment to another Act. The committee has studied the bill and has decided to report the bill back to the House with amendments.

I do believe that a map has been drawn up to confirm the boundaries. That was confirmed with the legislative clerks and the drafters who worked on the amendment at a couple of stages.

Maybe “legislative clerk” is the wrong word. The drafters insisted that we map out the coordinates as part of the exercise so that we could confirm that the areas do indeed reflect the areas of concern. We can provide that map if it's of interest to the committee.

With regard to Mr. Strahl's comments, what we also heard over the course of the debate on this bill was that one goal of Bill C-33—the government has assured us of this—is to make the supply chain more efficient. It's going to reduce congestion at ports and reduce the need for anchorages because of all of the many things that they've jammed in here to give the government additional powers to reduce blockages and direct traffic. Ports are moving towards active traffic management systems that are going to make them more like airports in regard to directing marine traffic.

I think all of those things are going to dramatically reduce the likelihood that we'll find ourselves in a situation similar to the one we found ourselves in during the pandemic, which saw an extraordinary amount of traffic backed up and anchored in areas, which had real negative impacts on people and on the environment.

Maybe we'll agree to disagree on this one. I know that this matter has a tremendous amount of support from the residents of those communities. They feel very strongly about this. We are talking about a very unique and precious part of the British Columbian coast that's home to all sorts of important species, including southern resident killer whales, chinook salmon and other species of concern.

I'll leave it at that and hopefully we can move on to a vote.

Thank you, Mr. Chair.

This amendment is simply the schedule, including the coordinates of the areas of concern in the southern Gulf Islands in British Columbia. I'll note that these coordinates reflect Parks Canada's proposed national marine conservation area for the Salish Sea and the ecologically and biologically significant area identified by Fisheries and Oceans Canada. These are also areas that have been identified by the communities of the Gulf Islands as being of concern.

Our amendment does not prevent anchorage in those areas, it simply limits the duration of anchorage to two weeks and empowers the minister to require vessels to move along after a two-week period. We've seen long stays in those ecologically sensitive areas, and the residents of that area are extremely concerned about the impact of industrial traffic—marine traffic—not only on the ecology but on the quality of life in those rural communities.

I know Ms. Gladu offered to debate every latitude and longitude—which, as a former geography major, I would be happy to engage with—but given that we have already voted on the spirit of the amendment, I would hope we could pass this in due course and finish our work on Bill C-33.

Thank you, Mr. Chair.

I know we had some internal back and forth. Again, I'm not sure whether the legislative clerk could provide some guidance on what those discussions look like. I know that not all of the Bill C‑33 process has been collaborative, but this was one we all agreed we were going to look for some guidance on.

I would be willing to hear a time frame that is acceptable. If 12 months is too short.... It seemed like a reasonable time. I can't amend my own amendment, but there was some agreement, as I recall—back when we were discussing this—that vacancies are unacceptable after a certain length of time and there should be a remedy provided.

I don't know whether any colleagues are just going to vote this down, or whether we can make this work. I don't have the blues in front of me, but there was discussion about putting it into the hands of officials to capture what we were trying to come up with.

I'm unsure what we eventually came to. We gave this back to officials for them to come up with a way to get us where we wanted to go, which was to provide a remedy for lengthy vacancies where appointments have not been made—in some cases, as we heard, for several years. It was to provide an incentive, perhaps, for a minister to make those appointments in a timely fashion. It was suggested that six months was too short a time period, so we talked about one year.

Then we wanted to ensure that any amendments made to the bill—there were amendments made to the composition of boards, the nomination processes, etc.—would not be lost, and that it wouldn't be a way for boards to avoid their responsibilities under Bill C‑33, should it pass, and the changes that were made in terms of labour nominating directors, etc.

I don't know. We threw it back into the laps of the officials and legislative clerks. I'm not sure what they came up with, or whether they have any further comments. We stood it because we didn't want to get locked in on the six months. We wanted to make sure the changes made through the work of this committee were reflected and that this wasn't an end-around on the other nominating requirements.

I'll throw it back to the officials for commentary and would be willing to discuss the best way forward with colleagues.

I call this meeting to order.

Welcome to meeting number 97 of the House of Commons Standing Committee on Transport, Infrastructure and Communities. Pursuant to the order of reference of Tuesday, September 26, 2023, the committee is meeting to continue with the clause‑by‑clause consideration of Bill C‑33.

Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders of the House of Commons. The members can attend in person in the room or remotely using the Zoom application.

Colleagues, although this room is equipped with a powerful audio system, feedback events can occur. These can be extremely harmful to our interpreters and cause serious injuries. The most common cause of sound feedback is an earpiece worn too close to a microphone. We therefore ask all participants to exercise a high degree of caution when handling the earpieces, especially when your microphone or your neighbour's microphone is turned on. In order to prevent incidents and safeguard the hearing health of the interpreters, I invite all members, as well as our witnesses, to ensure that they speak into the microphone into which their headset is plugged and avoid manipulating the earbuds by placing them on the table, away from the microphone, when they are not in use.

Colleagues and witnesses, when speaking, please speak slowly and clearly. When you are not speaking, your microphone should be on mute. That's just a quick reminder there.

Colleagues, to help us with clause-by-clause consideration of Bill C‑33, I would like to now welcome back our witnesses, who have done a steadfast job thus far. We have, from the Department of Transport, Sonya Read, director general, marine policy. We have Heather Moriarty, director, ports policy. We have Rachel Heft, manager and senior counsel, transport and infrastructure legal services, and we have Amy Kaufman, counsel.

Once again we have joining us our legislative clerks, Philippe Méla and Jean-François Pagé.

Thank you again for being here.

Colleagues, I hope you had a wonderful break.

We'll now dive in with clause 125 with a CPC amendment. With that, I will open the floor for the first time in 2024.

Oh, it's 124, yes. We'll open up debate.

(On clause 124)

Go ahead, Mr. Badawey.

My apologies, Dr. Lewis. The floor is yours.

As I was saying, what is very concerning is that Canada is one of the few G20 nations without a firm regulatory framework around cybersecurity. It's essential at this point, when we're looking at Bill C-33 and Bill C-26, that we keep in mind the need for Canada to act to protect the nation's critical infrastructure and the interconnectedness of these two bills.

We also know that in 2016, member states of the EU passed what was called the most comprehensive cybersecurity bill in the history of the EU. The bill was called the NIS Directive. The EU cybersecurity rules, which were introduced in 2016, were updated and later ratified in 2023. They continue to modernize and create this legal framework, which I think is quite instructive in the Canadian context. It keeps up and it increases the digitization...and the evolving cybersecurity threat, which is something we are attempting to grapple with in the present bills we are contemplating.

Expanding the scope of cybersecurity rules in the new sectors and entities further improves the resilience. We have dealt with resilience in the infrastructure context in this committee. This is also a very important part of what we're talking about in Bill C-33.

We have seen the problems that a huge infrastructure gap can cause, and one of the problems is the ongoing lack of transparency. We have seen, in our situation with the taxpayer-funded Canada Infrastructure Bank, an unacceptable performance over the last seven years. We want to build mechanisms into Bill C-33 to make sure we're not falling into the same traps and shortcomings we've had with other legislation.

Moreover, we have provisions in Bill C-33 that also raise concerns on cybersecurity and response capabilities of the public and private sector entities and competent authorities. In the case that I was discussing before, the EU as a whole can be used as an example of a model that Canada could adopt. When we're contemplating this bill, I think we should look at enabling legislation from different jurisdictions.

We know that most G7 member states are under the umbrella of the EU. The U.S. and the U.K. and Japan have separately implemented cybersecurity regulations to differing degrees, which I think are also instructive in how we confuse Bill C-33 with Bill C-26.

We also have to look at Canadian businesses and how they continue to be impacted by malicious cybersecurity and cyber-activity. This ranges from cyber-attacks to ransomware, and even things that we are exposed to on an everyday basis.

Many of these attacks include those on critical infrastructure. That accounts for nearly half of the attacks, and many of those go unreported.

This is very concerning. The Canadian Centre for Cyber Security has identified attacks on operations networks. They've also identified attacks on how it would impact the physical safety of Canadians. That was published in their biennial publication, the “National Cyber Threat Assessment”.

Now, in this context, when we look at the Ministry of Public Safety, we know that they acted to introduce new legislation, Bill C-26, an act respecting cyber security. I believe it was at the first stage in Parliament sometime in November 2022, and it went through second reading, I think, on March 27, 2023. Bill C-26 currently sits in committee. I believe it's going into law, if it hasn't done so already. When we look at where it is, going through the committee stage, and we look at the fact that Bill C-33 is contemplating sections of this bill, we know that it's very important for us to focus on it, because it may have the capacity of adding teeth to the governance and compliance structure of cybersecurity in Bill C-33.

It's very important that we look at the interconnectedness of these two bills, especially inasmuch as is needed in the area of operational technology where critical infrastructure lies.

Although we don't know how the bill is going to necessarily impact on Bill C-33, between the absence of similar legislation in Canada.... We don't know what the impact is going to be, because this is new. This is untested territory, but we know there is an increasing trend toward increased cybersecurity regulation among our international peers.

Having practised international law for a number of years, I can see the importance of Canadian businesses being prepared. Contemplation of this aspect of the bill and how it will be infused in Bill C-33 is very important at this time.

Canada does not have an overarching governing cybersecurity legislation, let alone require the reporting of vulnerabilities in critical infrastructure breaches, which is extremely problematic. Bill C-26 would empower some regulators to impose fines or issue some summary convictions to ensure governance and compliance. This is something that my colleague, Mr. Kurek, spoke about. It's critical to turn our minds to that, especially as we contemplate this bill.

Now I'll go back to Bill C-26. In its current form it includes four critical infrastructure sections, which I think are related to the transportation aspect of Bill C-33. When we look at the transportation corridors that are contemplated in Bill C-33, we see, in Bill C-26, that it's very important to look at these four critical infrastructure sectors: telecommunications, finance, energy and transportation.

The requirements for organizations in these sections are threefold.

First is to implement, maintain and report on the cybersecurity program, which will essentially address the risks across organizations. It will address the risk in third party services. It will address the risk in supply chain—

Thank you, Mr. Kurek. You ended on the exact note that I'm going to start on.

I want to thank my colleagues for highlighting the interconnectedness between Bill C-33 and Bill C-26. My colleagues covered the importance of parliamentary supremacy, checks and balances and the need to keep the executive branch in check. Mr. Kurek ended on the note of the importance of upholding critical infrastructure and ensuring that bills are conducive to that.

I'm quite concerned at this time about this particular bill and how it impacts on infrastructure and cybersecurity. I read a very good article on infrastructure and cybersecurity. It was by Frank Lawrence and Eric Jensen, published in the Fortinet journal.

When I read the article, what was concerning to me was that it revealed that Canada is among those G7 and G20 nations without a firm regulatory framework around cybersecurity. Canada must act to protect the nation's critical infrastructure assets, and the only way to do that is what we're doing here today—

Thank you very much, Mr. Chair.

I find it interesting, the things that seem to trigger these Liberals, when it's their policy that triggers them. When it comes to the issue that we have here before us that speaks to the....

Now members from the other side are heckling, supporting.... Maybe they should try running on bringing back the Wheat Board. That would be quite something. That's certainly not what I'm here to talk about. I look forward to being able to continue this conversation around Bill C-33.

Sure. Thanks, Chair.

You're right, I was getting a little bit off topic there.

I'll tell you, it's easy to be passionate about the billions of dollars in economic impact that my people have—the people I'm proud to represent. It's billions of dollars that they have, yet, unfortunately, the Liberals seem to disregard that. They would toss it away for some dream that certainly is more of a dream than any reality, especially when we could be supplying our partners like Ukraine with clean, green Canadian natural resources.

When it comes to Bill C-26 and its relevance here on the Bill C-33 conversation, we have this connection that exists. Why I went down the path of talking about how proud I am of Canada's energy industry is that it's not always recognized how closely connected physical infrastructure and the security associated with that are to the cyber elements of how that works.

I would provide a local example, Chair.

A pipeline company just opened up a new control centre in Hardisty. This example is very relevant to both the physical infrastructure that Bill C-33 represents and the reference that it has to cybersecurity, which is referenced in Bill C-26. There's this close connection that exists. We cannot dismiss that. It goes further when it comes to our rail systems. It's not out of the realm of possibility to see how there's that close connection that exists between the cyber and physical security side of things.

If we don't see Bill C-26 addressing those things appropriately, if it's not responsive to the economic needs, if it doesn't take into account the privacy concerns of Canadians, if it gives too much power to a few individuals in our nation's capital who may not be responsive, or if, likewise, when it comes to Bill C-33 there's not this appropriate delegation of authority that takes into account.... I often refer to the word “tension” or what could be referred to as the Aristotelian mean. We have to find that correct tension or that mean place where we have that balance. I'm fearful that we simply don't get it when it comes to Bill C-26 and some of the elements that we have discussed at length, although most of the clauses have in fact passed.

There's been a change in who is in charge of the public safety file. I won't get into the host of criticisms that have been levelled by Conservatives against the ministers of public safety. They seem to come and go at an alarming rate.

I would, however, like to read from the Canadian Civil Liberties Association when it comes to some of the concerns surrounding Bill C-26. Then I will be happy to cede the floor to my colleagues, who I know have a tremendous amount to add to this conversation as well.

Although this letter is dated September 28, 2022, there's particular relevance to what we're discussing here today. It's written to the former minister and the leaders of the opposition parties, including Ms. May as the parliamentary leader of the Green Party. I think she's now co-leader of the Green Party.

It is titled, “Joint Letter of Concern regarding Bill C-26”, and I'll read it directly into the record, Mr. Chair:

Dear Minister,

We, the undersigned organizations, are writing to express our serious concerns regarding Bill C-26: An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.

In your press release announcing this legislation, you were quoted as stating “In the 21st century, cyber security is national security.” We agree, and we share your goal of helping both the public and private sector better protect themselves against cyber attacks.

Isn't this very agreeable up until this point?

The Canadian Civil Liberties Association goes on to say:

However, in its current form, Bill C-26 is deeply problematic and needs fixing.

I would note—because the stickers on my iPad triggered certain members of this committee, I won't show you—that it's actually bolded. Those previous words are bolded because the CCLA wanted to make sure they were emphasized in the context of this conversation.

It says:

As drafted, it risks undermining our privacy rights, and the principles of accountable governance and judicial due process which are the fabric of Canadian democracy. The legislation needs to be substantively amended to ensure it delivers effective cybersecurity protections while safeguarding these essential democratic principles.

As you know, Bill C-26 grants the government sweeping new powers over vast swathes of the Canadian economy. We believe these powers need to be strictly delimited and accompanied by meaningful safeguards and reporting requirements to ensure Canadians can hold their government and security agencies to account.

Next, this is in bold again, Mr. Chair, and I reference that because it's obvious that the CCLA wanted to ensure that this was emphasized:

Put simply, with great power must come great accountability.

With a view to improving this legislation, we share with you the following specific areas of concern:

Opens the door to new surveillance obligations: Bill C-26 empowers the government to secretly order telecom providers “to do anything or refrain from doing anything.” This opens the door to imposing surveillance obligations on private companies, and to other risks such as weakened encryption standards—something the public has long rejected as inconsistent with our privacy rights.

Termination of essential services: Under Bill C-26, the government can bar a person or company from being able to receive specific services, and bar any company from offering these services to others, by secret government order. This opens the door to Canadian companies or individuals being cut off from essential services without explanation. Bill C-26 fails to set out any explicit regime, such as an independent regulator with robust powers, for dealing with the collateral impacts of government Security Orders.

It goes on to mention that it:

Undermines privacy: Bill C-26 empowers the government to collect broad categories of information from designated operators, within any time and subject to any conditions. This may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.

I would just note, Chair, that when it comes to the de-identified side of things, that's often an excuse that gets used. I know from my role on the ethics committee that we had a study that was undertaken when it was learned that the government had purchased a huge amount of data on movements during the COVID-19 pandemic. Although it was claimed to be de-identified, there were massive question marks associated with the amount of data the government received. I know that there was an overwhelming amount of concern that I certainly heard.

A number of people reached out to us when they did not hear back from Liberal members of the committee who didn't echo some of the concerns about how much information was being gathered: things like people knowing that the government could determine when people were going to the grocery store and liquor stores and other things. Certainly, in a free and democratic society, there were concerns about it. It was unclear. Canadians are pretty trusting, but they want to be respected. I talk about that tension or that Aristotelian mean that needs to be found, and I fear that this government has pulled that tension totally out of whack.

However, I digress. I will get back to what the CCLA has to say.

It goes on to say that there are “No guardrails to constrain abuse”.

Bill C-26 lacks mandatory proportionality, privacy, or equity assessments, or other guardrails, to constrain abuse of the new powers it grants the government — powers accompanied by steep fines or even imprisonment for non-compliance. These orders apply both to telecommunications companies, and to a wide range of other federally-regulated companies and agencies designated under the Critical Cyber Systems Protection Act.... Prosecutions can be launched in respect of alleged violations of Security Orders which happened up to three years in the past.

I would just note that in a late show that I was a part of yesterday—and I know that my colleague was actually there, too—I was shocked that the parliamentary secretary from Winnipeg North talked in support of a policy that actually sent farmers to prison. Now, I wouldn't want to go off topic here, so I won't get into the conversation around the Wheat Board, but my goodness, how concerning is it that the government would support policies that threw farmers into prison for wanting to sell their grain without the government controlling it? It is unbelievable that that's the point that these Liberals would go to, and that they still support it even after it was very clear that Canadians and farmers wanted the ability to sell their grain without the government controlling them. Truly it was an unbelievable level of control, which was specifically targeted at the west. It's quite something to have heard, and I'm sure my colleague here would agree with me that it was unbelievable to hear that be brought up in conversation in the House of Commons yesterday, that they would prefer to throw farmers in prison than to have a legitimate conversation around the impacts of, in that case, the carbon tax.

Thank you very much, Mr. Chair.

I hope everybody was able to have a good short break. I know that was seven or eight minutes of freedom that people had, but I'm sure they're thrilled to get back to the important conversation that we have here before us.

Mr. Chair, specifically due to the two-hour time change, of course, back in Alberta and the riding I'm proud to represent, I would note that my wife has probably just finished putting my kids to bed. To my boys, I love you guys; hopefully you're listening to your mama as she puts you to bed. I look forward to connecting with my wife post 11:30, after this committee wraps. That's one of the big things, when our families are back home holding down the proverbial fort.

Mr. Chair, I left off talking a bit about the wide-sweeping powers associated with Parliament when we live in a democracy where the idea of parliamentary supremacy is absolutely paramount. I believe I unpacked it adequately in the context and certainly I have a whole host of other things to say about that but wouldn't want to dive too deep into that in the short time that we have here.

However, I want to make sure that I get to the recommendations that this article references in terms of Bill C-26. It goes on to say...and I'll summarize this and then have a few other important interjections that I look forward being able to make.

The article said: “Given that the Bill has just been introduced,”—this article is a bit dated, but nonetheless very relevant—“its passage is not guaranteed, and additional changes to the draft law”—or in the Canadian context, bill—“may occur. However, and in the interim, if you are a provider of vital services”—which speaks to that vital connection that we have with Bill C-33 here before us—“and systems as described in the Bill, we recommend that you consider taking the following steps to improve your cyber resilience:

The first is:

Preemptively improve your security posture and processes to conform with the CSE’s best practices and guidance, or industry practices, and ensure that your contracts contain sufficient cybersecurity provisions to protect all parties in the supply chain; and

given the secrecy and potential immediacy of Government orders and directives, Telcos and Designated Operators should draft contracts to flow down potential cyber security risks appropriately.

That's almost unique in terms of some of the recommendations that have been made in the context of this bill. The authors go on to talk about how, if you are a supplier of products and services related to critical systems of designated operators as described in the bill, we recommend that you take the following steps:

Preemptively improve your security posture and processes as described immediately above in anticipation of more strenuous cybersecurity requirements requested by Designated Operators; and

I'll make a final point on this one, and then I'll look forward to getting into a few other aspects of debate here. The final point is:

anticipate shouldering more risk when contracting with Designated Operators and consult with your insurance provider accordingly.

A big thank you to Lisa R. Lifshitz—I believe I'm saying that appropriately—and Cameron McMaster, the authors of this. I believe it provides a good summary and a few very relevant recommendations in terms of the context.

I would note here as well, we're talking about critical infrastructure and, I know, specifically some of the larger conversations surrounding Bill C-33. We have the need for resiliency throughout every aspect of that, whether it's in relation to security, which is very important, or some of the challenges associated with climate. There has to be that security that does exist there, and we have to be mindful of that in the larger context of everything that we are discussing and how relevant that is.

On that note, Michael Den Tandt, if I'm correct on this—and I'm certainly happy to stand corrected—in an opinion piece to the Ottawa Citizen, which I believe is relevant especially for the Bill C-26 aspect here.... Michael Den Tandt ran for the Liberal Party in the 2019 election, if memory serves. He entered on December 4, so it seems like it's been more than a couple of weeks. Just last week, a column by him was published in the Ottawa Citizen.

Although it seems as if it's been more than a couple of weeks, he published this column in the Ottawa Citizen last week. I believe it would be very valuable to this conversation.

Den Tandt said the following in his column, “Canadian government must take the time needed to get its cyber security bill right”:

Bill C-26, the federal government's stab at shoring up the country's cyber readiness, passed first reading in the House of Commons on June 14, 2022. The legislation has two thrusts: first, to keep hardware from adversarial states out of Canada's telecom networks; second, to ensure our critical infrastructure is hardened against a plethora of new digital threats.

Nearly a year later, in late March of 2023, C-26 limped through second reading. The bill now rests with the Standing Committee on Public Safety and National Security, for review and possible amendment.

That this law continues to languish at committee, 16 months after it first saw the light of day, encapsulates one of its core failings which, in fairness, is not unique to this piece of lawmaking: Despite showing signs of having been written in a hurry, presumably in hopes of keeping pace with technological change, it's emerging too slowly.

By the time it passes third reading, then meanders its way through the Senate to Royal Assent, C-26 may well have been overtaken by events. The threats it is intended to counter are multiplying far more quickly than the glacial pace of the legislative process appears able to match.

What are these threats? The latest National Cyber Threat Assessment from the Canadian Centre for Cyber Security encapsulates them in language that, for a government document, is remarkably direct.

Cyber-criminals are rapidly scaling up, evolving ransomware and other attacks into a trans-national enterprise, while state actors—specifically China, Russia, Iran and North Korea—are deploying vast resources to attack and undermine open economies and societies by eroding trust in public institutions and the factual foundation on which their credibility rests. “You may be tempted to stop reading halfway through,” writes CCSE Head Sami Khouri in the foreword, “disconnect all your devices and throw them in the nearest dumpster.”

As a note, Mr. Chair, I had the opportunity to serve on the public safety committee for a short time in the 43rd Parliament. Hearing briefings from experts was eye-opening, to say the least, when we had examples. I believe it was CSIS, in their public report, that said there are 4 billion attempted attacks on Canadian cyber infrastructure in the course of a year. That's absolutely mind-boggling—the growing sophistication of the enemies of freedom and Canada, and the steps they will take to attack us and our infrastructure.

Den Tandt goes on to say the following:

To counter this, the draft bill offers two pillars: first, a revamp of the Telecommunications Act, giving the federal minister of Innovation, Science and Industry sweeping powers to order companies to ban certain products, clients or service providers, with possible daily penalties of up to $15 million a day if they don't comply; and second, the Critical Cyber Systems Protection Act (CCSPA), which would allow the minister and an appointed official to order cyber measures in federally regulated parts of the private sector considered essential to national security.

These include telecom, energy and power infrastructure such as pipelines, nuclear plants, federally regulated transportation, banking, clearing and settlement.

For all those questioning the relevance of this conversation, Den Tandt himself speaks about how closely connected this is to the conversation surrounding Bill C-33.

Seen from 10,000 ft. up, the broad scope of the legislation will appear justified to some; after all, don't significant threats justify dramatic action? But there's a difference between action that is on point, and action so riddled with gaps that it'll need a reboot the day it becomes law.

Christopher Parsons, in a dissection for The Citizen Lab, outlines six major concerns, any of which should be grounds for disqualification. These include an excess of arbitrary power, too much secrecy, inadequate controls on information-sharing within government, potentially prohibitive costs for smaller firms (the legislation draws no distinctions based on scale, or industry sector), vague language, and no recognition of Charter or privacy rights.

Brenda McPhail, in an October, 2022 analysis for the Canadian Civil Liberties Association, echoes many of Parsons’ criticisms, noting wryly that the law joins “an increasingly long line of legislation that would fill a clear need, if only it were better.”

If the goal, broadly, is governance that promotes prosperity, security, accountability, diversity and equity in a democratic society—then C-26, as drafted, should not pass.

Is legislation urgently needed? Absolutely. But have its drafters gotten it right? No. Given the blitzkrieg pace of growth in cyber threat vectors, it makes sense to continue to manage these threats on an ad hoc basis, as the minister has been doing, with assistance from The Communications Security Establishment (CSE) and the CCCS, and take the time needed to get the legislation right.

Thank you, Chair, for indulging me in that, because it's important context, and I would just note that the specificity of the criticisms that Den Tandt brings forward and the fact that he ran for the Liberal Party a short four years ago speak to two things I'd like to reference. I'm sure there's more, which maybe my colleagues would be interested in following up on, that references indirectly, first, that disconnect that exists between Parliament and executive government.

I would just note—and I know my colleague Mr. Strahl referenced this in a different context a number of times—that we had the conversation surrounding Huawei. Parliament, in fact, spoke up a host of times, telling the government that it needed to act. It wasn't a recommendation. It wasn't a suggestion; it was demanding action, yet we see still, in relation to the security of essential cyber networks in our country, that lack of action. The unwillingness for that action to take place sets Canada back what would be a... The pace that technology advances has set Canada back very significantly.

I know that it is key to ensuring that government is responsive not only to the demands of what Parliament is in terms of institution.... There's no other place in the country—and this is something that I think bears special emphasis—that every part of Canada is truly represented. I find it interesting that there seem to be a plethora of advisory boards and consultations, some of which have more legitimacy than others, but it's truly Parliament that is that voice for Canadians.

I'm always a bit hesitant, and maybe more than just a bit, when an advisory panel is set up. Specifically, I know that there are other bills that are before Parliament that set up some of these advisory panels, and this speaks to the disconnect that exists between Parliament and executive government. They set up these panels that sometimes are so disconnected from those who are impacted, and again, fearing that I would venture into something that would not be relevant, when it comes to critical infrastructure and specifically when you look at rail.... I have three main line rail lines that run through my constituency, and I represent about 53,000 square kilometres of what I refer to as God's country. It is a beautiful area in east central Alberta. It's a large area; in fact, it's about the same size as the province of Nova Scotia, just for context for those around the table.

I always find it very concerning when these advisory panels get set up, and they certainly don't often have the best interests of my constituents in mind, and we saw that and are seeing that played out in the so-called just transition.

Truly, there's no justice for my constituents, including the thousands and thousands who work in the energy industry. We saw that this was very directly the case when it came to the coal phase-out. The federal government promised to be there, and yet they were not. They failed my constituents. They failed the people who were told the federal government would have their backs.

I think that speaks to a disconnect between the role that Parliament should be playing—that ability to represent the people of our country—and the fact that quite often these so-called advisory panels end up being nothing more than a platform for the government to spout its same talking points. That's a deeply, deeply concerning trend that we have. One doesn't have to look any further than the appointments of these so-called independent panels.

Chair, there's a reason I bring this up. There's a specificity in relation to this. If we want to ensure that we are passing legislation, when it comes to Bill C-33 or some of the criticisms we've levelled at Bill C-26 and how the government clearly references both here....

They're expecting both to pass, although Den Tandt certainly has a host of criticisms to level at Bill C-26. I'm hopeful that my colleagues in the public safety committee will be fully engaged when this debate comes forward, but I would suggest that one needs to take very, very seriously the role that we have to play here.

That's part one of the criticisms I would suggest when it comes to where some of these things are. The second part here comes to how, as we develop an infrastructure, we have to take seriously our responsibility to ensure that this is done not only in terms of the demands of today, which is key, but also in building that for tomorrow.

I would actually reference something that I am quite familiar with. There are two industries that I am very, very proud to represent—and a pretty significant portion of it. Had we had the opportunity to debate the motion that I was so unfortunately shut down on, I would have talked at length about the impact agriculture has in the close to 5,000 farms, most of which are family-owned small operations or small businesses, not the big successful ones that the Prime Minister referenced in question period today. I'm not quite sure what metric he uses for that when they're paying the carbon tax, but certainly it's small operations.

We see how there is this demand for that infrastructure to be secure. That includes the cyber element of that. We've seen attacks that have shut down significant portions and left critical infrastructure in our country at risk.

I believe I was in junior high at the time, so this is going back a little while, when a power outage took place in the northwestern United States. It was deemed to be an accident, but it shut down New York City in terms of the power. It shut down a host of other jurisdictions, including some in Quebec and Ontario. It spoke to some of the interconnectedness that existed in our infrastructure.

More recently, a cyber-attack shut down the pipeline system on the eastern seaboard of the United States. Certainly, I mentioned agriculture before, but I also represent another significant portion: 87% of Canada's crude oil transits through Battle River-Crowfoot. Some of it is produced there, but 87% of Canada's crude transits through Battle River-Crowfoot.

When my colleagues wonder why I'm so passionate about our energy industry, it's because I get it. Unfortunately, we seem to have what my father would suggest is “city ignorance”. I won't venture too far down that path, but it's unfortunate that sometimes there's not a better understanding of how important some of this critical infrastructure is. That's not only in terms of our economy and the billions of dollars. In fact, if I look at the community of Hardisty, for those from Hardisty....

Who knows? They might be watching this right now. I know they're passionate about educating Canadians on the importance of energy infrastructure and how it is so unfortunate that—

Thank you very much, Chair. I certainly look forward to hearing what Dr. Lewis has to say about this. I know she has a great familiarity with this subject matter.

Chair, perhaps I could continue, because I do want to ensure that this is added to the record. I just mentioned how telcos will not be compensated, and I believe I provided a brief interjection about some of the commentary that has been provided at other committees in relation to compensation for financial losses.

Certainly, in the highly regulated telecom environment that Canada finds itself in, that would be a massive conversation that we could have at some point, but that would be venturing into the territory of not being relevant, so I wouldn't want to go there.

I will, however, continue with this summary, which talks about how:

The Amendments introduce new enforcement powers for the Minister of Industry to monitor the Telcos' compliance with the orders or future regulations, including investigatory powers and issuing AMPs of up to $25,000...per day for individuals (such as directors and officers)....

Chair, that summary relates to a significant ability and discretion, and this summarizes from a legal perspective some of the commentary that was in the brief Mr. Strahl provided. I want to ensure this is part of the record, because they're endeavouring not to take a specific position but rather to ensure theirs is non-partisan. As hard as that is for certain members of the committee to believe, if they have seen my debates in the House, it's important and valuable that such a perspective be included.

It then goes on to say, in regard to information sharing and secrecy:

The CCSPA and the Amendments require Designated Operators, Telcos, and any other person to share confidential information with the Appropriate Regulators, and Governor-in-Council and Minister, respectively, in furtherance of the objectives of the Bill. This confidential information may be shared with multiple federal government organizations, provincial and foreign counterparts, as well as international organizations, to pursue the objectives of the CCSPA and the Amendments. While these information exchanges will be governed by agreements and memorandums of understanding between the parties, the Minister may disclose the information if [it] is necessary in the Minister's opinion to secure the telecom system.

Given the national security purpose underlying this Bill, the secrecy of the orders is paramount. The orders from the Governor-in-Council and Minister may be subject to non-disclosure requirements. Moreover, for the sake of secrecy and expediency, the orders and directions of the Governor-in-Council and Minister do not follow the complete process outlined in the Statutory Instruments Act, and thus, are not registered, published, or debated in an open manner.

Certainly when it comes to that relationship, it's important to acknowledge—I know we've had a number of discussions, including on one of the clauses we passed here when I think there was a desire for further debate, but it ended up being moved forward—that a tremendous amount of latitude is being given to executive government when it comes to some of the powers that are associated with Bill C-26 as it relates to Bill C-33, and one has to be aware of the granting of power to executive government. That is certainly something that Parliament is able to do under our Westminster system.

However, it's important to keep in mind the larger tension that needs to exist to ensure that we do not forget at the very foundation—and this is incredibly relevant, not only to this but to everything we do here—that the government is only a function of Parliament.

I know that's something that can be a bit lost in the midst of conversation. I know that this very statement has even been deemed controversial at different points in time. Earlier this week we celebrated the Statute of Westminster, the point at which we brought home the Constitution, and I would note that it was an incredibly significant moment in Canadian history. That is relevant to the conversation here today, because it's Parliament that enacts laws that give the government its authority.

I would just note how we have seen various instances throughout our recent history—in particular the last eight years—where there has been more latitude given than I would suggest is appropriate. There are times when we could ensure that Parliament is able to better fulfill its job by a government that respects the fact that whether it's committees, or whether it's the role that the House of Commons and the Senate play in terms of our bicameral Parliament in ensuring that it is the ultimate arbiter of the land....

In fact, our Constitution and the Charter of Rights and Freedoms actually ensure that that is, in fact, the case with the notwithstanding clause, which I know the Liberals have.... In fact, I believe it was Paul Martin in a previous election—I was getting back to that. I couldn't even vote at the time, if members around the committee table can believe that. It was Paul Martin who, during a press conference, announced that he was looking at getting rid of that. I'm not sure that he understood the consequences, both in terms of the constitutionality or the amending ability of Parliament to be able to do that.

However, when it comes to the relationship to the issue before us, we have these wide-sweeping powers being given to executive government. If there is not the appropriate accountability, as the American Bar Association, in this article, is highlighting, it would be the.... We need to have clear direction to every element of what government is, to ensure that there is that check on executive government.

I do find it interesting. I'll get right back into the ABA. This article has a number of recommendations. I would just note that there are two quite distinguished lawyers who put together this article, which gives this overview of Bill C-26, and how it applies in the context of where Bill C-33 is.

Specifically, Chair, one can never assume that one will be in power forever, whether that's the Liberal Party or the Conservative Party. If we have the honour—and I certainly hope we do—we look forward to those days when we'll have the opportunity to govern on behalf of Canadians.

However, I find one always needs to look in the mirror. In fact, I've asked in the House quite a number of times about what the government would think, if they were in the opposition benches, about something that they were doing. It would not necessarily be the policy, because policy is one thing. You can disagree with policy. However, you need to be very mindful about how you approach the ability for a parliament to function in a manner that respects the very basis of what our democratic system is meant to be.

Chair, when it comes to the wide-ranging powers that are given to executive government, we do have to be very mindful that there's certainly a role that executive government needs to play in the administration of infrastructure, the administration of security and intelligence, and all of the aspects of what we're talking about here. However, when it comes down to it, Parliament is supreme in our country. We cannot forget that.

To ensure that I don't venture off into an area that would be deemed not relevant, I certainly won't spend time talking about a few examples of that, but there are some very pressing issues—one of which would be the designation of the IRGC as a terrorist entity.

Parliament spoke on that, yet we have an executive government that refuses to acknowledge.... I use that as an emphasis, not to get into the details of that issue, although it's certainly one that dominates a lot of our time in light of the atrocities that took place against Israel, and how Iran, and the IRGC specifically, funded and supports Hamas as a terrorist entity.... The fact that there's that disconnect is the point I'm making here. That speaks very closely to why we need to be very circumspect in the way we approach the role of executive government. There's that understanding. It has to come back to respecting Parliament.

If I had had the opportunity to talk about Bill C-234, I certainly would have, at length, talked about how that bill saw a great deal of support, including Liberal support by a few brave Liberals who were willing to support that bill.

Unfortunately, it was not able to get the support that it, I believe, should have received from the other place. Again, I wouldn't want to go into the area of not being relevant. When it comes to recommendations, I would—

Thank you, Chair.

I'm happy to address the point of order that was just raised. You know, it was not Conservatives who wrote this bill. When the Liberals did so, they did it with a reference to Bill C-26. If that member has concerns about the wider application of this bill, I would suggest he has an opportunity to get on the speaking list to ask those very questions. When it comes to the way in which there is that cross-application, certainly it bears relevance to it. Because of the way it was written, it provides that very application.

I will continue with regard to Bill C-26, Mr. Chair, as follows:

report cybersecurity incidents to the Canadian Security Establishment (the “CSE”);

comply with and maintain the confidentiality of directions from the Governor-in-Council; and

keep records related to the above.

To enforce these new obligations, the CCSPA grants to the Appropriate Regulators investigatory, auditing, and order-making powers, including issuing administrative monetary penalties (“AMPs”) of up to $1 million per day for individuals (such as directors and officers), and $15 million per day for other persons. Additionally, Designated Operators, and their directors and officers, may also be fined—or imprisoned if a director or officer—if either contravene specific provisions of the CCSPA; the amount of a fine is at the discretion of the federal court.

Now, that's the critical cyber systems protection act, but this article goes on to reference, in its summary of Bill C-26, the Telecommunications Act amendments. I found it very valuable in terms of that conversation and how, of course, when we talk about the application to Bill C-33, there is a tremendous amount of overlap when it comes to telecommunications and the critical infrastructure that our country depends on.

It goes on to say the following:

The amendments to the Telecommunications Act (the “Amendments”) establish new order-making powers for the Governor-in-Council and the Minister of Industry (the “Minister”) to direct Telcos to take specific actions to secure the Canadian telecommunications system. Specifically, the Governor-in-Council may, by order,

prohibit a Telco from using all the products and services offered by a specified person; and

direct a Telco to remove all products provided by a specified person.

The Minister, after consultation with the Minister of Public Safety and Emergency Preparedness, may, by order,

prohibit a Telco from providing services to a specified person; and

direct a Telco to suspend any service to a specified person.

Additionally, the Amendments grant the Minister the power to direct Telcos to do anything or refrain from doing anything that is, in the Minister’s opinion, necessary to secure the Canadian telecommunications system, including the following:

It then includes a number of points there.

I would just note and make the connection to some of the evidence that Mr. Strahl brought into the conversation, and some of the briefs entered into the committee, in the context of some of the concerns, especially from civil liberty and privacy groups. I know that there's been a host of experts. Again, as a member of the ethics committee, which deals with privacy, I know there's been a host of concerns brought forward. We have a great deal of them, especially because of the tech industry that has found its home both in my province of Alberta, where there's a huge boom in the high-tech sector, and in other areas across the country. In fact, I stand to be corrected here, but I believe the Ottawa area was known as “Silicon Valley north” at one point in time.

There's certainly the privacy and also the security related to that. There's a specific tension there. Some of the evidence that Mr. Strahl read into the record I think bears specific relevance to this larger conversation and how that applies to the transportation infrastructure of our nation.

The summary goes on to talk about Bill C-26, and it includes a number of summaries here that really succinctly identify some of what Bill C-26 talks about.

It starts off by saying:

prohibiting Telcos from using any specified product in or in relation to Telcos’ network or facilities, or part thereof;

prohibiting Telcos from entering service agreements for any product or service;

requiring Telcos to terminate a service agreement;

prohibiting the upgrade of any specified product or service; and

subjecting the Telcos’ procurement plans to a review process.

Mr. Chair, it goes on to say:

Interestingly, Telcos will not be compensated for any financial losses resulting from these orders.

As was noted, I believe, in the debate surrounding Bill C-26, they wouldn't anticipate there to be a large number, unless it started getting into the firms.... That's certainly an open question that I trust will be answered as Bill C-26 is further studied at their committee, but I wouldn't want to venture off the topic that we have before us.

It goes on to say:

The Amendments introduce new enforcement powers for the Minister of Industry to monitor the Telcos’ compliance with the orders or future regulations, including investigatory powers and issuing AMPs of up to $25,000–$50,000 per day for individuals (such as directors and officers), and up to $10–$15 million per day for other persons. Moreover, contravention of orders or regulations may result in prosecution whereby the Telcos, and their directors and officers, may have to pay fines (whose amount is at the discretion of the court) or face imprisonment.