Madam Speaker, I will be sharing my time with the member for Okanagan Lake West—South Kelowna.
Before I begin, I want to thank the people of Richmond Centre—Marpole for bestowing their trust in me and electing me as their member of Parliament. I am deeply honoured by their confidence, and I am committed to serving them faithfully, with their interests always my top priority. Every time I rise in the House, it is with their voices in mind.
We are debating Bill C-8, the government's latest attempt at a cybersecurity framework. To understand Bill C-8, we must remember where it comes from. This is essentially the reintroduction of Bill C-26, which the government first brought forward in 2022. Conservatives supported the principle of Bill C-26, the idea that Canada needs stronger protections for critical cyber systems. However, we also raised serious, legitimate concerns about how the bill was drafted.
We warned that Bill C-26 would concentrate too much unchecked power in the hands of the ministers. We warned that its secrecy provisions would undermine transparency and accountability. We warned that the cost of compliance would inevitably be passed down to ordinary Canadians through higher phone bills and banking fees. We warned that the legislation was focused on the wrong targets, federally regulated banks, pipelines and telecom companies, while leaving out the institutions Canadians actually see attacked most often: hospitals, municipalities and schools.
Those warnings were echoed not only by Conservatives but also by industry leaders, civil liberty groups and privacy experts. The Standing Committee on Public Safety and National Security heard those criticisms over many months. What happened? Bill C-26 stalled in committee and never passed. It died on the Order Paper because it could not overcome its flaws.
Now the government has come back with Bill C-8, and to be fair, there has been one improvement. The government removed the so-called secret evidence clause, the provision that would allow ministers to rely on confidential materials in court challenges without disclosure to affected parties. It was a step in the right direction, and Conservatives acknowledge that change.
However, let us be clear: Beyond that one tweak, almost everything else is the same. The sweeping ministerial powers are still there. The indefinite secrecy is still there. The lack of oversight is still there. The downloading of costs onto consumers is still there. Most importantly, the narrow scope of the bill, covering only federally regulated industries while excluding hospitals, municipalities and schools, is still there. Canadians deserve better than a reheated version of a flawed bill. A single fix does not change the reality that this legislation would fail in its core purpose, which is protecting Canadians where they are most vulnerable.
Let me bring this closer to home. Cyber-attacks are not theoretical, and they are not distant. They are happening right now, and they are hitting our communities hard. In British Columbia, the B.C. government itself was breached. State-sponsored actors infiltrated its email systems and accessed sensitive personal information. Vancouver Coastal Health, which cares for more than a million people, was hit with ransomware that disrupted hospital operations and delayed patient services. The City of Richmond, my own city, faced cyber-intrusions and compromised email systems, threatening the delivery of municipal services. Even the Richmond School District fell victim to a cyber-attack that exposed private and financial information of teachers, staff and families.
These are not hypotheticals. They are real attacks on real people. Not one of these institutions would be protected under Bill C-8.
That is the first fatal flaw. Bill C-8 offers Canadians a false promise of security. The government says it would protect vital systems, but the very systems Canadians interact with every day, their hospitals, their local governments, their children's schools, would be left outside the law's reach. A cybersecurity bill that does not secure hospitals, cities or schools is like locking the front door and leaving the back door wide open.
The second flaw is secrecy. Just like Bill C-26, Bill C-8 would grant sweeping powers to ministers and to cabinet. With the stroke of a pen, the government could order a company to block a service, rip out equipment or suspend operations, and those orders could be kept secret indefinitely. Companies could even be kept from telling Canadians that the government had interfered with their networks. Operational secrecy during an active attack may be justified, but secrecy without time limits or oversight is simply unacceptable. That is not transparency, that is not accountability, and it does not inspire public trust. Canadians deserve to know, after the fact, what actions were taken in their name.
The third flaw is cost. Bill C-8, like Bill C-26 before it, makes it explicit: There would be no compensation for companies forced to comply with government orders. If a telecom company was told to strip out hundreds or millions of dollars of equipment, Ottawa would not pay a cent. Those costs would land on Canadians, who would see higher phone bills, higher bank fees and slower upgrades to essential services. National security should be funded fairly, not through hidden taxes on consumers.
The fourth flaw is scope. The government may argue that by forcing telecom companies to strengthen their networks, hospitals and schools that rely on those networks are indirectly protected, but that argument does not hold up. The attacks we have seen in British Columbia did not come through telecom backbones; they came through local servers, outdated software and ransomware emails. Protecting the pipes does not protect the people.
The government may also claim that the bill would help stop foreign interference, but again, this is spin, not substance. Bill C-8 would deal with cyber-intrusions into networks. It would do nothing to address the broader reality of foreign interference, such as disinformation campaigns, covert political financing, intimidation of diaspora communities or manipulation of democratic institutions. Suggesting that Bill C-8 would stop foreign interference misleads Canadians and risks creating dangerous complacency.
What would Canadians really get with Bill C-8? They would get a law that still misses the real victims of cyber-attacks. They would get a law that still hides decisions from public view. They would get a law that still sticks consumers with the bill. They would get a law that still does almost nothing to address the broader threat of foreign interference.
That is not cyber-resilience. That is not leadership. That is smoke and mirrors. Conservatives believe in stronger cybersecurity, but we believe in getting it right. What Canada needs is legislation that actually works with provinces and municipalities to protect the services Canadians rely on most: hospitals, schools and local governments. We need legislation that provides oversight and accountability, not blank cheques for secrecy. We need legislation that shares the cost of national security fairly, instead of forcing families to pay through hidden charges. We need legislation that integrates—
