Evidence of meeting #20 for Canada-China Relations in the 43rd Parliament, 2nd session. (The original version is on Parliament’s site, as are the minutes.) The winning word was information.
A video is available from Parliament.
Conservative
Garnett Genuis Conservative Sherwood Park—Fort Saskatchewan, AB
Mr. Chair, what I said is that I believe you would find unanimous consent that Mr. Stewart be asked to provide a response to the committee with respect to the questions that weren't answered by the end of the week.
Liberal
Peter Fragiskatos Liberal London North Centre, ON
Thank you.
My only issue with that is that there's an ongoing investigation, and I don't know if it will conclude by the end of the week. I agree that a follow-up ought to happen. I believe information further to what's been brought forward today could be provided to the committee. That's not in question. However, putting a timeline on it by the end of this week seems a bit strange.
Conservative
Garnett Genuis Conservative Sherwood Park—Fort Saskatchewan, AB
Mr. Chair, could I just clarify, and hopefully it will address the concerns of Mr. Fragiskatos?
Conservative
Garnett Genuis Conservative Sherwood Park—Fort Saskatchewan, AB
We would be clear that the committee is expecting a response to these issues by the end of the week. Mr. Stewart can provide a response before the end of the week and then we can determine, following receipt of that response, whether we want to take further steps.
It's up to him to respond, and he can do so in private in the way he thinks fit, by the end of the week. But we are clearly seeking additional information.
Liberal
The Chair Liberal Geoff Regan
Thank you very much.
Mr. Genuis has asked for unanimous consent for this motion. Does any member object to this motion?
(Motion agreed to)
Madam Clerk.
The Clerk
Just to clarify, by the end of the week.... Are we saying Friday at five o'clock?
Liberal
The Chair Liberal Geoff Regan
Does anyone object to Friday at five o'clock? That's the timing. I don't see any objections.
Conservative
John Williamson Conservative New Brunswick Southwest, NB
How about noon, so we can give the clerk a chance to send it around before we all knock off for the recess?
Conservative
Garnett Genuis Conservative Sherwood Park—Fort Saskatchewan, AB
Yes. Maybe Friday at two o'clock is fair, or noon.
Liberal
The Chair Liberal Geoff Regan
As long as we can agree on something, that would be helpful. I'm just looking for agreement.
Liberal
Liberal
The Chair Liberal Geoff Regan
Okay, that's agreed, then.
Thank you very much to the witnesses. You are now excused.
We'll set up for the next panel, Madam Clerk.
Liberal
The Chair Liberal Geoff Regan
I call this meeting back to order.
I would now like to welcome, as an individual, Christopher Parsons, senior research associate for The Citizen Lab at the Munk School of Global Affairs and Public Policy, University of Toronto. We also have Mr. Janis Sarts, director of the NATO Strategic Communications Centre of Excellence, who is joining us from Riga, Latvia, where I think it's very late. Thank you both very much for being here.
I think it's 1:30 in the morning, in fact, for Mr. Sarts.
Perhaps we can start with you for your opening remarks, and then we'll go to Mr. Parsons.
Mr. Sarts, please proceed. You have five minutes.
Janis Sarts Director, NATO Strategic Communications Centre of Excellence
Thank you very much, Mr. Chair, and thank you for the invitation.
I'll probably first describe the institution I represent, which is the NATO centre of excellence for strategic communication. It is a NATO-affiliated organization that researches and looks into the issues of influence operations, how hostile actors are using this for undermining the democracies, and how it works in the information space and increasingly into what we call cognitive conflict.
The views I will present today are views of my own, based on the research by the centre, and are not agreed positions of NATO itself.
With that caveat, I will sketch out how we see China in the influence operations. Of course, as a NATO institution, we have been looking for many years at Russian activity, but over the last few years we have increasingly been looking at Chinese activity.
To quickly look at how we see that activity, the way they process their influence operations through more soft touch, soft power angle of trying to create a favourable image of China has transformed, increasingly adopting hard-handed and assertive measures against countries—not only within their own neighbourhood, which was the case some time ago already, but increasingly adapting these measures also to countries that are further away, especially when there are key elements of contention where they believe Chinese interests are at stake. Of course, one has to point out the different value systems that democratic countries and China have.
If I look at the areas of influence that they are good at, in our view, they are very good at using the leverages they have, especially on the economic front and the infrastructure front. They are very active in the technology landscape, first and foremost in cyber activities, hacking and espionage, but also at more nuanced technology activities, like data and emerging technologies. They are also quite good in most of the cases, but not always, at targeting Chinese communities for their influence.
Where they are not yet very good, but they're quickly gaining ground, is in what we call the information warfare. We've noted that in most of the cases they've used what I would call an old-school methodology of the communist propaganda system that has not worked very well. However, they have been quickly adopting...in particular, some of the Russian tactics have been adopted on the information front as we speak.
As next steps, we see that they will increasingly try to leverage their technological powers and try to gain more say into the infrastructure of the future of these technologies. I believe they see data and AI as very critical future technologies where they would want to have strong leverage, not only within China but also outside.
We look at the social scoring systems they have developed, which we believe are not the way the technology has to be used, but we see, with a concern, the export of this technology and the possible impact of the social scoring system on western companies wanting to operate on Chinese territory, which I think will have significant impact.
All in all, as the Chinese modus operandi changes to a more hard-handed approach, we foresee that there will be more contention, more pressure, especially given that the core elements of the Chinese system and the way they view the world are fundamentally different from those of democratic countries. Therefore, there is in-built conflict on the values system side.
We therefore see an increase in not only the competition but also the influence operations from China. They will increasingly try to leverage especially the technology but also the economic and infrastructural positions they have.
Thank you, Mr. Chair.
Liberal
The Chair Liberal Geoff Regan
Thank you very much, Mr. Sarts.
Mr. Parsons, you have five minutes. Please proceed.
Christopher Parsons Senior Research Associate, Citizen Lab, Munk School of Global Affairs and Public Policy, University of Toronto, As an Individual
Thank you.
Good evening. My name is Christopher Parsons. As mentioned, I'm a senior research associate at the Citizen Lab. I appear before this committee in a professional capacity that represents my views and those of the Citizen Lab. Comments are based on our research into Chinese technology companies. The Citizen Lab is an academic institution, and our work operates at the intersection of technology and human rights.
In my time today, I want to point to some of the ways by which we can develop trust in the products and services that are manufactured in, transited through or operated from China. I do so by first turning to the issue of supply chain dependencies.
A rising concern is the extent to which Canadian companies, such as our telecoms, might become dependent on products made by Chinese companies, inclusive of Huawei. Dependency runs the risk of generating monocultures or cases in which a single company dominates a Canadian organization's infrastructure. In such cases, up to three risks can arise.
First, monocultures can enable foreign governments to leverage dependencies on a vendor to apply pressure in diplomatic, trade or defence negotiations. Second, monocultures can create a path dependency, especially in 5G telecommunications environments, where there's often a degree of vendor lock-in into vendors' telecom equipment. Third, monocultures risk hindering competition among telecommunications vendors, to the effect of increasing capital costs to Canadian telecommunications providers.
All of these challenges can in part be mediated by requiring diversity in Canadian telecommunications companies' networks, as has been recommended in the past by CSE's deputy chief of information technology security, Scott Jones. In this case, trust would come from not placing absolute trust in any given infrastructure vendor.
I now turn to building trust in software and hardware systems more generally. Software and hardware errors are often incidentally placed into digital systems. Some errors are egregious, such as including old and known vulnerable code in a piece of software. Others are more akin to spelling or grammar errors, such as failing to properly delimit a block of code. There are also limited situations where state agencies compel private companies to inject vulnerabilities into their products or services to enable espionage or attack operations.
No single policy can alleviate all of the risks posed by vulnerabilities. However, some can enhance trust by reducing the prevalence of incidental vulnerabilities and raising the cost of deliberately injecting vulnerabilities into digital systems. Some of these trust-enhancing policies include, first, requiring companies to provide a bill of goods that declares their products' software libraries and dependencies, as well as their versions. This would help ensure that known deficient code isn't placed in critical infrastructure and also help responders identify vulnerable systems upon any later discovery of vulnerabilities in the libraries or dependencies.
Second, Canada and its allies can improve on existing critical infrastructure assessments by building assessment centres that complement the U.K.'s, which presently assesses Huawei equipment. Working collectively with our allies, we'd be better able to find incidental vulnerabilities while raising the likelihood of discovering state adversaries' attempts to deliberately slip vulnerabilities into systems' codebases.
Third, Canada could adopt robust policies and processes to ensure that government agencies disclose vulnerabilities in critical infrastructure to appropriate vendors and communities, as opposed to potentially secretly hoarding them for signals intelligence or cyber-operations.
I will now briefly turn to increasing trust in Chinese social media platforms. Citizen Lab research has shown that WeChat has previously placed Canadians' communications under political surveillance to subsequently develop censor lists that are applied to China-registered WeChat accounts. Our research into TikTok, released today, revealed there's no apparent or overt political censorship or untoward surveillance of Canadians' communications on that platform.
Based on our findings, we suggest that social media companies be required to publish more information on their activities to enhance trust. This would include publishing detailed content moderation guides, publishing how and why companies engage in monitoring and censoring behaviours, publishing how organizations interact with government agencies and address their corresponding demands, and publishing annual transparency reports that detail the regularity and effects of state and non-state actors who make requests for users' data.
Platforms could also be compelled to make available algorithms for government audit where there is reason to suspect they're being used to block or suppress lawful communications in Canada or where they're being used to facilitate influence operations. Platforms could also be compelled to disclose when user data flows through or is accessible by parts of their organizations that have problematic human rights, data protection or rule of law histories.
To conclude, we at the Citizen Lab believe that the aforementioned sets of recommendations would ameliorate some of the cyber-related risks linked with the Chinese supply chain management issue, and social media platform issues more broadly. However, we also believe these policies should be applied in a vendor- and country-agnostic way to broadly improve trust in digital systems.
I would just note to the committee that the brief we have also submitted provides additional details and recommendations, especially as applied to Internet standards, which I have declined to get into in this.
Thank you for your time, and I look forward to your questions.
Liberal
The Chair Liberal Geoff Regan
Thank you very much.
Mr. Paul-Hus, we will begin the first round of questions with you. You have six minutes.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Thank you, Mr. Chair.
Gentlemen, thank you for joining us tonight.
My first question is for Mr. Sarts.
I served for three years as Vice-Chair of the Defence and Security Committee of the Canadian NATO Parliamentary Association. We often had discussions about Russia and the various physical or cyber threats. We also talked a little about China. For the last few years, we had difficulty understanding the NATO alliance's somewhat unclear position on those cyber threats.
Can you tell me briefly whether you feel that the alliance is better able to stand together against cyber threats like those from China?
Director, NATO Strategic Communications Centre of Excellence
Well, the alliance is the collective nations. As you know, for nations to agree, it takes time, and also to develop the capabilities, it takes time.
I think in the last decade, basically, the alliance has zoomed much more on the cyber-defence. Instead of just being a national business, it has been moved to the collective business. The cyber realm has been named a new domain for NATO as an alliance, and certainly the collective capabilities have increased. However, of course, as we know—