Canada-China Relations Committee on April 29th, 2024

On AI?

As you know, there is tremendous potential when it comes to AI, but also different risks relative to that—individual risk in terms of how you use AI, and organizational risk in terms of the potential of hacking systems in cyberspace. There's also a systemic risk or ultimate risk when we stop controlling the machine and the machine is controlling you. Those are the big types of risks that international safeguards.... We'd like Canada to be a lead player in determining what those safeguards should be regarding AI for the future.

Thank you, Mr. Chair, for the question.

Absolutely, we're trying to look at AI from two sides of the coin. We need to look at how we can harness artificial intelligence in our own practices. At CSIS we are using AI for different processes already. We're working with partners in Canada and around the world to try to harness artificial intelligence from a national security point of view and how it could be of benefit. We do that because we also understand, or try to understand to the best of our ability, the threat that comes from nefarious actors using AI.

We've talked about how artificial intelligence can easily be used right now by fairly unsophisticated actors to create deep fakes that are are credible enough to lead someone to believe that indeed an action was done or words were said by someone.

It is not just a problem for the future; it's a problem for today. The more we can work together on understanding and harnessing the power of AI while protecting ourselves would be great.

As was mentioned in Ms. Drouin's opening remarks, Canada is one of the most dynamic areas of the world for artificial intelligence. We have some of the best scientists and some of the most cutting edge research. We know that this is a target for a number of people, so we're working with the appropriate partners to try to secure that research and innovation.

No, not at all.

As I said earlier, it was not a refusal to disclose the documents. It was a refusal to do so in the forum that was presented. Unfortunately, for what I would call political reasons, the situation became very black and white: do it or don't do it. That is in addition to the fact that we were torn between having to respect your privilege as parliamentarians and having to obey the laws that you pass and that we are required to obey. It was extremely difficult for some public servants, including the former president of the Public Health Agency of Canada. It was like squaring a circle for us. Since no political solution was proposed at the time, meaning a solution that you found together as parliamentarians, our only choice was to turn to the courts to help us resolve the conflict between respecting parliamentary privilege and obeying the law.

Yes, and we also have to obey the laws that you pass.

This is an absolutely fascinating legal debate for a lawyer, but unfortunately, it has not yet been resolved.

I can't say. You have heard Minister LeBlanc and others say on a few occasions that they would like CSIS, for example, to have the necessary powers to share information with other levels of government.

Mr. Chair, I'm not at liberty to discuss the specific details of that cyber-attack. The origin of that attack has not been attributed publicly by FINTRAC.

I can say that we and our other partners in the national security and cyber community in the Government of Canada are working directly with FINTRAC to support them, but the attribution has not yet been made regarding this event.

Mr. Chair, to the question by Mr. Angus, I would say that we are seeing and detecting more cyber-attacks from the PRC, and also from many other countries and states, but from criminal organizations as well. We see the rise of ransomware that is sometimes purely criminal in nature. It's to be able to accumulate dollars fraudulently. Sometimes we see those ransomware groups working at the behest of states. We also see state-sponsored cyber-attacks against government entities for spying purposes.

Also, in a very worrying trend, we see that some countries are engaging in cyber-attacks against our critical infrastructure. They are directing those attacks often to pre-position themselves to not necessarily stop or undertake any action but to be there, and when they decide to act on Canada or other countries, to force Canada to take a specific policy position. This is an area of concern. The PRC has been publicly called out for that in the recent past.

I would say that CSIS plays an important and unique role in what I call the "cyber-ecosystem". We're working very closely with our partners at the Canadian Centre for Cyber Security and CSE and with our partners at the RCMP, Public Safety Canada and Treasury Board.

What essentially you see, Mr. Angus, is that we need to bring this ecosystem of all the different players who have the tools and authorities to do something to really play well, because our security depends on it. The actors who are attacking Canada for criminal or national security purposes are getting better at it. We need to increase our own vigilance.