Evidence of meeting #121 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cse.
A video is available from Parliament.
12:25 p.m.
Liberal
Frank Baylis Liberal Pierrefonds—Dollard, QC
Laws are structured such that the exact same thing could be happening in Europe and here, but here it's no problem, and there, it's a $3.6-billion fine.
12:25 p.m.
Deputy Commissioner, Monopolistic Practices Directorate, Competition Bureau
I would say not necessarily. If there were evidence that what Google was doing here was falling offside of our abuse of dominance provision, I can assure you we would take action.
12:25 p.m.
Liberal
12:25 p.m.
Deputy Commissioner, Monopolistic Practices Directorate, Competition Bureau
Yes.
12:25 p.m.
Liberal
Frank Baylis Liberal Pierrefonds—Dollard, QC
Very specifically, if what happened in Europe was done here, would they be offside and get a big fine like that? Yes or no; it's a simple question.
12:25 p.m.
Deputy Commissioner, Monopolistic Practices Directorate, Competition Bureau
I can't hypothesize as to what they did in Europe and whether the same could apply here, because it's—
12:25 p.m.
Liberal
12:25 p.m.
Deputy Commissioner, Monopolistic Practices Directorate, Competition Bureau
We're driven by the evidence.
12:25 p.m.
Liberal
Frank Baylis Liberal Pierrefonds—Dollard, QC
How many anti-competition fines are in the order of $3.6 billion? There can't be dozens of them such that you can't look into it. Your bureau hasn't taken the time to look to see what they're doing there, and whether they're doing the same thing here. It's a global company; it's a global search engine.
We'll hold that thought.
I think, Mr. Santor, you said the bank thought that our policies can be modernized. That was one of your statements. How so? What should we be looking at to modernize?
12:25 p.m.
Managing Director, Canadian Economic Analysis, Bank of Canada
That was a general statement, which is to say, as the economy evolves and as digitalization proceeds, it is not our responsibility, but that as new types of competition come up, using new technologies, it would be reasonable to expect that we would need to consider how to best modernize our practices in order to—
12:25 p.m.
Liberal
12:25 p.m.
Managing Director, Canadian Economic Analysis, Bank of Canada
That would be the responsibility of the Competition Bureau and the legislation to determine. What I was saying was that as the economy evolves, we'll need to evolve all our practices as well, to understand how competition is being affected by big data, because this is something that is new.
12:25 p.m.
Liberal
Frank Baylis Liberal Pierrefonds—Dollard, QC
My concern here is that I see something of this magnitude going on. That's just one of the things I've heard. Other people have made major complaints about them using their search engine to direct users in one direction that financially benefits them and financially hurts their competition. I've read about someone who developed a much better search engine which they effectively killed. They've done a lot of this activity.
I cannot believe that it's only been happening in Europe, or if it is only happening in Europe—and I don't believe it— I'm concerned that our laws are not allowing you to do your job. That's what I'm trying to ask, Mr. Durocher.
12:25 p.m.
Liberal
The Vice-Chair Liberal Nathaniel Erskine-Smith
Unfortunately, we're well past the five-minute mark.
Thank you, Mr. Baylis.
The last three minutes go to Ms. Mathyssen.
12:25 p.m.
NDP
Irene Mathyssen NDP London—Fanshawe, ON
Thank you.
I guess the logical thing to ask is: Do our laws allow you to do your job?
12:25 p.m.
Deputy Commissioner, Monopolistic Practices Directorate, Competition Bureau
I think it's important to say yes. Canadians can take comfort that we are taking all steps necessary to vigorously investigate and take action when warranted. The underlying premise needs to be that we make principled, evidence-based decisions. We cannot have theory dictate our actions under the Competition Act. I would suggest to this committee that that is a very important takeaway.
Were any of these digital giants engaging in conduct that is meant to harm competitors, that could very well raise issues under the Competition Act, and these are the types of issues we would investigate, but the evidence needs to bring us there.
12:25 p.m.
NDP
Irene Mathyssen NDP London—Fanshawe, ON
Thank you. I think, in regard to Huawei, that was part of what we heard, that they were indeed harming Canadian companies. In the case of Huawei, it was Nortel, which is gone now.
Do you think that with built-in encryption, the back doors risk the bad actors permanently compromising encryption?
12:30 p.m.
Deputy Chief, SIGINT, Communications Security Establishment
Sorry, just to clarify, could you expand on back doors?
12:30 p.m.
NDP
Irene Mathyssen NDP London—Fanshawe, ON
Are the bad actors able to access built-in encryption systems?
12:30 p.m.
Deputy Chief, SIGINT, Communications Security Establishment
I can say—André please jump in if you'd like—when we observe things in foreign intelligence space, we do find nation-states and other actors making use of vulnerabilities in software in order to defeat things, like encryption, and to gain access to communications that should otherwise be protected.
When we see this in a foreign space, we will provide information of that type to our colleagues in the cyber centre and other agencies in Canada that take action, which might include providing mitigation advice or notifying vendors to make sure that those back doors are dealt with.
12:30 p.m.
NDP
Irene Mathyssen NDP London—Fanshawe, ON
In the description about the Russian penetration of the American election system and the Netherlands, it was indicated that these were low-level characters. This was not a sophisticated bunch doing this.
What happens when a more sophisticated bunch comes along? You talked about best practices and what you called a hygiene guide. I wonder if you could explain who is using that guide, and how it is effective. Can we count on it, based on the fact that human beings are involved? Should we take comfort from the hygiene guide?
12:30 p.m.
Assistant Deputy Minister, Operations, Canadian Centre for Cyber Security, Communications Security Establishment
Absolutely. Part of the challenge for the Canadian Centre for Cyber Security is developing advice and guidance for all people operating in the cyber environment. One key element of the cyber environment, for you and I and users of that environment, is the cyber hygiene guide, advice on how to use mobility. There is a body of knowledge you can find on our website. It also gets shared through cyber-safe campaigns and other campaigns. That is specifically targeting simple measures that everyone can take that give the most benefit for a few actions.
When we write the advice and guidance, we do it in the spirit of getting the most benefit in security terms with a few simple actions.
12:30 p.m.
Liberal
The Vice-Chair Liberal Nathaniel Erskine-Smith
I have a few questions.
I want to start with you, Mr. Rogers, and it's a really simple question.
Political parties get their backs up when we talk about potentially bringing them under a regulatory framework with respect to privacy or data protection practices. I'm glad you've given advice to all Canadian political parties.
My question is not so much from a privacy protection standpoint, but from ensuring best data management practices. I attended a parliamentary round table of representatives in Washington. Bob Zimmer was there as well. A number of representatives say that two-factor authentication is necessary in today's day and age, and if it's not a rule for political parties, that's a huge problem.
I read your June 2017 report, and you say you're not worried about Elections Canada, but you're worried about the vulnerability of political parties. When I read that the Democratic Party and the Republican Party were both hacked and that there was selective distribution of the material from that hacking, it's political parties that need to up their game on data management practices.
Shouldn't they be regulated?
12:30 p.m.
Deputy Chief, SIGINT, Communications Security Establishment
I don't think it's for us to say what the Canadian government's regulations should be. André could speak to the types of things we would suggest that anyone, political parties and others, would take on board if they want good cyber hygiene practices.