Information & Ethics Committee on Oct. 18th, 2018

But I want to talk about our abuses there.

Very specifically, if what happened in Europe was done here, would they be offside and get a big fine like that? Yes or no; it's a simple question.

It's okay, if you haven't looked at it—

How many anti-competition fines are in the order of $3.6 billion? There can't be dozens of them such that you can't look into it. Your bureau hasn't taken the time to look to see what they're doing there, and whether they're doing the same thing here. It's a global company; it's a global search engine.

We'll hold that thought.

I think, Mr. Santor, you said the bank thought that our policies can be modernized. That was one of your statements. How so? What should we be looking at to modernize?

If you believe it should be, what should we do?

My concern here is that I see something of this magnitude going on. That's just one of the things I've heard. Other people have made major complaints about them using their search engine to direct users in one direction that financially benefits them and financially hurts their competition. I've read about someone who developed a much better search engine which they effectively killed. They've done a lot of this activity.

I cannot believe that it's only been happening in Europe, or if it is only happening in Europe—and I don't believe it— I'm concerned that our laws are not allowing you to do your job. That's what I'm trying to ask, Mr. Durocher.

Unfortunately, we're well past the five-minute mark.

Thank you, Mr. Baylis.

The last three minutes go to Ms. Mathyssen.

Thank you.

I guess the logical thing to ask is: Do our laws allow you to do your job?

Thank you. I think, in regard to Huawei, that was part of what we heard, that they were indeed harming Canadian companies. In the case of Huawei, it was Nortel, which is gone now.

Do you think that with built-in encryption, the back doors risk the bad actors permanently compromising encryption?

Are the bad actors able to access built-in encryption systems?

In the description about the Russian penetration of the American election system and the Netherlands, it was indicated that these were low-level characters. This was not a sophisticated bunch doing this.

What happens when a more sophisticated bunch comes along? You talked about best practices and what you called a hygiene guide. I wonder if you could explain who is using that guide, and how it is effective. Can we count on it, based on the fact that human beings are involved? Should we take comfort from the hygiene guide?

Thank you.

I have a few questions.

I want to start with you, Mr. Rogers, and it's a really simple question.

Political parties get their backs up when we talk about potentially bringing them under a regulatory framework with respect to privacy or data protection practices. I'm glad you've given advice to all Canadian political parties.

My question is not so much from a privacy protection standpoint, but from ensuring best data management practices. I attended a parliamentary round table of representatives in Washington. Bob Zimmer was there as well. A number of representatives say that two-factor authentication is necessary in today's day and age, and if it's not a rule for political parties, that's a huge problem.

I read your June 2017 report, and you say you're not worried about Elections Canada, but you're worried about the vulnerability of political parties. When I read that the Democratic Party and the Republican Party were both hacked and that there was selective distribution of the material from that hacking, it's political parties that need to up their game on data management practices.

Shouldn't they be regulated?