Information & Ethics Committee on Feb. 26th, 2019

I will provide some answers.

When an individual notices that their account has been hacked by someone and that wrong information has been disseminated, they can go on our website, where we say what should be done in hacking cases. One of the first things to do is take back control and remove the information. Depending on the type of attack, that information can be removed.

The quickness of intervention is important, as information spreads like a wave. I think that is what your comment was about. I don't think that wave can be stopped with the current tools.

The first answer I gave was in the context of social media hacking.

Your second question, if I understand correctly, is about the hacking of electoral systems, correct?

It is important to reassure us. We have been working with Elections Canada for a number of years to implement the necessary protection measures to avoid these types of incidents. If someone is getting into our systems, that activity must be detected as soon as possible to stop the hacking. In the unlikely but possible case of the system being accessed, we must be able to go back in order to identify the activity, close the door, make backups and re-establish the information's integrity.

I think the work that has been done, as well as the partnership and the collaboration, must be recognized. I am very confident in our systems when it comes to the upcoming election.

Absolutely.

Thank you for the question.

I want to be clear, so I will answer in English, if that's okay with you.

If I understand correctly, your question is whether a foreign actor can come into Canada and masquerade as a Canadian. Technology—

Yes.

The answer is that yes, technology does allow foreign actors to masquerade as Canadian or otherwise. Our intention is to look at the foreign actor and try to find out whether they are attempting to do that, so that we can pass information on to, for example, the cyber centre. Then they can put in defensive measures or share that information with others who may the victim of the act.

Under the current mandate for CSE, our authorities are limited to intelligence collection. There are provisions in Bill C-59, which the Senate is currently considering. If that bill is passed, we may have more authorities in the future.

Yes.

Given the concern you've heard from this side of the table today in regard to the non-partisanship or independence of the five individuals who comprise the panel that will decide the critical incident protocol trigger, I am asking for assurance from both Mr. Boucher and Mr. Sutherland that you will do everything possible in your power as public servants to support the absolute disclosure of equal and shared information to all political parties, please.

Thank you, Mr. Sutherland.

Mr. Boucher, do you want to comment?

Yes, absolutely.

There will likely be many more events that do not pass the threshold. The practice of the cyber centre has always been—and will continue to be—to inform those who are affected or potentially affected when we detect incidents or events of significance. Unlike the threshold conversation, ours is always an unattributed conversation. It's about the manifestation and giving the tools to those who are or might be affected to defend themselves or remediate the problem.

In our conversation, we would not be specific about “Entity X is having this issue.” We would just say that there's an entity in the process having an issue and you can detect whether you are also having the issue with the following tips and indicators. We'll provide assistance to help resolve those issues. That's what would happen in all circumstances below threshold.

Mr. Rogers, you might be tired of me talking about this, but I'm a member of the Trilateral Commission. We were fortunate to go to Silicon Valley in November to have an overview of a cybersecurity update with some of the most brilliant minds in the world. I felt that perhaps instead of being at Facebook and Google, we should have been at the main office of Fortnite.

I want to hear your comments, very briefly, in terms of how you find, engage and employ the absolute best to secure our electoral systems.

That's a great question, thank you.

We are recruiting, so anyone who's listening is welcome to send through a resumé.