Thank you very much.
Good afternoon, Chair, vice-chairs and committee members. Thank you for inviting me to offer the findings and recommendations of the National Security Centre of Excellence.
The NSCOE is a Canadian NGO composed of academics and practitioners covering key elements of international law and domestic law, technology, policy and politics that impact Canada and Canadians. We assist private and public sectors with their insider and foreign threat actor risks and issues through research across Canada as well as globally.
Our findings are summarized as advice, maintaining privacy, and are shared with various departments and agencies of the Government of Canada to help them formulate policy.
I will begin with some normalizing information regarding espionage and sabotage. Under international law, espionage and sabotage are expected from foreign states, dating long since before all of us were born. We do it too. Indeed, key areas are considered off limits, including inherently governmental functions and critical infrastructure.
When entities behave this way, our domestic laws can hold them criminally accountable. While we expect foreign governments to perform espionage and sabotage, we don't expect foreign companies, nor individuals, to do so. When they do, the government where they reside or are headquartered should hold them accountable. When their government does not hold them accountable, others could consider these actors organs of the state acting on behalf of their government. Cyberspace presents another means to perform such actions. It's not surprising or new.
With that out of the way, I present to you our findings. On September 27, Vanessa Lloyd and David Vigneault testified at the foreign interference commission. They shared examples of foreign activities by the governments of China, Pakistan, India, Iran and others. While studying the behaviours of China and Russia at our centre, we noticed the trend of these countries and their ability to perform intricate influence activities over cyber that approach—but do not cross—the threshold of armed conflict, limiting Canada's options for lawful responses. Their intricate methods also make it very difficult for the public, or even elected officials, to notice.
As an example, since COVID, working from home is very common and expected. Companies and governments around the world supported this, including the U.S. Army, for matters up to classified secret in 2,000 homes. From a cyber perspective, the communications are well encrypted and considered safeguarded. From a physical perspective, a small sensor on a window will pick up voices, which are sent for processing to determine methods to influence. Civil servants and elected officials remain easy targets.
Similarly, we've studied the behaviours of Canadians raising monies within domestic communities to send abroad to influence the public of another country. These types of activities are not limited to specific cultures or backgrounds of people. Some of the Canadian religious groups are sending money abroad to help with protesting and sometimes violence. Indeed, it's not the entire group of individuals at these places of worship.
We have noticed an increase in the number of active organized crime groups and in those in smaller cities in Canada. In various well-respected restaurants, one can observe drug deliveries to affluent patrons and staff ordered over mobile phones, as they would for an Uber ride. Organized crime groups send their monies into foreign jurisdictions using cryptocurrency and influence foreign policy and publicly elected officials.
We believe Canadian laws are not adequately written or tested to counter such activities. Because of this, certain governments in Europe and Asia see Canada as supporting foreign influence and even terrorism. While the U.S. is a strong ally, they have very different views and legal disputes on matters important to Canada, such as trade and our Arctic sovereignty. U.S.-headquartered companies are highly influential in civil servant promotions in terms of offering them well-remunerated roles upon their retirement, influencing government operations and senior decision-making. Foreign-headquartered companies are employing Canadians, allowing foreign states to legally drive influence through their headquartered companies into the minds of their staff located in Canada.
These are really no quick solutions. I'll move on to our recommendations.
The Government of Canada should undertake comprehensive educational programs to immunize Canadian society against misinformation and information manipulation in general using Finland's model. Almost a decade ago, Finland recognized the same vulnerabilities as Canada does today and embarked on a whole-of-society education effort to protect democracy, bringing fact-checking awareness to kindergarteners up to and including retirees.
Canadian voters located abroad fall directly under the jurisdiction and influence of foreign states. Our findings suggest that some states are using this as a strategic long-term influence vehicle. The only reasonable mitigations to such influence upon foreign-located Canadians are to strengthen international norms in Canada's favour.
Cyberspace has only been around for 30 years, and in that time we can't formulate international customary law. We've signed treaties. In 2015, Canada ratified the 2001 Budapest Convention on Cybercrime, but we haven't signed the additional two protocols, nor the 2014 Malabo convention.
Like in many other countries, Canadian civil servants were stuck accepting data sovereignty risks on behalf of Canada. Instruments like the UN convention against cybercrime exist; however, the centre is recommending rejecting the treaty as it diminishes our sovereignty. It's the centre's position that Canada should continue to promote good state behaviour through open communications and normative behaviours. We need to show international parties we do not support these actions onto others from within Canada and upon Canada.
Thank you very much for your time and best of luck.
