Evidence of meeting #92 for Access to Information, Privacy and Ethics in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.
A recording is available from Parliament.
4:20 p.m.
Bloc
René Villemure Bloc Trois-Rivières, QC
I imagine that 14‑year‑olds and 15‑year‑olds don't think to check where their data is going or what it will be used for. We know that no one reads the consent form and it's complex. No one knows where their data will end up.
How can we protect them? How can we help youth and younger people better understand what's at stake, so that they don't recklessly share their data.
4:20 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I think that's an extremely good question and it's an extremely difficult question to answer.
I think a lot of it goes back to what my colleague Mr. Khoury said, which is education—constant education. It's not only education for adults, but education at all levels. I'm not a policy person; I'm an operational person, but I think it would be very important to figure out ways to educate the youth and engage on that level. I think there are other government departments that can support that sort of work.
4:20 p.m.
Bloc
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
Thank you.
As my colleague just said, education is extremely important in keeping young people informed. In reality, it's clear that China raises somewhat more complex concerns.
Any information we put in the public domain could ultimately be a source of concern. It's important to keep both young people and not so young people informed of the risks that publishing such information could have in the future. It might not pose an immediate threat, but it can present a threat later, once a more complete portrait or profile of the individual has been compiled.
4:20 p.m.
Conservative
The Chair Conservative John Brassard
Thank you, Mr. Khoury and Mr. Villemure.
Mr. Green, you have six minutes. Go ahead, please.
4:20 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Thank you very much, Mr. Chair.
I'm going to put a series of questions to you.
First of all, thank you for being here. It's always a pleasure for me, as just a working-class guy from Hamilton, to be able to ask questions of the CSE and CSIS. This is kind of cool.
I'm going to put some direct questions to you, and I'm going to ask you to answer them as directly as you possibly can.
On February 27, 2023, the Government of Canada announced it was banning the use of TikTok applications on government mobile devices. Was the Communications Security Establishment consulted when this decision was made?
This is for you, Mr. Khoury.
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
Yes.
November 20th, 2023 / 4:20 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I don't know.
4:20 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
That's fair enough.
In the consultations that you had, what feedback did you provide the government on singling out TikTok for this type of ban?
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
We are not a regulator and we don't assess every app out there. Our advice is how to consider the risk, from a privacy perspective, of the permissive settings that the app is requesting.
Along with the ban of TikTok, we also put out some advice and guidance on social media applications for Canadians and for Canadian businesses in general.
4:20 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Specific to the government and the ban, it appears to me that you have a strong rationale. You talked about an acceptable level of risk, yet all the focus seems to be on the fact that this is a state-owned actor through ByteDance.
I want to put a question to you in relation to surveillance and data capitalism or algorithmic capitalism. In other words, what's to stop Facebook, X or Twitter, or any other platform from simply collecting the same data and selling it through a third party to the same hostile actors you've identified?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
On TikTok, just in case it didn't come out clearly, it presents an unacceptable level of risk. That's why the application was banned.
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
Many apps that we have on our government phones are apps for which the level of risk is acceptable. In our advice and guidance on what we put on our government phones, we look at a number of things, like security control and who is behind the app.
4:25 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
In your time with the CSE.... How long have you been with them?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
It's been 32 years.
4:25 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
You were there in 2016, and you were there in 2019, particularly, when the joint investigation by the Privacy Commissioner brought to light the Cambridge Analytica scandal in Facebook.
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I was at CSE. I wasn't in my current role, but I was at CSE.
4:25 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Were you advising on that as well? Did you have any knowledge of that as well?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I wasn't in a position where that was my task.
4:25 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
You would recall that this British consulting firm, Cambridge Analytica, accessed and harvested 87 million profiles. It was involved in Brexit. It was involved in the Trump campaign.
Do you have any knowledge of it having involvement in Canadian politics?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I'm not aware of that.
4:25 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Okay.
You wouldn't know, then, that in 2016 the Liberal research bureau contracted Eunoia Technologies, under the founding member of Cambridge Analytica, Christopher Wylie, for a pilot project. He was the whistle-blower.
Are you aware of that at all?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
No, I'm not aware of that.