Government Operations Committee on Dec. 7th, 2020

Thank you, Mr. Chair, and good afternoon.

I would like to supplement the evidence this committee heard from civil servants on November 18 by providing information about the relationship between Nuctech and the Chinese Communist Party apparatus that is the regime of the People's Republic of China.

The Nuctech corporate organigram shows the Chinese Communist Party branch and its party secretary, Chen Zhiqiang, at the apex of Nuctech's corporate pyramid. The party branch is at the top. The Nuctech board of directors and senior executive management is therefore subordinate to direction from the Chinese Communist Party.

Indeed, party secretary Chen is also the chairman of Nuctech's board of directors. As a very senior official of the Chinese Communist Party, Mr. Chen is also currently a member of China's National People's Congress. The party secretary is thus the highest ranked and most powerful official at Nuctech.

The Chinese state heavily subsidizes Nuctech and other Chinese hardware and software development and production to make it highly competitive in global markets. That's why they tendered the cheapest bid to us. Like all Chinese state enterprises, Nuctech's raison d'être is not primarily economic profitability; it is also to serve other overall PRC regime purposes.

As was mentioned in the evidence in a previous meeting, China's National Intelligence Law of 2017 compels all Chinese nationals, including those working for Nuctech at home and abroad, to collaborate with agents of the Chinese state on request, to further Chinese state interests by, you know, purloining confidential data and engaging in compromise of infrastructure around the world.

This intelligence law is really just pro forma. In fact, Nuctech's connection to the Chinese party/military state is much more than a master-servant relationship; it's really a symbiotic relationship. What I mean by that is that Nuctech, like all Chinese state enterprises, is fully integrated into the PRC party, state, military and security apparatus because, as party general secretary Xi Jinping has put it, “Party, government, military, civilian, and academic, east, west, south, north and centre, the Party leads everything.”

Just as the Chinese Communist Party does not allow for true civil society or non-government sectors, there are also no industrial enterprises in China existing independently from China's party state. In terms of assessing bids, we have to understand that Nuctech is of a substantive nature utterly different from that of its foreign competitors, those existing in a civil space outside of political institutions.

This is a hugely significant distinction between Nuctech and non-Chinese security equipment concerns. Nuctech's purposes are actually the Chinese Communist Party's purposes for Nuctech. Because of its role as an integral element of the unified Communist Party regime, Nuctech's primary purpose is not to generate profits but to serve the overall interests of the Chinese Communist Party at home and abroad, including China's massive domestic and international intelligence-gathering program.

Nuctech can reciprocally draw on Chinese military and intelligence services to obtain foreign technologies and foreign data to serve its advantage. It's fully supported by the Chinese Communist Party's extensive United Front Work Department operations, coordinated out of the PRC's embassies and consulates abroad.

This is because Nuctech, like all PRC enterprises, is mobilized by the Chinese Communist Party to serve PRC regime geostrategic goals throughout the world. That's why you have the Chinese Communist Party branch party secretary, Chen Zhiqiang, as the highest ranked official of Nuctech.

The key here is to recognize that Nuctech is a function of an integrated party-state-military-civilian-market PRC regime complex whose strategic intent is severely at odds with the interests and values of the liberal democratic west, including Canada.

My conclusion will be very brief.

Canada's country-agnostic approach to procurement, while arguably politically correct, should not be applied to bids from People's Republic of China enterprises, state or otherwise. Because China routinely grossly flouts the norms of the international rules-based order in diplomacy and trade, this country-agnostic approach obscures the realities of Chinese regime enterprises and the threat they pose to Canada's national security. In short, like the Chinese Communist Party, Nuctech cannot be trusted by Canada under any circumstances.

Thank you, Mr. Chair.

Ladies and gentlemen, thank you for your invitation. I'll speak in English, but you may ask your questions in the language of your choice.

There is a written submission that hopefully you have received. I shall have to abstract from that submission. I co-authored that submission intentionally with my colleague, David Skillicorn, from the School of Computing at Queen's University, in order to lend greater heft to the actual security assessment of the technology.

We have long argued that Canada's strategic and policy engagement needs to be far more nuanced to reflect the complexity of a relationship that is evolving rapidly. On some matters China is a partner, on some a competitor and on some an adversary. These three challenges converge on matters of technology, security and procurement.

Our assessment of the security risk is that on the technical side they are moderate and manageable, although there are risks. The broader issue at stake is from a democratic government or procurement perspective of procuring such technology from China, and in particular from state-owned enterprises.

First, as Professor Burton has already pointed out, China is playing the long game and is engaging in predatory market practices in order to undercut other companies. You can find this well documented in a report released last month by the United States Senate Committee on Foreign Relations that goes into substantial detail on Nuctech and other Chinese technology companies and how exactly this works.

On principle, SOEs or partial SOEs from non-democratic regimes should be excluded from Canadian public tendering processes because they're not competing on a level playing field. In other words, this matter of Nuctech should be referred to Canadian competition authorities. In lieu of that referral, I suppose, we're here today having these meetings.

In case there's any doubt about just how arm's length Nuctech is, it was founded in 1997 by the son of former Chinese leader Hu Jintao, which makes him part of the notorious “princelings” of the “red royalty” that are widely despised across China. Doing business with Nuctech is bad for Canada's image, bad for China, and bad for Chinese and our image with the average Chinese.

Second, Canadian companies are precluded from competing for public procurement tenders in China. The principle of reciprocity suggests that companies that are either explicitly excluded from foreign tenders or that structure their markets so that foreign companies cannot compete should not be able to compete for federal public tenders in Canada.

Third, Canada should not be doing government procurement business with a country that engages in hostage diplomacy, bullies Canada and some of its closest allies, spreads blatant false information, engages in large-scale and systematic foreign interference, regularly flouts international laws, including endangering allied warships, and is responsible for large-scale human rights abuses on a scale not seen for decades. Nuctech is complicitous in this regard because its relations in selling equipment to the Xinjiang Public Security Bureau goes back well over a decade, as recently testified on July 20 before the Subcommittee on International Human Rights of the Standing Committee on Foreign Affairs and International Development. Therefore, Canada shouldn't be duplicitous in terms of doing business with a company that then on the other side engages in large-scale human rights abuses, and at the same time criticizing China for how it treats individuals of the Uighur minority in Xinjiang.

Fourth, the 21st century is really about data and technology, and China is doing both to enable and promote digital authoritarianism and undermine democratic values, and to actively compromise and interfere in sovereign decision-making. We are now witnessing this on a daily basis and every successful public tender for Chinese technology in Canada is an accelerant towards this dystopian future.

Ergo, Canada should be banning any Chinese state-owned enterprises, partial SOEs, or companies suspected of receiving undisclosed government subsidies, and all Chinese technology companies from Canadian federal public procurement, including standing offers. In cases where that would be in breach of Canada's international trade or legal obligations, the decision should rest with the minister, who should make that decision public.

Finally, and I conclude on this, this matter is indicative of broader issues that have long plagued federal public procurement in this country, especially on matters of security and defence. I remind the committee of the U.S. Department of Commerce's annual report on most difficult countries for military procurement, for U.S. companies to do procurement for U.S. military assets, and Canada ranks second on that list of countries most difficult to do procurement in.

That is robust outside validation of the dysfunction of procurement with which this committee should be seized. The Government of Canada has an opportunity to learn and leverage the visibility from this near-miss with Nuctech, which manifests the extent to which the broad scale and threat risk of this bilateral relationship continually outstrips the government's current tool kit in governance capacity.

This is an opportunity to realize that instead of fending off the alligator that's closest to the boat, the tool kit that enables these examples is simply not fit for purpose. However, in court we have tools to review investments against national security considerations, such as the ICA, and more are coming with respect to critical infrastructure. If there are no comparable tools in place or even under discussion for national security reviews of research and development partnerships, even for domains under the federal government's agreement, such as the tri council grant funding agencies, associate university research and national labs, such a built-for-purpose tool kit on procurement is long overdue.

Thank you. I'll again offer a few opening comments.

On one level, what we're seeing with the Nuctech affair is the kind of disconnect that plagues bureaucracies. I was aware of the risk of disconnect when I served as ambassador to China. We had a dozen different organizations at the embassy, each working directly for managers in Canada. I used to say that my role as ambassador required me to be connector-in-chief. This was essential because failure to connect and to see the bigger picture almost always meant failure at the level of larger Canadian interests.

Some very significant Canadian interests were at risk in the Nuctech affair, and you've heard about some of them already. Briefly, it's not in Canada's interest to advance the global dominance of a Chinese state-owned technology powerhouse, or to create long-term access and partnerships in our system that could make us vulnerable in the future.

Although bureaucratic disconnects happen in normal times, these are not normal times. I was secretary to the independent panel on Canada's future role in Afghanistan, also known as the Manley panel. Canada's mission in Kandahar was failing because the Canadian Forces, Foreign Affairs and CIDA each saw the mission differently.

The very wise people on the panel said that Afghanistan was a once in a decade challenge, one that required new structures and new approaches. We needed a single vision, one that was owned and led by the Prime Minister. We needed to identify achievable objectives, to assign responsibilities clearly, to resource the challenge appropriately and, above all, to see the mission as a Canadian priority, one that transcended specific military, diplomatic or aid objectives.

The panel's focus on process was unorthodox. Ottawa is a town that is in love with policy ideas and bored to tears by policy implementation, by the details of how things actually get done. As the panel pointed out, however, attempting something of national importance without mobilizing and organizing for success is irresponsible, and a dereliction of duty to Canada and Canadians.

Managing the Canadian implications of the rise of China isn't a once in a decade challenge. It's closer to a once in a century challenge, requiring a complete rethinking of foreign and domestic policies.

The Nuctech case is more than a bureaucratic disconnect, more than a performance failure by a government that is more challenged than most when it comes to actually getting things done. The experience offers us a brief worrying glimpse of the state of China competence in a government that has had vivid daily warnings of the extent to which China poses what the Deputy Minister of Global Affairs has referred to as “a strategic challenge to Canada”. However, we've seen no signs of heightened awareness, no sign of increased urgency to identify and better manage anything and everything having to do with China, and no evidence of any effort to galvanize the entire government, all departments and agencies, in an effort of pressing national importance.

This isn't actually a policy problem. It's a problem arising from the absence of policy. The officials you've already heard from were well-intentioned, but they didn't display any real sense of urgency or even much awareness of our China challenge. This isn't their fault. It points to a failure of leadership, a lack of that sense of priority and high-level accountability required to face up to and intelligently manage what may well be a once in a century challenge.

Thank you.

I note that my computer has glitched throughout, so hopefully I will be able to make it through. I believe you have my written testimony, and I would be happy to repeat if required.

Thank you for having me here today. Before I begin, I feel that I should disclose that I worked for the Canadian Security Intelligence Service between 2012 and 2015 as a strategic analyst. I did not, however, specifically work on this file, and my interest in the nature of Canada's relationship with China comes from my own scholarly interests, research and activities.

In that sense, I'm very pleased to be able to speak with the committee today about this important issue. My argument is essentially this: The Nuctech contract is problematic, but not for any of the reasons that have been discussed in the media.

Yes, the scanners are made in China, but so are the computers our embassies use, and the phones and basically all the telecommunications equipment. Also, all the technologies that are made elsewhere probably contain components that are in fact made in China. For better, and quite possibly worse, it is not possible at this time to have technology that is not made in China or with parts that are somehow made in China or sourced from China.

Now, of course there is a risk here, but at the same time it's not clear that banning all this technology is going to make us safe either. Indeed, it's more problematic to suggest that bans on equipment make it safer. By this I mean that China is good at getting the information it wants through a variety of means, and many, if not most, non-Chinese technology firms, particularly in the telecommunications sector, have security flaws and vulnerabilities that can be and most certainly are exploited by malicious actors.

Frankly, there are many ways to spy on Canadian embassies abroad: physical surveillance, phishing attacks, insider threats and exploiting vulnerabilities in software. An X-ray machine in a non-classified area seems to me one of the clumsier ways of trying to do it. In that sense, I feel that the technical threat element has been overstated in the public discourse.

Now, I want to be clear. This does not mean that the Nuctech contract is fine. There are clear problems with it and the procurement process, which this entire matter illustrates.

The first issue is that of state-owned enterprises, or SOEs. I don't think I need to explain to the committee why these are a problem generally, but in this particular case it is worth noting that these are firms that can normally depend on extremely generous support from the state in terms of money or strategic information often gathered through corporate espionage. These advantages give SOEs the ability to undermine any competition. Because they do not have to adhere to the normal business practices, they can bid on contracts at very low prices in order to win, without having to worry about profit or answering to shareholders. In the long term, this can lead to moves that effectively skew the market in certain strategic areas. In this sense, it is clear that some SOEs represent a geo-economic challenge to Canada and western technology firms in their ability to engage in anti-competitive practices. This behaviour should not be rewarded by the federal government.

That relates to a second concern about Canada's procurement practices. It is worth noting that Canada is increasingly developing processes around foreign investment by SOEs generally and has recently tightened restrictions around certain sectors such as health care during the COVID-19 pandemic. However, for some reason, it appears that protective measures around foreign investment do not extend to the federal procurement process.

Based on the testimony provided to this committee on November 18, 2020, by Mr. Scott Harris, vice-president, intelligence and enforcement branch of the Canada Border Services Agency, his organization “leaned into our colleagues at CSE and elsewhere to gather their expertise” on the issue of security threats from Nuctech technology. If this consultative step was taken in the case of CBSA, why is this not standard practice across the federal government? The lack of standardized policies and procedures, where some departments seek security advice and others do not, seems to be a serious problem.

In conclusion, my recommendations are as follows:

First, Canada should have a policy in place where the procurement of goods and services provided by SOEs by any department are given additional formalized and consistent scrutiny to make sure such investments align with Canadian priorities and values. To be sure, all SOEs are different, and some are simply profit motivated. In this sense, a total ban does not make sense. However, it is something to be risk managed in co-operation with Canada's security agencies.

Second, the federal government needs to develop what is often referred to as a “defence in depth” policy when it comes to the procurement and use of technology, particularly as so much of it presently comes from China.

This is a layered security approach, where multiple steps emphasize measures that control physical access, technology controls that limit what adversaries can do should they get access to a system, and fundamentally for the issue before us, administrative measures that ensure the right policies are in place to prevent security breaches.

Bans will likely not solve our problems, but risk management with layered security approaches will likely be more successful in the long run.

Of course, implementing such a policy will be difficult. In our federal system, many different agencies have different slices of the security and procurement pie. CSE is responsible for the technological assessment, CSIS for the geo-economic threat context, PPSC for ensuring the best value for money, etc.

Media reporting has indicated that tensions have emerged in similar exercises by federal departments, such as the investment reviews required by the Investment Canada Act. However, our federal departments and agencies continue to work together on these new security challenges, and they are learning to get along for the greater good. There is no reason why this could not happen in the area of securing procurement for the federal government.

Thank you.

Mr. Chair?

I don't know, Mr. Chair, if you can hear me or not. We're not hearing you in the room. If you can hear me, give me a thumbs-up, please.

Hold on. We're just going to check with the technicians. We are not hearing you in the room. One moment, please, Mr. Chair.

Mr. Chair, I wonder if you could try again. We're going to check to see if we can hear you in the room.

Well, you must be screaming loudly now. We are hearing you now, so that is good.

Thank you very much, Mr. Chair. My apologies. You may continue.

Thank you, Mr. Chair.

I think that what we're really looking at is that the Chinese government has a policy of....

Mr. Chair, I'm getting the French interpretation through my headset.

Mr. Burton, are you sure you have selected the English channel for speaking English?

Yes. It definitely says English on my screen.

Continue, please, and we will try again.

With regard to the question of the security threat, there is no question in my mind that the Chinese government seeks capabilities that may be useable if its intent comes later. Capability plus intent is a threat.

In the installation of these very reasonably priced X-ray systems and so on, aside from the concern that CSE raised the last time about USB ports or hard drives inside, there's also just the idea that people who are possibly agents of the Chinese regime would have the opportunity to spend a lot of time in embassy premises—at the door, potentially interfering with the equipment or installing phone chips and that kind of thing—which I think in general the Chinese regime would see an opportunity, in having the ability to access the embassy.

I have heard of a Chinese-installed streetcar system in Britain in which the company found out to their surprise that in fact, on the basis that they needed to service it, the streetcar system was connected to China via a telephone link, which would allow people in the city of Nanjing to stop and start those streetcars remotely.

I think they want that kind of capability, not necessarily because they have the intent to use it immediately, but because there is the potential to make use of this as an opportunity for the Chinese state to realize its geostrategic purposes in the future.

Let me say one other thing. As someone who spent a lot of time in China—I was educated in China—if I went to an embassy and saw that I was being scanned by a Chinese-manufactured machine, I would be quite reluctant to go in, just because of the potential of using sophisticated artificial intelligence and so on to monitor, as we have seen with this kind of equipment as it's used in places such as Xinjiang against the Uighurs.

I think in general we have to be very cautious about any firm that is connected to the Chinese state.

Is that question addressed to me?

Yes, I agree absolutely with what Stephanie Carvin has said, that we need to get better procedures in, fully aware of the potential security risk of acquiring Chinese equipment. They bid the lowest price, similar to the way the Chinese firm Huawei was underbidding Ericsson and Nokia to the order of something like 30%.

I think we have to be aware that there is a security threat posed by companies of this nature, which as I said in my opening statement are of a substantive character completely different from that of other companies.

If you look at the difference, a Canadian company like the BlackBerry company could not draw on the resources of CSE to get information about technology being produced by their competitors or to acquire data about bidding and so on, whereas Chinese state firms absolutely have the resources of the state at their disposal, because it's an integrated, unified system.

From that point of view, awareness of this is the key, and proper procedures to ensure that this never happens again would be terrific. I also very much agree with Mr. Mulroney that our government has simply not put enough resources into getting the expertise necessary to fully understand the nature of our engagement with China, which opens up many issues that make it different from our engagement with really any other country in the world.