Evidence of meeting #12 for Government Operations and Estimates in the 43rd Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was nuctech.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Charles Burton  Senior Fellow, Centre for Advancing Canada's Interests Abroad, Macdonald-Laurier Institute, As an Individual
Christian Leuprecht  Professor, Department of Political Science, Royal Military College of Canada, As an Individual
David Mulroney  Former Ambassador of Canada to the People's Republic of China, 2009-2012, As an Individual
Stephanie Carvin  Associate Professor, Norman Paterson School of International Affairs, Carleton University, As an Individual
Clerk of the Committee  Mr. Paul Cardegna
Ward Elcock  As an Individual

4:30 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

Thanks, Mr. Chair.

Witnesses, thank you very much.

Mr. Leuprecht, in your statement, you talked about the risk from Nuctech being in our embassies as a moderate risk and manageable, but why would we even bother then if it was a small risk or a manageable risk? Why would our government bother instead of just banning it outright?

4:30 p.m.

Professor, Department of Political Science, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

I think that is the overall thrust of the statement that this is a strategic challenge, but the strategic challenge then also needs to understand that, inherently, out of the umbrella remarks that have been made about the geostrategic engagement by China flow definite risks.

The problem is that we often, as Professor Carvin pointed out, start the conversation on the wrong end. We start focusing on the micro risks the particular technology poses rather than the broader macro scale, the macro elements, both in terms of strategic policy orientation as well as how that then is not reflected in adequate procurement practices and in adequate national security vetting that would then forgo having to have the micro conversation about the threats.

Make no mistake. These are real threats. As Professor Burton pointed out, any software ultimately needs to be updated, so the updates in and of themselves pose a significant risk.

This is the part that people don't get about Huawei, where people ask, “How is it that there are no back doors?” Well, there's no back door to date, no compromise today, but you need the back door built in by definition so that you can actually update the software in the actual equipment. Overnight, the hostile actor can embed malicious technology. Look, there's a lot to be learned, for instance, about traffic that comes through the embassy, the types of material and when that traffic comes in at unusual hours and so forth.

4:30 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

I would think that even dissidents coming to our embassy.... You would certainly have a second thought before you would pass through Chinese security equipment if you are a Chinese dissident.

4:30 p.m.

Professor, Department of Political Science, Royal Military College of Canada, As an Individual

Dr. Christian Leuprecht

I think the ability to track how often these dissidents are going, how many of them are coming in and out, is a little bit like what signals intelligence agencies do. Just being able to track the traffic pattern, that in itself can give you a significant amount of information, particularly when their traffic pattern, for instance, doesn't line up with regular business hours. You can kind of go, “Well, there's something obviously up at the embassy. Now we should probably leverage some of the other technology or some of the other compromises that we have in the technology within the embassy to understand what that might be.”

4:30 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

Thank you.

Professor Carvin, you talked about how a total ban doesn't make sense, and then you segued into all the problems that we're going to have in procurement and the other challenges that we're going to have in addressing this.

Should we not just then have an outright ban and then start working on addressing some of these many challenges, these cross-departmental challenges, so that at least we stop the bleeding immediately and then set up proper procedures?

4:30 p.m.

Prof. Stephanie Carvin

That's one possibility. My concern would be that we simply would not be able to adjust fast enough.

My issue is that we seem to be all one way and not the other. What I'm arguing for is layered security. Again, I very much respect the testimony by other colleagues, but if we take the example of the X-ray machine, you're saying that if I were a dissident, I would worry about going through an X-ray machine. Well, I would be more worried about the street cameras that were certainly surrounding me—

4:35 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

I agree with you 100%, and I'm dumbfounded that—

4:35 p.m.

Prof. Stephanie Carvin

There are so many other ways—

4:35 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

It goes to your comment about layering. I was dumbfounded that witness after witness at our first meeting said, “Oh, it's not on our security list; we did the right thing.” It's almost like we flew the plane into the mountain, but we checked all the checklist items, so it was a success. Common sense certainly has to have a part in it, but we seem to be lacking because we're more focused on ticking boxes than actually doing the right thing.

Should we do an outright ban until we can change our processes so that we don't have department after department turning a blind eye to our security concerns?

4:35 p.m.

Prof. Stephanie Carvin

In my view, I think it would just be easier to harness the expertise that we have now within the Communications Security Establishment. They are perfectly able to provide technological reviews, as well as help with risk mitigation strategies. Certainly, that seems to have been the case with the CBSA. In its testimony on November 18, it said that, yes, it had reached out to and consulted with the CSE when it procured and used these technologies.

I think it would just be easier, would it not, to.... We have the expertise in place. What I think is lacking is exactly that box that needs to be ticked. We need to completely re-evaluate our boxes.

4:35 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

All right. One of my questions is—

4:35 p.m.

Conservative

The Chair Conservative Robert Gordon Kitchen

Thank you, Ms. Carvin.

4:35 p.m.

Conservative

Kelly McCauley Conservative Edmonton West, AB

—whether the CSE should do a security analysis on them all.

4:35 p.m.

Conservative

The Chair Conservative Robert Gordon Kitchen

Thank you, Mr. McCauley.

We'll now go to Mr. Weiler for five minutes.

4:35 p.m.

Liberal

Patrick Weiler Liberal West Vancouver—Sunshine Coast—Sea to Sky Country, BC

Thank you, Mr. Chair.

I'd also like to thank the witnesses for joining our committee today and for the really interesting comments and discourse we've already had.

I'd like to ask Mr. Mulroney my first question.

Given the risk that you highlighted that the PRC poses now and has posed for some time, you mentioned that we need to look at the bigger picture, and I very much agree. With that mind, I'm wondering what your opinion is of the 2012 acquisition of Nexen by a Chinese state-owned company. Do you think a national security review should have been done for this $15-billion takeover of a Canadian natural resources asset?

4:35 p.m.

Former Ambassador of Canada to the People's Republic of China, 2009-2012, As an Individual

David Mulroney

If I recall, what followed in the wake of that was a new policy on acquisitions by state-owned enterprises, but I'm not qualified to talk about the.... I wasn't involved in the Nexen review itself. However, we saw an evolution in policy, and certainly that evolution in policy has had to take account since then of the 2017 intelligence act in China, which Professor Burton referenced, which basically made every Chinese company an agent in the work of the Chinese Communist Party.

4:35 p.m.

Liberal

Patrick Weiler Liberal West Vancouver—Sunshine Coast—Sea to Sky Country, BC

Mr. Mulroney, with this in mind, going forward, how should we look at acquisitions of Canadian natural resource projects by state-owned companies?

4:35 p.m.

Former Ambassador of Canada to the People's Republic of China, 2009-2012, As an Individual

David Mulroney

I think the policy we have that looks at net benefit to Canada and, again, looks at our national security interests should be sufficient.

I also think.... I've said this about foreign investment, foreign investment by many sources. We've seen major multinational financial institutions engaging in wrongdoing. We should be vigilant, and investment locales, notably provinces and municipalities, should also be applying the laws, rules and regulations that they have in effect.

Foreign investment involves all three levels of government, and I think that over time we're closer, particularly post 2017 and the Chinese intelligence act, to the scrutiny we need for SOEs.

4:35 p.m.

Liberal

Patrick Weiler Liberal West Vancouver—Sunshine Coast—Sea to Sky Country, BC

Thank you, Mr. Mulroney.

My next question is for Professor Carvin.

You mentioned in your opening statement that you thought the technical security threat over the provision of the Nuctech equipment has been overstated. I was hoping that you could let us know what you think the security risk is to Canada's consular efforts that this contract to supply X-ray machines would pose.

4:40 p.m.

Prof. Stephanie Carvin

I think this was backed up by Christian Leuprecht's testimony, in the sense that the risk is fairly moderate. Of course, these devices do have to be updated, and there is the fact that perhaps Chinese individuals would be coming in to fix the equipment. All of these are serious risks, but I suppose the point I was trying to make with that remark is that just because you ban a technology doesn't mean the threat is gone.

I'm concerned in particular with, say, the 5G discussion, in that we talk about banning a technology and we think that's going to make us safer. It may in some ways, but the fact is that all security products have flaws in them. All these vendors have serious issues. Just because they're not Chinese doesn't necessarily mean they're secure.

We need to be doing these tech reviews on all technology, for the reason that we do know that states like China are trying to hack into our embassies and other places. To me, it's not even just the Chinese, even though I think that should be, for reasons of the problems related to SOEs that have been I think well discussed in this particular session.... We need basically all of our technologies reviewed consistently and thoroughly. Clearly, that's not something that's in the procurement right now.

Yes, this is my concern. By focusing on this narrow issue of the X-rays themselves and whether or not they're vulnerable, we overlook the broader issues with regard to malicious action, say by China, against our embassies abroad and against our government, probably as we speak. We're probably being hacked as we speak. This is the reality.

That's what I meant about that specific technical threat being overstated. It's missing so many of the other broader issues that I think this specific committee could be dealing with in regard to broad overarching strategies for procurement.

4:40 p.m.

Liberal

Patrick Weiler Liberal West Vancouver—Sunshine Coast—Sea to Sky Country, BC

Thank you.

4:40 p.m.

Conservative

The Chair Conservative Robert Gordon Kitchen

Thank you, Mr. Weiler.

We'll go to Ms. Vignola for two and a half minutes.

4:40 p.m.

Bloc

Julie Vignola Bloc Beauport—Limoilou, QC

In 2017, there was a change to China's national intelligence law.

What was our situation before the law was passed in 2017, and what was it afterwards?

That's my first question because I only have two and a half minutes.

My second question is the following.

Should a company headquartered in Hong Kong be monitored as much as a company in Beijing?

4:40 p.m.

Conservative

The Chair Conservative Robert Gordon Kitchen

Ms. Vignola, who do you want that question directed to?

4:40 p.m.

Bloc

Julie Vignola Bloc Beauport—Limoilou, QC

My question can be for Dr. Burton or Prof. Carvin.