Evidence of meeting #31 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.
A recording is available from Parliament.
11:15 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
Could you describe the threat, then? From your perspective, what is the threat?
11:15 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
In relation to this specific situation, or more generally?
11:15 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
Within the mandate of the security establishment. Why would we call upon the security establishment?
11:15 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I see, yes. What we look at are threats that are not publicly known. Commercial technologies do a really good job of taking care of publicly known malicious activity, occurring through malicious software. So your anti-virus software, your firewalls, have good methods and techniques in place to guard against that.
What we look at are threats they don't know about, derived from classified information, so that we can similarly complement commercial technologies to look for those types of activities and protect government systems from them.
11:20 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
I have two minutes left. My understanding is that the YouTube video was posted as a reaction to what Mr. Toews said in the House regarding Bill C-30. He seemed to intone that a large number of Canadians were engaged in criminal activity because they used the Internet.
A lot of people reacted to that quite negatively. There was some fair comment that was done, and perhaps there were some comments that passed the line. I think in the particular case of this YouTube video, it passed the line.
I'm wondering, though, as a security threat to information systems, where is it? Where is the security threat?
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
From this video, from an IT security perspective, I don't see any.
11:20 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
All right. Would there be another security service within this country that would be better placed to look at this? Who would have the mandate to cover this threat, and what threat is it exactly?
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I would suggest it would be the investigative bodies at our disposal in government.
11:20 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
It may not be an information technology threat so much as it would perhaps be a breach of the Criminal Code, for instance.
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I'm sorry. I didn't hear the last part.
11:20 a.m.
NDP
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
In our opinion, no.
11:20 a.m.
NDP
Philip Toone NDP Gaspésie—Îles-de-la-Madeleine, QC
We're perhaps looking more at a breach of civil or criminal codes.
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I'm not an expert there, but yes.
11:20 a.m.
NDP
11:20 a.m.
Conservative
The Chair Conservative Joe Preston
Thank you, Mr. Toone.
Mr. Easter, it's great to have you at committee today. You have seven minutes.
11:20 a.m.
Liberal
Wayne Easter Liberal Malpeque, PE
Thank you. It's a pleasure to be here, Mr. Chair.
Thank you to the witnesses.
I take it from what you said that this incident is not what you would classify as a security breach.
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
An IT security breach....
11:20 a.m.
Liberal
Wayne Easter Liberal Malpeque, PE
You say it's more of a threat on an individual. As far as CSE goes then, you really don't have any role in the investigation. It would be more the RCMP or maybe foreign policing agencies. When you're dealing with the Internet, it's certainly not just a domestic issue.
Would that be correct?
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I agree with that. Yes.
11:20 a.m.
Liberal
Wayne Easter Liberal Malpeque, PE
On the YouTube video and the Vikileaks—a number of incidents surrounding this minister—part of it relates to the lawful surveillance bill that is being proposed and I gather is now on the back burner.
From the public perspective—you may be able to help us out in this area—there is a lot of concern about Big Brother. Privacy is almost a thing of the past. There is a lot of concern about big government, Big Brother, so to speak, finding out a lot of information on individuals either through the Internet system or other means.
How do you see finding the balance in that regard? I know very well there is the need for the role you play in terms of security of our IT systems from afar, and there is the need within the country for security and privacy. On the other side of the coin, there are people's privacy concerns that they want to protect.
How do you find the balance in this new age?
11:20 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
In terms of the legislation in question, it has no effect on the authorities and mandate of CSE. Our own legislation certainly has measures in place to respect all applicable laws, including those that protect the privacy of Canadians. We certainly have a strict regime of policy and procedures internally that have been approved and reviewed by the Department of Justice. Our CSE commissioner reviews our activities annually and has always found them to be lawful.
Those are the checks and balances we have in place. We have an organizational culture that is very rigorous. Everyone is aware of their responsibilities and the measures they need to take. That is how we respond to that.
11:25 a.m.
Liberal
Wayne Easter Liberal Malpeque, PE
There is always the fear of people, though, that they're being spied upon. Certainly there's the incident with this minister and what seems to be a threat. But what I find, and I think probably many members around here would be of the same opinion, is that in the Internet age there's an article in the newspaper, and then in the comments section a lot of the comments that come in could almost be considered as hate mail.
I think that's becoming a serious problem. I don't know, Mr. Chair, how we're ever going to get around it, because people are allowed to send letters in to the comments sections on the Internet using false names. I think that if you have to sign your name to the article, you're less likely to make some of these outrageous comments that are being made against a person or in opposition to a policy issue.
I know this is not your area, but do you see problems in that regard? How do we start to get a handle on what I'm seeing increasingly as almost hate? It can develop on issues, but individuals are being attacked in the comments sections to the point that I hardly ever read them. It's an increasing problem.
Do you see that from where you sit?
11:25 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
Well, the Internet has evolved into a vast, complex infrastructure. There are two billion users today on the Internet, and the number is growing. There are hundreds of millions of websites and trillions of e-mails passed every day, so it's a very difficult environment to control—if it were even possible to control in that way.
11:25 a.m.
Liberal
Wayne Easter Liberal Malpeque, PE
I understand that, and there's no question that it's huge and evolving. But whereas at one point in time people had to sign their names.... I know they sign their names somewhere, and then they use this nickname.
The reason I raise this question is that in terms of this threat we're dealing with—Anonymous, whom we do not know even—each and every one of us who are not ministers but who take policy positions because it's part of our job, increasingly faces hate mail because the people who are writing the letters do not have to sign their names.
In your experience, are there any countries or any laws anywhere that try to get around that issue? I think it's escalating and that it leads to outrageous statements and outrageous attacks upon individuals. In this case it's an outrageous attack on the minister by Anonymous, but this isn't the only instance. I think all of us around here.... Somebody takes a dislike to something we said and then goes on a rampage. And in the comments section they go for the jugular, and it's nearly hate.