Evidence of meeting #44 for Industry and Technology in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was institutions.

A recording is available from Parliament.

On the agenda

Members speaking

Before the committee

Corrigall-Brown  General Counsel, British Columbia Securities Commission
Paterson  Chief Executive Officer, Plurilock Security Inc.
Pinto  Chief Delivery Officer, Payments Canada
Lynam  Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police
Quinn  President, Canadian Association of Retired Persons
Smith  Vice-President, Risk and Decision Science, Wealthsimple

12:25 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

It is, as you can imagine, a horrible situation of someone who's lost their money and thinks there's an opportunity to get it back by going to what seems like a reputable institution.

There are a couple of pieces to this. First, it's somewhat the nature of the Internet, of registered domains and of how web hosts work that almost anybody can put up a website. There's not a huge amount of front-end looking at how that works.

Having said that, when we get that information, from a disruption perspective, we will often go to that web host or domain registrar and say, “Look, we think this site violates your terms of service.” Ideally, there's an investigation going on in parallel, but part of the idea is to get that website taken down so that others can't be victimized. This is what this committee is doing—looking at this and asking how we make recommendations to have this holistic approach to reduce the victimization across the country.

12:25 p.m.

Conservative

Andrew Lawton Conservative Elgin—St. Thomas—London South, ON

Are you having success there? If not, on things that we can identify as frauds, where we know the website is serving as the gateway to that, what policy mechanism would you recommend that would help towards taking that off-line?

12:25 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

I'll speak to what we're doing operationally.

Part of this is a little bit of a theme. Really, the way forward, from an operational collaboration perspective, is to bring many partners together who have data of enablers of fraud and then also have organizations lined up that can do something about that.

We hosted an operation called “Maple Disruption” last December, where we did that. We brought a whole bunch of partners together from the private and public sectors. At speed, we were able to have information come in and get it to the right entities who could take that action. We are going to be hosting Maple Disruption 2026 and do that on a much bigger scale. That just gives you a sense that we have to be able to do this almost in real time if we're going to make a difference operationally.

The Chair Liberal Ben Carr

Thank you very much, Mr. Lawton.

Ms. O'Rourke, the floor is yours for six minutes.

Dominique O'Rourke Liberal Guelph, ON

Thank you so much, Chair Carr.

To the DG, thanks for being with us. I want to ask a question that's a bit broader because you're the director of the national cybercrime coordination centre and the Canadian anti-fraud centre within the RCMP. It's a very broad mandate.

We have a bill before the House of Commons right now, Bill C-22, and it proposes lawful access to give RCMP and police officers across this country more up-to-date digital tools to intercept crime. I'm wondering if you could tell this committee why Bill C-22 would be helpful in the case of disrupting and investigating all cybercrime, but also specifically frauds and scams.

12:30 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

One of the real challenges with technologies that target what we call cybercrime or cyber-enabled fraud is that the perpetrators are often in another jurisdiction, the victims are in a whole bunch of different jurisdictions across Canada and then the data might be in yet another jurisdiction. To investigate that in an efficient and rapid way, police across the country need the right tools.

Legislation like Bill C-22 and some of the powers it provides, regardless of the crime type—particularly those that have a significant digital element—will help us to have the additional tools to go after fraudsters and cybercriminals.

Dominique O'Rourke Liberal Guelph, ON

Is it the RCMP's position that Bill C-22, lawful access, is important in combatting fraud and a whole range of cybercrime?

12:30 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

As I mentioned, digital tools or legislation that enables us to enforce crimes that have a major digital element.... It is really important to have those modern tools. Bill C-22 is one of those that will assist police officers, if passed, to have further tools to complete their job.

Dominique O'Rourke Liberal Guelph, ON

Do you have the tools that you need, or do the bad guys have better tools and constantly evolving ones?

12:30 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

One of the challenges with law enforcement is that we set a high bar for the types of technologies and tools that we adopt. They have to be legal. We have to make sure that they respect the privacy of Canadians. The process of how you actually vet those and then operationalize them can often take a long time. Cybercriminals and other criminals don't operate by those rules. The first bad AI that can be accessed, they're going to jump on and figure out ways to do that.

There's always this sort of cat and mouse game of what new technologies the criminals are going to adopt. Part of what my centre does is work with as many police services across the country as possible to share information and come up with coordinated approaches to go after them, either before they can use these new tools or at the early onset.

Dominique O'Rourke Liberal Guelph, ON

I just want to switch gears a little bit.

A special report published in Reuters cited internal Meta documents that indicated that they had internally projected that approximately 10% of their overall annual revenue in 2024, or $16 billion, was derived from fraudulent ads.

I have an insurance background and a municipal background. I'm familiar with joint and several liability. In that light, does this mean that Meta is a party to a fraud? What more should platforms be doing to interfere with the fraudsters on their platforms?

12:30 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

To the first part of your question, I'm not sure I'm well placed to give an analysis of where liability lies. I would say that all the digital platforms have a key responsibility in addressing the fraud and cybercrime challenges facing this country. We've had some great relationships for figuring out how we can send them information and how they can send us information, but there's more to be done. There absolutely is more to be done across the spectrum for the role of digital platforms in this.

Dominique O'Rourke Liberal Guelph, ON

I have one last question.

You mentioned that young people need to be more aware of fraud. We have all received these calls in our constituency offices from seniors who have been defrauded. It's quite possible that they're the bravest in reporting.

Tell us a little more about what the landscape looks like. I'm thinking of some of the romance crimes. They are not necessarily seniors. How do we tackle scams for each target audience?

12:35 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

It's a great question. It's how we approach it. How you encourage prevention for a demographic that's a senior audience is different from how you need to approach young people. Often they can be a “click now and think later” group of people. We try to use different approaches. A social media or online public awareness campaign might work better with a younger audience, whereas in-person engagements or printed material.... We do a lot of that work.

Finally, the technical sophistication needed to become a fraudster or cybercriminal now is very low. We spend some time doing outreach to young people who may want to go onto these platforms or on a forum. They hear about how easy it is and police are challenged to track them down. We engage them and say, “Look, you do not want to go down this pathway. This will ruin your life.” There's more work to do on that front.

The Chair Liberal Ben Carr

Thanks very much, Ms. O'Rourke.

Mr. Ste-Marie, you have the floor for six minutes.

Gabriel Ste-Marie Bloc Joliette—Manawan, QC

Thank you, Mr. Chair.

Mr. Lynam, thank you for appearing before the committee today.

As you mentioned, there are several types of fraud. I'll start with one that's already been discussed: fraudulent ads posted on platforms like Facebook. A few weeks ago, the Journal de Montréal ran a feature revealing that, due to technological advances, there are now fake videos that look real—videos in which we see, for example, Prime Minister Carney, former Quebec premier François Legault, businesspeople like Luc Poirier or Kevin O'Leary, or even international actors like Keanu Reeves, telling people to invest in something because it's profitable.

A retiree tries investing a few dollars. They withdraw their money and make a profit. After that, they invest a few thousand dollars, withdraw their money, and make a staggering profit. Often, the person eventually decides to invest their entire retirement fund in it, but poof—the money disappears.

In the article from the Journal de Montréal, there were, among others, two people who had lost more than $100,000 because of this scam. Enquête, a public affairs program on Radio-Canada, even reported on a case where someone lost more than $400,000, if memory serves me correctly; life savings are vanishing overnight.

According to the various stakeholders, what needs to be done to ensure that this type of fraud never happens here again?

12:35 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

That is a very complex type of scam or fraud that happens. It leverages people's need to make money or there's an opportunity. It then involves deepfake technology and what have you. One of the challenges is having a holistic approach to this. On one hand is prevention and awareness—trying to make sure people understand that these types of scams are out there and how to protect themselves. Then it's trying to disrupt these types of opportunities. There are ads out there. There are websites that advertise this. At the CAFC and working with our police partners, we try to disrupt those and get them taken down.

Then there is the investigative side. The role of our centre is often having that reporting coming to us from different victims. We can then connect the different linkages and work with different police partners to pursue the people behind it. Often it has international involvement because those behind it are operating in another country.

We have to have a holistic approach across a bunch of different avenues to tackle that.

Gabriel Ste-Marie Bloc Joliette—Manawan, QC

Thank you.

Often, as you said, the fraudsters are abroad. Public affairs programs reveal that this often takes place in very poor countries. Often, even the people who are forced to commit these frauds are under threat from organized groups, who hold them captive or blackmail them by telling them they work for them and must bring in money. How does the RCMP collaborate internationally to dismantle these networks?

12:40 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

This is a major challenge for victims, and it is also a major challenge for the RCMP to combat fraud overseas. First, we use our network of liaison officers in other countries. In addition, there are certain regional organizations, such as Europol, where the RCMP has several officers serving on what is called the Joint Cybercrime Action Task Force. Through these organizations, international police agencies can exchange information in real time. This is one approach—one example—of how the RCMP combats overseas fraud.

Gabriel Ste-Marie Bloc Joliette—Manawan, QC

Thank you very much.

There is another type of fraud. With all the data breaches that have occurred at various institutions, it often happens that fraudsters show up at the home of the person they're targeting to defraud them by telling them that their account has been compromised, that they should follow them and hand over their debit card. These people may show up wearing clothes that look like police uniforms. What can be done about this? Is there anything that can be done to better combat all the data breaches at various companies?

12:40 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

I'll start with your first example of the fraud, where it's usually some emergency type of scam. They say, “I need to come to your house and pick up money,” or something like that. It is absolutely happening. It often targets senior citizens.

There have been lots of great investigations into this. This is an area where prevention and awareness are absolutely key. We have found that when young people or family members talk to their seniors and say, “I am never going to call you out of the blue and say I'm in jail somewhere and I need $5,000,” and have that conversation, it is highly effective for them to understand and avoid that kind of scam. That's, again, an example of how that in-person, person-to-person engagement is important.

Your second question was about data leaks and what have you. Unfortunately, a lot of the fraud that is perpetrated is from data that's stolen and then mined for people's identities or for ways the fraudsters can use that to then change and launch fraud attacks against them. That goes to the second half of my overall responsibilities of dealing with cybercrime, in trying to go after the cybercriminals who are hacking into systems to steal that data and leverage it in other ways.

We use the same approach. We do prevention. We work with as many partners as we can, and we do disruption to go after the cybercrime ecosystem that is trying to steal that data.

Gabriel Ste-Marie Bloc Joliette—Manawan, QC

Thank you.

The Chair Liberal Ben Carr

Thank you, Mr. Ste-Marie.

Mr. Falk, the floor is yours for five minutes.

12:40 p.m.

Conservative

Ted Falk Conservative Provencher, MB

Thank you, Mr. Chair.

Thank you, Mr. Lynam, for your testimony here today.

I just want to follow up a little bit on Ms. O'Rourke's questions about Bill C-22.

What specific tools in Bill C-22 would you think would better assist you in doing the job of preventing crime or scams?

12:40 p.m.

Director General, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

Chris Lynam

In terms of how judicial authorizations work, obviously when police services need to legally obtain data to help them investigate and prove who's behind it, they have to seek data either from financial institutions, telecommunications providers or what have you. Given how fast cyber-fraud moves, the quicker that law enforcement can get that data back helps them to advance those investigations faster.

I'll use an example of tools that allow police services to submit for judicial authorization through the courts and then get that data back. It helps to—what we call—move at the speed of cyber. I'll use that. I'll give you that. That's the example I'll use as to how those tools or legislation of the Bill C-22 type can help law enforcement.