Evidence of meeting #16 for Industry, Science and Technology in the 43rd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was fraud.
A recording is available from Parliament.
3:55 p.m.
Liberal
The Chair Liberal Sherry Romanado
Unfortunately, that's all the time we have for that round.
Our next round of questions, for six-minutes, goes to MP Masse.
The floor is yours.
3:55 p.m.
NDP
Brian Masse NDP Windsor West, ON
Thank you, Madam Chair.
I want to thank the witnesses, and you, Madam Chair, and the other committee members, for continuing this work. I appreciate it very much.
One of the things that struck me in the testimony we had, which was excellent, is that we rely on social media, including Facebook, to investigate and promote how to protect ourselves against fraud. However, recently Facebook was found guilty and paid a $9-million fine for misleading Canadians. In fact, it was said that it made “false or misleading claims about the privacy of Canadians' personal information.” Yet, we are spending tens of millions of dollars of government money to advertise on its platform.
I'll start with Mr. Marchand, because he may have a bit of perspective on the United States.
With regard to fraud from companies, Volkswagen had a U.S. settlement of $14.7 billion. In Canada, the Competition Bureau fined it $2.5 million. Equifax had a settlement of $600 million in the United States; Canada had a Competition Bureau fine of zero dollars. Most recently, Facebook had a $5-million fine in the United States, and in Canada, a $9.5-million fine.
I view the Competition Bureau, the Privacy Commissioner and the CRTC as important instruments in protecting Canadians from fraud. It seems that they might be a bit outdated with regard to their powers.
Can you comment as to whether there is a misalignment between our penalties in Canada and those in the United States that perhaps can create a problem for bringing accountability even with fraud by so-called corporate entities?
4 p.m.
Certified Fraud Examiner and Certified Administrator, Biometrics and Security, Nuance Communications
Thank you for the question.
I think that the issue isn't so much the misalignment but the lack of any perceived real risk of a fee or a penalty. Fees are charged for the failure to disclose a leak of important information. However, there must also be a perceived real risk of a penalty. This is missing here.
In some cases, the risk of having to pay fees is considered the cost of doing business. In my opinion, this isn't a sound or even ethical approach to risk management. The regulatory bodies currently lack teeth. This may be the issue.
4 p.m.
NDP
Brian Masse NDP Windsor West, ON
You're correct. The cost of doing business is one of the reasons we fought to get rid of the use of environmental fines and penalties as tax deductions. Corporate fines and penalties used to be tax deductible in this country, which is something we worked on for a long period of time. Good companies were being penalized by bad ones using it as a loss leader.
I'm going to move on to Mr. Holland.
With regard to the good work you're doing at CIRA, the one thing I noted is that there seems to be no review. I was under the impression that with the sites you authorize, .ca would be a gold standard in many respects, and perhaps it still is. If they abuse it, does a review take place? If somebody has been registered with you and three months or six months or a year later we find they are doing illegitimate business with a domain name that may have gone through you in a legitimate way but later on was altered in terms of business practice—almost like a Trojan horse—what happens?
4 p.m.
President and Chief Executive Officer, Canadian Internet Registration Authority
That's a good question.
There's always a delicate balance for organizations like ours, because fundamentally we are a technical organization. We operate the infrastructure; we don't monitor what transpires on the infrastructure. That's certainly not our mandate.
In no way do I mean to skate out from under the responsibility, but we're a technical operator and not a content administrator. There are rules and regulations in terms of Canadian presence and behaviour; however, we are not proactively monitoring the content.
4 p.m.
NDP
Brian Masse NDP Windsor West, ON
I appreciate this, and I don't expect you to do something you're not supposed to do right now. I just assumed, perhaps naively and, I think, like many Canadians, that .ca is like a gold protected standard, especially since our government uses it. I use it for my site, and I would think that we would ban, fine or blacklist anybody misappropriating that at any point in history if we want to end fraud.
If there were proper resources, would that be something that your agency should do, or should it be another agency? I feel pretty strongly that if we're going to use the .ca brand, that's one where we could control fraud and also bring some accountability.
Would that be done using your organization's resources, or should it be done by somebody else, a third party?
4 p.m.
President and Chief Executive Officer, Canadian Internet Registration Authority
Given that we are a technical organization, my sense is that the oversight of content would be better placed in other organizations that are specifically set up to do that, whether law enforcement or even the CRTC. We are a gold standard in the global community that operates the technical functions of the Internet, and, to a great degree, that's because of some of our rules but also understanding the limits of our remit.
4:05 p.m.
Liberal
The Chair Liberal Sherry Romanado
Thank you very much.
Our next round of questions will go to MP Motz.
You have five minutes.
May 20th, 2020 / 4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you, Madam Chair.
Mr. Masse, I appreciate that line of questioning. I think it's certainly an issue that we need to get some resolution on in the very near future.
I want to go back to Mr. Jones just for a quick minute before I connect with my friends from the RCMP.
I appreciate your comments that you were involved in this latest collaboration on the vaccine. I'm curious; are these the types of partnerships, the kinds of things we would be worried about in terms of stealing intellectual property and espionage?
4:05 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
When we are working with any government department, it is primarily so that they are aware of the possible risks that come with any sort of activity online. The one truism is that no matter what technology you use, it always comes with risks.
We really do try to work proactively to figure out and understand what's happening, so that we can, first of all, understand the activity and make sure our defences are aimed toward that, but also give the advice that we would have so that they can take action to protect themselves.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you.
Has there been any observable decline or increase in intrusions and attacks from certain countries as a result of the pandemic-related lockdown coming into effect, and if so, which countries?
4:05 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
We really haven't seen a change in the cybersecurity environment. We have seen a shift in themes towards those related to COVID, but the level of activities has remained pretty constant around all aspects of cybersecurity.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
During this pandemic, have you invoked a request for proactive measures to stop or mitigate cyber-fraud in Canada?
4:05 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
We work with partners around the world, including commercial partners. If we do see, for example, the Government of Canada's websites being impersonated, we ask for those to be taken down.
We'd also work with our law enforcement partners if we thought there was a criminality element to that, of course, and we collaborate closely with the cybercrime coordination unit under the RCMP.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you, Mr. Jones.
I want to move on to my friends from the RCMP before my time is up.
Specifically to the Canadian Anti-Fraud Centre, have you seen an increase in fraud? I think you said in your opening remarks that you have seen an increase related to the pandemic.
4:05 p.m.
A/Commr Eric Slinn
We have.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Is your team fully staffed and able to appropriately manage and respond to the increase you're seeing?
4:05 p.m.
A/Commr Eric Slinn
Ironically, when the pandemic broke we, like many organizations, pushed our people home into a teleworking environment. Actually, it was quite seamless in that regard, in that they were able to get their computers and take complaints from complainants, so I don't think we've really been impacted greatly. We always welcome more resources for analytical work and proactive work, but our work has been pretty seamless in that respect.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
As you know, you guys at the Canadian Anti-Fraud Centre are kind of at the brunt end of the spear with respect to a lot of the major fraud investigation that occurs. Do you have vacancies in your group? Are you able to respond appropriately to all fraud, especially the larger fraud, that you are responsible for investigating?
4:05 p.m.
A/Commr Eric Slinn
I think it's important to recognize that CAFC is really a collection area. It is not an active investigative group. It does some analytical work to see where trends are developing, to see new scams that are coming on the horizon, and it does an excellent job of that, but then it pushes out the relevant information to the policing jurisdiction, whether that be the RCMP or some other agency.
It is just facilitating, taking that initial complaint, doing some initial analysis and then pushing it out in an investigation.
4:05 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
In your assessment, based on the information you guys are gathering and what you're seeing through this COVID, are doctors, nurses or front-line health care workers a top target of fraud or cyber-attacks during this pandemic?
4:05 p.m.
A/Commr Eric Slinn
I don't know that I can say that.
Guy Paul, are you in a position to answer that?
4:10 p.m.
Insp Guy Paul Larocque Acting Inspector, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police
I'm not sure if we know specifically at the Anti-Fraud Centre if a specific group of people in the population is being targeted. What we see is that fraud typically targets many people. Fraud doesn't have any discrimination. Everybody can be a potential victim at one point in time.