Public Safety Committee on April 8th, 2024

Is there any further discussion?

(Amendment agreed to [See Minutes of Proceedings])

We are on BQ-22.

Thank you, Mr. Chair.

BQ‑22 would add the following provision to clause 13:

(1.1) If an exchange of information occurs under an agreement or arrangement with the government of a foreign state or with an international organization established by the governments of foreign states, the Minister must, without delay, notify the person to whom the information relates of the disclosure and of the state or organization that received it.

It's something organizations concerned about civil liberties asked for. Telecommunications service providers or designated operators under the critical cyber systems protection act should be explicitly notified of when and, as appropriate, to whom the information may be disclosed when the disclosure is to a foreign state, agency, organization or party.

Is there any further discussion on BQ-22?

(Amendment negatived [See Minutes of Proceedings])

We move to BQ-23.

Ms. Michaud, go ahead, please.

Thank you, Mr. Chair.

BQ‑23 would add the following provision to clause 13, after line 6:

(1.1) The agreement or arrangement must restrict the retention of the information to the period necessary for the purposes set out in subsection (1) and provide for its subsequent disposal.

Here again, the idea is to ensure that the information obtained from providers and designated operators is retained only for as long as is necessary.

Thank you, Ms. Michaud.

Is there any further discussion?

(Amendment negatived)

We move now to G-17, please.

This is providing more clarity that confidential information is to be disclosed only under authorized circumstances and shared with those who have that defined access to information.

This just goes to address some concerns and provide that clarifying language that the information is to be used only when it's required and with whom it's required, and it will always maintain that confidentiality component with it.

Thank you.

Shall G-17 carry?

(Amendment agreed to [See Minutes of Proceedings])

We are on NDP-13.

Mr. Chair, we—I mean the royal we—withdrew NDP-13 to NDP-24. My colleagues from the Conservative Party have withdrawn amendments up to CPC-50, so I believe we would be moving to NDP-25.

Okay. On NDP-25, we have Mr. Julian.

That would mean, according to my records, Mr. Chair, that we're just about to hit the final page of amendments, so I would like to speak just once on the series of amendments and again test the feeling of the committee.

NDP-25 to NDP-36 seek to amend the legislation to give clear direction to the Office of the Superintendent of Financial Institutions, the Minister of Industry, the Bank of Canada, the Canadian Nuclear Safety Commission, the Canada Energy Regulator and the Minister of Transport. The amendments would require them to file a notice of violation and to make those violations public.

What this does is twofold: In terms of violations of the act, it pushes those regulators to issue a notice of violation, and it makes it public.

It may not have the support of the committee. I do believe it's important in terms of transparency and in terms of ensuring that we are doing everything in our power to push back against the cyber-attacks that have threatened some of our key institutions.

In an unusual way, because we're now at the back end of consideration of amendments, I'd like to propose NDP-25. Depending on the committee's reaction to NDP-25, if NDP-25 is supported, I'll continue to move the other amendments for the institutions I've just spoken of. If NDP-25 is rejected, I will withdraw NDP-26 to NDP-36.

We're at NDP-25.

Is there any further discussion on NDP-25?

Shall NDP-25 carry?

(Amendment negatived [See Minutes of Proceedings])

I have a point of order, Mr. Chair.

Go ahead, Mr. Julian.

That is a very clear result. I'm not going to ask for a recount, but I will withdraw NDP-26 to NDP-36.

Thank you, Mr. Julian. I'll give everybody a second to catch up.

Next, we have G-18.

Ms. O'Connell, please go ahead.

Thank you, Chair.

This is just putting a comma, removing the word “and”, and then inserting “manner and period”. It's a very technical language change.

Thank you, Ms. O'Connell.

Is there any discussion?

Shall G-18 carry?

(Amendment agreed to [See Minutes of Proceedings])

Next, we have BQ-24.

Go ahead, Madame Michaud.

Thank you, Mr. Chair.

BQ‑24 addresses a concern raised by Crown corporations such as Hydro-Québec. The concern is that parts of the bill could infringe on the jurisdiction of the provinces and Quebec.

This amendment would simply add the following lines:

(2) For greater certainty, the power provided by subsection (1) must be exercised in accordance with the jurisdiction and powers of the provinces and territories.

Ms. O'Connell, go ahead.

Thank you, Chair.

I have concerns about this one. The amendment would ultimately reduce or diminish the ability of the federal government to determine the level of cybersecurity required. I think a good cyber-practice is working with provinces and territories in these areas. That makes a lot of sense.

I would worry that some provinces and territories may not have the cyber-capabilities the federal government has. Some provinces may have excellent capabilities and others may require more time, expertise or technical support. I worry about the current language requiring the federal government to, first, work in accordance with provinces and territories when not all might be at the same level in cyber-capability.

Obviously, some of our agencies, such as CSE, CSIS and the RCMP at higher levels, are specifically federal. It is no fault of the provinces and territories that they wouldn't have access to all of that information. That's where I have some issues with this amendment.

Mr. Chair, I don't know if Mr. MacSween has any comments or concerns in regard to whether this would limit or prevent the federal government from moving forward without first having that provincial buy-in. That could also add time delays. The technical experience might be in some places, but not all.

Is there any further discussion?

(Amendment negatived)

Go ahead on BQ-25, Ms. Michaud.

This is a similar amendment, although the wording is slightly different. That tells me where my fellow members stand, but I will move it anyways.

The amendment would add the following provision:

(2) Any law of a province relating to cybersecurity that provides for more stringent rules than those prescribed by regulations made under subsection (1) is to prevail in that province.

Quebec, for instance, has a ministry of cybersecurity and digital technology. It's reasonable to think that Quebec's rules are pretty relevant, if not more stringent, as may be the case in other provinces. If so, the amendment would ensure that the rules of the province in question overrode the federal rules set out in Bill C-26.