Evidence of meeting #94 for Public Safety and National Security in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was c-26.
A recording is available from Parliament.
5:45 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Okay.
To what extent were you consulted around the drafting of Bill C-26?
5:45 p.m.
President and Chief Executive Officer, Canadian Telecommunications Association
As an association, we were not consulted. We work with our members to find best practices, and there's a chance that they may have been consulted, but we were not advised on that either. As an association, we were not consulted. We participated in the submission to the committee.
5:45 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Okay. Thank you very much.
Ms. Mason, I have the same question for you. To what extent was the Canadian Bankers Association actually consulted on the drafting of Bill C-26?
5:45 p.m.
General Counsel and Senior Vice-President, Legal and Risk, Canadian Bankers Association
We did not participate pre-drafting. We have advocated, for some time now, for common industry standards. We were able to share our thoughts once the first draft was out by meeting with Public Safety and highlighting a number of the recommendations that we've presented here today at committee.
5:45 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Okay.
OSFI—you may have heard their testimony earlier tonight—talked about a move.... In 2022, there were 10 priority one cyber-attacks. In 2023, that tripled to 30 priority one cyber-attacks. Is this your experience as well, within the Canadian Bankers Association? Is the number of cyber-attacks against members of your association increasing?
I'll ask you a question very similar to the one I asked Mr. Ghiz. To what extent do you share best practices? To what extent is there communication among the members to make sure that you are able to head off what may often be similar types of cyber-attacks against your members?
5:45 p.m.
General Counsel and Senior Vice-President, Legal and Risk, Canadian Bankers Association
We definitely share best practices. I don't believe that we would get into the specifics of a particular number reporting.
In the case of OSFI, it covers all federally regulated financial institutions, so I'm not privy to which of those would have been our members. However, I think the point is that they are being reported with a view to making sure that they can be shared within the network and addressed appropriately.
5:45 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Thank you.
I'd like to move on to Professor Clement.
You signed on, along with a number of important organizations—the Canadian Civil Liberties Association, la Ligue des droits et libertés, the National Council of Canadian Muslims, OpenMedia, the Privacy & Access Council of Canada—pushing for a series of amendments, 16 recommendations that would help to, in the words of the briefing, “restrain ministerial powers”, “protect confidential personal & business information”, “maximize transparency”, “allow special advocates to protect the public interest”, and “enhance accountability for the Communications Security Establishment”. These are very valuable recommendations that you've brought forward to us, that the coalition has brought forward to us.
What are the most important ones, the ones that we need to be absolutely cognizant of in putting forward amendments to Bill C-26?
5:45 p.m.
Prof. Andrew Clement
There are many recommendations there. We've just talked about a number of them, but I would say that the first recommendation, about constraining the scope of the ministerial orders—which, at this point, is relatively unbounded except by a general sense of necessity—would be one of them. A number of them call for transparency measures, reporting and so on. Those, cumulatively, are very important.
As I was saying earlier, they need to create a much better balance between the security interests and the other rights.
I'll leave it there, and I can follow up with a more specific priority, if you would like.
5:50 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Thank you for that.
What you're saying is that there are some major difficulties with Bill C-26 that need to be responded to, that the bill itself needs to be considerably improved, and that there are a number of amendments that need to be considered for the bill to do what it purports to do but also to ensure that the protection of information and the transparency are there. Is that not true?
5:50 p.m.
Prof. Andrew Clement
Yes, absolutely.
5:50 p.m.
Liberal
The Chair Liberal Heath MacDonald
Thank you, Mr. Julian and Mr. Clement. Your time is up.
We're moving to the next round—
5:50 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Chair, I'm sorry, but it's six o'clock. I have to go, and I do not consent to continue the meeting.
5:50 p.m.
Liberal
The Chair Liberal Heath MacDonald
That clock is fast. It's 5:51 p.m.
Mr. Julian, let me proceed. I'm going to suggest two and a half minutes each. Mr. Julian, you have the last question, so if you want to forgo those two and a half minutes, that's great; we'll get out of here a little more quickly. However, we have two and a half minutes each.
Mr. Kurek, you're up, please.
5:50 p.m.
Conservative
Damien Kurek Conservative Battle River—Crowfoot, AB
Thanks very much. I appreciate the opportunity to engage on this important subject matter.
Professor Clement, I believe the term you used was “awesome powers”, if I'm recalling correctly. Certainly, the surveillance capacity potential, if there are no appropriate safeguards in place, is awesome—or I would maybe suggest another word to use would be “terrifying”.
Are you confident that, as the bill stands right now, there are safeguards in place that would protect Canadians' privacy, their data and their rights?
5:50 p.m.
Prof. Andrew Clement
I'm not confident, as it stands now, that those rights are protected. It's a very one-sided bill in that regard. It gives too much discretion and power to government agencies without the necessary transparency and accountability.
5:50 p.m.
Conservative
Damien Kurek Conservative Battle River—Crowfoot, AB
Thank you very much. I appreciate that.
I'll go to our witnesses in telecom and the banks, two industries that are about as popular as politicians.
This has been described as a one-way street in terms of reporting and the mechanisms required to release data to government. There is some uncertainty as to where data would go, whether it's proprietary information or whatnot.
I'm wondering, in the minute I have left—you have about 20 seconds each—if you could describe some of the concerns that you have that the reporting mechanisms are right now a one-way street. Do you feel that needs to be addressed?
I'll start with the folks in the room.
5:50 p.m.
President and Chief Executive Officer, Canadian Telecommunications Association
Well, obviously, I have the double whammy on that, in politics and telecom.
When it comes to that, I agree with a lot of what has been said already—that this bill is good-intentioned but it needs to be improved, and it gets improved with openness and transparency and making sure that the right checks and balances are in place.
5:50 p.m.
Conservative
Damien Kurek Conservative Battle River—Crowfoot, AB
Thank you very much.
To our last witness, you have about 20 seconds, if you could.
5:50 p.m.
General Counsel and Senior Vice-President, Legal and Risk, Canadian Bankers Association
I'm happy to jump in.
I think there's a strong focus on intervention, and there should be a stronger focus on sharing information to the benefit of the participants in the system.
5:50 p.m.
Liberal
The Chair Liberal Heath MacDonald
Thank you, Mr. Kurek.
Ms. Michaud, please, you have two and a half minutes.
5:50 p.m.
Bloc
Kristina Michaud Bloc Avignon—La Mitis—Matane—Matapédia, QC
Thank you, Mr. Chair.
I would like to take this opportunity to—
5:50 p.m.
Liberal
The Chair Liberal Heath MacDonald
Ms. Michaud, it's my mistake. I apologize. I will get back to you.
It's Ms. O'Connell. I forgot she was here.
5:50 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you, Mr. Chair. I've been too quiet. You forgot.
Thank you to the witnesses.
Ms. Michaud asked a question that is similar to what I wanted to ask.
Ms. Mason, you pretty much touched on it. I suspect banking will be ahead of the game already in terms of what this legislation is doing, so I'm going to direct my question to our telecom witnesses.
The issue around privacy and privacy protection is very real, and we definitely want to make sure that the balance is right, but on the other side, one could argue that if you are not dealing with critical infrastructure, such as telecommunications infrastructure, in the right way, those bad actors who could access that do not care about the privacy protection of Canadians.
The telecoms and banks—which, again, I think Ms. Mason touched on—hold a lot of data for Canadians, including location data, credit card data and a lot of personal information. If your systems are not protected, with the constant ebb and flow of cybersecurity—let's remember that it is constantly changing—and you're not able to react to those changes and work with government, don't you think the risk to Canadians' privacy would be far greater, being exposed to bad actors who want to access that data and sell it or produce it for nefarious reasons? Wouldn't the privacy of Canadians be better served by strong cybersecurity infrastructure?
5:55 p.m.
Senior Vice-President, Canadian Telecommunications Association
Yes. I also think our industry is doing a very good job of that. It's a critical function of what our members do. As you mentioned, bad actors are constantly evolving their techniques. We're always having to modify our processes and technology.
5:55 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thanks.
You asked questions, too, about physical changes within what some of your membership might be able to access, or not. Again, I would argue that, if there are concerning trends worldwide—they may not even be in Canada—and there is an opportunity to secure our critical infrastructure, working with government would.... Again, it's not just the operations of the telecoms. You hold a large responsibility, which government has been helpful with. You owe it to Canadians. If we are concerned about trends, you have to implement those changes to protect Canadians' data.