Public Safety Committee on Feb. 15th, 2024

I do appreciate that, Minister. I am concerned, though, that departments under your control—such as CSIS, for example—have not talked about this. This is a threat that we're facing across Canada, and in some cases I believe this rises to the threshold of terrorism. What are we doing to stop these terrorist acts against communities of faith in this country? What are you doing, Minister?

I'm working daily with the RCMP and other security partners to ensure they have the tools necessary to best protect Canadians. The decision around terrorism is properly in the hands—it's not a political decision—of prosecutors, investigators, the national police force and local police partners. However, we recognize that the increase of hate crimes means that the RCMP needs to work with local police to understand the nature of that threat and to ensure that local police forces and the RCMP—in the case of transnational organized crime—have all of the tools they need to protect Canadians.

Thank you.

We're now moving to Ms. O'Connell, please.

Thank you, Chair.

Thank you, ministers, for being here.

We heard a lot about privacy and privacy concerns, and we heard that from witnesses, certainly. I think my colleague across the way misquoted the Privacy Commissioner, but there was a conscious effort in this legislation to provide foundational legislation here, in Bill C-26, and then a conscious effort to deal with some of the specifics through regulations. What the Privacy Commissioner spoke about was wanting to be involved in the development of those regulations to specifically address concerns of privacy, details around SMEs and indigenous communities that may need specific help and foundational work to actually implement the goals of this objective. Can you speak to how regulations and the work with the Privacy Commissioner would be engaged to deal with privacy concerns?

Obviously, nothing in this legislation affects the applicability of the Privacy Act. As I noted in my opening comments, if we can better help critical infrastructure sectors of the Canadian economy—things as important as banking and telecommunications companies—better secure their systems, and help each other, obviously with the CSE, that is also a protection against the loss of privacy and private information.

I remember my conversations with Premier Furey of Newfoundland and Labrador, when some ransomware had been inserted and they had exported data from a health authority, which covered 40% or 50% of the population of the province, so you can imagine the vulnerability that people in that province felt. It was resolved with the help of the CSE. If this legislation in some ways better incentivizes, which would be a polite word for it—or “compels” is another word for it—private sector partners to do everything they have to do to secure the data, we think that's also important.

Ms. O'Connell, again, we would be happy to respond specifically to the question around amendments, to work with the Privacy Commissioner and to listen to other experts in this area. We respect and appreciate the application of the Charter of Rights, the Privacy Act and other legislative measures that are important. We think that this legislation, done properly, is in fact part of improving and securing the private information of Canadians. We look forward to the deliberations of this committee and the Privacy Commissioner, of course. His views will be very important in our getting this balance right.

It has also been suggested that there are somehow secret courts, but when dealing with matters of national security—for example, even CSIS with the CSIS Act—there is already legislation that all governments have used, judicial reviews and the court process. Does this legislation go beyond what already exists in Canadian law, in terms of the protection of national security but allowing the judicial process to ensure that no government overreaches past legislative authorities?

That is a good question. You served on NSICOP as well. You would have seen and been aware of some of these national security threats. You would also know, and you correctly referred to, processes in the CSIS Act. I as minister sign, for example, CSIS warrants. They are appropriately reviewed by the Federal Court of Canada, in the appropriate closed proceedings with amicus curiae there.

I get it. I've been a member of Parliament for a while. “Secret courts” is a nice clip. It doesn't reflect something that's new or different, and the words are loaded to get a reaction.

This is the appropriate balance that's no different from other legislation that you referred to, and is subject to judicial review as, obviously, is appropriate.

However, Mr. Champagne wants to add something briefly.

I want to rebase that also with the comments that were made by a colleague before. The power of the Minister of Industry is, “to take action to promote the security of the Canadian telecommunications system”. People say, “Those are broad powers,” but they have a very clear objective and they're not very extended: They are to promote the security of the telecommunications system in Canada. Therefore, like I said, under supervision of the court, people would look, in a judicial review, at what the objective was and whether the action was in line with the objective stated, which is the security of the network. I think that is confining the powers, which are given under the act, to act very quickly. It's a very specific objective.

Thank you.

I go to Ms. Michaud, please, for two and a half minutes.

Thank you, Mr. Chair.

Ministers, I'll be honest with you. I think you already know this. When studying a bill, the Bloc Québécois likes to make sure that the jurisdictions of the provinces and Quebec are respected.

There's a concern about Bill C‑26. Electricity Canada officials told the committee about this concern. Bill C‑26 includes interprovincial and international power line networks in its list of critical systems. We can read between the lines that an organization such as Hydro‑Québec could be affected by this bill. Correct me if I'm wrong.

The Electricity Canada officials said that they would like to see the bill amended to avoid duplication, overlap or redundancy with the jurisdictions of the provincial agencies already involved.

For example, Hydro‑Québec, the pride of Quebeckers, could receive a financial penalty of up to $15 million for failing, for any reason, to comply with certain ministerial orders.

Is that right?

What does Bill C‑26 mean for Hydro‑Québec, for example?

Mr. Chair, I would like to thank Ms. Michaud for her question.

Hydro‑Québec should be the pride of all Canadians, not just Quebeckers. I share my colleague's enthusiasm for this vital institution for the country.

I discussed the issue with the Quebec minister responsible for cyber security. We had a good discussion. He raised exactly the same concerns as Ms. Michaud. Obviously, we want to respect the Quebec government's jurisdictions. However, the legislation also gives the Government of Canada certain jurisdictions in certain areas of the economy. We also want our jurisdictions respected. You brought up Hydro‑Québec. There will obviously be areas of intersection.

Personally, I think that we need to work with the Quebec government. The Quebec government's objectives are the same as ours. I was impressed by my Quebec counterpart's efforts to secure critical systems in Quebec. Once again, Quebec is setting an example for the rest of Canada.

We certainly won't try to pick a fight. We'll try to work closely with the Quebec government. However, we'll uphold our responsibility at the national level, without taking anything away from the provincial governments.

The Department of National Defence's Canadian Centre for Cyber Security is probably a national leader. We must work with the provinces and share our knowledge and expertise with our provincial counterparts.

Thank you.

We have Mr. Julian for two and a half minutes, please.

Thank you very much, Mr. Chair.

The coalition of national groups, including the Canadian Civil Liberties Association, la Ligue des droits et libertés, and the Privacy and Access Council of Canada, have been critical of the bill, but have also proposed some concrete solutions.

One of those, given the fact it is clear in their understanding that Bill C-26 would restrict the applicant's access to evidence, is to create a special advocate to enable evidence to be tested in a court of law without being disclosed to outside parties. This recommendation, of course, borrows from the Immigration and Refugee Protection Act.

I have two questions for you, Mr. LeBlanc, on their suggestion around a special advocate. First, why didn't the government consider creating that special advocate in the legislation initially? Second, does the government now support the idea of improving this legislation, which has some major weaknesses, by the creation of a special advocacy?

We have taken note of that suggestion that you properly raise.

I'm by no means an expert in this area of national security law, but you referred to examples under the Immigration and Refugee Protection Act where these advocates are able to participate in these closed proceedings and have access to all of the appropriate intelligence information.

I know in the context of CSIS, there are amicus curiae who can participate in these Federal Court hearings, so we would look favourably upon suggestions or amendments that this committee would want to make to ensure that we get that balance right. There's certainly no principled objection from our part if, in the wisdom of this committee, that were an amendment that would be inserted, which, I hope, would answer some of those very legitimate concerns. We would look favourably upon exactly that kind of démarche.

Why it wasn't included in the beginning, I can't speak to that particular instance, but I'm more than happy to work with colleagues if that's deemed to be an oversight or something that can be corrected. I'm happy to accept the suggestion in a collaborative way.

Thank you for that.

Other testimony we heard from Electricity Canada—and Madame Michaud noted that just a few minutes ago—was the fact that there are different regulations around NERC, the North American co-operative of energy, and what would be required in terms of Bill C-26. The recommendations from Electricity Canada were to ensure there wasn't a doubling up of regulations or requirements.

To what extent did the government consult with industry groups, such as NERC, over the course of the production of the bill? Is the government open to having more harmony between regulations that are already put in place by the industry groups and the provisions of Bill C-26?

Mr. Julian, your time is up. I've been more than generous.

We're moving to Mr. Lloyd, please.

Thank you, Mr. Chair.

Minister LeBlanc, Bill C-26 deals with cybersecurity. We know that the government's in-house IT capabilities are limited, and they are often dependent on contractors and consultants. We learned yesterday that GC Strategies has received $258 million from your government in contracts.

Has this two-person IT company working out of their houses received any contracts from your department related to cybersecurity and measures in this bill?

Obviously, as we've said, there are serious concerns around this particular business. All contracts have been suspended with that business since last fall. There are internal audits and investigations going on at the Canada Border Services Agency. I know that the Treasury Board and the procurement department are also looking at this.

I'm not aware of specific contracts with this particular business that the public safety department has around IT security, cybersecurity. There are well-known elements with the Border Services Agency, but I'm happy to undertake to get that information to the committee.

All of that is part of these internal investigations that are ongoing. Of course, as we've said, if there was inappropriate behaviour it will face severe sanctions.

Thank you.

We know that CBSA has awarded this company 134 contracts. Are any of these contracts related to Canada's cybersecurity?

Again, I think the Border Services Agency clarified the number of contracts you are referring to. It referred to amendments to actual contracts. The number is much lower than that. Again, regarding this particular business's implication in cybersecurity, I'm happy to get back to the committee with a specific answer.

That's obviously a concern we have—I'm not diminishing it—and that is subject to these internal investigations. I spoke with the president of the Border Services Agency as recently as this morning on this same suite of issues, but I'm happy to get back to the committee with that information.

Thank you. Is that a commitment from you, Minister, to get that information to this committee?

It is, to understand the nature of where that particular business might have been working on cybersecurity issues.

Thank you.

My follow-up question is to Minister Champagne.

ISED has given GC Strategies 25 contracts. Were any of these contracts related to cybersecurity or to provisions in Bill C-26?

As Minister LeBlanc mentioned, there are ongoing internal investigations to assess exactly the nature of these contracts. I'm happy to get back to the committee to provide further details if any of them, as my colleague suggested, relate to anything with respect to cybersecurity.

I suspect not, but we will confirm and get back to the committee.