Evidence of meeting #12 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was c-8.

A video is available from Parliament.

On the agenda

Members speaking

Before the committee

Gary Anandasangaree  Minister of Public Safety
Arbour  Director General, Telecommunications and Internet Policy Branch, Department of Industry
MacSween  Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness
Bilodeau  Senior Assistant Deputy Minister, National Cyber and Security Branch, Department of Public Safety and Emergency Preparedness
O'Gorman  President, Canada Border Services Agency
Gionet  Acting Assistant Deputy Minister, Protection and Family Programs Sector, Department of Citizenship and Immigration
Lang  Director General, Integrity Policy and Programs, Department of Citizenship and Immigration
Boudreau  Deputy Commissioner, Federal Policing, Royal Canadian Mounted Police

Rhéal Fortin Bloc Rivière-du-Nord, QC

Thank you.

In your opinion, Minister, should the recommendations made by the Privacy Commissioner of Canada be carefully considered and implemented, or should they be disregarded as unimportant?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

I had the opportunity to meet with the Privacy Commissioner last week. Of the number of recommendations they put forward—five in total, I believe—there are two or three that have been incorporated within the number of amendments that were adopted earlier.

Rhéal Fortin Bloc Rivière-du-Nord, QC

Thank you, Minister, but in this case, it’s a matter of qualifying or describing the issue of reasonableness.

If it was useful in the proposed section 15.2, then the same reasoning should apply to the proposed section 15.4. That’s my humble opinion, but I’m not the minister, you are.

When it comes to reasonable grounds, you know as well as I do that depending on case law and the courts, interpretation of what constitutes reasonable grounds will differ from one judge to another, for all kinds of good and not so good reasons. I don’t want to criticize that, but it’s still a rather variable criterion.

In the proposed section 15.2, it looks as if you wanted to define reasonableness by stating that it must be reasonable “in relation to the gravity of the threat”. I think that’s appropriate. You do understand that it’s pretty serious because it involves sharing information that would otherwise be confidential. That may well be necessary. However, the Commissioner has told us that regardless of its necessity, it must be done properly because it’s a serious infringement of individual freedoms.

I think you were on the same page with the Commissioner when you decided to talk about scope and substance that is “reasonable in relation to the gravity of the threat” in the proposed subsection 15.2(3).

I apologize for repeating my question, but I think it’s important. How come this language is not in the proposed section 15.4? I think it would be easy to add “in relation to the gravity of the threat” after “believes on reasonable grounds”, as is the case in the proposed section 15.2.

How come you’ve not done that with the proposed section 15.4? Maybe it’s your intention to do so, but I’d urge you to do it if that’s not the case.

If you’re not doing it, could you explain why you believe it’s unnecessary?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

Mr. Fortin, I will take this under advisement, but let me just comment that in proposed section 15.2, the definition, I suspect, is given initially, and proposed section 15.4 would follow the same definition, but I will be more than glad to look at it closely. If I do have follow-up, I will follow up with you directly.

Rhéal Fortin Bloc Rivière-du-Nord, QC

Thank you very much, Minister. I appreciate that.

The Chair Liberal Jean-Yves Duclos

Thank you, Mr. Fortin.

I’ll now yield the floor to Mr. Lloyd for five minutes.

11:30 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

Thank you, Minister and officials.

Thank you, Mr. Chair.

Minister, last week the Privacy Commissioner testified that the bill is lacking some key privacy safeguards, including inconsistent proportionality tests included in proposed subsection 15.2(3) but not elsewhere in the bill. There is no requirement for his office to be notified when the Communications Security Establishment...when there's a cyber-breach that threatens Canadians' private information.

I find these omissions from the bill concerning, so my first question is, will the officials provide, in writing to this committee, the reasons the proportionality test is not included throughout the bill but only in that one section?

Second, to the minister, for today, do you believe that the Privacy Commissioner's concerns have merit, and should they be included in amendments to the bill?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

Mr. Lloyd, I had a chance to speak to the Privacy Commissioner last week. I am aware of the concerns he has identified.

There are a number of safeguards in the bill; these include reporting to both NSIRA and NSICOP, which ultimately report to Parliament, as you're aware.

We've also taken a number of amendments that he has proposed in a previous iteration. From Bill C-26, there are, I believe, two or three proposed amendments that were incorporated.

For those that are outstanding, there is reference to compliance with the Privacy Act, so I believe we have taken a number of very important steps. I am, as I've always said, open to discussions on potential changes.

11:30 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

We had testimony at the same meeting from the intelligence commissioner, who receives reports from our intelligence community. We were told by officials that the information provided under Bill C-8 is going to be technical information, not private information, but the intelligence commissioner raised something very concerning, saying that when he reviews these reports, the context that he's provided does include Canadians' personal information.

What is going to be done to ensure, when providing context to these technical reports, that Canadians' private information is not impacted or revealed?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

Look, I respect the role of the intelligence commissioner. I also met with him last week, and I respect the work he does.

With respect, the disclosure that is part of Bill C-8 is very much of a technical nature. It does not go into the privacy issues of individuals, and it should not necessarily have an impact on the work of the intelligence commissioner.

We've taken up a number of safeguards, including reference to NSIRA and NSICOP. There's an obligation for us to report any incidents to these agencies within 90 days of the incident.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

Thank you, Minister.

Is the government required to report cyber-incidents that impact the Government of Canada itself?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

I'm going to ask Colin to answer that question.

Colin MacSween Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

The answer is yes. The Government of Canada has a response plan known as the federal cyber-incident response plan. This is available online. As part of the requirement for that, should the federal government be subject to cyber-incidents, it is to be reported to the Canadian centre for cybersecurity, the Treasury Board Secretariat and Public Safety Canada.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

Are those reports ever made public?

11:35 a.m.

Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

Colin MacSween

Are you referring to the specific incidents?

Dane Lloyd Conservative Parkland, AB

Yes.

11:35 a.m.

Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

Colin MacSween

No, not to my knowledge.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

Are you aware of incidents when Canadian government servers have been hacked for illicit crypto mining operations, costing the Canadian taxpayer millions of dollars?

11:35 a.m.

Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness

Colin MacSween

Off the top of my head, no.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

Minister, are you aware?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

I'm not, no.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

If there were an incident of illicit crypto mining on Canadian government servers that cost millions of dollars, would that not have to be reported in the public accounts as a loss?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

I would assume it would be, Mr. Lloyd, yes.

11:35 a.m.

Conservative

Dane Lloyd Conservative Parkland, AB

If it wasn't reported, what would be the reason it wouldn't be reported?

Gary Anandasangaree Liberal Scarborough—Guildwood—Rouge Park, ON

I can't speculate, but if there's a specific incident, I would be more than glad to look at it and report back to this committee.