Evidence of meeting #18 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was c-8.

A recording is available from Parliament.

On the agenda

Members speaking

Before the committee

Robertson  Senior Research Associate, Citizen Lab, University of Toronto, As an Individual
de Boer  Vice-President, Government Relations, BlackBerry
Hatfield  Executive Director, OpenMedia
Warnell  Chief Information Security Officer, Bruce Power
Bradley  President and Chief Executive Officer, Electricity Canada

11:45 a.m.

Vice-President, Government Relations, BlackBerry

John de Boer

It's not just consultative. In some cases, it's joint action to take down actors and to deal with and respond to active cyber-threats as well.

Ali Ehsassi Liberal Willowdale, ON

Okay. Thank you for that.

Your third recommendation was that we provide access to security tools. Can you elaborate on that?

11:50 a.m.

Vice-President, Government Relations, BlackBerry

John de Boer

As was discussed in the Auditor General's report in October, even if you have a clear mandate to share information, if you don't have a means to effectively communicate it to those who need it, then you're stuck. Currently, according to that report, the Government of Canada does not have a sanctioned tool to be able to share information effectively. At BlackBerry we specialize in this area of work. What's important for us is to ensure that whoever is sharing information is doing it in a secure means, not using commercial apps or apps that were not built for exchanging secure information.

Our recommendation would be to find a way, a tool, and leverage that across critical infrastructure and government in a unified way, using tools that are certified for that purpose and that are approved specifically for sharing information.

Ali Ehsassi Liberal Willowdale, ON

Thank you very much.

I'll go now to Ms. Robertson.

Thank you very much, Ms. Robertson. I take it that overall, without getting into the details, you are very much in favour of Bill C-8. Is that correct?

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

We welcome a more proactive approach by the government. As we note in our research, legacy, lack of accountability and excessive secrecy have actually led to—

Ali Ehsassi Liberal Willowdale, ON

Generally—not specifically, but overall—you appreciate that we're behind our other Five Eyes partners and it's important that we do address this issue. Is that correct?

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

My testimony is that the government does need to take a more proactive role. However, it has been unfortunately complicit in some of the surveillance technologies that have made these technologies insecure in the first place. We really need to see—

Ali Ehsassi Liberal Willowdale, ON

That doesn't really answer my question. Thank you.

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

Well, it does answer it from my perspective. That's my view.

Ali Ehsassi Liberal Willowdale, ON

No, I understand that you don't agree with certain provisions. That's understood. But for you not to answer whether you think Bill C-8 as a general rule is moving in the right direction.... That's essentially what I was asking.

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

I've been asked this before. I think this is about a long-term strategy. It's not a rapid response. There are other tools for that. I would prefer, and it's my view, that they should proceed with amendments as opposed to just proceed because we're operating from a place of fear.

Ali Ehsassi Liberal Willowdale, ON

Thank you. This is not a rapid response, as we've heard from numerous witnesses. We're way behind our other Five Eyes partners. No one is suggesting that this is a rapid response. But you do agree, Ms. Robertson, that there will be judicial review for any decision that is taken by the minister. Is that correct?

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

No. I don't agree with that. It's only if a party initiates a judicial review. Of course, if there's secrecy—

Ali Ehsassi Liberal Willowdale, ON

But the right is there. It is secure. You agree with that, I take it.

11:50 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

It's impossible to access it if we don't know that the government order has been issued or what its effect would be. So if—

Ali Ehsassi Liberal Willowdale, ON

Thank you. You're saying that the people it applies to may not very well know about their—

The Vice-Chair Bloc Claude DeBellefeuille

Thank you, Mr. Ehsassi. This is very worthwhile and fascinating. We can continue this discussion later.

It's now my turn for two and a half minutes.

Mr. Hatfield, in your opinion, does the bill provide a mechanism for monitoring cabinet orders on cybersecurity? Do you think it's enough? Would the bill need to be amended to provide better oversight of the minister's power?

11:50 a.m.

Executive Director, OpenMedia

Matthew Hatfield

Yes, very much so.

I'll answer the question that was just asked: Should Bill C-8 pass in its current form? No. Should it pass in some form? Yes, potentially, if the right amendments are brought in.

It's true that our cybersecurity protections and legislation are behind those of our allies. Why are we considering legislation, then, with much weaker oversight than our allies apply? I think that's the crucial step that needs to be addressed here. The minister, alone, cannot be making these decisions. Our right to judicial review, which occurs only when we find out about the impact of a secret order that we've never seen, isn't a real right at all.

There are various bodies that could be appropriately empowered to provide oversight here. We could see NSICOP provided with much more information about what's going on in these orders so that they can judge that. However, the public needs to have a clearer view of what's going on systemically with the system as well, otherwise you could have secret orders stacked on secret orders and have a growing system that could become, really, far more about surveillance than about cybersecurity.

The Vice-Chair Bloc Claude DeBellefeuille

Do you intend to suggest amendments to provide better oversight of the minister's powers? You may not have them at your fingertips, but is that something you could send to the committee, Mr. Hatfield and Ms. Robertson, to better enlighten us?

11:55 a.m.

Executive Director, OpenMedia

Matthew Hatfield

Yes, certainly.

I can say some of them briefly now: no permanent secrecy; automatic review of orders, of secret information, by an external party, at some point; more reporting to the public on what's going on; as well as additional protections around encryption and preventing systemic weaknesses in the system.

The Vice-Chair Bloc Claude DeBellefeuille

Thank you.

We'll now go to Mr. Caputo for five minutes.

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Thank you, Madam Chair.

Welcome to the chair.

I would like to thank all of the witnesses—the two virtually and the one in person—for being here.

I want to start off with Professor Robertson.

First of all, your brief is incredibly comprehensive. I thank you for something so voluminous and so precise.

It's not lost on me that I've often been criticized at this committee for interrupting officials, like the minister, yet you were interrupted repeatedly when the answers you were giving may not have been what some people at the committee would have wanted.

I'm going to let you take this time to complete any answers to questions that were asked. If you have anything to add, please feel free to add it at this time.

11:55 a.m.

Senior Research Associate, Citizen Lab, University of Toronto, As an Individual

Kate Robertson

Thank you very much.

If I could quote the remarks of Canada's intelligence commissioner, “The glaring absentee in [this legislation] is the Canadian public”, whose information, which is the subject of a reasonable expectation of privacy, is under threat of compromise in more ways than one in the legislation.

We would very much welcome the government taking a more proactive approach in ensuring that we have network-wide security standards that protect you, me and everyone watching this hearing, and their communications.

When we have raised the constitutional deficiencies around the privacy risks and cybersecurity risks, we note that the government has taken the position that this is a regulatory context where privacy interests are diminished. However, we know that the privacy interests of the individuals who use telecommunications are not in any way diminished. Human communication is not a regulatory matter. That's why we point out that the balancing exercise that's critical to protect privacy and security, in this case, is not meeting the mark.

You have recommendations from me—nine in total. We believe that these are entirely consistent with the government's purpose of the legislation, which actually creates a corresponding risk that, if available improvements are not taken, then the courts are that much more unable to understand why a constitutional violation is reasonably justified. That just really kicks the can down the road to entanglements in the courts when unconstitutional legislation is not appropriately amended to address those issues.

11:55 a.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Thank you. I was going to ask you at some point about the charter, but you've outlined that fairly clearly.

For now, what I'd like to do is propose.... Any of the witnesses can feel free to weigh in on this. I don't believe that the bill has a sunset clause. I think that this bill has been quite controversial. I'm hearing about it as critic and we are hearing about it at committee. The general consensus has been—and not everybody has said this—that there is a necessity for legislation on this topic. I'm paraphrasing you, Professor, that we shouldn't be passing this legislation carte blanche and without scrutiny.

As I would say in my legal career, it's not just important that we get it done; it's that we get it right, especially on something like this.

One mechanism is a sunset clause. I'd love for each of you, or whoever wishes, to weigh in. I suppose a sunset clause can take multiple forms. One of them is a review at committee after five years, which in my experience doesn't generally happen. It just gets kicked down the road. Another would be a legislative review. I'm not sure if or how that would occur, but I suppose we could fashion that. Another is the bill just sunsets after three years. In other words, you need new legislation to revive it.

Do any of you have opinions on that?

Mr. Hatfield, please go ahead.

The Vice-Chair Bloc Claude DeBellefeuille

Wait, Mr. Hatfield, I think there's a technical issue. I don't think the audio in the room is working properly. We'll check it.