Evidence of meeting #21 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was telecommunications.
A video is available from Parliament.
Liberal
Sima Acan Liberal Oakville West, ON
Thank you, Mr. Chair.
We all respect the role of the judiciary. However, I still see this amendment as detrimental. It prioritizes red tape over national resiliency, especially when we look at the global situation now. We talked about how cyber-threats move in milliseconds, and we repeated that several times. We also know, especially because we have lawyers sitting here, that court applications can take days or hours. They may be too late to stop the attack in the moment.
This amendment would also place a massive administrative burden on our Federal Court—I keep repeating that—by forcing our judges to act as technical clearing houses for every instance and every security order. I believe we do not need to create a new hurdle that slows down our national security processes, because as we heard again and again, the status quo already provides judicial oversight. That's one point that we spoke about today.
Again, with the amendment as is, I see it effectively handcuffing our ability to defend our country. To me, in my heart, it's very important, and it is against instant attacks. I would ask my colleagues to consider the security of our provinces and our country when we think about this amendment.
I want all of us to understand the situation from the technical perspective as well. We mentioned several times at the industry committee, as well as here, that the damage to our companies is in the millions of dollars. Overall, it's billions of dollars. That's our future money.
I would like to ask the experts to help us understand this better. Could you please give us some concrete examples of the malware and worms we are discussing here that are threats not only to our telecom infrastructure, but to our critical infrastructure? What are the potential implications that we can face as a country, especially if we go through really difficult times in the future?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Thank you for the question.
Salt Typhoon is a threat actor affiliated with a foreign jurisdiction that infiltrated and subverted American telecommunications infrastructure for several years. The risks of surveillance and the risks to privacy were quite substantial.
SolarWinds refers to an IT management system that is used throughout critical infrastructure. In 2020, we saw a supply chain attack where 18,000 of their customers had malicious updates installed that went undetected.
In terms of manipulation, we had a circumstance in 2016 where, for six months, Internet traffic between Canada and Korea was rerouted through China.
Volt Typhoon was an instance whereby multiple IT environments for critical infrastructure organizations, mainly in the U.S., were compromised. There is a high likelihood that this is a form of pre-positioning, so that should there be kinetic warfare, that would then be a vector to attack the United States in relation to that.
We also see a high degree of hybridization—that's the term used—in relation to the war in Ukraine. There have been cyber-attacks associated with that in relation to supporters of Ukraine.
The Colonial Pipeline ransomware attack in 2021 shut down this critical infrastructure in the northeast United States.
We also have had a ransomware attack that affected AT&T: the ShinyHunters attack.
That's the tip of the iceberg, but with the set of hostile foreign adversary countries that are routinely attacking critical infrastructure, with the growth of ransomware, which is more profitable due to the use of cryptocurrency, and with the rapid increase in damages due to extreme weather events such as forest fires or hurricanes, or issues around even just human error, which happens with the growing complexity of the system, such as what we saw with the Rogers outage in 2022, this is a set of issues that touch our work and Canadians every day, frankly.
The scope of the issues is what really keeps us up at night. Certainly, one can imagine extreme examples where there is an emergency, and that is very much a real thing as well, but it's dwarfed by all of the ongoing management that goes into telecommunications regulation and oversight. It's quite substantial and it's quite routine, and people don't notice it until there's an issue. Then they notice it and then they really care.
I'm a policy wonk who does the legislative part, and it's my colleagues in the engineering part who really have to operationalize this stuff. I see what they have to do every day, and it's really something. The range of threats—cyber, natural disaster and human error—is substantial and ever-present in terms of an ongoing management context.
Liberal
Sima Acan Liberal Oakville West, ON
Just as a small add-on, we already spoke about how we are the only country in the Five Eyes that doesn't have the authority the bill is asking for. Am I correct?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Yes, that is correct.
Liberal
Marcus Powlowski Liberal Thunder Bay—Rainy River, ON
I just want to speak to it a bit, because although the realpolitik at the moment may mean that we have to accept part of this, I don't think it's a good idea.
Overall, when Frank first brought up the requirement for a warrant, it seemed to me like a good idea. However, especially with regard to cybersecurity, I think time is of the essence, and time is of the essence most of the time. There are other instances in life—I'm thinking of Matt Strauss, as well as myself—when you have to act quickly, and I think this is an area where, generally speaking, you have to act quickly. Therefore, the fallback position should not be that a warrant is required, because that's going to stall the process.
Cyber-attacks are part of modern warfare. We've seen Russia repeatedly attack Ukraine and its vital infrastructure. It seems to happen—and they want it to happen—quickly, in a matter of seconds. Certainly, we've been talking about why we need this law. It's in order to protect our power grids, nuclear power stations and communications, such as from air traffic controllers to airplanes. All that is controlled by computers, and all that could be shut down.
It seems to me that putting an extra layer of protection, a requirement for a warrant, just further stalls things. This is letting down the gates of the fort, and we're surrounded by enemies on all sides right now. I would say that this is not the time to let down the gates. If I were Putin and the Russians, I'd be applauding this amendment and saying, “Absolutely, put a requirement that they have to have a warrant beforehand. Let's add other protections to stall the process.” As I said, that's letting down our guard, and this isn't the time to let down our guard.
Liberal
Ali Ehsassi Liberal Willowdale, ON
Thank you Mr. Chair.
I'll just follow up on the question MP Acan had, because I wasn't quite clear on that. She did ask about the Five Eyes, about what powers and prerogatives existed in those jurisdictions. However, I'm not quite sure whether you were talking about the minister's powers or about the fact that they do have legislation in place. If you could kindly clarify and bifurcate those two distinct issues, I would be very grateful.
Also, I want to thank you for sobering us all up and listing all of those issues that you did. I think we should all recognize that this is a big responsibility and that we have to act in a responsible fashion. Thank you.
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Different countries have different institutional arrangements in terms of how this is set up. It is not necessarily a minister. It depends on the context.
As for the reasons, I would first and foremost flag that some of the powers that would be captured by this amendment are for the Governor in Council as opposed to a minister. However, one might then also ask why the authority is under a minister. What started with that proposition? There are two main regulators of telecommunications in Canada. There's the CRTC, and there's ISED under the Minister of Industry. That's been the case since at least the 1980s.
Right now, the minister can revoke someone's licence to provide wireless services and can turn off their wireless services. Certainly, the degree of exigency associated with justifying that decision would have to be very, very considerable. I cannot think of a single case where that, in fact, happened. However, that is an authority that has existed with either the Minister of Industry or the Minister of Communications since, I think, the 1970s at least.
There is a wide range of ongoing regulation of these private sector companies that is material to these companies and has to do with their ongoing network management. With regard to issues with respect to human rights, such as speech, those are not within the scope of the Telecommunications Act, and the committee also adopted a “for greater certainty” amendment that further scoped out those considerations.
This approach is consistent with many decades of how the telecommunications sector has been regulated.
Liberal
The Chair Liberal Jean-Yves Duclos
Thank you.
Are there any other interventions?
We'll now proceed with a recorded vote on amendment CPC‑2.
Is it the pleasure of the committee to adopt amendment CPC‑2?
Liberal
Liberal
The Chair Liberal Jean-Yves Duclos
Yes, we'll do a roll call.
(Amendment agreed to: yeas 5; nays 4 [See Minutes of Proceedings])
Liberal
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
Thank you.
Colleagues, I spoke at length earlier, so I won't speak at length about what I call some of the vague language that I think concerns us all. In fact, some of the government amendments do deal with this. I will say that it's actually rare to see the NDP, Bloc, Green and Conservative MPs all raising the same issues. I take it that it came from the Privacy Commissioner.
One of the consistent themes that I think we can all agree with is that some of the language, based on what we heard from testimony, is vague. Here we're asking for the word “threat” to essentially go from “any threat” to “material threat”. I think “any threat” is too broad. Sometimes in law we talk about a de minimis standard. That could be just about anything. To me, a material threat is something important. Everybody around this table has spoken about the charter. We all know about its import. When you say “material threat”, that suggests that there has to be something worthy of intervention.
I believe this is a fairly reasonable amendment. It's just to say that if the government or a judge orders that somebody may intervene, they're intervening for a good reason. I think “any threat” can be quite subjective, while “material threat” is a much higher threshold.
That is my argument in favour of CPC-3.
Thank you.
Liberal
The Chair Liberal Jean-Yves Duclos
Thank you, Mr. Caputo.
Before discussing this amendment, I would like to make a comment.
If amendment CPC‑3 were adopted, the subsequent amendment BQ‑1 could no longer be moved because of what we call a line conflict. In House of Commons Procedure and Practice, Fourth Edition, which we know well, section 16.71 states that “the committee Chair calls the proposed amendments in the order in which they would appear in the bill”, meaning based on the lines. “Once a line of a clause has been amended by the committee, it cannot be further amended by a subsequent amendment as a given line may be amended only once.”
In other words, remember that the adoption of this amendment would mean that a subsequent amendment, BQ‑1, could no longer be moved because of a line conflict.
Mr. Ramsay, you have the floor.
Liberal
Jacques Ramsay Liberal La Prairie—Atateken, QC
Would Mr. Caputo like to clarify the content of his motion?