Evidence of meeting #22 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was amendment.
A recording is available from Parliament.
Bloc
Claude DeBellefeuille Bloc Beauharnois—Salaberry—Soulanges—Huntingdon, QC
We want to make a small change.
We propose that Bill C‑8, in clause 2, be amended through point (a) by adding the following after line 20 on page 2:
(c.1) its potential impacts on the privacy of Canadians; and
This is a recommendation made by the Privacy Commissioner.
Liberal
The Chair Liberal Jean-Yves Duclos
Thank you, Mrs. DeBellefeuille.
Do any members wish to speak to this amendment?
Mr. Ramsay, you have the floor.
Liberal
Jacques Ramsay Liberal La Prairie—Atateken, QC
We maintain that this is consistent with the objectives of the act. That's in line with our reading of the act. So if the purpose of this amendment is to provide more assurance and to make some people more comfortable, we support it.
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
This is for the officials.
Can BQ-3 and CPC-8 essentially coexist? My sense is that CPC-8 goes further than BQ-3. Is that accurate?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Yes. CPC-8 refers to the privacy of persons, which, once again, in a legal context includes corporations. That is not a charter right under normal circumstances, so the framing under BQ-3 of the privacy of Canadians is much more legible to us and is something tractable that we know how to interpret.
Liberal
The Chair Liberal Jean-Yves Duclos
Are there any further interventions?
Is it the pleasure of the committee to adopt amendment BQ‑3?
(Amendment agreed to on division [See Minutes of Proceedings])
Liberal
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
I will move CPC-8. It may be redundant given what was just stated, but the officials can feel free to chime in on whether it is redundant to BQ-3, on which we just voted on division. I'll leave that to the officials.
Director General, Telecommunications and Internet Policy Branch, Department of Industry
CPC-8 is likely to introduce quite a bit of confusion. Some parts of it are duplicative of the BQ amendment that was adopted. We'd have two different factors. One is the privacy of Canadians and one is the privacy of persons. The privacy of Canadians is a tractable legal concept that we can interpret. The privacy of persons includes corporations and is quite problematic and confusing.
Hopefully that is clear.
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
Given the incongruence and that BQ-3 has passed, if it was different timing, I would likely ask for a vote on it. However, I'll make the decision to seek unanimous consent to withdraw CPC-8, and we can move on to CPC-9.
Liberal
The Chair Liberal Jean-Yves Duclos
(Amendment withdrawn)
This brings us to CPC-9.
Is CPC-9 being moved?
Conservative
Liberal
The Chair Liberal Jean-Yves Duclos
Thank you, Mr. Caputo.
CPC‑10 has a line conflict with BQ‑1, which was adopted a little earlier. As a result, it cannot be moved.
We're moving on to CPC‑11.
Does anyone want to move CPC‑11?
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
Before I move CPC-11, is there a line conflict? There is no line conflict, as there was with CPC-10, because we're dealing with only a very small text. Is that correct, Mr. Chair? Okay.
I will move CPC-11 to change “threat” to “serious, systemic threat”, just to gain more precision in language. We are talking about infrastructure.
I invite the officials to weigh in if they have any conclusions on that, but I am moving that now.
Conservative
Liberal
Jacques Ramsay Liberal La Prairie—Atateken, QC
No. I thought that's what you said. No, you didn't say that.
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
Oh, no. My French is bad, but I didn't know my English was that bad.
Liberal
The Chair Liberal Jean-Yves Duclos
Given that this is very technical, just to make sure that everyone understood it in both languages, can you summarize again what you just said?
Conservative
Liberal
Liberal
Sima Acan Liberal Oakville West, ON
Thank you, Mr. Chair.
This amendment seeks to narrow the government's focus to only serious systemic threats. Here, the word “systemic” is technically dangerous—I will repeat the same thing from a technical perspective—because it implies that a threat must only affect the entire national system to justify an order.
In reality, a major cyber-attack might target one specific service provider to gain a foothold or cause localized but severe damage. This amendment would prevent the government from acting against a significant threat if it was not deemed systemic, leaving individual parts of the infrastructure vulnerable.
I would like to ask the experts this question. In your experience, do cyber-actors always launch broader, systemic attacks, or do they often target one specific provider to gain a foothold? If this amendment passes, would the government be legally barred from issuing the ministerial order to protect a single TSP from a devastating non-systemic attack?