Evidence of meeting #22 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was amendment.
A recording is available from Parliament.
Liberal
The Chair Liberal Jean-Yves Duclos
This brings us to the discussion of amendment CPC‑5. Therefore, I'll open the floor to debate.
Is there any debate?
Ms. Acan, go ahead, please.
Liberal
Sima Acan Liberal Oakville West, ON
Thank you, Mr. Chair.
I'm looking at my notes again for CPC-5. Making non-disclosure conditional on a Federal Court application, as we spoke about again and again, could delay urgent action and may not capture other legitimate reasons that non-disclosure may be needed, such as commercial, reputational or technical risks to an entity or a broader system.
On that, my question will be on the response speed.
Given that cyber-attacks can occur at digital speeds—and we repeatedly say we are talking about milliseconds—how would the requirement to obtain prior judicial authorization for a non-disclosure order impact the government's ability to act instantly to stop an ongoing breach without alerting the attacker that we are onto them?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
For this type of concept, as officials who have been talking to different parts of Justice since Tuesday, we are still grappling with all of the scope of its applications, given how unprecedented it is in administrative law. There are different parts and pieces of it that we're finding out are new problems, and it's going to take weeks for us to unpack it all.
With regard to the judicial authorization of a cabinet decision, we're going to need to come up with a new process for cabinet confidence. We can't bring cabinet confidence to court.
We're not sure, but it likely does not match the crosswalk to the confidential evidentiary provisions of the Canada Evidence Act, so we're not sure if we could use confidential evidence with the court.
On your question, though, in terms of a specific time, our best guess at this point is that for something that was truly urgent, we couldn't accomplish it in a matter of days under Bill C-8 as tabled. It is probably going to be months, and what would be months would likely be years.
Liberal
Sima Acan Liberal Oakville West, ON
Continuing on that question, does this amendment not create a gap by ignoring the valid non-security reasons for secrecy—such as protecting a company's commercial reputation or preventing a market panic—that fall outside the narrow national security definitions used by the courts?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
There are some secondary considerations around the criteria cited, and that is why the text of G-1 is more appropriately scoped to the subject matter of part 1, though the judicial authorization is the most novel part and the most challenging to implement, if it can be implemented.
Liberal
The Chair Liberal Jean-Yves Duclos
Thank you.
I give the floor to Mr. Lloyd, followed by Mr. Caputo.
Conservative
Dane Lloyd Conservative Parkland, AB
Thank you.
I think it's interesting that we're kind of being sold this fantasy that the government doesn't already have the capabilities of stopping a cyber-attack that, as the member across said, could be happening in a millisecond.
We have a report from the Communications Security Establishment that talked about the cyber-attacks they have stopped, as recently as 2024. The government does have the capability of stopping these attacks. What this legislation is talking about is the removal of telecommunications equipment that could potentially cause a threat to the telecommunications system.
Mr. Arbour, I want to bring you back to what I believe was your testimony earlier at this committee—not today, but earlier in the study. You said it would be extremely rare for the government to use a non-disclosure order. Do you recall making that statement? Can you clarify that you did make that statement?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Yes, that is correct. I did say that, or a version of that.
Conservative
Dane Lloyd Conservative Parkland, AB
Mr. Arbour, given that you have stated that it would be very rare for the government to put in a non-disclosure order, it would have to be a situation of quite some gravity for you to want to put a non-disclosure order in. Wouldn't you agree that it would have to be a serious situation?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
The reasoning behind why it would be a good idea to have an order or part of an order be confidential is that if there is a specific vulnerability in a provider's network, you may not want to advertise that vulnerability as they are fixing it and until that work is completed.
How long it would take to remedy the issue in question and the seriousness of it is very case-specific and would depend on the circumstances.
Conservative
Dane Lloyd Conservative Parkland, AB
But surely, if it is a serious issue—this is serious legislation—would a judge not consider that as important information in the speed at which they make their decision?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
There are different considerations of what speed is in a judicial context. The processes I've been familiar with that are not done on a speedy basis are in the 12- to 18-month zone. When there is an expedited process in place, then you are more into weeks and months.
Conservative
Dane Lloyd Conservative Parkland, AB
As my final question, we're being told by members from the government side that this is about stopping live attacks on our telecommunications system, but what we're actually talking about are potential vulnerabilities in equipment, not live attacks that are happening.
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Both circumstances are the risks we're concerned about. You could discover a circumstance of a vulnerability that's not known and is unlikely to be discovered and that might take some time for the telecom service provider to remedy, or you might discover something that is subject to an ongoing attack and would only get worse if it's not remedied as soon as possible.
Liberal
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
Thank you.
We talked a lot at our last meeting about what we colloquially have been calling “exigency”, but it's what I will call “impracticability of judicial authorization”.
Ms. Acan said this is going to be happening in milliseconds. If something is happening in milliseconds, it is impracticable to get judicial authorization. I think we can all agree on that. That is why I requested—and I will reiterate my request—that the drafters draft an amendment that addresses situations in which judicial authorization is impractical.
In other words, when you don't have time to get judicial authorization but there is a threat, and that threat materializes before you can get before a judge, the government would be empowered to act: You get before a judge then and you get your authorization. This happens very frequently in other areas of law in which we aren't getting a warrant in the next three minutes and we have to take action to secure the evidence, or in this case the system or whatever it is—the infrastructure—and then we get it.
With all due respect, Mr. Arbour—and you are much more an expert on this than I am—where I part company with you is where you say that it will take months. Please walk me through that.
This is the proposed amendment. It says, “A judge of the Federal Court may”. That also goes to Ms. Acan's point about whether you have to do something. This is permissive; it is not compulsory, so there is no requirement that a judge must institute an order.
A judge can create a non-disclosure order. When can they do this? It's subject to conditions. That's pretty normal: A judge may make an order of prohibition of disclosure “if the judge is satisfied that there are reasonable grounds”—reasonable grounds are usually made under oath or affirmation—“to believe that the disclosure would be injurious to international relations, national defence or national security”.
Normally what happens in other areas is that somebody sets out why and how the disclosure would be injurious to international relations, national defence or national security. It need not be a doctoral thesis; it would simply be somebody telling a judge, “I believe this is injurious to national defence because....”
Where I further part company with past remarks is on the notion that the judge has to be an expert. The judge is listening to evidence, and that evidence is sworn to or affirmed on reasonable grounds. If that's the case, why are we talking about proposed subsection 15.1(4.1) taking months, when, as I see it, this is in affidavit form?
Maybe I'm just completely missing something. If I am, please let me know.
Director General, Telecommunications and Internet Policy Branch, Department of Industry
The practice and conduct of criminal law and administrative law are quite different. We are dealing with administrative law in this context.
In the scope for review in an administrative law context, there's a body of case law, but the most important decision is probably the Supreme Court's 2019 Vavilov decision. This spells out what are reasonable criteria in an administrative law context.
The proposed provision in question is so new and so outside of the normal practice of administrative law that we're still grappling with it and still trying to unpack exactly how it could be operationalized. It will take us some time to do so. That's one example of the types of things we are trying to think about—how this could be implemented—along with some of the other things I mentioned, such as the provision for the use of confidential information in this context in the Canada Evidence Act.
We probably don't have a crosswalk here, but it's going to take us a while to try to figure this one out.
Conservative
Frank Caputo Conservative Kamloops—Thompson—Nicola, BC
I'm mindful of that. This is new, but sometimes the law develops in new ways.
Vavilov is obviously common law from the Supreme Court of Canada, which Canadian tribunals and courts on judicial review are bound by, but we're creating something other than common law. We're creating statute law that tells a judge, in the administrative context, which I know is a novel one.... Yes, this could be very new, as you would say, and perhaps, dare I say, groundbreaking. I don't like to say that, but you're smiling.
I'm sure it's giving some people fits and they're saying, “What are they doing?”, but sometimes we have to challenge the process. If challenging the process means that despite it being in an administrative context, we would like a judge to see this and to make a decision on what could be a life-changing issue for parties.... I get that it's new, but I just don't get how.... You talk about the crosswalk, but saying that we don't know how it's going to work and that this is going to be different doesn't mean it's going to take months for somebody to satisfy a judge that, in terms of disclosure, there are reasonable grounds to believe something would be injurious to international relations, national defence or national security.
I guess where I'm struggling, sir, is that I don't see how that would take months simply because this is something we're figuring out. Sometimes we do have to figure things out. Sometimes we do have to change things. Perhaps this is that time or perhaps it isn't. That is ultimately up to the House of Commons. That's why I'm pushing back.
I'm not trying to be rude or anything. I'm just trying to put something on the table and clarify why I believe what I'm putting forward, in order to get legislation that balances privacy, charter rights and the government's necessity to protect our digital infrastructure.
February 5th, 2026 / 4:10 p.m.
Liberal
Marcus Powlowski Liberal Thunder Bay—Rainy River, ON
I'm trying to understand the issue here. I understand that the government may want a non-disclosure agreement because they don't want to advertise a vulnerability, but wouldn't that agreement be with the telecommunications provider that has the vulnerability? Also, why would a telecommunications provider that has a vulnerability advertise that they have a vulnerability?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
The telecom service provider would have no objection to a confidentiality provision. There's no tension there. The issue is that there needs to be a positive power to give the government the ability to make an order confidential. Otherwise, it has to be public. It's one of the reasons why, for the government's proposed amendment G-1, the representations by the telecommunications service provider are one of the factors suggested for consideration.
Liberal
Marcus Powlowski Liberal Thunder Bay—Rainy River, ON
The de facto is that an order would have to be public?
Director General, Telecommunications and Internet Policy Branch, Department of Industry
Yes.
Liberal
Marcus Powlowski Liberal Thunder Bay—Rainy River, ON
Where is it published, or how is it made public?