Evidence of meeting #36 for Public Safety and National Security in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was metadata.

A video is available from Parliament.

On the agenda

Members speaking

Before the committee

McGuire  Director General, International and Border Policy, Department of Public Safety and Emergency Preparedness
Hiegel  Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness
Ho  Director, Intelligence Policy, Department of Public Safety and Emergency Preparedness
Nashef  Director General, Canadian Security Intelligence Service
Burchill  Director General, Technical Investigation Services, Royal Canadian Mounted Police
LeBel  Counsel, Criminal Law Policy Section, Department of Justice
Gibner  Deputy Assistant Deputy Minister, Policy Sector, Department of Justice
Gary Anandasangaree  Minister of Public Safety
Sean Fraser  Minister of Justice
Giles  Deputy Director, Canadian Security Intelligence Service

4:40 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

Within the context of a ministerial order specifically.... I'll stay away from those who are—

Anthony Housefather Liberal Mount Royal, QC

I'm only asking about the ministerial order.

4:40 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

Okay. The expectation is that Public Safety would be responsible for actually completing the analysis that the minister considers. Therefore, we intake information from the operating agency that has flagged the issue or the threat existing within a company's system. We actually are required to consult with that particular firm and satisfy a number of factors that are listed in the bill. As the company is with us through this process, they are able to voice their views.

Once we get to the final stage, if the minister then approves the process, the intelligence commissioner has full disclosure of all the information the minister had, and if he also agrees with the process to advance, the company does have the right to a judicial review.

Anthony Housefather Liberal Mount Royal, QC

At what point? The company is told at that point that the minister and the commissioner have said they must go forward, regardless of their claim. Then they would go to judicial review.

What happens until that review is heard? Are you saying there would be a stay on carrying out the order?

4:45 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

That's correct.

Fenton, do you have anything to add?

May 5th, 2026 / 4:45 p.m.

Director, Intelligence Policy, Department of Public Safety and Emergency Preparedness

Fenton Ho

No, I don't have anything to add.

Anthony Housefather Liberal Mount Royal, QC

I appreciate that.

The Chair Liberal Jean-Yves Duclos

Unfortunately, there is no more time.

Thank you, MP Housefather, for this intervention.

We will now move to MP Caputo for five minutes, please.

4:45 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Thank you.

I want to pick up on the one-year retention period. If I understand it correctly.... The metadata is generally what we're talking about here, or whatever is contemplated in proposed section 5. Let's just say it's data that can be compelled to be kept. My understanding of what was said before is that one year is the maximum, and one year was chosen because it's like an international standard. There's nothing magic about one year. I understand that. Every number is arbitrary. However, not everything will be kept for one year. Am I clear on that?

4:45 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

Yes, that's correct.

4:45 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Who decides what type of metadata will be kept for how long? Say, this type of data, an IP address or whatever, only needs to be kept for six months. Who decides that?

4:45 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

That will be achieved through the regulatory process, for which we will develop an analysis with the agencies as to what is most valuable when it comes to the investigative processes, as well as with companies. When we carry out the regulatory process, we have to consider things like the cost to industry of implementing new regulations. They would definitely be involved. As Rick mentioned, sometimes they already have that data in their holding, and there is no new delta cost to them. In other cases, it may be significant. We need to take the time to do that analysis and come back with a thoughtful scheme.

4:45 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

On first blush, I have an issue with that, because you only have to consider costs; you don't have to make your decision based on cost. It is a consideration.

The other issue is that one of the principal discussion points surrounding this bill is how much is left to regulation. Essentially, 90% of this bill could operate on regulation with ministerial orders and things like that. Should we not be spelling things out more in the bill when it comes to certainty? If you're a small electronic service provider trying to implement part 2, wouldn't you be shaking right now and thinking, “Oh my gosh, how much is it going to cost me to comply?” There is no certainty regarding what they'll have to comply with.

4:45 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

Let me tackle the last part of your question right up front. Core providers are also expected to go through a process by which we look at considerations of things like how big they are or how many customers they serve. It is unlikely that we would be regulating small business owners and operators through the core provider portion of this bill.

4:45 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Again, I'll go back to my prior point. That falls to regulation and it falls to somebody else's decision where there is a consideration about the size and the cost. Ultimately, just because it is considered, that doesn't mean the core provider won't have to do what a ministerial order says. Does that make sense?

4:45 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

I understand what you're saying. Part of why the bill has a higher level of detail than others you may be thinking of is the fact that it is heavily based in technology. Using terms that could be obsolete within a number of years would render the whole bill useless.

4:50 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

I appreciate that. I know that some things have to be left to regulation. My view is that a bill like this should be as prescriptive as possible, where it can be, because there is so much left to regulation.

For instance, every ministerial order, as I see it under proposed section 7 in part 2, has to be approved by the intelligence commissioner. Is that accurate?

4:50 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

That's accurate.

4:50 p.m.

Conservative

Frank Caputo Conservative Kamloops—Thompson—Nicola, BC

Why not a Federal Court judge? I get it. They're both presumed independent. I assume the intelligence commissioner is presumed independent; I can't imagine why. Both are government-appointed. Both are presumed to have perfect knowledge, and I think you know what I mean by perfect knowledge. They are both presumed to have all the knowledge. A Federal Court judge, however, is not beholden to the government. They aren't “hired”. Their term isn't renewed or anything like that. They can sit until they're 75.

Why not have a Federal Court judge play the role of gatekeeper, rather than the intelligence commissioner, when there is at least a reasonable perception of connection to government?

4:50 p.m.

Director General, National Security Policy Directorate, Department of Public Safety and Emergency Preparedness

Shannon Hiegel

Before I flip it to Fenton, I just want to say that within the ministerial order process, we have the Department of Public Safety doing the analysis. We have the minister approving. We have the intelligence commissioner, who is independent, also approving. We have a quasi-judicial oversight body, and then there can be a judicial review. Literally, on the judicial side, that's the only entity we've left out.

4:50 p.m.

Director, Intelligence Policy, Department of Public Safety and Emergency Preparedness

Fenton Ho

I would add that, at the end of that, we have NSIRA.

I think the intelligence commissioner is well versed because they are used to doing lots of things like ministerial authorization for CSE and the justification framework for CSIS. They're well versed in these particular issues. They have the knowledge, and from that point, they can actually do that function well.

The Chair Liberal Jean-Yves Duclos

Thank you.

I'm sorry, MP Caputo. We have run over the time.

We are going to suspend now, since, as we have seen, the minister has entered the room.

Thank you, officials. Many of you will stay.

We will resume the meeting in a few minutes. The meeting is suspended.

The Chair Liberal Jean-Yves Duclos

I call the meeting back to order. Thank you, everyone, for coming back.

I'd like to welcome the two ministers and the officials accompanying them, starting with Minister Gary Anandasangaree, MP and Minister of Public Safety. I would also like to welcome Minister Sean Fraser, MP and Minister of Justice.

Welcome to both of you, ministers. We'll begin with an opening statement from the Minister of Public Safety, followed by the Minister of Justice.

Mr. Anandasangaree, you have the floor.

4:55 p.m.

Scarborough—Guildwood—Rouge Park Ontario

Liberal

Gary Anandasangaree LiberalMinister of Public Safety

Thank you, Mr. Chair.

I would like to start by acknowledging that we're meeting on the traditional and unceded territory of the Algonquin Anishinabe people.

Thank you for inviting me to appear today to speak about the proposed Bill C‑22.

I also want to acknowledge my colleague, the Honourable Sean Fraser, as we've been working on this bill for a number of months, and also the officials who are here to support us.

As Minister of Public Safety, my top priority is to ensure that every Canadian remains safe and secure. Since my appointment, I've heard clearly from law enforcement at all levels—municipal police services and the RCMP—as well as victims groups such as the Canadian Centre for Child Protection. They've all said that Canada needs modern tools to take on the wide array of illicit activities that are facilitated by the global digital environment.

Technology has fundamentally changed the nature of crime and threats globally. Criminals are continuously exploiting the digital space we all use, in order to facilitate a wide array of offences. This includes extortion, childhood exploitation, auto theft, terrorism and human trafficking. Furthermore, this environment is being used to facilitate foreign interference and violent extremism.

Our laws have simply not kept pace with our digitally driven world. This has created a significant gap between today's crimes and threats and what our current laws can meaningfully address.

We have a duty to Canadians to address these new threats.

This is what Bill C-22 aims to do.

It's worth taking this opportunity to highlight that Bill C-22 does not aim to regulate the Internet, police activity on the Internet or require Internet service providers to become agents of the government, as some of the debate in the House has suggested.

As our officials have confirmed, Bill C-22 is encryption-neutral. It is simply to address gaps in our legal framework that present challenges to timely access to information and intelligence that are vital to conducting investigations. It will give our officers the tools they need to keep Canadians safe in the 21st century, while ensuring we continue to uphold Canadians' charter and privacy rights.

We listened to the concerns of stakeholders and other parliamentarians after the tabling of Bill C‑2.

Part 1 of Bill C-22 includes important safeguards, such as limiting the scope of confirmation of service demand to telecommunication service providers; a narrow definition of subscriber information; and strong judicial oversight. Police will still require court approval to obtain personal details like names, addresses and phone numbers.

Under part 2 of the bill, we'll ensure that electronic service providers can fulfill lawful access requests. Let's be clear: This part does not create new authorities for law enforcement agencies and CSIS to intercept communications or obtain information. Its focus is to ensure that electronic service providers are able to comply with existing legal orders, which are found in the Criminal Code and the Canadian Security Intelligence Service Act. Key elements include a new compliance framework that will require core providers to have the technical capability to comply with legal authorization to obtain information, such as warrants and production orders.

It would also give new ministerial order powers to the Minister of Public Safety. Only with approval from the intelligence commissioner, the minister could order an electronic service provider to develop specific technical capabilities: for example, to address new technologies that are developed but not captured in the regulations.

Finally, it introduces regulatory enforcement tools, such as administrative monetary penalties for any provider that does not comply.

Once again, I wish to underscore the safeguards that would be in place under this part of the bill. As I mentioned, all ministerial orders will require prior approval from the intelligence commissioner to ensure they are reasonable.

This part also includes an explicit safeguard to prevent the introduction of systemic vulnerabilities in electronic protections. Our government does not support the creation of back doors.

We want Canadians to see exactly how these powers are being created and used to ensure that their implementation is subject to the highest levels of democratic scrutiny. Under our current laws, our police and intelligence officers are trying to fight tech-savvy criminals and state actors with tools that are decades old. Bill C-22 would bridge that gap, while upholding the charter rights and the privacy of all Canadians.

Thank you. I look forward to your questions.

5 p.m.

Liberal

The Chair Liberal Jean-Yves Duclos

Thank you, Minister Anandasangaree.

Minister Fraser, the floor is yours for five minutes.