Mr. Speaker, I am delighted to enter into the debate on electronic commerce. As most people know, the rapid change in communications in just a little over a decade has been dramatic. There is no doubt that we will see further growth of gigantic proportions in this area.
I have a number of concerns with Bill C-54. I am not sure that I will be nearly as kind on the government as my colleague who spoke earlier. My concerns have to do with identification and security of information.
I could, if I so chose, create a web site and identify myself as a deputy speaker of the House of Commons, as some other member of the House, or even as a senator if I wanted. I could put on the site anything I want and people accessing that web site would have no way of knowing it is not a legitimate site unless there is good publicity. I think there would be if I did that. I have no intentions of doing that, but it is an electronic possibility.
It used to be that people recognized voices on the phone. Certainly in talking with people face to face there is the recognition factor with respect to the physical appearance of the person. For many decades a hand signature on documents of either the individual or the person authorized to sign on behalf of a company or organization was an identifiable marker.
We do not yet have an adequate means of defining the source of electronic information. Part of the legislation includes development of electronic signatures. One could argue that an electronic signature is more than just a duplication of a hand signature. However it is one thing that could be done.
In a computer data file a scan of the actual signature could be stored, but anyone else who would pick up the document could then paste it into any other document. It would be a perfect forgery, bit for bit as we say in the computer world. A physical signature is inadequate to identify a document.
Another way of doing it is as is done now in electronic commerce with banks. We are all familiar with automatic teller machines, ATMs, where people put in a card to identify themselves and to prove it is not a stolen card they enter in a four digit ID number or PIN number. How can we do that if we are sending something to an organization? The only way it would work is if the other organization knows what our PIN is so that when they receive it they know it is a legitimate individual sending the information.
With the banks this works perfectly fine. Most of us have PINs on our bank card or on our MasterCard. When I put my card into the machine and enter my PIN, that number goes down the electronic pipeline to the financial institution handling that transaction and it matches it at the other end with a PIN it has on file electronically. If it does not match, it says “wrong pin number, try again”. If someone enters the wrong PIN two or three times, it says “you're the wrong guy, we are keeping your card”.
How do we do that electronically? If I am going to put something to another organization, I would have to by some means send it what my electronic signature is so that it can identify me. If I send it in the same document, it is useless because if someone else gets it, they immediately can use it. So I need some method of saving with the recipient of that information my personal signature, my PIN, my electronic signature.
This is a digression. This has nothing to do with the bill but I think we are permitted to do that in the House from time to time. Many members here know that I spent a fair amount of time in my previous life teaching and working with mathematics and computers. One of the fun things I do, while other people who are real boring go out and play golf, is solve mathematical problems as a mental exercise and as a recreation.