Right, for the bad guys.
We have many examples of the federal government's mismanagement of personal information.
In 2002, the RCMP investigated the theft of hundreds of forms from five Canada Immigration Centres and the unauthorized querying of a police data bank by Citizenship and Immigration Canada employees. This was reported in the Toronto Sun.
More than 2,000 employees stationed abroad were implicated or were investigated according to federal authorities. About 21% were fired, 29% were suspended, 25% resigned and 14% decided to take extended leave, according to the February 4, 2002 edition of La Presse.
Therefore, controls must be put in place right within the government.
I will provide another example. In September 2003, six computers—including a Compaq laptop, which I mention even though it is not necessarily germane to the debate— were stolen from the Laval offices of the Canada Customs and Revenue Agency. This laptop alone contained personal information about 120,000 taxpayers, both individuals and businesses, including 600 federal government employees.
The federal government wants the public to believe that it is taking the issue of identity theft seriously but its actions show that it is neglecting the problem. Consequently, the Bloc Québécois, which supports the measure before us, is urging the government to get serious.
As for the legislative framework, to help us in our approach and our discussions later in committee, I would like to talk about other legislative frameworks that could serve as a reference.
For instance, since 1998, the United States federal government and nearly all state governments have adopted a number of measures to address this phenomenon. In 1998, as part of the Identity Theft and Assumption Deterrence Act, Congress enacted a new criminal offence directed specifically at identity theft.
This identity theft offence prohibits the knowing use, transfer, or possession, without authorization, of a "means of identification" of another person with the intent to commit, or to aid or abet, or in connection with any unlawful activity that constitutes any offence under U.S. federal law or any felony under U.S. state or local law.
This is a very broad, comprehensive definition that clearly makes it an offence to use an individual's personal identifying information in order to commit an illegal act.
This might seem obvious. In Canada, for instance—and in the United States, prior to this legislation—this meant that illegal acts were obviously punishable. However, the act of stealing someone's identity in order to commit that act was not illegal and the act of stealing someone's identity with the intention of committing an offence was even less so. In light of this provision adopted in the United States, the simple fact, for instance, of collecting information with the intention of committing a criminal offence or swindle someone became an offence punishable by law. Thus, offences linked to identity theft can carry significant criminal penalties.
Even a simple violation of section 18(28)(a)(7), without more, is punishable by a maximum of five years imprisonment and a US$250,000 fine. If, as a result of the offence, any individual committing the offence obtains anything of value aggregating $1,000 or more during any one-year period, the maximum term of imprisonment increases to 15 years. Several states, including Florida, Indiana, Montana and New York, have also enacted enhanced penalties laws for identity theft.
On July 15, 2004, the Identity Theft Penalty Enhancement Act became law. This Act establishes a new federal offence of aggravated identity theft to enhance penalties for identity theft-related criminal conduct. Under this new offence created in 2004, individuals found guilty of aggravated identity theft would receive an additional mandatory, consecutive two years' imprisonment over and above their sentences for the underlying offence.
The Act also expands the scope of the current identity theft offence by prohibiting not just the transfer or use of another's identity information, but also possession of such information in conjunction with the requisite criminal intent. In addition, it increases the maximum penalties for identity theft and includes a higher maximum penalty for identity theft used to facilitate acts of domestic terrorism.
It is clear that the United States has taken tough measures. Does that mean identity theft no longer exists in the United States? Of course not. There are still major problems, which shows that simply passing drastic and repressive legislation is not enough and more needs to be done.
I am running out of time but I would quickly like to give the French example, which is a bit different, where stealing identity is not an indictable offence, except in very specific cases, such as using false identity in an authentic document or an administrative document intended for a public authority or assuming a false name in order to obtain police clearance.
I will not get into the details of the French example, but I hope committee members will have the opportunity to go and compare what is happening in these two countries. The French law seems less strict and less harsh than the U.S. legislation. It would be interesting to compare identity theft data for France and the United States, to see if the severity of the law, in and of itself, makes a significant difference.
Intuitively, one would be justified into thinking that it is important to have an act that includes provisions punishing this type of offences with a reasonable degree of harshness. Of course, if we want to deal effectively with this issue, we must have means to do so. Among other things, we must have the means to arrest and convict people before they commit offences, but this will not be enough.
In this respect, the Bloc Québécois is proposing that we go further than the bill does, by cooperating with the Quebec and provincial governments to put in place more effective measures, including as regards the civil code, which comes under the Quebec government's responsibility and whose evidentiary rules are less stringent than those of the Criminal Code. We must work to educate the public, to provide information on how to protect oneself from identity theft and, finally—and this was the main thrust of my speech—to lead by example as a responsible government, and to make all necessary efforts to protect our citizens' personal information.