Debates of Dec. 1st, 2022

Mr. Speaker, I think we all agree that Canada is ill-prepared to deal with cybersecurity threats. I am comforted to hear that we are all on the same page. However, we are falling far behind other similar jurisdictions, such as France and the U.K. Their ability to intercept and respond to cybersecurity threats is much more enhanced to protect their countries.

Again, we are glad to see this moving forward, but I am a bit concerned about the government granting ministers so much broad power, especially the Minister of Public Safety and the Minister of Industry. I just want an assurance for Canadians that these powers would not be applied unjustly to them. Also, would the member and his party be willing to work with the NDP to bring forward amendments at committee to make sure there are protections for everyday Canadians?

Mr. Speaker, I suspect there would be a great deal of will to continue working with the New Democrats in the House in a minority situation. The NDP has taken a very responsible approach to dealing with the government-sponsored legislation. Where there are changes that make sense, I suspect the ministry would be open to how we could address concerns.

Having said that, it does not mean we are looking for NDP amendments. As it has been pointed out, whether it is the official opposition or the Bloc, this is legislation that we brought in today at second reading. We hope it will pass at some point so it can go to committee stage, where I expect there will be a great deal of interest from coast to coast to coast on this legislation.

I look forward to the contributions of others and their ideas and thoughts going into it, like the member for Kildonan—St. Paul had regarding an annual report that comes from the minister and how that might be incorporated into the legislation. The sooner we can make the ministry aware of some of those ideas, the better it is.

Ultimately, it will go to committee, and there will be representatives from the minister's office there. It will be a wonderful opportunity to get the feedback we are all looking for. If there are chances to make it a healthier and stronger legislation, I am sure the government would act on that.

The hon. member for Saint‑Hyacinthe—Bagot on a point of order.

Mr. Speaker, that is twice now that my colleague has accused me of subscribing to conspiracy theories. With all due respect, I would ask that he withdraw his remarks.

I understand the member for Saint‑Hyacinthe—Bagot's request.

The hon. parliamentary secretary.

Mr. Speaker, I will withdraw the comment.

Mr. Speaker, 85% of Canada's critical infrastructure is owned by the private sector, provinces and non-governmental agencies.

Does my colleague think Bill C-26 will help standardize cybersecurity practices to better protect systems and services pertinent to Canada's cybersecurity?

Mr. Speaker, as the member highlights, when we talk about infrastructure, the whole digital economy and what government does, it would be negligent not to recognize the significance of the private sector and how the private sector feeds into it. In fact, it is a major player of 80% plus. That is why, when we talk about the government's role, ensuring that the national infrastructure is safeguarded against cyber-threats is of the utmost importance. That is the essence of the legislation, along with ensuring that Canadians', business's and governments' interests are well served.

Mr. Speaker, in regard to my colleague from Kildonan—St. Paul's speech, she talked about how the government has brought this bill forward with a lot of sticks in it and no carrots. I am looking for incentives that would improve it.

Is the government open to amendments on this particular bill? If so, what would be its theme to bring forward some issues to improve the bill's transparency?

Mr. Speaker, I have made reference to the idea, and I hope it will be discussed at committee stage in terms of a reporting mechanism. I get the sense, based on questions for both me and the minister, that there is some concern related to that. We will have to wait and see if that comes forward through committee.

At the end of the day, I think it would be nice to see the legislation pass at some point, where the committee is given the opportunity to provide its recommendations and thoughts on the legislation.

Mr. Speaker, before I begin my remarks, I request that you seek unanimous consent for me to split my time with the member for Windsor West.

Is there agreement for the member to split his time?

The hon. member for Elmwood—Transcona.

Mr. Speaker, with thanks to the chamber, I am pleased to rise today to speak to Bill C-26.

Cybersecurity is a topic that is very much on the minds of many Canadians. It is something that many of us have had experience with in our personal lives, or we know somebody who has. Certainly, as MPs, we hear from folks who have fallen prey to various kinds of cyber-attacks online. We know it is a burgeoning criminal industry to take advantage of people online, grab their information and impersonate their identities. Canadians deserve to be protected from this kind of crime.

We also heard about the impact that cybersecurity attacks have had on our commercial industries. One of the examples that stands out in my mind of particular concern was the 2017 cyber-attack on Equifax, where the personal and financial information of thousands of Canadians was obtained illegally. It is an obvious concern for folks when they find out that a company they trusted with their personal information has been subject to this kind of attack.

We also know that our government has not been immune from these kinds of attacks. Hospitals and Global Affairs Canada have been the object of successful cyber-attacks. Earlier this fall, the House of Commons had a cyber-attack. MPs were warned about changing their email passwords for fear of information in their work accounts being exposed to outside eyes and ears that would find out what was going on in those accounts.

There is no question that it is a real issue. There is also no question, when we talk to experts on the file, that Canada is a laggard in respect to cybersecurity. There have been many debates in this place about the role of Huawei, for instance, in our 5G infrastructure. The government did finally take a decision on Huawei, I think the right decision, although late in the game with respect to our other Five Eyes allies. The idea with this legislation is that the government needs more legal authority in order to implement that decision. Of course, there are a number of ways it can do that.

The bill, as it stands, is not ready to go, but New Democrats are happy to send it to committee where we can hear from experts and try to improve it. When I say it is not ready to go, in my view, it is that for as long as it took for the government to reach a decision on Huawei, it clearly was not doing any work alongside its deliberations on Huawei to prepare for banning it. This legislation would largely give a broad, sweeping power to the Minister of Industry to decide later what exactly the government will have to do in order to ban Huawei and respond to other kinds of cyber-threats.

There is not a lot of detail in the legislation, and that is something we have seen from the government on other fronts. We have seen it on unrelated items, like the Canada disability benefit. It drafted a bill that had no content on the program. The attitude is “trust us and we will get it right later”. However, we also see a litany of problems with the way the government manages its business, whether we go all the way back to the SNC-Lavalin affair and the question of deferred prosecution agreements or other ethical issues that have come up in the context of this government.

I think Canadians are right to have a certain distrust of the government. The answer lies in mechanisms that impose accountability on the government, and those are very clearly absent from this legislation. In fact, not only are they absent from the legislation but the government also very explicitly exempts itself from some of the current types of accountability that do exist.

For instance, it exempts itself from the Statutory Instruments Act, which would make it possible for the parliamentary regulations committee to review orders that the minister may issue under the new authority granted to him in this act.

Therefore, not only would there be no new accountability measures commensurate with the new powers the government would be giving itself, but it would also be exempting itself from some of the accountability mechanisms already there. The government is also explicitly letting Canadians know its intention in the legislation to give itself the legal authority to keep those orders secret. Therefore, we have to contemplate the idea that there will be a whole branch of secret orders and laws that govern the telecommunications industry that Canadians will not know about, and the telecommunications companies may not have an adequate awareness of them.

Where I would like to go with this is to talk a bit more broadly about the Internet and about privacy rights on the Internet. When the new Canada-U.S.-Mexico trade agreement was signed, there was a number of provisions in that agreement that went too far in shoring up the rights of companies to keep their algorithms secret, for instance. There are other kinds of IP protections, or protections that are sold as IP but really mean that it is harder to get a transparent accounting of how companies operate on the Internet and of the artificial intelligence they use to navigate the Internet.

There is a way of dealing with the Internet that prioritizes secrecy for commercial purposes, but that same secrecy also breeds more opportunity for malignant actors on the web to go about their business and not have to worry they will have to expose what it is they are doing. Whereas, if we look to the European Union as another model, for privacy and conducting business on the Internet, there are a lot more robust protections there for the private information of consumers on the Internet, and there are a lot more reporting requirements for actors on the Internet.

The problem with the bill as it is written here is that it would be trying to fight secrecy with secrecy. When firefighters show up to a house that is on fire, they do not usually show up with a flamethrower. They show up with something else that can fight the fire instead of accelerating it.

I do not think Canadians, who are concerned about malignant actors on the Internet and the ways that they are able to exploit the dark corners of the Internet and the back doors of software, also think that the way to fight that is to let the government do it in secret without any reporting. Canadians are not thinking that, with less information available about actors within the digital space or government actions against cybersecurity threats, they are better off if they do not know what the actors on the Internet are doing, and they do not know what the government is doing about it.

The problem with the bill as written is that it would double down on the approach that we saw in CUSMA. It was about privacy for actors on the Internet and privacy for the government in how it deals with it. Instead, it could take a more open-source approach to say that the way forward on the Internet has to be that digital actors have to be upfront about the kind of business they are conducting on the Internet, the ways they do it and the algorithms they use. Governments, likewise, could then be pretty transparent about how they would deal with people who were non-compliant or who were breaking the rules.

New Democrats are concerned to see, along those broad lines, an approach to the Internet that says transparency and accountability, both for private actors and for public actors, is the way forward. Digital consumers deserve to have this information at their fingertips, so they understand what people are going to be doing with the information they enter on their computer, whether that is to purchase a book, get a loan or whatever kind of business they are doing on the Internet. They should have more rights to know how that information is handled, and the role of the government in keeping that information secure, rather than being told not to worry about it, because commercial interests have their best interest at heart, the government has their best interest at heart, and they do not need to know what is going on.

That is why the bill should go to committee, to be sure, because Canada does need its government to have the authority to implement the decision on Huawei and to do better in respect of cybersecurity. There is a lot of good work for committee members to do there, and a lot of amendments that ought to be made to the bill in order for it to pass in subsequent readings.

Mr. Speaker, I share a number of the hon. member's concerns, but I want to ask him about some of the major threats we have seen in cybersecurity. I am frustrated because the government has a lot of the tools already at its disposal to go after people who are threatening our cybersecurity. We have seen the shutdown of pipelines and major companies across this country. Rogers Communications was shut down.

Is the member not at all concerned about the lack of ability of law enforcement to chase down the bad actors that are pursuing some of this stuff?

Mr. Speaker, there are only so many things that can be fixed with legislation. Legislation is a necessary component of the solution, but it is not sufficient on its own. We see that in many areas. Despite the fact that we have made good laws in this place against certain kinds of crime, nevertheless, those kinds of crimes persist, so of course enforcement is an important part of that question and requires the attention of and resources from government. When those resources are not made available, it matters very little the kinds of laws we pass in this place, because the other necessary component is on the enforcement side.

I share the member's concern for proper enforcement of the laws we pass in this place.

Mr. Speaker, we are talking about Bill C‑26, which deals with national security, and discussions about national security inevitably include the issue of interference from elsewhere, from other countries. Security threats can be internal as well as external.

With respect to external threats, there is a lot of talk right now about the possibility that China interfered in our elections. Earlier, some of our colleagues mentioned that, a few years ago, the Prime Minister received nearly $70,000 in donations immediately after a bank that offers services specifically to Chinese Canadians set up shop in Canada. The donations, which were mostly from people with Chinese names, were made on the same day and within hours of the bank being authorized to open.

Does my colleague find that strange? Is he concerned that there might have been some kind of interference? It is hard to believe that this happened by accident and that it was all just a fluke.

Mr. Speaker, I thank my colleague for his question.

I think that type of coincidence is always a concern. We have mechanisms in place to launch investigations when warranted. I would encourage my colleague to submit his evidence to the authorities who could look into this, because that is the most appropriate way to ensure that the wrongdoing that the member mentioned in his comments has not taken place.

Mr. Speaker, my hon. colleague spoke during his intervention about the need for greater government accountability in the bill, and I am wondering if he could provide the House with an example.

Mr. Speaker, at the very least there has to be some kind of accounting for and public disclosure of the number of orders the government is making under these new powers. That is just one example, a very minimum reporting threshold.

The idea that any number of these orders could be made and Canadians would not even know they have been made or how many have been made is not acceptable. There has to be some reporting of the extent to which these powers are used, or there will be no factual basis upon which to evaluate whether the powers have been appropriate or adequate, or whether they need to change in the future.

Madam Speaker, I am a little concerned with some of the elements in Bill C-26 that seem overly broad. They give the government powers to secretly order providers to do things or refrain from doing things, without any transparency. Does the member share my concern?

Madam Speaker, I do. For us to get fully engaged in this, we want full accountability, clarity and a playbook so everybody understands the rules. We want to deal with some of the stuff and provide some leverage for law enforcement and investigations to take place, but there has to be a set of rules and that needs to be backstopped by parliamentary oversight. Where it stands right now, it is not backstopped by parliamentary oversight.