Debates of Dec. 1st, 2022

Madam Speaker, absolutely, but if we are going to give some flexibility in power for the minister to act, it has to be responsibly met with oversight, and that has to be heavy oversight. That will provide the confidence.

That is why I wrote to the Privacy Commissioner right after I challenged the government back in 2016 to act on this. We have seen how long it has taken for it to act on this now, so we need to have that confidence. It is a two-way street. If we have the confidence of privacy and protection for people, with oversight, then I think people will be more willing to accept that there could be some changes with respect to how investigations take place.

Madam Speaker, a group of organizations, including the Canadian Civil Liberties Association, OpenMedia and Leadnow, have written an open letter calling for improvements to Bill C-26. One of the items they call out is that secrecy undermines accountability and due process.

The member for Windsor West spoke a bit about this in his speech. Could he share more about the suggested improvements that would ensure better public reporting as part of Bill C-26?

Madam Speaker, I have a book that we use for privacy protection and it is available to everybody. It was written by Kevin Cosgrove. It is a playbook for people on how to protect themselves and their families from a whole bunch of different issues, whether it be WiFi, online banking, shopping, social media, a whole series of things. The reason I use that as a specific example is that a ton of education has to be done. That has to be done for this bill as well. There needs to be a defined playbook of accountability, like going to the Standing Joint Committee for the Scrutiny of Regulations and ensuring there is oversight for the minister. All those things have to be really enhanced to build the confidence so we all buy into this.

Madam Speaker, I want to thank the member for Windsor West for all his hard work on this. Definitely, when it comes to protecting Canadians, he is the right person to do it.

I wonder if he would expand on clause 15.2 with respect to no general oversight and what the risk is to Canadians if that is not in place.

Madam Speaker, It has been fun to work with my colleague on some of these issues. We need a lot of public education related to this going forward.

That section again is just too weak. It provides too many holes. There should be a way to get back to a process of ensuring the minister is held to account. That is one of the things where we are looking to expand powers, but, again, we really need a lot more public education with respect to cybersecurity.

I know it is one of those issues that when we hear it, our eyes fog up, or they roll back in our heads and we think it is just too complicated for us, that there is always something happening, but we really need to engage Canadians on this. That includes engaging the government to ensure it understands that it has to teach residents about the bill and its repercussions as it goes forward.

Madam Speaker, I will be sharing my time with the hon. member for Vaughan—Woodbridge.

It is a true privilege for me to add my voice to the debate on Bill C-26, an act respecting cybersecurity, on behalf of the residents of my riding of Davenport, many of whom have written to me through the years about their concern around cybersecurity and the need for additional protections at all levels of government.

This bill represents the latest step in the government's constant work to ensure our systems, rules and regulations are strong and as up-to-date as possible. That is especially important when dealing with a topic as fluid and rapidly evolving as cyber-technology. We have known for quite some time we would need to be constantly vigilant on this issue.

In 2013, the government established the security review program operated by the Communications Security Establishment. In 2016, we conducted public consultations on cybersecurity. In 2018, we released the national cybersecurity strategy. In 2019, we allocated $144.9 million through budget 2019 to develop a critical cyber systems framework. In 2021, we completed an interdepartmental 5G security examination, which recommended an updated security framework to safeguard Canada's telecommunications system.

A cornerstone of the updated framework is an evolution of the security review program. It would allow for continued engagement with Canadian telecommunications service providers and equipment suppliers to ensure the security of Canadian telecommunications networks, including 5G. As a result of this multi-year work, to address these identified concerns and improve Canada's cybersecurity posture, including in 5G technology, we introduced Bill C-26.

The bill is intended to promote cybersecurity across four federally regulated critical infrastructure sectors: finance, telecommunications, energy and transportation.

Bill C-26 consists of two very distinct parts. Part 1 introduces amendments to the Telecommunications Act that would add security as a policy objective and create a framework that would allow the federal government to take measures to secure the telecommunications system. Part 2 introduces the critical cyber systems protection act, which would create a regulatory regime requiring designated operators in the finance, telecommunications, energy and transportation sectors to protect their critical cyber systems.

As I mentioned, 5G has the potential to be a transformative technology for Canadians. It promises to bring lightning-fast Internet speeds that are unlike anything we have experienced so far. The benefits of instant and real-time connectivity will be immediate and far-reaching for Canadians and Canadian businesses.

The COVID-19 global pandemic has underlined the importance of this connectivity, whether it is for virtual classrooms, work from home or keeping in touch with loved ones, but we need to be absolutely sure this technology is safe and secure as the technology is rolled out in Canada.

Canada already has a system in place to mitigate cybersecurity risks in our existing 3G and 4G LTE wireless telecommunications network. Since 2013, the Communications Security Establishment's security review program has helped mitigate risks stemming from designated equipment and services under consideration for use in Canadian 3G, 4G LTE telecommunications networks from cyber-threats.

Like previous generations, 5G technology will have new risks and vulnerabilities that will need to be addressed so Canadians can realize its full potential. 5G is considered more sensitive than 4G because it will be deeply integrated into Canada's critical infrastructure and economy, and will connect many more devices through a complex architecture. The deep integration, greater interconnection and complexity increase both the likelihood and potential impact of threats. That is why an examination of emerging 5G technology and the associated security and economic considerations continues to be very important.

The technical agencies of the Government of Canada, within the Department of Innovation, Science and Economic Development, and the safety and security agencies that fall within the Public Safety portfolio, Global Affairs Canada, National Defence and others, are all involved in the federal government's efforts to develop a made-in-Canada approach to ensuring the secure rollout of 5G wireless technology. Moving this bill forward will further that vital work.

In the meantime, our world-class national security and intelligence agencies continue to protect our country from a wide range of threats. As we know, those threats include a growing number of targeted attacks from state and non-state actors, including cybercriminals.

Canada's two main national security organizations, CSIS and CSE, which is short for Communications Security Establishment, are working tirelessly to mitigate these threats.

CSIS provides analysis to assist the federal government in understanding cyber-threats and the intentions and capabilities of cyber actors operating in Canada and abroad who pose a threat to our security. This intelligence helps the government to improve its overall situational awareness, better identify cyber vulnerabilities, prevent cyber espionage or other cyber-threat activity and take action to secure critical infrastructure.

For its part, the CSE is always monitoring for threats that may be directed against Canada and Canadians. The CSE is home to the Canadian centre for cybersecurity, which was established as a flagship initiative of the 2018 national cybersecurity strategy. With the cyber centre, Canadians have a clear and trusted place to turn to for cybersecurity issues. It is Canada's authority on technical and operational cybersecurity issues, a single, unified source of expert advice, guidance, services and support for the federal government, critical infrastructure for owners and operations, the private sector and the Canadian public. It helps to protect and defend Canada's valuable cyber assets and works side by side with the private and public sectors to solve Canada's most complex cyber issues.

For example, the cyber centre has partnered with the Canadian Internet Registration Authority on the CIRA Canadian Shield. The shield is a free protected DNS service that prevents users from connecting to malicious websites that might infect their devices or steal personal information. With the passage of the National Security Act in 2019, Canada's national security and intelligence laws have been modernized and enhanced.

As a result, CSIS and the Communications Security Establishment now have authorities they need to address emerging national security threats, while ensuring that the charter rights of Canadians are protected.

These updates are in line with CSIS's mandate of collecting and analyzing threat-related information concerning the security of Canada in areas including terrorism, espionage, weapons of mass destruction, cybersecurity and critical infrastructure protection.

The passage of the National Security Act also established stand-alone legislation for the CSE for the first time ever. With the Communications Security Establishment Act, the CSE retained its previous authorities and received permission to perform additional activities.

For example, the CSE is now permitted to use more advanced methods and techniques to gather intelligence from foreign targets. Under the CSE Act, CSE is mandated to degrade, disrupt, influence, respond to and interfere with the capabilities of those who aspire to exploit our systems and to take action online to defend Canadian networks and proactively stop cyber-threats before they reach our systems. It is also permitted to assist DND and the Canadian Armed Forces with cyber operations.

As Canada's national police force, the RCMP also plays a very important cybersecurity role. It leads the investigative response to suspected criminal cyber incidents, including those related to national security.

Cybercrime investigations are complex and technical in nature. They require specialized investigative skills and a coordinated effort. That is why, as part of Canada's 2018 national cybersecurity strategy and as a second flagship initiative, the RCMP has established the national cybercrime coordination centre, or NC3.

The NC3 has been up and running for over a year now. It serves all Canadian law enforcement agencies, and its staff includes RCMP officers and civilians from many backgrounds. Working with law enforcement agencies, government and private sector partners, the NC3 performs a number of roles, including coordinating cybercrime investigations in Canada.

All of this is backed up by significant new investments in the two most recent budgets. In budget 2019, we provided $144.9 million to support the protection of critical cyber systems and we later invested almost $400 million in creating the Canadian centre for cybersecurity, the national cybercrime coordination unit and increased RCMP enforcement capacity.

Whether it is nationally or internationally, I have full confidence in the abilities of all those in our national security and intelligence agencies who are working hard day and night to safeguard our cybersecurity and protect us from harm online. I am confident that Bill C-26 will go a long way to continue doing that.

Madam Speaker, I appreciate the comments from the government member across the way.

In the debate today, a number of concerns have been brought forward around some of the ministerial powers included in Bill C-26, as well as the lack of accountability mechanisms. I think we have heard from all parties about the desire to bring forward amendments and improvements at the committee stage.

Does the member opposite have a willingness to work with members of the House to ensure that we improve this bill and make sure it achieves the results it intends to?

Madam Speaker, I think our Minister of Public Safety was very clear this morning. Without question, every time the government takes additional, decisive action and puts additional measures in place, there has to be corresponding transparency and accountability. We absolutely need to make sure there is enough of that in Bill C-26 so we have the confidence not only of the House but of Canadians with regard to having the proper accountability and transparency in place.

Madam Speaker, I thank my colleague for her speech.

This bill still raises some serious concerns. The Bloc Québécois is prepared to support it so that we can examine and improve it in committee.

In 2021, in Canada alone, one in four businesses reported being the victim of a cyber-attack. We are the G7 country that has done the least in this regard. We spent $80 million over four years for research and development, which is not much. Canada is lagging behind in that department. Cyber-attacks on businesses can be sudden and unexpected, and not every business has the money to invest in cybersecurity or protection mechanisms.

What will this bill actually do to help with and improve cybersecurity?

Madam Speaker, I want to point out that we have been providing significant investment in critical cyber systems and cybersecurity. We did this in budget 2019 by providing $144.9 million for the protection of our critical cyber systems in the areas of finance, telecommunications, energy and transport. We also invested almost $400 million in the Canadian centre for cybersecurity, in the creation of the national cybercrime coordination unit and to increase our RCMP enforcement capacity.

The hon. member did a wonderful job in asking how we are going to make sure we work with the public and private sectors. The Minister of Public Safety was very clear this morning: This legislation is about filling in the gaps and providing a bridge for all of the different actors, both in the private sector and in the public sector, so we can work together to create more resiliency against any cyber-attacks in the future.

Madam Speaker, I think we all agree that the protection of Canada's cybersecurity needs to be improved. However, as we are hearing from the opposition, there are concerns around the broad powers the minister would have through this bill and concerns about everyday Canadians possibly being surveilled by their own government.

We have not heard assurances from the government as to how it will address that to ensure Canadians do not feel they will be victims of government overreach through powers given to the minister.

Madam Speaker, this question has come up all morning. I think it is a very big concern, not only for the opposition but for this side of the House.

We want to make sure we get this right. We must ensure that we have very strong protections against cyber-attacks and have cyber-attack resiliency in this country. We also have to be very transparent about the additional powers and how they will be used.

Madam Speaker, I certainly agree that something needs to be done about cybersecurity in this country, but I am increasingly alarmed when I see that the bills continually coming from the Liberal government say ministers would have all powers to do whatever they want. There is no transparency because there is no public record. Then they say not to worry about what the government is really going to do because the Governor in Council, which is really cabinet, will decide afterward with no parliamentary oversight what will be done.

Does the member agree that the government needs to have parliamentary oversight and at least have this subject to the scrutiny of committees?

Madam Speaker, of course, fundamentally I believe in the oversight of government and ensuring that there are checks and balances.

When bills proceed to committee, obviously members within the pertinent committee should bring forth ideas to strengthen them, and that includes Bill C-26. Our main priority as MPs is to bring forth good legislation, to improve it and to protect the security of Canadians, whether it is their cybersecurity or health and safety. Bill C-26 would take us down that path.

Madam Speaker, clause 2 of the bill would enable the government to issue orders to force users of telecommunications services to use products or services that do not come from certain providers, including Huawei.

Does that mean that a person who has already bought a Huawei cellphone, because that is a product, will not be able to use it anymore and will have to buy a new phone much sooner than they expected?

What is more, since decisions will be made by order, does that mean that, under this bill, the government will be using orders to govern in this area instead of going through parliamentarians?

Madam Speaker, I thank my colleague from Quebec for her question.

In the preliminary version of the Library of Parliament's assessment of the bill, there is a reference that the bill specifies that no one would be entitled to any compensation from the federal government for any financial losses resulting from these orders. I am not certain if these orders pertain to exactly what the member was speaking to, but I do believe so. I would have to get back to the member on that specific question, because it is a pertinent question.

Madam Speaker, we are all in agreement here. We know that Canada needs to strengthen protections when it comes to cybersecurity to protect Canadians and Canadian businesses.

One thing we are all unified on over on this side in the opposition parties is that we need to have some assurances for everyday Canadians that these sweeping powers, broad powers that are going to be given to the minister, are not going to be applied to everyday Canadians in terms of surveillance.

I know we keep hearing from Liberal colleagues that they will get it to committee and will answer these questions. However, does my colleague not agree that the minister failed in bringing forward this legislation without addressing some of these concerns at all? This is fairly substantial legislation, and the Liberals have not been able to address any of the concerns we brought forward today around these very real concerns.

Madam Speaker, we must always protect the civil liberties and rights of Canadians. Any legislation brought to the House needs to pass that means test, if I can call it that.

With reference to Bill C-26, it is definitely required that we update our cybersecurity laws to reflect the ongoing changes in technology that have happened over the last number of years and the increasing use of cybersecurity, cyber-threats, increasing digitization that has been going on in the world, and the fact that Canadians are increasingly interconnected in this world.

We need to maintain checks and balances within the system and ensure that individual rights of Canadians are protected.

Madam Speaker, I will be splitting my time with the member for Sherwood Park—Fort Saskatchewan, a good friend of mine.

Today I get to address Bill C-26, and right off the top I will say that I think this is dumb legislation. Why do I say that? I say that because I do not think that it has attempted to do what it has stated it would do. Generally I find that this is another piece of legislation, probably the third or fourth that I have spoken on in this session of Parliament, where I am frustrated with the government in that it does not seem to do the hard work of governing.

Governing is a matter of balancing the interests and coming up with a statement or something that is clear. On the rule of law, we would anticipate the public and anticipate what the rules ought to be and then look at the law, read the law somewhere and say, “Oh, that is what we are supposed to be doing.”

Again, here we have a piece of legislation where there is a clear, identifiable problem. Canadians have seen a number of issues around the country and around the world where cybersecurity is under threat. Canadians are asking the government to govern, to set some parameters and guidelines as to what the expectations are around who gets to participate in cyberspace and how we ought to operate in cyberspace.

We see in this piece of legislation the classic attitude of “We're the government. We're here to help. Trust us. We got this.” We do not trust the government. Particularly, the Conservatives do not trust the government to do the things it needs to do. We have seen it try to hand out billions of dollars to its friends. I mentioned the WE scandal. We have seen it hand out money to its friends over at Baylis Medical. We have ample evidence of why we should not trust the government.

When it comes to cybersecurity, it is also an area where I do not trust the government. The government has been in power for seven years, and we have watched it drag its feet with an inability to come to a decision, for a whole host of reasons, around the Huawei situation. Was a particular company allowed to participate in the building of the infrastructure of our Internet architecture?

This is a major issue. We told the government that we don't think this Chinese Communist Party government-controlled company should be able to participate in the Canadian Internet infrastructure. We called on the government to ban the use of Huawei technology in our Internet infrastructure, yet it could not do it. It took the government years of dragging its feet, wringing its hands and doing a whole host of things. When the Liberals come forward with a bill like Bill C-26 and say to trust the minister and that they will get this right, I am sorry, but we do not trust the minister to get this right.

We have seen a number of security threats challenging our basic infrastructure. One we should really take note of, which was fairly recent, is the shutdown of a particular pipeline. We saw a dramatic spike in fuel prices across North America because the cybersecurity of a particular piece of pipeline infrastructure was not to the state that it should have been. This, again, comes to the fact around trusting the government to do its job, particularly this government.

One of the key roles of government in Canada and anywhere is the maintaining of peace and security, and we have a military, a police force and a judicial system for that. A growing area where we need to be concerned about peace and security is in cyberspace.

We should be able to feel that our property should not go missing. We should be able to own property, and it should be able to be maintained by us, all of these kinds of things. We expect the government to put forward registries so we can register our property, so that, if it goes missing, the government has a registry of it and we can use that to get our property back. It cannot just be expropriated from us, all of these kinds of things.

In the same way, that is increasingly a part of cybersecurity. The ownership of things in cyberspace, the ownership of websites and the ownership of even our own Twitter handles, for example, are increasingly things that are deemed to be cybersecurity.

The government seems to be lacking in the ability to protect Canadians' cybersecurity.

There is an iconic Canadian company, Ski-Doo. I do not know if people are snowmobilers, but I do enjoy snowmobiling, and Ski-Doo is an iconic Canadian company.

I do not know if people know this but, recently, Ski-Doo has been the victim of a cyber-attack and has lost control of its entire dealership network. Its own computer system has gone down. It has not been able to get it back. Somebody else has control of it now and it has not been able to get it back.

These are the types of things that I think are crucial. When one is going to bring in a bill that talks about cybersecurity, these are the kinds of things the government should be trying to keep secure. This is Canadian property. These are Canadian identities. These are Canadian brands. These are the things we need to ensure we can prosecute, that we can track these people down who are doing this kind of thing and that we can ensure cybersecurity.

I guess that is where I get a little frustrated with a bill like this. It says a lot of nice things at the top of it. The government comes here with a blanket statement around how it is going to defend cybersecurity, how cybersecurity is important and how we should all vote in favour of this particular bill. I imagine that we will.

However, the bill does not necessarily tell us what we are going to do. The banning of Huawei is not necessarily laid out in this. There are no criteria as to what the expectations are for companies to operate in this space, in terms of what they can be tied to and what they should not be tied to. It is just, “Trust us. We are the government and we are here to help.”

In addition, we have seen over the last number of years the opportunities for the government to put resources into law enforcement's ability to track some of this down. We can see changes to the Criminal Code, to ensure that some of these malware attacks or ransomware attacks could be tracked down and prosecuted here in Canada. This is a major concern for companies looking at investing in the world. They look at a country's ability to protect them from a cyber-attack but then also to prosecute those cyber-attacks.

I have a friend who works for the Calgary city police. He works in cybercrimes. He often works with police forces from around the world to track down folks who are using ransomware on Canadian companies.

He tells me they rarely, if ever, prosecute in Canada because our laws are so non-distinct around this that it is impossible to prosecute. Because these are multi-jurisdictional crimes, they will often take the prosecution of this to a jurisdiction that has better laws. He says he will work with 23 law enforcement organizations and they will bring a case in Europe, in eastern Europe or in Israel, because those places have much better laws to protect cybersecurity.

Madam Speaker, I am glad the member will be voting in favour of the legislation going to committee. Hopefully many of the concerns he raises on the issues surrounding the worthiness of the legislation, will be addressed at that stage.

The legislation would empower the minister to be able to take actions. It would allow for financial penalties. It would allow for us to deal with cyber-attacks from a legislative perspective. That does not necessarily mean that this is the only thing we have done over the last number of years. There has been a great number of financial resources, individuals, committees and so forth ensuring our industries are protected.

This is yet another step forward in dealing with cyber-attacks, keeping us consistent with other allied countries. I am wondering if the member would acknowledge the importance of moving forward with allied countries in dealing with things, such as cyber-attacks?

Madam Speaker, I am hopeful that this bill would get us in line with other countries from around the world because, increasingly, Canada is left out of the discussions around cybersecurity.

We are no longer invited to some of the many important forums that do take place in battling this. If that is what this bill is attempting to do, to bring us in line with some of these other countries, I hope that is the case. However, I would note, I was talking to my friend with the Calgary Police Service who said that Canada is increasingly not the jurisdiction where they pursue these prosecutions because we are so lacking in good legislation to protect our cybersecurity.

Madam Speaker, I thank my colleague for his speech.

He talked about trust in the government or perhaps a lack of trust. In the current global context, there is interference by countries like China. We know that the RCMP has launched investigations into 11 electoral candidates. In fact, we also know that on July 7, 2016, the Prime Minister authorized a Chinese bank to do business on Canadian soil. At the same time, on July 6 and 7, 2016, the Papineau Federal Liberal Association received more than $70,000 in donations in 48 hours.

Is that not a reason to lose trust in the Prime Minister and the government?

Madam Speaker, that is another prime example among many of why Canadians do not trust the Liberal government, whether it this particular case of accepting interesting money for an approval; the Huawei decision that needed to be made; the WE Charity scandal, where the Prime Minister was trying to give an organization $1 billion, an organization that had funded nearly half a million dollars to his personal family; or the sweetheart deal with Baylis Medical.

Over and over again, we see that the government is not trustworthy. When it comes forward with bills that do not have a lot of details and that just give blanket permission to cabinet ministers, I am sorry, but we do not trust it.