House of Commons Hansard #139 of the 44th Parliament, 1st Session. (The original version is on Parliament's site.) The word of the day was cybersecurity.

Topics

Telecommunications ActGovernment Orders

10:35 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, I thank the Minister of Public Safety for his speech.

I have a question about the impact of this bill on Crown corporations that are considered to be critical infrastructure companies. What impact will this bill have on Crown corporations?

What are the impacts of this bill on provincial Crown corporations?

I am referring to Hydro-Québec and Manitoba Hydro, for example. What impact will this bill have on Crown corporations?

Telecommunications ActGovernment Orders

10:40 a.m.

Liberal

Marco Mendicino Liberal Eglinton—Lawrence, ON

Mr. Speaker, I would like to thank my colleague for her very important question.

The goal of Bill C-21 is to build a bridge, a collaborative effort between the government, critical infrastructure sectors and the private sector. We developed an approach that includes excellent lines of communication in order to effectively identify the cyber-threats to critical infrastructure that might jeopardize national security and the economy.

In answer to my colleague’s question, we will work with all federal regulators to create a system to protect all critical infrastructure sectors against all cyber-threats.

Telecommunications ActGovernment Orders

10:40 a.m.

Bloc

Simon-Pierre Savard-Tremblay Bloc Saint-Hyacinthe—Bagot, QC

Mr. Speaker, I think we are happy to see the government finally tackle the issue of cybersecurity. I am not necessarily saying that it is too little, too late, but I can say that we have waited a long time. We applaud the idea of forcing Internet providers to adopt better practices, and to that we say kudos. We all agree on that.

However, why does the federal government always have to react rather than be proactive?

We have been talking about 5G and Huawei for years. Hydro-Québec has been fending off daily computer attacks for years. We have known for years that China has been gaining power and interfering more and more. In short, we have known for years that Canada is extremely vulnerable in terms of cybersecurity.

How is it that, in this postnational system, everything always happens reactively, not proactively?

Telecommunications ActGovernment Orders

10:40 a.m.

Liberal

Marco Mendicino Liberal Eglinton—Lawrence, ON

Mr. Speaker, with all due respect for my colleague, I would like to point out that the government is always vigilant when it comes to any type of threat, including cyber-threats.

For example, in 2018, we created the national cyber security strategy. That is what I was talking about in my speech. The pillars of this strategy, which is used to respond to all risks, include resilient security systems, an innovative cyber ecosystem and Canadian leadership here and around the world.

We have taken concrete action to protect against the risks posed by certain actors that are not aligned with Canadian interests. We are now prepared to take the next step by introducing this bill to better protect our critical infrastructure. This excellent and effective measure will be implemented in collaboration with all federal regulators and the private sector.

Telecommunications ActGovernment Orders

10:40 a.m.

NDP

Daniel Blaikie NDP Elmwood—Transcona, MB

Mr. Speaker, folks would find that it is pretty easy to get agreement here on the idea that there is more to do in respect of cybersecurity. Where some of us may part ways is on the extent to which the government, while increasing its power to act, has not built into the bill corresponding checks and balances on its authority. Indeed, many of the orders it would give itself the power to issue under this act are secret orders. It has exempted itself from some of the normal reporting requirements.

I want to test the minister today on his openness to amending the bill at committee to ensure that there are appropriate checks and balances commensurate with the new and quite wide-ranging powers the government is proposing to grant itself in Bill C-26.

Telecommunications ActGovernment Orders

10:40 a.m.

Liberal

Marco Mendicino Liberal Eglinton—Lawrence, ON

Mr. Speaker, I look forward to collaborating with the hon. member and other parliamentarians on the debate of this important bill, including at committee stage. Without question, whenever the government takes decisive action to meet the threats posed in the realm of cybersecurity, there does need to be corresponding transparency and an articulation of the reasons we are taking that action.

He is quite right to underline that there would be new authorities contained in this bill. However, those new authorities we would propose to create are in direct response to the gaps that currently exist, as I outlined in my speech. We need to do both in lockstep: address the gaps posed on the landscape of national security in the context of cybersecurity but also be transparent about that.

I point out that there are independent bodies, for example NSICOP and NSIRA, so that where the government is taking steps that implicate national security, there can be accountability. This is the way we can achieve both objectives. It would ensure the confidence of all Canadians that this is an appropriate measure to seize the opportunities there, as well as to manage the risks manifested in our landscape.

Telecommunications ActGovernment Orders

10:45 a.m.

Winnipeg North Manitoba

Liberal

Kevin Lamoureux LiberalParliamentary Secretary to the Leader of the Government in the House of Commons

Mr. Speaker, I wonder if the minister can provide additional comments on the importance of the Five Eyes nations, the countries we work closely with, and give a different perspective on what he believes and why he believes it is important that we walk in step with those Five Eyes nations.

Telecommunications ActGovernment Orders

10:45 a.m.

Liberal

Marco Mendicino Liberal Eglinton—Lawrence, ON

Mr. Speaker, this question allows me to highlight how Canada is co-operating with like-minded democracies around the world, both in the context of the Five Eyes relationship as well as the G7. I had a chance to meet with both counterparts very recently, one in Washington, D.C., and then, about two weeks ago, in Germany. It is without doubt that all the democracies within these multilateral forums are thinking very hard about how to manage threats in cyber, including ransomware, including the spread of disinformation and including the efforts of hostile actors to engage in cyber-espionage and the like.

The way we are advancing that collaboration is through information and intelligence sharing as much as possible, so that we can push back against efforts to attack our economies and to attack Canadian interests, etc.

Even as we present Bill C-26 for debate, to take decisive action here at home domestically by addressing the current gaps within our cyber-realm, we are also collaborating very robustly with partners around the world who are like-minded in managing these threats.

Telecommunications ActGovernment Orders

10:45 a.m.

Conservative

Alex Ruff Conservative Bruce—Grey—Owen Sound, ON

Mr. Speaker, I just have a couple of quick points.

First, I would correct the minister. He referred to it as Bill C-21 a couple of times earlier in his speech. I think that maybe it is on his mind. He knows that there are great changes that need to be made or scrapped out of that bill.

As for the references he talked about in his speech, to Huawei and 5G, obviously the government finally decided to ban Huawei from our 5G network just in May.

Why did it take the government so long? It was tabled here. A motion was passed in the House a year and a half prior to its making that decision.

I am just interested to know why it took the government so long to make such a critical national security decision.

Telecommunications ActGovernment Orders

10:45 a.m.

Liberal

Marco Mendicino Liberal Eglinton—Lawrence, ON

Mr. Speaker, I embrace the urgency of my hon. colleague's question. I also want to thank him for the legislative title correction. Obviously, I am managing a number of priorities, as he well knows.

There is no dispute that we need to advance this debate and to do so thoughtfully and deliberately and urgently. As he will know, we took very decisive action against the risks posed by Huawei and ZTE as they relate to 5G, 4G and 3G networks, and we are going to continue to be vigilant about them.

If he shares that sense of urgency in moving forward, he really ought to study the bill along with his colleagues in the Conservative Party and support it.

At the end of the day, this bill would address those gaps and potential vulnerabilities so that we can manage the risks and, at the same time, leverage the innovative opportunities that lie in wait when it comes to technology.

Telecommunications ActGovernment Orders

10:45 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, it is an honour to speak today in the House about Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making other consequential amendments.

This is a critical bill, and I am very happy to see the debate being undertaken today in the House. I do know that cybersecurity is important to the Minister of Public Safety, so I will give him credit for bringing this bill forward. It should be something that is important to all government ministers of every level of government. It is very important that we are having this debate today.

I was provided a briefing from cybersecurity experts from the minister's department just under a year ago. It was very informative about the risk Canada faces in terms of cybersecurity. Just to speak simply, I asked them what would be, in the worst case scenario, sort of a Pearl Harbor moment for Canada. They responded that it would be a cybersecurity attack on our electrical infrastructure or our pipeline infrastructure in the middle of winter. If there were a cyber-attack or a ransomware attack on the infrastructure that keeps Canadians warm in the middle of winter, that would be absolutely devastating, specifically in our coldest provinces, regions and territories in Canada.

Just to give Canadians an idea of the gravity of what we are talking about today and how important it is, not only that we bring forward cybersecurity legislation that builds capacity, but also that it be done right. There was a series of questions before my remarks that outlined a number of the issues in this bill.

I will just outline a number of recent cybersecurity attacks in Canada and also in the United States of late. We know that the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians who were victims of that. There was also a hospital in Newfoundland, in October 2020, where the cybersecurity hackers stole personal information from health care employees and patients in all four health regions, as well as social insurance numbers belonging to over 2,500 patients. Very deeply personal and private data from these hospitals was stolen by cybersecurity hackers.

Global Affairs also most recently was attacked in January 2022, right around the time that Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian, or Russian state-sponsored, actors who were responsible for the cyber-attack on Global Affairs.

That was a very serious attack on another government department. The government is certainly not immune to these types of cybersecurity attacks.

Most famously, I would say, there was a ransomware attack on critical infrastructure in the United States back in May 2021. Pipeline infrastructure was attacked. President Biden issued a state of emergency. Seventeen states issued these states of emergency. It was very serious, and it just shows the capabilities of some of these cyber-threat actors, and the threat they pose to Canadians in their everyday lives and to Canada as a whole, as well as the threat to our allies.

This bill is coming forward in light of the government announcing most recently, in the past year, that it would ban Huawei from our 5G infrastructure. Conservatives and the House of Commons, in fact, have been calling on the government to do that for quite for some time. This legislation would help enable the practical implications of that ban. Again, it is certainly a very long time coming. Had this been done years ago, it would have saved our telecommunications and thereby the everyday users of our telecommunications companies, a lot of pain and a lot of money. I am concerned about the financial impact, although this is critical, that waiting so long to bring it forward would have on everyday Canadians and their cellphone bills, just as an example.

I am the vice-chair of the public safety and national security committee. I championed a study we are undertaking, which is in the process of being finalized right now, of Canada's security posture in relation to Russian aggression. A large part of that study was about cybersecurity. The experts we brought in repeatedly sounded the alarm that cybersecurity is of the utmost importance. It is something that the Government of Canada, the private sector, provincial governments and, frankly, municipal governments must take extremely seriously. It is rapidly evolving. I am going to give some quotes from a few of the experts to the lay the stage of what we are facing as Canadians.

Professor Robert Huebert of the University of Calgary said:

With regard to other cyber threats, we also know the Russians have shown an increasing capability of being able to interfere in various electronic systems and cyber systems of other states. We've seen this with their ability to influence the Ukrainian electrical system prior to the onset of the war in 2014.

This is the other war it engaged in over the last number of years. He also said that we are seeing this in other locations across the globe.

He went on to state:

Once again, it's hard to know exactly how well-defended [Canada has] become in being able to harden that part of cyberwarfare. There's no question, whatsoever, that the attention the Russians and the Chinese are giving this is increasing....

He compared that to the reports we are hearing from our American and British friends and allies who are saying the Chinese and Russians are extremely active on the issue of cybersecurity and involving state-sponsored actors launching attacks against countries like Canada and the United States.

We also had a woman named Jennifer Quaid, who is the executive director of the Canadian Cyber Threat Exchange, which is a private company that supports various companies to help boost their cybersecurity. She talked a lot about cybercriminals. This is an important piece. Even the minister talked about this as well.

First and foremost, she flagged that the Minister of National Defence of the current government said, “Cyber security is one of the most serious economic and national security challenges we face.” Therefore, it is quite a serious issue we are talking about today.

Ms. Quaid went on to say, “cyber-threats are becoming more sophisticated and are increasingly pervasive. Driven by the growth and global adoption of innovative technologies, cybercrime pays.”

She meant that cyber-threat actors can be grouped roughly into two categories, nation states conducting espionage and statecraft through the Internet, and criminals engaging in cybercrime for financial gain.

She went on to say, “It's this criminal element that has commercialized cybercrime”, meaning that cybercriminals and cybercrime have now become a thriving industry. She pointed out that the barriers to entry, the technical expertise needed to be a hacker, so to speak, is increasingly low. She said that several countries now are allowing cybercriminal groups to operate within their borders.

She also named something called a “hacktivist”, an activist hacker, of all things. We may have someone, in the name of social justice, hacking into a fossil fuel company, for example. Imagine if that happened in Canada in the middle of winter to our gas pipeline infrastructure. It would be devastating and deadly, so we have to keep an eye out for hacktivists, as she said.

She also pointed out that 25% of organizations in Canada have reported a cyber-breach. One in four. That is pretty significant. She said that the small and medium-sized enterprises that make up 98% of our economy are also being impacted. Almost 100% of our economy is being attacked in some form or another.

This is really important when we think of big banks and big, wealthy corporations that have pretty good cybersecurity infrastructure and have the money to do so. What feeds them is third party suppliers that may provide the various components or various mechanisms to undertake their important parts of the industry that company is engaged in. They are also at risk. Therefore, if a lower third-party provider of a major telecom is attacked, for example, that may seriously impact the ability of that telecom to deliver its services adequately to Canadians.

She mentioned that 44% of SMEs, small and medium-sized enterprises, do not have any defence. Almost half of our small and medium-sized enterprises, which dominate our economy, do not have any sort of defence and are not even thinking about cybersecurity. That is why today's discussion and this bill are important to be debated and have experts weigh in.

I will also quote Dr. Ken Barker, who is a professor at the Institute for Security, Privacy and Information Assurance at the University of Calgary. He talked a lot about the impact of cybersecurity on critical infrastructure. He mentioned that, in general, it is very vulnerable because it is built on legacy systems that, in essence, predate the Internet. As our legacy systems are getting online, this creates, as he explained, some gaps that hackers can take advantage of, which again puts our critical infrastructure at risk. That came up over and over at committee. He pointed out that our large private companies and our banks are investing a lot in cybersecurity, but again, as he and Ms. Quaid pointed out, it is their SMEs that are the most vulnerable.

I will conclude my quotations here with Caroline Xavier, who is the director of the Communications Security Establishment, which falls under the Department of National Defence. It is the part of government responsible for cybersecurity. Therefore, that she is the head of government cybersecurity is a simple way to look at it.

She said, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses. Cybercriminals trying to probe Canadian systems have been found in Russia, Iran and China, among others. [They] use various techniques such as ransomware”. They are specifically focusing on our critical infrastructure, and they certainly pose, as she said, “the greatest strategic threat to Canada.”

The bill before us would do a number of things. It is quite a large bill, so I will not go into every detail of what it would do, but in essence there are two parts. One would amend our existing Telecommunications Act. Of particular importance, it would give very broad and sweeping powers to the minister of industry to do a number of things. What has been criticized by a number of organizations is a specific part of the bill, which is in the summary, that says it would allow the minister and the Governor in Council to “direct telecommunications service providers to do anything, or refrain from doing anything”.

Those are very broad powers to be given to one minister, so that should immediately put up red flags for all of us. No one should have such vast sweeping powers over our telecoms. Again, I have built the case that we need better cybersecurity, but there is a big question mark here of whether we are giving too much power to one minister, one person, in all of Canada.

The bill also has a whole financial issue involved in it. To do anything, as it said, could have massive financial implications. Big companies such as Telus may be able to afford that, but our small telecoms may not be able to so much. It might bankrupt them. That is not great news, and there would be no financial component, in terms of compensation, for any of these losses, so there is a big question mark there as well.

Also, something of importance I find quite concerning is the way the bill is structured would result in a significant exchange of a lot of information from telecoms to the minister, which he could pass on to various ministers and government agencies. Is that very confidential information? It is certainly the cybersecurity plans. Does that include state secrets? Is it safe that we would be asking our telecoms this?

The second part of the bill involves all critical infrastructure companies in Canada, as was outlined by the minister, including provincial and Crown corporations, and the like, so the bill would really establish the process that all of these companies would have to provide their cybersecurity plans, and there would be a very strict reporting mechanism. We are talking about days, if not a few weeks, to get together these plans and provide them to the minister. There would be annual updates required. If a big company were to change a third-party provider, it would have to, in essence, immediately report that to the minister of industry.

There is a whole host of very cumbersome reporting mechanisms, and I do believe we need some of these, but a question remains, as I have outlined earlier, and the government is not immune to being hacked by cybercriminals. I just outlined three or four incidents when that happened. The bill would take all of our critical infrastructure, and all of companies' cyber-defence plans, along with countless other pieces of personal data of Canadians and others, and we would give that to the government. An argument could be made that this is needed, but where are the protections for that? Where is the defence of government to ensure that this would not end up in the wrong hands or that information is not hacked by cyber-actors?

That is a significant threat that needs to be addressed by the minister, and I was not assured from his remarks that this is something that is front and centre in his objective through the bill.

I would also say that there is a number of civil liberty organizations that have raised serious alarm as well. There was an open letter written to the minister from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, the International Civil Liberties Monitoring Group, Leadnow, Ligue des droits et libertés, OpenMedia, and the Privacy and Access Council of Canada. All of the leaders of research and discussion of our civil liberties, all such major organizations in Canada, were quite alarmed by the bill in many ways and wrote an open letter to the minister that outlined a number of things.

In essence, they said the bill would grant the government sweeping new powers, not only over vast swathes of the Canadian economy, but also in intruding on the private lives of Canadians. To sum it up, and I think they said really quite well, “with great power must come great accountability.” There is great power in the bill, but the accountability side is lacking.

Before I go on to detail some of their concerns, I do want to outline what some other countries are doing. If we look at the U.S. and the EU, they have established similar bills in the past year or so. The EU actually has greater and more significant fines in many ways, and the U.S. provides more prescriptive and strict reporting mechanisms, such as, if a U.S. critical infrastructure company has a ransomware attack, the legislation outlines the company must report it to the government within 24 hours.

That actually might be something we may want to consider for the bill. If we are going to go there, we might as well have it in line with our American allies and make it tight. I do think that a reporting mechanism is one of the most important parts of this bill.

I want to go back to the civil liberties issue. With the government's track record on Internet regulation bills, such as Bill C-11 and others, a lot of people have their backs up about their personal freedoms online and their data, rightfully so. The civil liberties associations are raising some of the concerns that have not been assuaged thus far by the government or the Minister of Public Safety.

In the open letter, they mention that this, “Opens the door to new surveillance obligations”, which is quite concerning. In their view, and this has not been proven, “Bill C-26 empowers the government to secretly order telecom providers ‘to do anything or refrain from doing anything’”, as I mentioned. They believe that, if there was an abuse of this extreme power, it could be utilized by a government with ill intent, not to say that is the Liberal government's intent, but it could be utilized to survey Canadian citizens. It is quite concerning.

They go on in that realm to outline that the powers in this bill allow the administrative industry to terminate who telecoms work for, for example. They believe that could also be applied to individual citizens. They are looking at this and thinking, if a government wanted to punish a group of people, it could call up Telus, and this is very blunt and not overly academic in the way I am explaining it, to direct Telus it cannot do business with these people, cut off their access to the Internet and cut off their cell phones.

It is an extreme worst-case scenario, but it is worth flagging that there may be a bit of a backdoor in this bill that would allow that, should an evil government ever come along that is looking to abuse the civil liberties of Canadians. I would like to see that addressed and have safeguards put in place to prevent that type of abuse, should it ever happen in an extreme circumstance.

They also talk about how it “Undermines privacy” and that there are “No guardrails to constraint abuse”. Again, I think this is an area where opposition parties, in particular, and hopefully government members on the committee, can come together to ensure that there is an ombudsman put in place or an oversight body. We need something where the rights of companies, and more importantly of citizens, are protected from the abuses I have outlined, and there are many others.

There were also a lot of concerns from the Business Council of Canada. It wrote an open letter to the minister on behalf of large companies, and also small and medium-sized enterprises. In essence, what we are seeing is the red tape is extremely high, so we are worried that will impact our small and medium enterprises.

The business community, in general, has said that it seems that this bill, to sum it up bluntly, is all stick and no carrot. It is all hard-hitting. It is going to be super hard on us, and we better comply. I can hopefully go into more details about that in the question part of this debate, but there is no incentive structure built in.

There is no incentive to have companies share best practices with each other. I think the government should be a leader in encouraging the open sharing of best practices and experiences that protect the confidentiality of companies but allow them to share information, so other companies can be better equipped, and we can all work together as one big happy, cyber-secure family.

The Conservative Party of Canada is, first and foremost, concerned about national security and ensuring the federal government takes that leadership role in ensuring that Canada, as a whole, is secure against any possible threat, every eventuality, as the Minister of National Defence likes to say.

We are seeing serious gaps in our military. We can have stronger alliances in our Five Eyes intelligence sharing and other agreements. Certainly, that involves cybersecurity. Canada is vulnerable, like many countries in the world. In fact, most countries are dealing with these problems. The Conservative Party of Canada wants to see a more robust framework to incentivize and enforce reporting mechanisms to ensure our cybersecurity is protected, and to make sure there is not a ransomware attack on our pipelines in the middle of winter, which could kill thousands of Canadians from the cold, for example.

We will be looking to support this bill in going to committee, but I want to make it very clear that, if the issues in this bill, and I have outlined a few of them concerning privacy and impacts to business, are not addressed, the Conservative Party is ready to pull its support immediately and put up a very strong defence to stop this bill from going beyond committee. I want to make that very clear to the minister and the Liberal government.

We will get this to committee to hear from experts because we believe that is important, but it must be fixed. There are serious issues that need to be addressed and amendments that need to be made. I would ask Liberal members on the committee to get to work with us, so we can make this bill what it needs to be and make it better to ensure cybersecurity is protected in Canada today and for years to come.

Telecommunications ActGovernment Orders

11:05 a.m.

Winnipeg North Manitoba

Liberal

Kevin Lamoureux LiberalParliamentary Secretary to the Leader of the Government in the House of Commons

Mr. Speaker, I do not think there is anyone in society who does not recognize the potential harm of cybersecurity. The issue is how do we ensure we are well positioned to address vital threats to our critical infrastructure. The member opposite says her concern is that we are giving too much power to one individual.

Does the Conservative Party have an alternative to ensure that particular issue is addressed in the form of an amendment? Does the member have any suggestions on that point?

Telecommunications ActGovernment Orders

11:10 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, the member is also from Winnipeg, so he is a fellow Manitoban.

As I outlined it in my remarks, it is not just the Conservative Party. We were alerted to this by every major civil liberties organization in the country. They wrote quite an in-depth open letter with over two dozen different concerns that they had, give or take, so we are using the information we are getting from the organizations specifically tasked with protecting civil liberties and privacy and freedoms of Canadians. That is who alerted us to it.

We would like to bring them before committee to make their recommendations. They have made recommendations in open letters. Various organizations with technical expertise have also recommended various amendments to this bill. Again, I am not an expert in cybersecurity, but I do understand Canadians' need to protect their privacy. Therefore, at the committee stage, we will be bringing forward these experts to help us craft amendments. I mentioned in my remarks that perhaps there could be an ombudsman or a specific oversight committee that is built into this.

One last thing is that there is no annual reporting mechanism in this bill, where government would be responsible for tabling a report to Parliament that would outline and give Canadians an idea of what the government has been doing with this bill and what the threat assessment of Canada in the impacts of what the bill has done and what it has seen in the reporting mechanisms from companies. I would say it needs annual reports to Parliament, and we have to craft those amendments with expert witnesses' testimony at committee. I look forward to those discussions.

Telecommunications ActGovernment Orders

11:10 a.m.

Bloc

Julie Vignola Bloc Beauport—Limoilou, QC

Mr. Speaker, I have so many questions.

We agree on the principle of the bill, but I do have to wonder about the precautionary principle. Since 2017, the Chinese government has required Chinese companies to hand over any information they collect to its intelligence service. Despite this, the federal government continues to award contracts to Chinese companies like Nuctech, for example.

That was a very important contract, I might add. Nuctech was being asked to install x-ray machines in embassies, precisely where our information must be protected. Information from the embassy could have easily been passed on.

My question for my colleague is this. We currently have an interesting bill before us, although it needs improvement. Should the precautionary principle not be applied more systematically, along with the recommendations made by the Standing Committee on Government Operations and Estimates in its June 2021 report?

Telecommunications ActGovernment Orders

11:10 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, the member's question is quite a technical one. The member does mention China and what it has done. I am deeply concerned about Chinese state-sponsored actors who are conducting espionage and looking to steal data and very important national security information from various government departments and individual citizens. That is the reason that all of our Five Eyes allies, with Canada being last, banned Huawei from our 5G infrastructure, because of any possible back-door element.

Because, with all companies that are owned by China, there is, to put it bluntly, an ability for them to direct, for example, Huawei to take all their information. That is why Five Eyes allies, put quite simply, called on Huawei to be banned. They did that before us, and we took a very long time.

I will look more into the specifics. The member was not too familiar with what she talking about. Suffice it to say, the Conservative Party of Canada has been very clear: We need to be very clear-eyed on China, in particular when crafting this bill. It needs to be crafted in a way that offers the most defence for Canadian critical infrastructure against Chinese sponsors, state actors or others.

Telecommunications ActGovernment Orders

11:10 a.m.

NDP

Daniel Blaikie NDP Elmwood—Transcona, MB

Mr. Speaker, there is a lot to think about in what the member for Kildonan—St. Paul had to say, and I agree with many things she said, including her concern about the oversharing of Canadians' personal information between government departments. I know that was a significant issue in the 41st Parliament with Bill C-51, when the government of the day introduced security legislation at that time.

I wonder if the Conservative Party today is in a mood to actually protect Canadians against the oversharing of information between government departments and if we might try to find an opportunity in the course of this bill's passage through the House to correct, as we go, some of the defects in that legislation from many years ago.

Telecommunications ActGovernment Orders

11:15 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, I appreciate the question from my colleague, who is also from Winnipeg and a fellow Manitoban.

I take the member's point regarding former pieces of legislation that need work. The leader of the official opposition, the member for Carleton, has been very clear in his desire to protect data and the rights of Canadians, especially if we are looking at Bill C-11, which is the Liberal government's attempt to control and regulate the Internet, so to speak. He put forward the very first, very public and very well executed defence of Bill C-11, so I would say that the capability for data sharing between departments and between ministers, which is a large part of this bill, raises a lot of significant privacy concerns of the data of individual Canadians.

We have been very clear that our intentions with this bill and others are to protect those freedoms and that privacy of Canadians. Therefore, that will be the underlying theme of our approach, certainly to this bill during the committee process and in the days and weeks to come.

Telecommunications ActGovernment Orders

11:15 a.m.

Conservative

Larry Maguire Conservative Brandon—Souris, MB

Mr. Speaker, I want to thank my colleague for Kildonan—St. Paul for taking part in the Manitoba debate that is going on here.

The member commented on SMEs, noting that half of them had no defence and were the most vulnerable. As with the bill I was able to get through last year on SMEs and small businesses, it is very important they have the abilities and rights to protect themselves on this as well. In response to the last question, the member also talked about transparency, which is so important.

Could the member expand on those two areas?

Telecommunications ActGovernment Orders

11:15 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, I am enjoying this Manitoba debate. There are a couple of things I would say.

The government, in the last budget of 2021-22, announced about $700 million for cybersecurity. It seems that it is all going to the Communications Security Establishment, which, as I mentioned in my speech, is the government's sort of cybersecurity agency under the Minister of National Defence. It is great. We do need more resources at the government level for CSE. However, I asked the minister if any of that funding was being provided for our small and medium-sized enterprises so they could boost their cybersecurity. The minister never did get a response to my email.

Again, when we are looking at small companies, it is easy for Telus, big banks and others to afford some of these things. However, if we are looking at small telecom providers, like a small Internet provider in northern B.C., the cost to meet the red tape in the bill might put them out of business. Why not take a little of that funding the government has announced and provide it to our SMEs to help them get to the level we need them to be to protect our critical infrastructure? Perhaps we can get a bit creative and look at our tax system to see if there is some sort of capital expense tax write-off or something we can provide our SMEs to help them get there, because we really need to, as I made the case in my remarks, as I am sure others will as well.

I have not heard a response to that. The government is spending the money anyway. It is spending more money than any government in history. Why not provide a little of that to our SMEs to ensure that critical infrastructure is up to par?

Telecommunications ActGovernment Orders

11:15 a.m.

Bloc

Alexis Brunelle-Duceppe Bloc Lac-Saint-Jean, QC

Mr. Speaker, we are talking about cybersecurity. This means that there is a lot of foreign interference conducted through cyber-attacks.

Speaking of foreign interference, is my colleague not concerned that, in 2016, after giving a Chinese bank a business licence, the Prime Minister received $70,000 in donations to his riding of Papineau within 48 hours? Is that not interference? In 48 hours, he received donations from outside his riding, specifically from Toronto and British Columbia. Is that not evidence of foreign interference?

Telecommunications ActGovernment Orders

11:15 a.m.

Conservative

Raquel Dancho Conservative Kildonan—St. Paul, MB

Mr. Speaker, I appreciate the investigative work done by the Bloc Québécois on this issue.

We are just learning about the details of this. I am very concerned about the allegations being made, as everyone should be if there is proven to be a connection and it is proven to be true. We are monitoring this quite closely.

I imagine the Parliamentary press gallery and other media sources across the country are digging into this very quickly and as closely, as they should. It is something we are closely monitoring as we learn the details of any possible payoff to the Prime Minister from the Chinese government or other actors from China.

Telecommunications ActGovernment Orders

11:20 a.m.

Winnipeg North Manitoba

Liberal

Kevin Lamoureux LiberalParliamentary Secretary to the Leader of the Government in the House of Commons

Mr. Speaker, an interesting debate is under way thus far on such an important issue with which we all have to come to grips. As changes in technology take place, we have to take that into consideration. I suspect that legislation dealing with privacy or cyber-attacks will be ongoing. Once the bill goes to committee, I am sure there will be a great deal of dialogue. I anticipate a great diversity of witnesses will come forward with ideas on the legislation.

I will pick up on the point I raised with the member opposite about the concern that the minister had too much power under this legislation. Often, when government brings forward legislation, opposition members bring forward concerns about how power is enhanced through the minister's office.

I have had the opportunity to briefly go through the legislation and I genuinely believe there is the right amount of balance. That is why I posed the question for the member. She suggested of reporting mechanisms, whether through an annual report or a report to a standing committee, and that has merit. I say that because I know there has been a great deal of effort in formulating this legislation. If there are ideas that would enhance or make the it that much stronger, we should be looking at that. I do believe the ministry is open to that.

When the member was quoting, I wondered where those quotes were from. She used those to amplify fears that one might be challenged to justify. For example, the member referred to an “evil government” based on quotes she had received. I am not saying it is her opinion, but she has raised it, saying this is a quote from some third-party organization and if we believe in that quote, it could lead to an evil government. We have witnessed that a great deal from the Conservative opposition on a variety of different issues, as if there is some sort of conspiracy. There is no conspiracy, contrary to what the member said, at least in one part of her speech. The government is not out to spy on Canadians.

The government takes the issue of the privacy of Canadians very seriously. We have brought forward legislation to that effect. This government has spent tens of millions of dollars on cyber threats. The government has had working groups and advisory groups dealing with cyber threats. We recognize the changes in technology and the impact they have had on society. I have said in the past that if we were to look at technological advancements, we would be challenged to find an area that has been as advanced as computer Internet technology. Just the other day, I was speaking to a private member's bill, saying that 10 or 20 years ago there were no such things as iPhones.

I note the member for Winnipeg South Centre is listening. He will recall that when we were first elected back in 1988, there was a big computer purchase of $5,000 made through Reg Alcock. We had a wonderful computer with a laser printer, which came with a keyboard and a mouse. At the time, when logging into the Internet with that wonderful and beautiful computer, the first thing we would hear was a dial tone. Then we would hear that stupid clicking sound, which meant we were actually connected to the Internet. We were all fairly impressed with that computer, and there were about 20 of us at the time.

We can compare that to where we are today. People can buy a laptop for $500 that has abilities and technological advancements more than tenfold of what we paid $5,000 for, with that long dial-up connection. In fact, people can purchase something brand new for $250 that is hooked into the Internet and running at a rapid speed. It is not even comparable to what it was.

There is so much advantage to technological change, but with that change comes risk, which is the essence of what we are debating through Bill C-26. Even though society has benefited immensely, we need to recognize there is a significant risk factor. That risk factor not only applies for the individual who might be surfing the net today, but it also applies to military operations taking place in Ukraine today.

Computers today are not optional. The Internet is not optional. They are essential services. That is why the Prime Minister, or one of the other ministers, just the other day made reference to the percentage of Canadians who were hooked up with high-speed connections and how we had literally invested billions to ensure that Canadians continued to get that access, with a special focus on rural Canada. We recognize that because it is no longer optional; it is an essential service.

The digital economy varies significantly. If we want to get a sense of this, we can turn to Hollywood and like-minded productions found on Netflix, CBC or the more traditional media outlets. We can look at some of the movies and TV shows out there. The other day I was watching an episode of a show called The Blacklist, which is all about cyber-attacks. I suspect a number of my colleagues might be familiar with that show.

One member talked about hydro. Manitoba, in fact all of Canada, should be concerned about our utilities. Through Hollywood productions, we are better able to envision the potential harm of cyber-attacks. A well focused cyber-attack can deny electricity to communities. It can shut down things that should never be shut down.

We talk about the sense of urgency. One would expect there will be mischievous lone individuals working in their basements, or wherever it might be in society, challenging systems. However, we also have state-sponsored cyber-attacks, and we should all be concerned about that.

In fact, that is why it was comforting when the minister made reference to the Five Eyes. I caught on right away that there are like-minded nations. Canada is not alone. There are like-minded nations that understand the importance of cyber-attacks and the potential damage that can be caused.

I will get back to the international side of things later, but when we think of what is at risk, think of digital data. Digital data comes in many different forms. One of the greatest collectors of data is Statistics Canada, an organization that invests a great deal in computers and technology to protect the data it collects from Canadians. Statistics Canada is actually respected around the world for its systems. It has absolutely critical data, and that data is provided to a wide spectrum of stakeholders, obviously including the national government.

Let us think of health organizations, the provinces and the collection of health records, or motor vehicle branches and passport offices. All of these government agencies have, at the very least, huge footprints in data collection.

Those are government agencies. We could also talk about our banking industries or financial industries. We can think of those industries and the information that is collected from a financial perspective when people put in an application for a loan. All of the information they have to provide to the lender, such as their history, is going into a data bank.

There is also the private sector. The other day we were talking about apps. One example is Tim Hortons. We were talking about it, as members might recall. The Tim Hortons app is fairly widely downloaded, and there is a lot of critical information within it. Canadians need to know, whether it is a government agency or private agency, that governments at all levels, in particular the national government, have their backs. That is the reason I started off by giving a very clear indication that even though Bill C-26 is before us today, we have been investing substantial financial resources through other types of legislation to provide assurances to Canadians so they know their information is in fact being protected.

There are actions on the Internet today related to our small businesses. The member opposite made reference to this and asked how the government is supporting small businesses. If a person has a small business today, chances are they are on the net. More and more consumers turn to the net for widgets and a multitude of different services.

As a result of that, there has been a great demand on small businesses. That is why we have a Minister of Small Business who looks at ways to not only provide tax relief but provide support. Sometimes it is done directly through financial measures and sometimes it is done indirectly by providing resources. However, let there be no doubt that there is support coming from the government. Whether it be a small, medium or large business, the government has a vested interest. We will do what we can. A good example of that is the individual who uses an ATM card when they make a small or large purchase at a small business.

The attacks we are talking about today can take many different forms. The digital economic side is definitely one of them, but there is also a social component to the Internet. When I think of the social component, I think about issues of privacy and of communications through, for example, social media. Again, Canadians have an expectation that the government is going to be there for them. Cyber-attacks take place in areas we all need to be concerned about. As I said, the more advanced we become, the more risk there is.

There are a lot of things that take place on the net that we need to be aware of and take action on. The exploitation of children is an example. That needs to be taken into consideration.

In the legislation, there is a very strong compliance component. As I raised, the minister would have the authority to make some things happen with our telecommunications companies and tell them to stop. I think that sort of action is necessary at times.

There is also a financial component so we can ensure a penalty is put in place as an incentive for people to abide by the legislation and the regulations, which are all there for one purpose and one purpose alone: to protect Canadians and institutions from risk. That is why we are investing in cybersecurity, ensuring respect for the privacy of Canadians and supporting responsible innovation.

We will continue to protect Canadians from cyber-threats in an increasingly digital world. This legislation is one aspect of what the government is doing to accomplish that. I believe that state-sponsored cyber-threats are one of the greatest concerns and one of the reasons we need to work with allied countries. I made reference to the Five Eyes. There are democratic, free, allied countries that recognize the potential harm of cyber-threats sponsored through governments. This legislation really sinks its teeth into that.

I hope that all members will get behind this legislation so we can ultimately see its passage to the committee stage. An official opposition member has indicated there is a great deal of interest in reviewing the legislation, the idea being to come up with ways to ultimately make the legislation better.

Telecommunications ActGovernment Orders

11:40 a.m.

Conservative

Arnold Viersen Conservative Peace River—Westlock, AB

Mr. Speaker, I am frustrated with this bill given the fact that it does not lay out a lot of specifics. It states that there is a problem, and I think we all agree with that, but the government's solution to that problem is to hand the minister a lot of power so the minister can do amazing things. Is the member not concerned that the bill does not have the details we need to prevent some of the very things he was talking about?

I think about Ski-Doos and Bombardier, which is an iconic Canadian company. It has been the victim of one of these targeted cyber-attacks. I do not think there is anything in the bill that would have prevented that or held the people who perpetrated it to account.

Telecommunications ActGovernment Orders

11:40 a.m.

Liberal

Kevin Lamoureux Liberal Winnipeg North, MB

Mr. Speaker, I do not necessarily know the details of the case the member has referenced, but what I can say is that even the Conservative critic acknowledged that certain aspects of the legislation would ensure there are financial penalties and opportunities for the minister to virtually stop an action from taking place. Am I concerned that there is overreach? I do not personally believe there is, but I think there is some merit in having that discussion at the committee stage.

I posed a question to the member: If the concern is that there is too much power for the minister, what would the Conservatives do differently? I recognize the fact that in a cyber-attack, often it is necessary to take fairly strong action in an immediate fashion. I think all members recognize that fact. The issue is whether there is something the Conservatives would like to see to provide an additional sense of security.

Telecommunications ActGovernment Orders

11:40 a.m.

Bloc

Simon-Pierre Savard-Tremblay Bloc Saint-Hyacinthe—Bagot, QC

Mr. Speaker, I thank our colleague for his speech, which was a real voyage of discovery. One moment we were in Hollywood, and the next we were at Tim Hortons.

I will do him one better. I will take us on a journey across the Pacific all the way from China to the riding of Papineau. I worry about interference, as does our colleague, I am sure, because he supports a cybersecurity bill to reduce digital vulnerability.

Is my colleague concerned about the fact that, within the same time period, the federal Liberal association for the Prime Minister's riding of Papineau received donations from China and a Chinese bank got permission to set up shop in Canada?

I have a second question. Does the member believe in chance and coincidence?