Debates of Dec. 1st, 2022

Madam Speaker, I am not really sure how we get these types of critical remarks coming from the opposite side of the House given that in my speech I gave very tangible examples of two agencies that have been set up and some pretty significant investments that have been made since 2018. The $4.8 billion for cybersecurity is no small amount. We are making investments and setting up the systems and tools.

I have been briefed, as a member of the procedure and House affairs committee, on our House of Commons cyber-infrastructure and cybersecurity. Although those briefings were in camera, I know full well that very strong and resilient systems have been set up to identify and neutralize threats ahead of time to ensure our critical infrastructure in the House of Commons is protected. I think that extends right across Canada with the work that our government has been doing.

Madam Speaker, I want to take a moment to apologize to the interpreters for when I completely forgot my headset previously. I am not feeling my best, and I am obviously not on my game.

I want to thank my colleague for his intervention today. It was very interesting. I agree with my colleagues from the Conservative Party that we are very late to the game, but I think it is vital that we get it right. It is just so important that we do that balance.

One of the concerns we are hearing from the stakeholders we have spoken to is that this bill has orders that will be exempt from the Statutory Instruments Act. Therefore, it would be unable to be reviewed under scrutiny at the regulations committee. Could the member speak to why the government made that decision?

Madam Speaker, as I am not sure of the specific details the member opposite is referring to in her question, I would have to say, in good faith, that I will get back to her on that after doing a bit more research on why that decision was made.

What I can tell her is that the key provisions in this act really do further the overall objectives of protecting our critical infrastructure. It specifically adds to the Telecommunications Act the objective of the “promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to”—

I must interrupt the hon. member. We are way over time.

Resuming debate, the hon. parliamentary secretary to the government House leader, Senate, has the floor.

Madam Speaker, I thank the member for Whitby for sharing his time with me.

It is very important that we talk about such an important piece of legislation that has been brought forward, Bill C-26. The reality is that the changes in technology are happening so incredibly quickly. At times, it seems a daunting task to keep up with them and to make sure that we are always ahead of those actors out there, whether state or non-state, who are trying to engage in activities that could seriously cripple our economy or other aspects of society in Canada.

It seems as though it was just yesterday that we did not have the Internet. I remember vividly when I signed up for my first Internet connection, a dial-up connection, and having access to the Internet. That was when I was a computer engineering student at a local college in Kingston back in 1995 or 1996. Downloading something as simple as a single image sometimes would take two or three minutes to get the full image on the screen.

Madam Speaker, I thank my colleague from Kingston and the Islands for his speech, which was informative as always.

However, I would like to know how this bill will enhance public trust in the Internet. What mechanism in Bill C‑26 will help guarantee public trust?

Madam Speaker, as I said in my speech, one of the things the bill does is it specifically directs what the various telecommunications providers need to do in order to maintain that security. That is what we do from a policy perspective. We establish what those requirements are that are required of the telecommunications systems in order to ensure that security is there. What we will see coming out of this is that the telecommunications systems, in a unified fashion, will promote these particular policies and safeguards that will be put through those directives.

Madam Speaker, one of the things that has become very clear, particularly since the Russian invasion of Ukraine, is how destabilized our world is and how many bad actors are out there at the state level trying to undermine democracy.

My concern is about the ability of the federal government to withstand cyber-attacks. Earlier today, I talked about 2011 when actors out of China were able to shut down finance and the Treasury Board for days on end with relentless attacks. With the amount of financial information for Canadians that is in those departments, that is very serious.

We know that in the immigration department, which has turned into an absolute nightmare for anybody trying to navigate it, the system is breaking down. Staff in the department cannot access information files because the system is not up to speed. This will require a major investment to protect people, but also to deal with dark forces, whether they are Russians, the Chinese or any other non-state actor.

Has the government put in a credible plan to ensure we get our federal systems up to speed to be able to withstand hackers?

Madam Speaker, this is the basic fundamental principle to having our full and complete autonomy over our nation.

We need to ensure that these systems are secure—

Order. The hon. member's microphone is causing an audio problem that is interfering with the interpreter's audio.

I apologize, Madam Speaker. It is not my first day. I should not have let that happen. I apologize to the interpretation staff, through you.

Getting back to what I was saying, in order to maintain that autonomy which we must have as a country, we need to make sure that the proper investments are in place to do that. The member indicated there would need to be a major investment. My own personal perspective is that we should spare no expense to ensure that security is absolutely robust.

Will there be penetrations or will there be times when it might be challenging to maintain that? Yes, but we learn from those. With regard to his example from 2011, I believe we learned from that and we made our systems even better as a result.

Madam Speaker, I can attest that this is not the gentleman's first day. It seems like I have spent a year staring into his eyes here.

In the legislation, there is a fair bit of gray area with respect to definitions. Will the government be releasing additional information on such undefined terms as “cyber- incidents”?

Madam Speaker, I am flattered to hear that the member has been staring into my eyes for a year.

In all seriousness, the member asks a good question. I do not have the answer to that. I am certainly not in a position to be able to provide to him what the government would release later. When the government tables a bill or releases information to Parliament, it does so in a fashion that allows every member of Parliament access to that at the same time. The member's access to that would be no different from mine.

Madam Speaker, I will be sharing my time with the member for Battle River—Crowfoot.

I am proud to rise on behalf of my constituents in the not-quite-fully-connected riding of Renfrew—Nipissing—Pembroke. As the longest-serving member of the national defence committee, I fully appreciate the need for Canada to secure critical cyber systems.

For too long, the government remained indifferent while Canada's telecom companies were being infiltrated, robbed of intellectual property and sabotaged. It took the collective pressure of our Five Eyes allies before the government put up any resistance to the Huawei expansion throughout Canada’s telecom infrastructure.

Only after having been thoroughly shamed and threatened with being cut off from critical security intelligence has the government finally responded with legislation. However, as is so often the case with all governments, having finally been shamed into action, the executive branch overreacted. It now falls upon Parliament to moderate the executive overreach.

Cybersecurity is not a partisan issue. No party ran on a platform to make Canada insecure again. The Conservatives support sending this bill to committee for carefully considered amendments. I hope my colleagues across the aisle will be open to working in a collegial way to ensure that we as parliamentarians strike the right balance. This legislation must balance security with privacy and transparency. It must balance expeditiousness with efficiency and effectiveness.

I appreciate that the members opposite will place greater trust in this government than most Canadians will, but what about the next government or the one after that? Our duty as parliamentarians is to keep in check not just this government but future governments as well. To that end, I encourage all parties to work together at committee and bring back a bill that we can all support.

There are four main issues that need high-level scrutiny. However, as we saw with the invocation of the Emergencies Act, even when Parliament gives clear definitions, the executive branch believes it can extrapolate or simply opt for an overly broad interpretation. While the government has been forced to defend its decision on the use of the Emergencies Act in a public inquiry, Bill C-26 lacks any significant accountability measures while granting even more extraordinary powers, including issuing secret orders.

It should not fall upon the operators of critical cyber systems to guess what the government means by “immediately”. The bill currently grants the government the power to order telecom providers to do anything necessary to secure the telecommunications system. Granting the executive the power to do anything would be a dereliction of our duty as parliamentarians. To give the government the power to do anything while enabling those things to remain secret would be an outright betrayal of our duty.

It is understandable and reasonable that some secrecy is required to combat foreign espionage, but there must be clearly defined limits. There must be avenues for operators to appeal and for Parliament to scrutinize the government’s actions. By “Parliament” I mean Parliament. I do not mean some government committee of parliamentarians but a parliamentary committee.

This bill grants the government the power to deny services to any company or person by secret order. Had this law already been in place, there would be nothing to stop a government from cancelling the Internet and phone service of protesters the government disagrees with.

Granting the government the power to deny services to individuals using secret orders clearly violates the legal rights of Canadians. I do not want to trust the government with that kind of power. I expect my Liberal colleagues would not trust that kind of power when the Conservatives form government, hopefully very soon.

To paraphrase a great comic character, with great power must come great accountability. There are serious cyber-threats and those threats are growing. The government must have the tools to respond quickly and decisively, yet when governments move quickly, mistakes are made. That is why it is all the more important for there to be a robust set of measures to review their actions and ensure accountability when the government makes a mistake.

This legislation takes the extraordinary step of placing personal liability on individual employees of critical infrastructure operators. We threaten people with jail time to ensure they are accountable for their companies' cybersecurity, yet we do not hold government employees or ministers to the same standard. Just as the House must find the appropriate balance between security, secrecy and accountability, so too must we find the balance between privacy and transparency.

The government learned first-hand the public’s reaction to its undisclosed use of mobility data from millions of cellphone users. Canadians had demonstrated a willingness to abide by public safety measures, even extraordinary measures, but the minute the government started tracking our cellphones, even for a public health purpose, Canadians reacted strongly. Even Canadians who supported forced vaccination and punishing the unvaccinated drew a line at cellphone tracking.

The legislation before us would grant even more power to collect data from telecom providers with no restrictions on distributing it to other departments. Even if this data was held by the CRTC, Canadians would be concerned about their privacy. However, it would not be the CRTC doing the data scoop; it would be the Communications Security Establishment.

I appreciate the government feels the CSE is best equipped for countering cyber-threats, but the main purpose of the CSE is collecting intelligence from abroad. The CSE does not report to the public safety minister, who is responsible for keeping Canadians secure. The CSE does not report to the industry minister, who is responsible for telecoms regulations. The CSE reports to the defence minister. It is a fundamentally different type of organization from CSIS or the CRTC.

The legislation would fail to place sufficient limits on what the CSE can do with the data it can secretly order telecoms to provide. In no way is this meant to disparage the work done by the CSE, but as we expand the powers of the CSE, we must also constrain the scope of what it can do with those powers.

These are just some of the trade-offs we must consider when the bill goes to committee. Groups such as the Canadian Civil Liberties Association, the Citizen Lab and the Business Council of Canada have raised several more. However, the one area none of these groups have touched on, at least to my knowledge, is the role private citizens can play in securing Canada against cybersecurity threats. Parliamentarians have studied this both at the defence committee and with our fellow legislators at the NATO Parliamentary Assembly. Canada can take a lead role internationally in cybersecurity by enlisting the aid of ethical hackers, commonly referred to as “white hats”.

White hat hackers represent an untapped resource for a country as large as ours. Our critical infrastructure spans a continent. The job of securing it exceeds the capacity of the federal government and infrastructure operators. If we can develop a framework that protects and incentivizes white hat hackers, we may have a solution. As with the measures already in the legislation, such a framework would involve trade-offs. Even an ethical hacker could unwittingly cause significant cyber-disruption and damage, but they can just as easily expose flaws and gaps.

Regardless of whether the government acknowledges the existence of ethical hackers, they will continue to operate, and it is better for critical infrastructure operators, public servants and the Canadian public if we find a way to incorporate them into our defence strategy. We need to enlist ethical hackers because we simply do not have the resources as a nation to confront the threats.

Globally, cybercrime costs reached over $600 billion U.S. in 2021. Investments in cybersecurity were only $220 billion U.S. last year. Between criminals, terrorists and authoritarian states, the potential for significant damage is accelerating. Our enemies are going to match the best cyber-defences in the world. We do not have the resources to match the United States or the EU. That is why we must be even smarter than our adversaries and our allies.

The legislation is all stick and no carrot. Governments are quick to punish because it is easy. If company X fails to properly secure a critical system, they get a fine, but what if the company innovates and not only prevents an intrusion into their system but detects the source? The bill would require companies to immediately report intrusions, but what about failed attacks? If Bell, Telus and Rogers were to all successfully fend off an attack on the same day, would that not be something we would want the CSE to know about? Punishing failure is an important deterrent, but rewarding success is a powerful incentive.

In this cyber age, we need data to flow both ways. We can enhance our cybersecurity by taking both a carrot and a stick approach. We must pass robust cybersecurity legislation, but it must not compromise the rights of Canadians. We need a cyber-shield and a cyber-sword. As a vast, underpopulated nation full of remote critical infrastructure, we must be smart and creative in how we utilize every possible resource available, including enlisting white hats.

Madam Speaker, it was interesting to follow that speech, with all the conspiracy theories laid in, but I will note the most bizarre part of it. We hear the Conservatives talk about corporate welfare a lot, but it seems the hon. member wants to give money to Bell, Rogers and Telus for doing their job. That is an interesting part of her solution to this problem, which she seems to acknowledge, even though she also suggests that members of our armed forces will do wrong by the new powers they are given.

I am wondering why the member wants to focus on giving Bell, Rogers and Telus more money to help solve the issue of cybersecurity.

Madam Speaker, first of all, I in no way insinuated that the people who serve in the Canadian Armed Forces would do any wrong intentionally. They have to be given the proper direction, and that is why we have to get the legislation right.

Furthermore, when the Liberals talk about conspiracy theories, that only tells us they do not have an answer to the point that we are making. It is just something they throw out when they do not have an explanation for something or they cannot deny it.

Madam Speaker, I thank my colleague for her speech, in which she mentioned something very interesting.

She said that giving too much power to the executive would undermine the work of parliamentarians. I found that quite odd because Bill C‑11, which is exceptionally important for the discoverability of francophone content and for supporting francophone culture in Canada, is currently being held up in the Senate, where Conservative senators have been filibustering it for months.

Does the member think that her friends in the Senate are currently undermining the work of parliamentarians?

Madam Speaker, Bill C-11 is a terrible bill. It seeks to censor, and there is no rationale to have such a bill in place. It would do no good for any freedom-loving, law-abiding citizen in this country and it must be struck down.

Madam Speaker, I am not nearly as old as I look. When I came here I was much younger, but then I had to sit through eight years of the Harper government and my hair turned white. I feel like I am one of the few who remember what actually happened then, and I watch this cultural amnesia play out day after day.

I remember Bill C-30. Stephen Harper decided that he wanted a law allowing the police to check people's phones any time they wanted for whatever reason, and the Conservatives insisted that the telecoms put in a back channel so they could spy on and listen in to ordinary Canadians. That was before we knew there were conspiracy theories, and the Conservatives have a million over there. They would think this had something to do with promoting vaccines, but this was Stephen Harper's attempt to criminalize ordinary people without a warrant.

I want to ask my hon. colleague about that. She talks about, God forbid, the Conservatives coming back. I do not know what would happen to the rest of my hair if that happened. Are they going to continue to promote the kinds of tactics that Stephen Harper used, which criminalized ordinary Canadians in their private homes by listening in to what they were talking about?

Madam Speaker, the member opposite does not have to worry about a previous prime minister coming back to power, because right now what he noted is already happening. With Bill C-21, the police could come into people's homes. They are made into paper criminals just by virtue of the Liberals' declaring that certain firearms are now prohibited. It is already happening, and he does not have to wait for the best prime minister this country ever had to return.

Madam Speaker, I honestly thought the member for Timmins—James Bay dyed his hair Arctic chill. I did not realize, but there is a Clairol product that he can get at the—

Madam Speaker, on a point of order. I retract my previous comment. I do dye my hair so I look smarter than I am. I have been called out, so I have to admit it. I dye my hair.