Debates of Dec. 1st, 2022

Madam Speaker, I appreciate the opportunity to speak in the House today to a very serious subject, cybersecurity and the security of our country in general.

I will say, on a lighter note, that my friend from Peace River—Westlock spoke about snowmobiling companies and cyber-attacks. I have some personal experience with snowmobiling at his house, and I would say that the government's approach to security is the equivalent of driving a snowmobile over a four-foot retaining wall, which may or may not have happened the last time I tried to drive one of those machines.

The situation of security in this country is very much worth the House taking note of. For much of the time that I have been engaging with and following politics, the primary area of security we would talk about would be concerns about our readiness for and our response to the threat of terrorism. However, it is important to take stock of how things have changed and the fact that, while there are still concerns about terrorism and how we respond to potential acts of terrorism, the primary security threat we face as a country, and indeed that the western world faces, is the threat of foreign state-backed and directed interference in our national affairs. Our abiding concern should be the reality that various foreign states are trying to shape and interfere with our democratic life to try to bend not only our government institutions, but also our civil society institutions, toward their desired objective.

Members of the government have said that the purpose of this interference is to cause total chaos and confusion. We should acknowledge that there are some cases of foreign interference that are aimed at causing chaos, but very often it is about simply trying to subvert and control the direction of institutions toward the will and the interests of that particular foreign power. We have discussed how the Chinese Communist Party is the biggest player when it comes to foreign state-backed interference, but it is far from the only player.

We have seen reports about Chinese government interference in our elections. There have also been recent reports about death threats from the Iranian regime targeting individuals in Canada. There are various other countries that CSIS and other organizations have identified as being involved in this activity of trying to interfere with, subvert and direct Canadian institutions, government really at all levels, as well as civil society organizations, universities and the like, toward their objective.

This kind of invisible, or sometimes a little more visible but often hard to detect, interference in the direction of our national life toward objectives that are not consistent with the objectives Canadians have established is a great threat to our security and our sovereignty. It is something that we should all be seized with and working to respond to.

Part of the context as well is that we are in what some analysts have described as a second cold war. Of course, there are many features of the current conflict between democratic and authoritarian values that are different from the last Cold War, but we have this reality of intensifying global competition between two different value systems that are represented by different countries at different times, and we have countries that are in the middle that are being pulled in different directions.

I tend to think that kind of cold war frame is a reasonably useful way of understanding the current tensions we face in the world. In the context of those tensions, we see how powers with political values that are fundamentally different from ours, where governments are trying to protect their own position, are trying to project their influence around the world. Again, this requires vigilance. It requires a strong response from Canada.

I have been struck by some of the recent comments from the Prime Minister on these matters. I think he has been showing a real lack of transparency around acknowledging what he knew when, and refusing to answer direct questions from the opposition about foreign interference, but he has also stated quite openly the reality that we have a serious problem with foreign interference. This is a reality that opposition members, in particular in the Conservative Party, have been raising for years. We have been asking the government to do more. We have been calling for strong legislative frameworks to respond to the problem of foreign state-backed interference.

We have also sought to elevate the voices of victims of foreign interference, people who have faced threats and intimidation from foreign state actors to try to silence their advocacy, which those foreign state actors see as contrary to their interests. It has been widely reported some of these victims really struggle to actually get proper support. They often get the runaround.

They go to their local police force, which does not necessarily have the capacity to handle a foreign state-backed organized campaign of threats and intimidation. Do they go to Global Affairs? Do they go to CSIS? Do they go to the RCMP? There can be a bit of confusion and passing of the buck concerning support for these victims of foreign state-backed interference.

We have a lot of work to do in legislation and policy, and our preparedness in general and our understanding of these issues. It is critical that we step up to strengthen our understanding of and response to the threats facing our country.

One thing we need to see more from the Prime Minister and the government is transparency because being transparent about this reality can help to counter the impact of that foreign interference. If we know it is happening, if we know what it is directed toward, then we can respond more effectively.

This is not only a responsibility of the federal government to respond to. Provincial and municipal governments need to be aware of the issues of foreign interference. Our universities need to step up as well. Private companies need to be aware of the risks around interference, theft of technology and the ways in which certain things may have a dual military use. There needs to be a broader awareness of this threat to the national interest, a threat to our values across all sectors of society, and a broader response to it.

The government has an important role to play in leading the response and making changes at the national level. We have been far behind, as far the national government goes, in responding to these threats. The Conservative opposition has been calling for a response to foreign interference for years. Now we are seeing the government start to talk about it a bit more.

I noted in some of the language in the Indo-Pacific strategy, for example, the government is starting, or trying, to sound a bit more like Conservatives in the way it talks about some of the challenges confronting us and the steps we need to take in the Indo-Pacific region. While the government is adopting some of that language, it is failing to substantively adjust its approach.

We have a bill in front of us today that deals with one avenue where we need to be engaged with and responding to the problem of foreign state-backed interference, and that is the issue of cybersecurity. I will be supporting this legislation at this stage to see it go to committee, mainly because we clearly need a new cybersecurity bill. We clearly need a new framework. The committee study will identify some of the significant gaps we see in the legislation right now, the ways the legislation needs to be improved and possibly the many additional steps required. I will just note that it is far past due that we have some kind of proposal for a framework on cybersecurity that, in a way, gives the committee the opportunity to add to and build on what the government has initially put forward.

This is really the first time we see any kind of legislation proposed by the government that substantively touches on this emergent problem of foreign state-backed interference. We need a much broader range of responses from the government. We need so much more to be done to counter this major security threat.

This is about preserving our country. It is about preserving the integrity of our institutions. It is about defending the principle that the direction of our democracy and the direction of our society should be shaped through the open deliberation of Canadians, not by foreign powers who have particular interests that may be contrary to our interests who are trying to push and pull that discussion in their preferred direction.

Having this framework that opens the door for the committee to discuss further, fill in some of the gaps and try to push the government to have greater specificity in the framework around what they are going to do provides us with the opportunity to do that. This is late, lacking in detail and really a small piece of the much broader picture that is required.

The government has been so delayed. I mentioned the decision around Huawei. We were way behind all of our allies in making the decision. It is important now, finally, at this late stage where the government is starting to mention the problem, that we actually see concrete action. Conservatives will be pushing the government to act in line with some of the words it has been saying.

Madam Speaker, I would just correct the member. Yes, this legislation is very important and we hope to see it get to the committee stage where it will no doubt be well discussed and debated. There will be presentations where members can digest information and see if there are ways in which we can improve upon the legislation. However, to try to give an impression that this is the only thing the government has done on the issue of cyber-threats is a bit of a false impression.

Not only have we been seeing a great deal of dialogue and actions from different departments to date in the form of formalized advisory groups, but we have seen literally tens of millions of dollars, not to mention the other incentive programs that were there, for the private sector, for example.

I wonder if the member would not agree that this issue is not new and this is just one very important aspect in taking a step forward.

Madam Speaker, the member is correct that this is not a new issue. That is precisely why I think the government is very late in coming to the table. The issue of foreign interference, which is part of the context of the cyber-threats we face, is also not a new issue. Again, we have been calling for action from the government, but we have not seen other action from it. The member says that the Liberals have done all these other things, such as maybe giving some money over here or over there, but he evidently could not articulate specific measures that the government had taken.

We are behind when it comes to defending our security. We are behind what we should have known much earlier. We are behind our allies. We were the last of the Five Eyes and very late to step up on recognizing the risks associated with Huawei.

When it comes to foreign interference, I will challenge the government on one point: Why has the government not expelled foreign diplomats involved in interference and intimidation in Canada? That would be a simple step and the government has not taken it.

Madam Speaker, the bill before us seeks to reinforce our security systems and may affect critical infrastructure in Quebec such as Hydro-Québec. I always think about the Conservatives and their famous great energy corridor. That is the type of project in which the federal government could appropriate provincial responsibilities and critical infrastructure in the name of national security. This sets off major alarm bells in my mind.

Can the member reassure me about the Conservatives' intentions? Can he assure me that if they come to power some day, they would not misuse legislation like this piece of legislation?

Madam Speaker, the member asked what we would do if we were in government. We would make the right decision on every one of those.

With respect to the particulars the member raises with respect to what powers the federal government would have in intervening with provinces, this is an important issue for the committee to look at. I am supporting this legislation because we need to have a cybersecurity framework in Canada. It is important that this goes through to the committee and that those issues be looked at there.

I did not have time to go into it, but there are a significant number of problems in the legislation that do have to be worked out by the committee. No doubt there has to be a role for federal leadership around security, but it has to be a constructive, collaborative relationship, because there are steps for other levels of government. We see foreign interference at the very granular local level, so that collaboration across levels of government is really important.

Madam Speaker, this morning my colleague from Kildonan—St. Paul made an excellent presentation on this bill. She talked about the transparency that may be lacking in certain areas and the effects on small businesses and how they may not be able to afford the cost like a larger company. I wonder if my colleague could expand on that.

Madam Speaker, that is an excellent point. I did not have a chance in my remarks to talk specifically about the transparency issues. Again, we need to support this bill through the second reading stage out of agreement with the general principle that we need to do more on cybersecurity, recognizing how far behind the government has been.

However, there are significant issues with respect to ensuring transparency. There are significant issues on whether the bill is clear and specific enough about the steps that are required, instead of just leaving it, as we see often with the government and legislation, and giving an open-ended blank cheque to the government.

There are definitely issues. This requires a detailed committee study. I hope Conservative proposals will be adopted and we will be able to strengthen the bill as a result.

Madam Speaker, I will begin by saying that I will be sharing my time with the hon. member for Abitibi—Témiscamingue.

I am pleased to speak to this bill, which, I must say, was eagerly awaited by my party.

The Standing Committee on Public Safety and National Security had the opportunity to study the issue of cyber security. We heard from experts in this field, who told us what they think about Canada's cyber security preparedness or posture. The idea came from my Conservative colleagues, and it was a very good one.

Given what is happening in Ukraine with the Russian invasion, we know that there are still military threats in the 21st century. However, we are also dealing with the emergence of new technologies that pose non-military threats. I had the opportunity to talk about these non-military threats at the Organization for Security and Co-operation in Europe Parliamentary Assembly last week in Warsaw, Poland. I discussed non-military threats and how different countries must prepare for or guard against them.

What the Standing Committee on Public Safety and National Security heard is how difficult it is to prepare for these threats, because they are evolving so quickly. No one had anything particularly positive to say about Canada's preparedness.

I think that the willingness is there, and that is what the experts told us: Canada is trying to prepare for and guard against potential cyber-attacks. I said “potential” cyber-attacks, but they are already happening. We know there have been cyber-attacks on various infrastructure and companies in Quebec and Canada, especially in the private sector, in the past. Canada is not as prepared as it could be to face these attacks, but we were told that it may never be totally prepared. The same is true for all countries because, as I said, the technology is changing so rapidly.

For this reason, I think that adopting a cybersecurity framework is an extremely positive step. That is what the government promised. In its national cyber security strategy, it pledged to better regulate cyber systems in the federally regulated private sector. The 2019 budget earmarked $144.9 million to develop a new framework to protect critical infrastructure. That is exactly what the two main parts of this bill do. They are aimed at strengthening the security of the Canadian telecommunications system.

Part 1 of the bill amends the Telecommunications Act to add the promotion of security, authorizing the government to direct Internet service providers to do anything, or refrain from doing anything, that is necessary to secure Canada's telecommunications system. Part 2 enacts the new critical cyber systems protection act to provide a framework for the protection of critical cyber-infrastructure and companies under federal jurisdiction.

The act is essentially a regulatory framework. As my colleague from Abitibi—Témiscamingue mentioned earlier in his question to our Conservative colleague, we will have to see what impact this bill could have on Quebec, especially companies and organizations like Hydro-Québec, since it designates interprovincial power line systems as vital services and vital systems. More on that later.

We will also have to see in committee whether the vast regulation-making powers provided for in Bill C-26 are justified or whether they bypass Parliament for no reason. Certain groups that raised concerns in the media have contacted us as well. Their concerns about this bill are well founded. I will get back to this a little later on.

I would say that it is important to proceed carefully and properly with this bill. Any amendments made to the bill will have a direct impact on every transmission facility in Quebec, including those that will soon be built in my riding to offer adequate cell service to those who are still waiting. Some Canadian ridings are unfortunately still without cell service in 2022. Since my riding is one of them, the bill will have a significant impact.

Local telephone service providers, IP-based voice services, Internet service providers, long distance providers and wireless services will be subject to the amendments to the act.

This means that the amendments would allow authorities to secure the system if there is reason to believe that the security of the telecommunications system is under threat of interference, manipulation or disruption. In that case, telecommunication service providers could be prohibited from using or supplying certain goods or services.

As I understand the wording of the bill, which is rather complex, telecommunication service providers could even be prohibited from supplying services to a specific individual. It is important to realize that these are vast powers, and I hope that, when the bill is sent to committee for study, it will be detailed enough to include the factors that will be taken into account before such powers are granted.

As I was saying earlier, the act will make it possible to designate certain systems and services under federal jurisdiction as critical to national security or public safety. The new Critical Cyber Systems Protection Act will protect critical cyber systems in the private sector.

What, then, is a critical cyber system? I found it difficult to find a clear definition in French of what a critical cyber system is, but the government defines the term itself in the bill. It appears that it is a “system that, if...compromised, could affect the continuity or security of a vital service or vital system.”

The bills lists six vital services and systems in its schedule. These obviously include telecommunications services, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems that are under federal jurisdiction, banking systems, and clearing and settlement systems.

These are the areas this bill addresses. That is a lot to verify, and several actors are involved. Several ministers will be involved in the regulatory process after that, so it is important to study the bill carefully.

At this stage, a number of questions arise. For example, what impact will the bill have on certain interprovincial infrastructures, such as power lines and power grids? The act could impact Hydro-Québec and other non-federal infrastructures, such as aluminum smelters. As I understand it, the bill itself would designate interprovincial power lines as a vital service. That could have an impact.

In principle, the bill is not a problem for my party. When we call experts to testify before the committee, we will be able to determine whether or not it will have a positive impact. I think it could be very positive, but we need to look at its scope.

The Bloc Québécois has often supported the government in its efforts to ensure stricter control of broadcasting for certain vital infrastructures that could be in the crosshairs of foreign nations. Let us consider China and Russia, as I mentioned earlier. There is the Huawei saga and the development of the 5G network. The government's indecision for so many years proves that it would have been better to act beforehand rather than to react to the current situation. China's increasing power and its attempts at interference on several occasions, as well as Canada's vulnerabilities in terms of cybersecurity, are real. For example, we know that Hydro-Québec has been a potential target for Chinese espionage. The same could happen directly in our infrastructures. I think that this bill is relevant. We are very happy that the government introduced it. That is why the Bloc Québécois will vote in favour of sending the bill to a parliamentary committee so that we can hear what the experts have to say.

I would like to take these final moments to talk about the concerns voiced by certain groups. Professor Christopher Parsons of the University of Toronto said that the bill was so imperfect that authoritarian governments around the world could cite it to justify their own repressive laws. That is a worrisome statement. I will elaborate during questions and comments.

Madam Speaker, I thank the member for her speech.

My question is the following. Is the member concerned that this bill gives too much power to the federal government and the minister?

Madam Speaker, yes, that is a concern.

It was mentioned by the University of Toronto professor I cited earlier and certain groups that seek to protect individual freedoms. This bill may give too much power to the minister. We will have to properly study it in committee.

We must bear in mind that this bill seeks to secure and protect Canada's critical infrastructure. I believe that the government is acting in good faith. It is prepared to authorize the circulation of some information so we can help one another and safeguard businesses from potential cyber-attacks. I believe it is a good objective. We will have to ensure that there is nothing sinister about wanting more information.

Madam Speaker, my question for the member is around protection of seniors. I wonder if the member has some comments on how the bill would protect vulnerable groups, like seniors, from scams.

Madam Speaker, that is an excellent question.

Based on what I have seen of the bill so far, I could not say. Quite honestly, I have no idea if this bill will do more to protect seniors from scams.

I know these kinds of scams are happening in my riding in the Lower St. Lawrence region. People call seniors, posing as grandsons in custody or living in another country. They ask their victims to transfer money because they need it right away, and some seniors fall for it.

I have no idea if this bill will help with that kind of thing. If not, the government really should do something to put a stop to it.

Madam Speaker, I thank my colleague for her excellent speech. Her understanding of all these things is much greater than mine.

The member talked about interference and disrupting essential infrastructure, of course, as well as cyber-attacks from other countries or even individuals. My colleague also shared what experts told the committee. To hear them tell it, Canada's security system is a long way from being secure.

I would like my colleague to comment on that.

Madam Speaker, indeed, the committee has heard from several experts on this subject. They told us that there is currently nothing to force companies, whether they are federally regulated or not, to report when they are victims of cyber-attacks, for example. They can just not report it and try to work through it on their own, even though there are authorities in place to help them through these kinds of events.

The experts were telling us that it might be worth having a framework that forces companies to work with the government or cybersecurity bodies to report and help prevent attacks so that a solution can be found. My understanding of the bill is that it would create a framework to compel federally regulated companies to do exactly that. I think that is a very good idea. It follows through on what the experts were proposing in committee.

Madam Speaker, I am pleased to rise to speak to Bill C-26, which will strengthen the security of critical infrastructure and Canada's telecommunications system.

Since June, many experts have been working to learn more about the provisions of this act and assess the value of what the government is proposing.

First, this bill is not structured in the usual way. I see that the urgent need to manage cybersecurity has been taken into account. This bill would give the minister new responsibilities, but the Governor in Council would also be able to act. The law is essentially a regulatory framework that will enable the government to make regulations to ensure the security of critical cyber systems.

I want to focus on the second part of the bill, because passing it will create a new law, the critical cyber systems protection act, which will provide a framework for the protection of critical cyber-infrastructure or businesses under federal jurisdiction. The affected sectors of our economy are identified as designated operators. It is easy to determine which businesses and organizations are affected.

The government has done well to specify who will must comply with the obligations: persons, partnerships or unincorporated organizations that belong to any class of operators set out in schedule 2 of the new law. Those classes will be identified by order.

Each class of operators will be assigned a corresponding regulator, such as the Minister of Innovation, Science and Industry, the Minister of Transport, the Office of the Superintendent of Financial Institutions, the Canadian Energy Regulator, the Bank of Canada or the Canadian Nuclear Safety Commission.

Schedule 1 of the new act sets out the vital services and vital systems that will form the basis of these designations, which may be added at a later date: telecommunications services, interprovincial or international pipeline and power line systems, nuclear energy systems, transportation systems that are within the legislative authority of Parliament, banking systems, and clearing and settlement systems.

I would like to draw my colleagues' attention to Hydro-Québec. An important part of the bill that has the Bloc Québécois concerned is the part on vital services and vital systems, which could potentially involve interprovincial power lines and distribution networks. It is of paramount importance that this section of the bill be studied and clarified in committee to assess whether this will affect Hydro-Québec and, if so, how.

However, we are not against the underlying principles and objectives of securing and protecting interprovincial infrastructure. Hydro-Québec reportedly suffers more than 500 cyber-attacks a year, or roughly 41 attacks a month. That is more than one attack a day. This could jeopardize our power grid, putting the life and economic health of every Quebecker at risk. It could also jeopardize customers' personal information, although that is generally a secondary target in any attack against a publicly owned energy corporation.

Although Hydro-Québec has managed to fend off these cyber-attacks and protect itself by investing in systems, firewalls and employee training, why should we not take proactive measures? Not only is it very time-consuming for businesses like Hydro-Québec and Desjardins to protect themselves and react to the constant onslaught of cybersecurity attacks, but it is also very expensive. Hopefully, this bill will help prevent or limit these attacks by taking a proactive approach and regulating and promoting new cybersecurity frameworks among Internet service providers. This is particularly important in light of the increased threat to our infrastructure from bad state actors such as Russia or China.

Hopefully, unlike today, businesses will have resources they can consult for information about cyber-attacks.

This is also a national security issue. These states have become emboldened not just by the Canadian government's passive reaction, but also by the regulatory void. We need only think of Huawei and the threat it represents, as well as the damage it has caused to the national security of countries around the world, especially in Africa. The examples are quite striking. China has passed a law forcing all businesses to contribute to the advancement of the objectives of Chinese intelligence services, which is particularly alarming when we consider that this country uses coercive diplomacy, blatantly disregarding international standards.

Even though the federal government has finally banned Huawei technology, the decision was preceded by many years of uncertainty because of the pressure, power and influence that China could unfortunately bring to bear on us.

This decision showed how vulnerable we are to malicious actors on the world stage. That is why we need a regulatory framework, a way to respond to cybersecurity threats, particularly from foreign powers that are in a position of power and use the weakness of others to advance their own positions.

I met this morning with representatives from Shakepay, a Quebec-based financial technology company that operates a platform dedicated entirely to bitcoin, with over one million Canadian customers. One of the things that struck me in that meeting was the importance they place on security and customer protection. Of course, I had Bill C‑26 in mind. They told me that all customer funds are held in a trust at a ratio of 1:1 with Canadian financial institutions and leading cryptocurrency depositories. I learned that they are continually working to improve and promote the implementation of cybersecurity measures to protect their systems.

In preparing for my remarks today on Bill C‑26, I started thinking that we need to examine how we can build on the security standards of Quebec companies like Shakepay and that we need to determine whether the bitcoin and cryptocurrency industry should also be considered in Bill C‑26. Whether we like it or not, technology and customer habits may be leading us in that direction.

I would like to discuss cyber-resilience. I understand that the bill will not be studied by the Standing Committee on Industry and Technology, on which I sit. However, I see issues that affect industries that are in that niche of protecting systems from cyber-attacks. There are two things to keep in mind here: The attackers go after data using methods that were previously unimaginable, and they tend to favour methods that significantly delay the ability to resume operations. The desired consequences are financial and reputational damage.

The inherent complexity of the systems currently in place requires increasingly specialized resources. Innovation, research and development must be encouraged, in short, the entire ecosystem of this industry that works on the cyber-resilience of very high-risk systems. We need to ensure to attract the best talent in the world. The government must carry out its responsibilities at the same pace as it introduces these changes. Let us not forget, as the opportunities for cyber-attacks keep increasing, that we are always one incident away from our continuity of operations being disrupted.

Is there an urgent need for action? Yes, clearly. Is the government on the same page as the people involved in this industry? Unfortunately, it has fallen behind.

For the past year, the Standing Committee on Industry and Technology has been studying topics that enabled it to get to the heart of the advanced technologies used in the industries covered by this bill. The inherent complexity of the environments in which those industries operate expose critical data and system configurations to greater risks than ever before, so much so that we are no longer assessing the likelihood of a successful cyber-attack, but instead how to recover. In fact, as IT infrastructure has become increasingly complex, cyber-attacks have become increasingly sophisticated too.

I dare not imagine what will happen in the coming years, when AI reaches its full potential and quantum computing becomes available. What I am hearing is that hundreds of pieces of users' electronic data are stored each day on international servers. They cannot be thoroughly processed using currently available technology, but what will happen when quantum computers are able to process those data? Maybe we will be very vulnerable as a result of actions we take today by casually agreeing to things in an app or allowing our data to be collected. In short, in five years' time, we may be paying for what we are giving away today.

In conclusion, the Bloc Québécois supports the bill. We want it to be sent to committee to be studied in detail, as my colleague from Avignon—La Mitis—Matane—Matapédia said. I also welcome forthcoming opportunities for specialists in Quebec industries who are renowned for their expertise.

Madam Speaker, it is encouraging when we get support for legislation. This legislation goes a long way in recognizing that cyber-threats are something on which we do need legislation to come forward and be voted upon. This legislation would allow for financial penalties and for the minister to take direct action. I wonder if the member could provide his thoughts on the importance, once we get into committee stage, of listening to what presenters have to say. I understand there are some concerns with regard to the legislation.

Madam Speaker, that is indeed essential, and it is also essential that the act have more teeth. In my opinion, it is vital that the act provide for a mechanism for issuing sanctions or fines in order to enforce compliance with orders and regulations aimed at securing telecommunications.

Let me give an example. We have learned that China maybe funding elections, meaning that there must be a network out there that is a threat to our country. Our national security and our ability to decide for ourselves who will lead our country are being influenced by foreign money. That is something that really worries me.

As a result, our systems need to be strengthened and penalties need to be imposed. Before that, however, we must know what happened, diagnose the problem accurately and be transparent. That is just one example of many, but that is how the problems should be resolved, particularly with respect to cybersecurity.

Madam Speaker, I want to thank my colleague for a very thoughtful speech. He was very good at pointing out some of the issues with this that we have heard from stakeholders. We have heard from privacy and civil liberties groups about the secrecy that could impair accountability, due process and public regulation.

The government orders issued under this bill may be made in secret without public reporting requirements, making it impossible for rights groups and the public to monitor and challenge how power is exercised under the bill. The secrecy of this could be very concerning.

I wonder if the member and the Bloc had any thoughts, once this goes to committee, about anything that could be added to improve the required balance between civil liberties and secrecy.

Madam Speaker, because it is the holiday season I will not slight the government for taking so long to bring legislation like this forward. We know that France and the U.K. are far ahead of us in terms of addressing cybersecurity issues. I will give credit to the minister for at least starting to move this process forward.

Our shared concern with the Bloc is that the minister is going to have these extra powers. We are disappointed that this legislation has come forward without ensuring that Canadians will not be unjustly examined or that this is not going to be applied to ordinary Canadians.

Maybe my colleague could speak about how important it is, when government brings forward legislation, that these things are presented in the initial piece of legislation, rather than assuming it will go to committee and get improved upon there. There should be some effort from the government to address these areas at the beginning.

Madam Speaker, I will simply say that I agree with my colleague.

Madam Speaker, it is a pleasure to rise today to speak to Bill C-26 on cybersecurity. I will be sharing my time today with the member for Edmonton Manning.

Canadians recognize that we need to do something in the area of cybersecurity. We have all experienced hackers. Myself, when I have bought something online, the next thing I know is my credit card is hacked and then all the pre-authorized transactions need to be changed. It is very time-consuming. I have been hacked numerous times on Facebook, as I am sure many have, as well as on Instagram and other places. Those are small examples that Canadians are seeing.

Let us think about the more serious cyber-hacking we are seeing, whereby government systems are hacked and breaches of information are happening. Businesses are experiencing this. I have a friend who is an anti-cyber hacker. For $2,500 a day, he goes around the world, helping companies that have been hacked to improve their protections.

Something needs to be done. I would like to talk today about what needs to be done, and then how the bill does or does not meet that need.

First, we have to identify what the critical systems are. What are the things we want to protect? If somebody hacks my Netflix account, it is not earth-shattering. However, there are things that are important, and I think everyone would agree that databases that protect our identity or have information about our identity are critical.

Financial institutions and people's financial information are critical. On our medical information, we have spent a lot of time on legislation and regulations on protecting medical privacy. Those, to me, would be three of them, but certainly, the critical systems need to be identified.

We need to make sure there are adequate protections in place. Not every business and level of government has the same amount of protections and technology in place. There is a journey of defining what adequate protection is and helping people get there.

In the case of breaches and having them investigated and addressed, the bill gives very broad powers to the minister. It allows the federal government to secretly order telecom providers to “do anything or refrain from doing anything...necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.”

Those three terms are not well defined, so I think there is some work to be done to define those better, but I do not really believe we want to give the government power to do anything it wants. Certainly, shutting down a system for protection is important when there is an actual threat and not just a potential future threat or a possible threat. In the case of a threat, the government needs the ability to act, but certainly we have to tighten up the language in the bill on that.

After there has been a breach, there needs to be preventive and corrective action. Preventive action would be additional technology walls or additional controls that are put in place to ensure that we have enhanced protection in the future. Corrective action is fixing the holes that people got into in the first place and punishing the hackers. It does not seem like any of that is happening today. The bill does not address that, but there should be some measures there to take corrective action.

I talked about the overarching powers and my concern with them. We cannot have the government continually coming up with bills in which it has not really defined what it is going to do but it tells us not to worry about it because the Governor in Council, after the fact and without any parliamentary oversight, will determine what we are going to do.

The Governor in Council means the Liberal cabinet ministers. I think we are at a place where people have lost trust in the government because there is no transparency. The bill allows the government to make orders in secret, without telling people what is done. The public cannot see it and is suspicious, because people have seen numerous examples of the government hiding things.

We have just come through a $19-million emergency measures act situation in which the Liberal cabinet ministers and the Prime Minister knew they were never going to disclose the documents that would prove or disprove whether they met the threshold, because they were going to hide behind solicitor-client privilege.

They have done it before, hiding behind cabinet confidence, like on the Winnipeg lab issue. Look at the documents we tried to get hold of there. The Liberals even sued the Speaker in order to hide that information from Canadians.

In the SNC-Lavalin scandal, we saw them hiding behind cabinet confidence. In the WE Charity scandal, we saw them hiding behind cabinet confidence. I am a little concerned, then, to find that in this cybersecurity bill, the Liberals are saying the government can make secret orders that the public is not going to ever know about. I think that is very dangerous. This is one of the reasons we are seeing an erosion of trust in Canada.

A recent poll posted by The Canadian Press showed that if we look at the trust index in Canada, only 22% of Canadians trust the government or politicians. That means four out of five Canadians do not trust the government or politicians, and it is partly because of what has gone on before, when things have been done such as people's banks accounts frozen and drones surveilling citizens. People have lost trust, so I do not think they are going to be willing to give a blank cheque to the government to do whatever it wants for cybersecurity, to control enterprises outside the government to get them to stop operating, for example. The riverbanks need to be much tighter on that.

People are concerned about their civil liberties, and I know there has been a lot of conversation about the lack of privacy protection in this country. We have regulations like PIPA and PIPEDA. My doctor cannot reveal my medical information; my employer cannot reveal my medical information, but various levels of government in the pandemic made it so that every barmaid and restaurant owner could know my private medical information and keep a list of it, which is totally against the law. Therefore, when it comes to cybersecurity we are going to have to make sure the privacy of Canadians' information is better protected, and I do not see that element here in the bill—

I have a point of order from the hon. member for Timmins—James Bay.

Madam Speaker, it is important that we not use disinformation in the House. The member mentioned that restaurant waitresses were breaking the law by asking for vaccine information. That is a falsehood. Could the member correct that?