House of Commons Hansard #172 of the 44th Parliament, 1st Session. (The original version is on Parliament's site.) The word of the day was cybersecurity.

Topics

Telecommunications ActGovernment Orders

5:15 p.m.

Liberal

Jenica Atwin Liberal Fredericton, NB

Madam Speaker, it speaks to the concept that we need to modernize a lot of our legislation. We need to modernize a lot of our approaches and processes. As I said about not knowing what we do not know, things are happening so fast at this point that we need to protect those who are most vulnerable. We need to protect the generations to come.

There are a lot of unknowns right now, and legislation like this allows us to bring in those experts, have those conversations and ensure we are getting ahead of these things and being proactive.

Telecommunications ActGovernment Orders

5:15 p.m.

Conservative

Tracy Gray Conservative Kelowna—Lake Country, BC

Madam Speaker, it is an honour to speak today in the House on Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts.

With every passing year, Canadians are increasingly moving their lives online. They communicate with loved ones through email, messaging, photo sharing, video calls and more. They can order their entire grocery orders, rent cars for the weekend and book appointments with a click in an app.

As more and more Canadians choose to put more of their lives online, it falls to us, as members of Parliament, to ensure our cybersecurity laws are as protective of their personal and private information as possible.

The next generation of Canadians are increasingly building their professional and personal lives online. At the same time, they face mounting threats from foreign actors, ranging from scammers to state actors. These actors have shown they would use any tactic, from identity theft to cyber-attacks, to exploit Canadians and attack our institutions.

That is why the legislation we have before us today is essential, and why getting it right the first time is even more important. In particular, it must protect our online information while not crushing our small business start-ups under mountains of red tape.

On this side of the House, my Conservative colleagues and I believe that, as currently constructed, Bill C-26 fails to account for the welfare of small business start-ups by adding more red tape and placing burdensome costs on our homegrown technology sector. As constructed, this bill would directly affect start-ups by adding further bureaucracy that would drive up their starting costs. It would overburden with regulation the small telecommunications providers, the companies that provide our families and businesses with access to a global market online.

Wrapping them in red tape could risk our access to competing on the world stage. The Liberal government has already made it hard enough for start-ups, and the Liberal record on small business has been one committed to mazes of bureaucracy, punitive fines and penalties, and rising inflation. A Liberal economy of high tax and wasteful spending has already made it hard enough for start-ups.

Through the overarching premise of this cybersecurity bill, we know that it is needed. We absolutely need to update our cybersecurity laws, while at the same time we cannot allow Bill C-26 to add unnecessary burdens to business, especially small businesses.

I am particularly concerned about how this bill's regulations would also apply to businesses “irrespective of their cyber security maturity”, implying that providers who already have advanced electronic protection measures would still have to comply with the new regulations of the bill. This means that businesses could not continue using their current, possibly more robust, cybersecurity systems. Instead, they would have to disregard their current cybersecurity measures and replace them with the newly proposed government model.

Even Canadian businesses that have already worked hard to protect their customer security at accepted global standards would still incur more cost despite their robust electronic security measures. They would need to invest in government-regulated security measures, incurring costs such as inspection, extra time, installation and further training. They may have to completely overturn their superior standards for the government's preference.

The thing is, we do not know what the regulations would be or how they would affect businesses, because the actual regulations have not been developed. That is how the government does a lot of its bills. There are great titles, with few details. We are expected to just trust the Liberals to figure it all out later, behind closed doors, with no opportunity to study them at committee with expert witnesses.

Imagine if this regulatory framework were applied to any other business. Suppose we were regulating changes in the banking security industry. We would require that every Canadian bank and credit union tear its building down to the ground, brick by brick, and then rebuild itself from scratch. That really does not make sense.

Now is the time when we should be encouraging competition and bringing in more telecommunications companies. We know Canada has some of the highest telecommunications costs in the world. As more and more Canadians move their lives online, whether for banking, social media or work, adding more tape in this bill, as mentioned, would make this transition far more difficult. Costs never remain in the businesses' ledgers forever; they are inevitably always passed on to the consumer.

As a government, we should encourage the next generation of Canadian entrepreneurs who are innovating.

I will mention, as a sidebar, that I was formerly on the industry committee and we did a quantum computing study, which was, frankly, terrifying. It was about how Canada could be exposed to bad actors, which could affect every part of our online lives. As these technological advances develop, we have to be aware of risks and be able to stay ahead of technology.

These enterprises, businesses and telecommunications providers do not need more red tape; they need a stable market without uncompetitive government interference. We know very well how easy it can be for the government to build regulations that only the largest providers of an industry can shoulder. Without attention to scale, a single fault of noncompliance could instantly wipe out a smaller company. The legislation would allow ministers and bureaucrats to levy fines as high as $15 million without special consideration, such as the size of a company's user base.

Nonspecific details like that are music to the ears of our largest telecommunications providers. Monopolization of our telecommunications sector is something Canadians are already concerned about. We must always proceed cautiously, so as not to turn away innovation and new businesses entering the market, which creates healthy competition. For example, these fines could also be enacted under the vague term of “protecting a critical cyber system”. This vague terminology can leave a lot of leeway for government ministers to injure Canadian businesses with rampant fines.

There is already a shortage of online and electronic security professionals in Canada. According to the Business Council of Canada, an estimated 25,000 personnel are needed in the cybersecurity industry. Instead of dissuading these crucial professionals from joining this industry and helping keep Canada safe from domestic and foreign cyber-threats, let us provide a better framework and encourage them to build new businesses in this essential industry. Let us not scare them off with red tape and penalties.

As members can see, the legislation proposed for Bill C-26 has some significant concerns that require amendments at committee. Regulations being made with a lack of transparency behind closed doors, after the bill passes, is a concern. Conservatives will be looking to make amendments to the bill at committee as we hear from experts.

As I mentioned earlier, my Conservative colleagues and I encourage and support new, updated and secure cybersecurity measures being put in place, especially as more and more Canadians move their lives online. However, by placing more and more red tape on small and start-up businesses and providers that have already been in the industry for years, the bill would effectively dissuade businesses from entering this market and providing more services for Canadians. Large and mature businesses can handle the related costs of Bill C-26, but the associated expenses could crush small businesses.

I have worked, for much of my career, around various regulated industries and have seen, all too often, red tape and regulations making it too hard for small businesses to even start or to stay afloat without being acquired by larger firms, as small companies just cannot keep up with the regulatory compliance.

Cybersecurity threats affect all our communities. In January, an international ransomware group claimed responsibility for an Okanagan College cyber-attack in my region. Let us keep Canada safe by building clear online security measures that would encourage start-up professionals and businesses to help build up our cybersecurity infrastructure to a world-class standard. We will not accomplish this goal if we continue to add burdensome fines, penalties and red tape.

Telecommunications ActGovernment Orders

5:25 p.m.

Liberal

Jenica Atwin Liberal Fredericton, NB

Madam Speaker, I certainly hear my hon. colleague's support for small businesses and the concerns she is raising, but I come at this from a different standpoint where I feel there are protections here for small businesses. The bill is designed to protect them from unnecessary losses when they happen to be attacked or be subjected to ransomware.

Is there a balance here, where this is also about supporting them by preventing those losses?

Telecommunications ActGovernment Orders

5:25 p.m.

Conservative

Tracy Gray Conservative Kelowna—Lake Country, BC

Madam Speaker, I think a part of the piece of legislation is that we really do not have the details, and that is part of the concern, so I am hoping that, if it goes forward to committee, some of that could be worked out, because that is part of the concern right now.

We have the topic and we know what the overarching desire is and what the fines may be, but we do not actually know what all of the regulations would be, and that does raise a lot of concerns, especially for small businesses that do not really know at this point what the bill would mean for them. Hopefully that will come out at committee and there will be more information added, potentially as amendments to the bill.

Telecommunications ActGovernment Orders

5:25 p.m.

Conservative

Tako Van Popta Conservative Langley—Aldergrove, BC

Madam Speaker, I appreciate my colleague's comments, particularly about not wanting to add more bureaucracy and more red tape to small and medium-sized enterprises, especially small start-ups. I am looking at a study from the public safety committee about Canada's security posture in relation to Russia. I will just read one of the committee's recommendations. Recommendation number 4 states:

That the Government of Canada instruct the Communications Security Establishment to broaden the tools used to educate small- and medium-sized enterprises about the need to adopt cyber security standards.

Therefore, it is about making education tools available versus adding more red tape. I would like my colleague's comments on that.

Telecommunications ActGovernment Orders

5:25 p.m.

Conservative

Tracy Gray Conservative Kelowna—Lake Country, BC

Madam Speaker, I appreciate the great question from my colleague. That is a great recommendation, and I will just give a very specific example. One of the roles that I have had in my career was the privilege of being on the board of one of the largest credit unions in Canada for 10 years. We underwent extensive training and cybersecurity was one of the topics that we had to do.

I was able to take some of that training and bring it into my small business that I had at the time. I remember thinking that I wished a lot of other small business owners could be going through the extensive training that I just went through. That is a great approach and something that we should definitely work on.

Telecommunications ActGovernment Orders

5:25 p.m.

Bloc

Luc Thériault Bloc Montcalm, QC

Madam Speaker, clause 13 of Bill C-26 essentially allows the government to take new measures to protect critical cyber systems by order in council. That gives it a lot of flexibility. There is more flexibility there than in the legislative process.

Does my colleague think that the bill should be amended in committee so that we can be certain the government will be accountable to Parliament?

Telecommunications ActGovernment Orders

5:25 p.m.

Conservative

Tracy Gray Conservative Kelowna—Lake Country, BC

Madam Speaker, that is certainly something committee members could ask the expert witnesses when they are there at committee. Maybe they could delve into that more to see what those issues are and what the opportunities might potentially be for amendments. That is one of the things that could be looked at in the committee. Certainly the committee members there could ask those questions for the witnesses.

Telecommunications ActGovernment Orders

5:25 p.m.

NDP

Lori Idlout NDP Nunavut, NU

Uqaqtittiji, this bill would create tools for governments to support Canadian business and organizations in securing their networks and protecting personal and private information. I wonder if the member could share her thoughts on how this bill could better ensure that businesses are better protected.

Telecommunications ActGovernment Orders

5:25 p.m.

Conservative

Tracy Gray Conservative Kelowna—Lake Country, BC

Madam Speaker, that is one of the parts of the bill that philosophically sounds like a great thing that the bill could work on, but again, we do not have any details. It is a great objective, but we do not really have any strategies or any other information, so that is something that definitely could be asked at the committee as well.

Telecommunications ActGovernment Orders

5:30 p.m.

Conservative

Philip Lawrence Conservative Northumberland—Peterborough South, ON

Madam Speaker, while sitting through this debate, I observed that it has been one of the highest in quality since I have been in the House. It has been a substantive discussion of a very important issue. I am proud today, as I always am, to be a member of Parliament and to be sitting in the House of Commons.

Today, we are speaking to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. More broadly, it is a cybersecurity issue.

From the debate and other academic discussions, we can all agree that this is an area of substantial importance where legislation is required. In fact, it is one of my frustrations, which I think is shared by many Canadians, that this government is not agile enough in responding to a world that is quickly changing. We need to be more agile as a legislature, as the government, to reflect the changes that are going on.

We have had a little bit of talk about important changes, such as artificial intelligence, and the exponential speed in which it is changing is unbelievable. Any type of quick Google search will tell us, from many academics, about the great part artificial intelligence can serve in doing much of the hard work that human beings are now doing. However, those observers also say that its ability to do malicious work is equal, which is obviously very challenging. We see these threats, and as we go forward and see more and more powerful artificial intelligence and computing power, the potential for those threats is growing.

We have certainly seen our share, for lack of a better term, of run-of-the-mill cybersecurity threats just in the last couple of years. I was serving as the shadow minister for national revenue when there were substantial CRA breaches of confidential information. One such breach did not actually transmit any information, but it forced the CRA to shut down its entire system, which shut out over 800,000 people from their My Account or log-in system right around tax filing season, which was obviously a tremendous concern for Canadians who were attempting to file their taxes.

The unfortunate reality, as it stands today, is that we are vulnerable to cybersecurity attacks. My colleague for Kildonan—St. Paul spoke recently about a conversation she had with cybersecurity experts from the minister's department just last year. They warned her about the incredible implications of an attack on our critical infrastructure, such as our electrical infrastructure or pipeline technology.

Of course, it is no surprise to many, but maybe to some of my colleagues from British Columba, that we are in a cold country. We can imagine what the impact could be. Our heating infrastructure, our electrical grid and our ability to get natural gas out to some of the coldest places in the world could literally be a matter of life and death. Members can imagine, for example, a cyber attack on one of our nuclear facilities and what that could potentially mean. All this is to highlight in the House today the significance and importance of cybersecurity legislation.

Another example, which I believe has been discussed and debated but I think deserves highlighting again, was in Newfoundland in October 2020 when cybersecurity hackers stole personal information from health care workers and patients in all four regions, as well as social insurance numbers of over 2,500 patients. This is deeply personal information, and as our information increasingly goes on that magical cloud both in the public and private sector, it is increasingly important that we put the appropriate measures to cybersecurity.

As I said, the spirit of the legislation before us is absolutely right. The intent, I believe, is also right. The timing is a little slow, but we need to get it in place.

The member for Winnipeg North did comment on the need for expediency, and I agree with him in one sense. We need cybersecurity legislation, new cybersecurity legislation, in place yesterday. Unfortunately, they brought this legislation in, and it is not complete. There are a series of regulations that we do not know.

This is our job, and I am honestly not trying to be partisan. Instead, this is a substantive criticism that it would have expedited this legislation if they had brought forward the legislation completely baked to show us the regulations and what they want to do.

Of course, I would feel this way about any government as a Canadian citizen. If we are going to grant them wide swaths of power, and maybe even necessarily, we just want to know what exactly those powers are. Do not do as Nancy Pelosi famously said, as the Speaker of the House of Representatives, to pass the bill and then read the bill.

Let us read it first and understand it because, quite frankly, I think the conversation in the House has been at a very high calibre and the more information one can feed us, the more information we can digest to do our job for Canadian citizens by improving the legislation, especially in matters of, as the member from the Liberal Party rightfully said, not just cybersecurity but also national security. We really, in all candour and all honesty, want to do our due diligence here.

As I said, part one of the act:

amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything

This is obviously a very broad power, and that is what we need to look at and work on at committee. Like I said, this legislation, if fully baked, would have meant less work at committee. It would have meant, perhaps, carrying forward with the debate quicker, but as we are left with many questions, those questions deserve to be answered here in the people's House.

The legislation continues:

Part 2 enacts the Critical Cyber Systems Protection Act to provide a framework for the protection of the critical cyber systems of services and systems that are vital to national security or public safety and that are delivered or operated as part of a work, undertaking or business that is within the legislative authority of Parliament. It also, among other things,

(a) authorizes the Governor in Council to designate any service or system as a vital service or vital system;

(b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system;

(c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions;

(d) provides for the exchange of information between relevant parties; and

(e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance.

I hope that I have highlighted the fact that this is an important piece of information and that there are gaps within the information, so my substantive ask would be for the government to publish some of those regulations, so that we can review them, perhaps even before committee, and come to it in a spirit of collaboration and discussion. This is a matter of national security.

Perhaps, as I am getting a little bit less young these days, I get a little bit more skeptical. I would love to see some accountability mechanisms where the minister reports back to Parliament or otherwise because the question with the government is always who will watch the watcher.

We have seen that all governments are not infallible and each can commit its own share of foibles, errors and mistakes, unintentional or intentional, so I would love to see some greater accountability come committee.

Telecommunications ActGovernment Orders

5:40 p.m.

Liberal

Jenica Atwin Liberal Fredericton, NB

Mr. Speaker, I would agree that this is a very high-level discussion we have been having this afternoon. I think that it has been well placed.

He mentioned the possible impacts of, say, a nuclear facility being attacked. It got me thinking about the military capabilities of Canada. My riding of Fredericton is home to CFB Gagetown, very proudly so. We are also home to the Canadian Institute for Cybersecurity, as I mentioned previously in my speech.

I am wondering if he could comment more generally on this expanding role and the necessity to have cybersecurity education and professionals in our Canadian military.

Telecommunications ActGovernment Orders

5:40 p.m.

Conservative

Philip Lawrence Conservative Northumberland—Peterborough South, ON

Mr. Speaker, the short answer is that I agree. The longer answer is that I agree with the comment the member made earlier with respect to modernization. We need to modernize our view on security. The world changed dramatically a year and a half ago, and it continues to change. We need to be adept and agile, and quite frankly, willing to put the resources where they are needed for the future.

Telecommunications ActGovernment Orders

5:40 p.m.

Bloc

Luc Desilets Bloc Rivière-des-Mille-Îles, QC

Mr. Speaker, my colleague knows that TikTok has been banned from all government devices.

My question is simple. Does my colleague believe that Beijing is using this platform to engage in political interference?

Telecommunications ActGovernment Orders

5:40 p.m.

Conservative

Philip Lawrence Conservative Northumberland—Peterborough South, ON

Mr. Speaker, I agree with the government's recommendation or policy to remove TikTok from all government devices. I believe the CEO of TikTok is testifying in front of U.S. Congress today, so we will see what comes from that. I would agree with him that we need to be on guard against foreign interference in all forms.

Telecommunications ActGovernment Orders

5:40 p.m.

NDP

Niki Ashton NDP Churchill—Keewatinook Aski, MB

Mr. Speaker, I acknowledge that today we are having a serious debate about cybersecurity and amendments to the Telecommunications Act.

What strikes me is that as we discuss this issue in Parliament, there is an immense disconnect. Many communities here in our own country have barely any access to the Internet and the wired world that so many of us take for granted.

I am thinking particularly of first nations in my constituency, 11 of which announced a regional state of emergency today. The threat they face is not from the outside; it is from within. It is the threat of drugs, as well as the threat of federal neglect through the housing crisis and the public safety crisis. It is truly an unbelievable set of crises that they are facing in one of the wealthiest countries in the world. As their member of Parliament, I certainly share the concern that Canada is not taking the reality of first nations seriously in this country. There is a disconnect they are facing.

The big question is: What will it take for the Government of Canada to act and deal with the real threats that first nations, particularly the most marginalized here in our country, are facing right now?

Telecommunications ActGovernment Orders

5:40 p.m.

Conservative

Philip Lawrence Conservative Northumberland—Peterborough South, ON

Mr. Speaker, I thank the member for bringing forward this important area of discussion with respect to this debate. It always merits taking time on the floor of the House of Commons to discuss these issues.

Unfortunately, my time is very brief. I believe that any child, born on or off reserve, deserves an equal opportunity to be successful in this country. It is my commitment to do that. I have the great privilege of having two first nations within the constituency of Northumberland—Peterborough South, and I am very proud to represent them here in the House of Commons.

Telecommunications ActGovernment Orders

5:40 p.m.

Conservative

Gerald Soroka Conservative Yellowhead, AB

Mr. Speaker, my biggest concern with the legislation, as the member brought up, is about the overreaching powers the government is giving itself. We do not know much about what it will be doing with that power or how it can implement that.

Can the member give his opinion on how overreaching these powers are?

Telecommunications ActGovernment Orders

5:45 p.m.

Conservative

Philip Lawrence Conservative Northumberland—Peterborough South, ON

Mr. Speaker, there are a series of provisions talking about frameworks and giving the government powers to put itself within the private sectors to direct them without providing specific delineation of how that would happen. Like I said, it is difficult to get this type of legislation through in expedient ways without the government fully explaining what it wants to accomplish in this legislation.

Telecommunications ActGovernment Orders

5:45 p.m.

Conservative

Jeremy Patzer Conservative Cypress Hills—Grasslands, SK

Mr. Speaker, it is always an honour and a privilege to rise in this place, and it is nice to join the debate on the topic at hand.

When we talk about cybersecurity, there are so many different factors that go into it. I recognize that the bill before us largely has to do with telecommunications companies, bigger companies, and perhaps with government institutions as a whole. However, as we are having this conversation, we need to recognize and address the fact that the risk presented through cybersecurity extends much beyond that. With the current generation of kids being raised, kids are heavily involved in using cellphones, video game systems and computer consoles, for example, and are curious by nature. They are more at risk of clicking on a link that they do not know or realize is harmful. We know that is quite often how a lot of bad actors exploit weaknesses in computer systems in businesses or in homes. It is important to have that context out there early as we start the debate on this bill.

I want to get into a few specific parts of the bill at the start. First, it proposes to amend the Telecommunications Act to make sure the security of our Canadian telecommunications system is an official objective of our public policy, which is not a bad idea in and of itself. Second, it would create a new critical cyber systems protection act. The stated goal is to have a framework in place that would allow for better protection of critical cyber-services and cyber systems, which impact national security and public safety.

Some of the proposals include the designation of services or systems deemed to be “vital” for the purposes of this new act, along with designating classes of operators for these services or systems. The designated operators in question could be required to perform certain duties or activities, including the implementation of security programs, the mitigation of risks, reporting security incidents and complying with cybersecurity directions. Most significantly, Bill C-26 would authorize the enforcement of these measures through financial penalties or even imprisonment.

Anybody hearing these few examples listed in the preamble probably thinks this sounds like common sense, and I would generally agree with them. However, there is a problem, especially with the last one, which has to do with directions, because it is quite vague. These points should raise some obvious questions. How are we defining each of them? What are the limits and the accountability for using these new powers? It is fair to have these general concerns when we consider any government, but Canadians have reason to be especially wary with the one currently in power based on the Liberal record itself.

Unfortunately, the most recent and disturbing revelations related to foreign interference in two federal elections, which allegedly included working with an elected official, are not the only things we need to talk about. Here is another example. For a number of years, the Conservatives were demanding that the Liberals ban Huawei from our cellular networks. Despite all the warnings and security concerns, they delayed the decision and left us out of step with our closest partners in the Five Eyes. We had been calling it out for years before they finally decided to make the right decision thanks to pressure from Canadians, experts, our allies and the official opposition.

It was not very long ago, almost a year, when the announcement to ban Huawei came along. As much as it was the right decision, it should have been made much sooner. To say that is not a complaint about some missed opportunity in the past. The delay caused real problems with upfront costs for our telcos, and it created extra uncertainty for consumers.

Prior to becoming a member of Parliament, I worked for a telecommunications company in Saskatchewan. When we look at how big and vast our country is, we start thinking about how much equipment is required for one single telecommunications provider in one province, like SaskTel, the company I worked for. We can think about how much equipment it would have ordered or pre-ordered and potentially would have had to replace based on the government taking so long to make up its mind on whether or not to ban Huawei. If we look at some of the bigger companies out there, it is the same thing. There are the upfront costs they would have had to incur, and then the new costs if they had to replace all their equipment on top of that. This was simply because the government dragged its feet on such a big decision.

We have learned a lot of other things about foreign interference since then that need to be properly addressed and independently investigated. We need a public inquiry, at the very least, into some of these issues. However, once again, the Liberals are refusing to do the right thing for as long as they possibly can. It is clearer than ever before that we need to get a lot more serious about our cybersecurity, because what we are really talking about is our national security as a whole. These two things are closely intertwined, and having this conversation is long overdue.

We are happy to see the issue get more of the attention it deserves. Canadians have a lot of questions and concerns about it that should not be ignored. That is why it is a priority for Conservatives on our side of the House, and we are not going to let it go.

While we work to carefully review Bill C-26 in this place, we want to make sure that it will be effective and accomplish what it is supposed to do. It needs to protect Canadians living in a digital world. At the same time, it should not create any new openings for government to interfere with people's lives or abuse power.

After all, we are waiting for Bill C-11 to return to the House with all the problems it has, including the risk of online censorship. The problem is that whether it is about Huawei or the latest scandal about foreign interference, the Liberal government has failed to act, and it has undermined trust in our institutions. Therefore, it is hard to take it seriously when a bill like this one comes forward. The government's failure in this area is even more frustrating because we should all agree that there is a real need to strengthen cybersecurity. That is what experts and stakeholders have been telling us over many years. Canadians have had to wait for far too long for the government to bring something forward.

Make no mistake: This bill is flawed, and it will require more work to make sure that we get it right. However, the fact that we are talking about the issue right now is a small and necessary step in the right direction.

There are a few points I would like to mention.

Part 1 of this bill will allow the federal government to compel service providers to remove all products provided by a specified person from its networks or facilities. First of all, that puts a lot of companies at risk of having adversarial agreements signed in the future. If I were a company trying to sign an agreement, I would be doing everything I could to make sure that someone is not going to put a clause in there that if the government forces its removal, there is going to be an extra fine levied on the company. The problem with this bill is that it exposes companies to having these bad contracts negotiated, signed and forced on them by bad actors.

Under the new critical cyber systems protection act, the minister would be able to direct and impose any number of things on a service provider without giving them compensation for complying with the orders. Earlier, I was talking about the upfront costs paid by telcos trying to advance their networks to provide the products and services that their clients and customers want and need, especially as the world moves forward in a more digital fashion. The government is going to force them to do something without any compensation or without the ability to have help dealing with these changes. I think this is something that needs to be reconsidered in this bill.

That leaves service providers in a position where they have to pay for complying with potentially arbitrary orders or face legal penalties, such as the ones I mentioned earlier: fines or even imprisonment.

Again, we do have a desperate need to improve our cybersecurity regime, but these problems show that the bill is poorly written. By seeking to implement personal liability for breaches of the act, it will incentivize skilled Canadian cybersecurity professionals to leave Canada to find jobs elsewhere. This phenomenon, commonly known as the brain drain, is emerging as a severe issue for our economy, in some part thanks to the policies of the government.

Thousands of skilled, highly employable Canadians move to the United States thanks to the larger market, higher salaries and lower taxes, while very few Americans move to Canada to do the same. This issue is bigger than just the cybersecurity sector. Thanks to this government, we are losing nurses, doctors and tech workers to the United States. All the while, professionals who immigrate to Canada are being denied the paperwork they need to work in the field they are trained for because of the ridiculous red tape that plagues our immigration. Given that we are already short 25,000 cybersecurity professionals in Canada, is it wise to keep incentivizing them to go to the States?

Another massive problem with this bill is that it opens the door for some extreme violations of individual privacy. It also expands the state's power to use a secret government order to bar individuals or companies from accessing essential services. While we must improve our framework against cybersecurity attacks, drastically expanding what cabinet can do outside the public eye is always a bad idea. Accountability to the people and Parliament has always been an essential part of how we are supposed to do things in Canada. It is, however, not surprising that the current government would advocate for more unaccountable power. After all, government members have been anything but transparent. They have hidden information from Canadians to protect their partisan interests.

Canadians deserve to know what the government is doing. We must always uphold the principle that everyone is innocent until proven guilty. Giving cabinet the right to secretly cut Canadians off from essential services could threaten to erode this fundamental right.

Telecommunications ActGovernment Orders

March 23rd, 2023 / 5:55 p.m.

Liberal

John McKay Liberal Scarborough—Guildwood, ON

Mr. Speaker, the hon. member seems to be concerned about the enforcement powers in this legislation. However, without those enforcement powers, it would be kind of a useless piece of legislation.

If I am sending an email to him to go over there, somehow or another, his entity may be the weak link. If, in fact, he is concerned about his piece of the infrastructure, the problem is: How would he propose changing that without some sort of significant power on the government's part to make sure that his piece of the cyber-infrastructure is not the weak link in the entire system?

Telecommunications ActGovernment Orders

5:55 p.m.

Conservative

Jeremy Patzer Conservative Cypress Hills—Grasslands, SK

Mr. Speaker, we need the government to talk to businesses, to be transparent in the process, to work with industry and to make sure there is a good process of approval so that equipment or the companies people are buying from are not already compromised. Let us work with them to make sure they know there are good actors out there that provide good equipment. There are many companies out there besides Huawei that provide good equipment. The government could work with those companies, rather than threatening them with fines and imprisonment, to make sure we have the proper equipment in our networks and make sure Canadians have not only the best services, but also the highest level of security they can possibly get.

Telecommunications ActGovernment Orders

5:55 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

Mr. Speaker, I sit on the national defence committee, and we are discussing a lot about cybersecurity, which relates to the debate today. Obviously, the armed forces are having quite a recruitment retention issue, but across the board we are seeing this with the labour shortage. One of the questions we were talking about regarding cybersecurity as it relates to national defence was around security clearances and what the government needs to do to attract people to the cybersecurity industry, potentially trying to ensure that people from outside Canada are attracted to this industry. Maybe the member of Parliament could address that a bit. I know it is a little outside our scope, but it certainly gets into how we start to address a lot of the problems we have been discussing all day.

Telecommunications ActGovernment Orders

5:55 p.m.

Conservative

Jeremy Patzer Conservative Cypress Hills—Grasslands, SK

Mr. Speaker, I thank the member for her question because it is an important one, whether in this debate or any other debate, that gets into credential recognition. Many other countries around the world are further along than us in prioritizing the digital environment.

There are lots of Asian countries and Pacific countries that are further along in their advancement of that, so if workers want to come to Canada, we should be working with them to make sure their credentials match up with the standards we have here in Canada, while removing red tape so we can get those people into jobs right away. Rather than having them come here and work in other jobs for a number of years without working in their professions, they should be able to come here and do the things they are able to do. We should have the credentialing system in place now so they can get the jobs they are here to do right off the bat.

Telecommunications ActGovernment Orders

5:55 p.m.

Conservative

Larry Maguire Conservative Brandon—Souris, MB

Mr. Speaker, earlier today, some of my colleagues, particularly the member for Scarborough—Guildwood, indicated the pillars involved in the bill. The member mentioned them as well in his presentation. There are so many different areas that need to be looking at the cybersecurity issues in Canada. As other colleagues indicated, some countries around the world are ahead of us in some of those areas.

I wonder if the member could expand a bit on that. I will give him an opportunity to look at the number of pillars that might be in place and the reasons he thinks it so important to deal with the cybersecurity issues that each one of those would have.