Debates of Sept. 26th, 2025

Madam Speaker, I would like to inform my colleague opposite that I was not in the last Parliament. I would have had a lot to say about the legislation if I had been.

The members on the other side and the deputy government House leader say they want the bill to go to committee so it can be made better. The bill already went to committee. Multiple experts from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, Ligue des droits et libertés, OpenMedia and the Privacy & Access Council of Canada were there. They gave their comments. They wrote an open letter, in which they said the legislation “lacks guardrails to constrain abuse”, that its “secrecy undermines accountability and due process” and that it “lacks justification”. It would not do what it says it would do.

If the Liberals want the bill to be made better in committee but it has already been there and they had all summer to improve it, why did they not effect the amendments the experts from civil society organizations asked for?

Madam Speaker, I appreciate the fact that the member was not in Parliament in the last session and does not remember that, after a long filibuster and grandstanding from the Conservatives, the Conservatives ended up voting for it. They sent it to the Senate. For very small amendments, the Senate sent it back to the House. We are able to introduce the legislation again under Bill C-8. The member opposite did not have the opportunity to be here, so he does not know there is a lot of hypocrisy when his colleagues grandstand and say they are not going to support it, and then they vote for it. Maybe he wants to have some conversations with his colleagues about that.

Madam Speaker, we in the Bloc Québécois already raised our concerns earlier regarding respect for provincial jurisdictions. That is a crucial point. Another important point is the protection of civil liberties.

I was reading the testimony of the Privacy Commissioner who spoke at length when we were studying Bill C-26 about the risks of confidential and personal information unintentionally ending up in the hands of the government as a result of the bill's implementation.

My question for my colleague is this. To what extent will the Liberals take these concerns into account to ensure that information obtained for a legitimate purpose is not used by other federal government departments and agencies?

Madam Speaker, my colleague was asked the same question earlier, and I will give the same answer. We have already consulted the provinces, and we will continue to consult them.

If my colleague wants to propose amendments, then he understand how important it is to send the bill to committee as soon as possible so that we can discuss it.

Madam Speaker, NSICOP did a study of this, before my time on it. Specifically, it had a number of findings. One of them was that there is inconsistency in the Treasury Board and Shared Services Canada with respect to cyber-defence across all government and federal departments and agencies, including Crown corporations.

Can the deputy House leader confirm that Bill C-8, or that the government writ large, would provide the necessary resources to all these Crown corporations and smaller departments and agencies to uphold these policies, and would Bill C-8 direct every single one of these departments to make sure the processes and tools are in place to protect our government networks right across the country?

Madam Speaker, I think I talked about that in my speech, that we want to be able to provide operators the tools they need to be able to secure the networks for Canadians. I talked about the importance, especially in 2025, of making sure we do this in a timely manner.

Perhaps the member can talk to his colleagues about why they want to grandstand in this debate when we are just asking that the bill go to committee so that we can talk about it more. The members can add amendments as necessary, and then we can move along. If this is really important to Canadians, and I am sure the member opposite heard this at the doors, and I am sure this is really important to him as well, why can we not send this to committee to be—

Questions and comments, the hon. parliamentary secretary.

Madam Speaker, I was not a member of Parliament when this bill was debated before, but I am here now. It is 2025, and this issue is of the utmost importance for our economy and our country. I would like to ask my colleague to talk about how urgent it is that we begin studying this bill in committee.

Madam Speaker, I would like to invite my colleague to join this very important discussion. It was important during the last Parliament, and it is even more important in 2025. It is important for small businesses in his community and in my community. It is important for our hospitals and our systems. It is important that we send the bill to committee and pass it.

Madam Speaker, I am pleased to rise and speak to Bill C-8 today. For those watching at home, in the previous Parliament, Bill C-8 was Bill C-26.

I was pleased to sit on the public safety and national security committee, which went over that bill. I want to provide a quick overview, because part of the debate we are having in the House today is about why we are discussing the legislation again when it was discussed and advanced, pretty much to the finish line, in the last Parliament.

Bill C-26 went through committee. There were numerous amendments made by all parties. It came out and went to the Senate. The government asked the House of Commons to fast-track a different bill on foreign interference. In the government's own incompetence, it did not seem to realize that its foreign interference bill contained provisions that nullified the entire second part of Bill C-26. The Senate actually identified this problem. This caused such a delay to the bill that when the Liberal government decided to prorogue Parliament, despite the fact that it had not tested the confidence of the House, it actually resulted in the legislation being killed.

The government has been saying, “The dog ate my homework.” The fact is that the Liberal government was the one that killed the legislation in the last Parliament. That is the reason we are back here today.

Cybersecurity is an issue of critical importance. Cybersecurity has an impact on all aspects of our life. More and more of our daily life is being spent online, and we are becoming dependent on services and infrastructure that are vulnerable to cybersecurity threats. The threats posed by malicious actors are touching every aspect of society. They are touching industry, hospitals, pipelines and individual households.

As we know, with the government's implementation of soft-on-crime bail policies, criminals will always follow the path of least resistance. It is no different in the cybersecurity environment. When a country has poor cybersecurity legislation, it makes itself a target for these malicious actors and encourages that behaviour.

The Liberal government originally introduced Bill C-26 in June 2022, over three years ago. We only started to study the bill two years after it was introduced. We heard repeatedly from the Liberals that cybersecurity has been a high priority and that this is critically important legislation, but here we are, three years later, in an entirely new Parliament, going over the same legislation again.

These delays could have been prevented, but the Liberal government failed. It is unfortunate because we have heard repeatedly that Canada's cybersecurity has been neglected and remains a vulnerable and soft target.

The bill proposes to give sweeping powers to the government, and Conservatives believe that we cannot give the government a blank cheque. We need to study the legislation to ensure that we are creating effective mechanisms for combatting cybercrime without creating unnecessary red tape, bureaucracy or charter rights implications.

The bill has two key objectives. First, it seeks to amend the Telecommunications Act, to give the government the power to secure the telecommunications systems. Basically, the government would have the power to tell the telecommunications companies and others to do things or to not do things, such as removing equipment provided by a hostile foreign power that is being used in our telecommunications systems.

Second, it seeks to create the critical cyber systems protection act; in theory, this would allow the government to impose cybersecurity requirements on federally regulated industries. These industries could include the energy sector, pipelines, nuclear plants, the financial sector, banks, the health sector and other areas.

I believe there are some positive steps towards enhancing public safety in the bill. It is important for Conservatives to point out that there are some serious weaknesses that remain in Canada's cybersecurity posture. In fact, we are the last G7 country without a robust regulatory framework for cybersecurity.

Last summer, the Auditor General released a damning report on the government's capacity to combat cybercrime. I am going to quote her conclusions, because they were scathing:

...the Royal Canadian Mounted Police (RCMP), Communications Security Establishment Canada, and the Canadian Radio-television and Telecommunications Commission (CRTC) did not have the capacity and tools to effectively enforce laws intended to protect Canadians from cyberattacks and address the growing volume and sophistication of cybercrime. We found breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime.

This raises an important point. We can have all of the laws we want that say all the right things, and we do have some laws on cybersecurity, but it is clear from the Auditor General's report that the government has not invested in the capacity, the resources or the tools to implement the current cybersecurity laws that we have. We need to be assured that, by bringing the legislation forward, the government is not only planning to grant itself these powers but also giving law enforcement the capability to do something with these powers. That is something that it has not really done.

The trend continues to worsen. The Canadian Anti-Fraud Centre projects that losses from cybercrime will surpass over $1 billion annually by 2028. There are actual insurance products being created to protect people from cybercrime. That is not just money being lost to fraud. That is broken lives and ongoing mental health challenges that are devastating our citizens.

We know that coordinated and strategic attacks on our national infrastructure by criminals or foreign adversaries have wreaked havoc, and will continue to wreak havoc, on our society. A cyber-attack on our power grid in the middle of winter would be devastating to hospitals with vulnerable patients or to pipeline infrastructure. Canada has already faced concentrated cyber-attacks against its telecommunication companies since at least 2021, with the Communications Security Establishment saying that it is aware of malicious cyber-activities from People's Republic of China state-sponsored actors.

Canada and our allies have already been the target of cyber-attacks carried out by hostile state-sponsored or aligned groups. In fact, the RCMP, FINTRAC and Global Affairs Canada, just to mention a few, have all been previously breached by cyber-attackers. The seriousness posed by these attacks on our nation's most sensitive information cannot be understated. We need to know that the government is taking action to secure its own systems, not just telling the private sector that it has to secure its systems.

We know that the private sector is taking proactive measures to invest in cyber-defence. With hundreds of thousands of cyber-attacks, and that is not hyperbole, targeting Canada in the first six months of 2025, they have been forced to step up and the government has not.

I hear from constituents on a regular basis that they are concerned that the government's own cybersecurity measures are not up to snuff, particularly in regard to the Canada Revenue Agency. As malicious criminals become more sophisticated, Canadians need to know that their data is being stored in a safe and secure way. Therefore, it is common sense that the Liberal government should hold itself to the same standards that it is holding the private sector to in the legislation.

Bill C-26 was introduced way back in June 2022. This was in the wake of the government's decision to finally, after tremendous political pressure, ban ZTE and Huawei from the Canadian 5G networks. This was long after decisive action had already been taken by all of our Five Eyes partners.

I am pleased to say that I think Bill C-26 left committee in better condition than when it went in, but we have heard from many witnesses who are concerned about the over-centralization of powers that this is giving to cabinet ministers. There is also concern that the bill in its current form gives the government excess executive authority without full proper oversight and guardrails. In Bill C-8, the government has continued to take a “trust us” approach to legislating Canada's cybersecurity, which is alarming to the many Canadians who are concerned that the government may overreach.

Conservatives believe that trust needs to be earned. As a great Conservative politician once said, “Trust, but verify”. Considering the Liberal government's habit of limiting free speech in bills like Bill C-11 and Bill C-18 in the last Parliament, and the illegal use of the Emergencies Act, I believe that many of these concerns are valid and should be addressed. Conservatives need to be able to study the bill, so we can provide amendments and listen to further witness testimony to ensure that accountability and oversight mechanisms are effective and that they are improved.

Another area of concern that was flagged by witnesses was the absence of a special national security-cleared lawyer to act on an applicant's behalf during a judicial review. This is actually a standard practice in other areas of national security when sensitive information is brought forward. Therefore, we find this omission questionable.

Basically, to explain that, part of the provision of the bill is to allow the government to conduct court hearings in secret. When we are dealing with top secret or sensitive information, we can see that there is a justification for that. We need to ensure that anyone who is caught up in that is getting the appropriate legal representation. That is a critically important factor.

Conservatives want to ensure transparency and accountability. We need strong oversight measures, clear retention limits and restrictions on how data can be collected, used and shared, especially with our foreign intelligence partners. We need to define “personal information”. The bill clearly fails to define what personal information is, which leaves the privacy of Canadians vulnerable. We need to ensure that the government is not allowed to keep these orders secret indefinitely without just cause, and we need to ensure there is no overreach of the powers it is giving itself.

Conservatives want to ensure there are appropriate consultations with and involvement of the Privacy Commissioner, the Intelligence Commissioner and other stakeholders in civil society in improving this legislation. We need independent oversight to ensure strong judicial oversight in accessing personal information. We need strong privacy safeguards to ensure that incident reports involving personal information are shared with the Privacy Commissioner. We need limitations so this data is only used in cases of cybersecurity. We need transparency requirements to mandate the disclosure of the secret orders after a reasonable period and consequences for failing to table those reports.

In summary, given the growing geopolitical tensions around the world, we cannot afford to be naive on matters of cybersecurity. We have sensitive research being conducted at our universities. We need to assert our sovereignty in the Arctic. Canada is a target for hostile powers wanting to undermine our country's national interests and go after our citizens.

We know that hostile states like North Korea, China, Russia and Iran have demonstrated the ability to hack into our critical infrastructure and will continue to take hostile action unless we take decisive steps to improve our cyber-defences. While this bill would be a step in securing our telecommunications systems and other federally regulated industries, it is not all-encompassing and there are some gaps. As Canadian society moves increasingly into a digital space, the government needs to remain vigilant and take proactive steps to ensure we are keeping up, because this landscape is always changing.

In conclusion, our Conservative team is looking forward to seeing this bill come back to committee, where we can propose meaningful amendments and listen to key witnesses and the concerns of Canadians so that they are addressed.

While this legislation is important, we need to ensure that we are not giving the government a blank cheque. We need to ensure that the government is held accountable so the powers it would be giving itself would only be used in a justified and proportionate manner.

It being 2:30 p.m., the House stands adjourned until Wednesday, October 1, at 2 p.m. pursuant to Standing Orders 28(1) and 24(1).

(The House adjourned at 2:30 p.m.)