Debates of Sept. 26th, 2025

Madam Speaker, I am happy to see you in that chair.

I commend my colleague from Bourassa on his speech, which I enjoyed.

We all understand that cybersecurity is a 21st-century topic that does not just affect Quebec City, Quebec and Canada. The entire planet is subject to cyber-threats. Obviously, this bill presents approaches that are worth considering. However, if we want to keep people safe, we also have to protect their personal information. We believe that the bill should better define what constitutes personal information, since everything hinges on that. We all want to be protected from cyber-attacks, but we also want to be sure that our personal information is not being given out to everyone.

Could the member elaborate on that?

Madam Speaker, that is an excellent question.

There are two dimensions here. The first has to do with cyber-threats. We are talking about criminals and how to deal with them.

With regard to my speech, at one point I mentioned that service providers must be required to comply. That being said, it is my opinion and that of the government, that, to complement this bill, we need to establish digital sovereignty as a government and as a country, so that we have our own infrastructure and so that we are not dependent on international service providers.

In this case, once we have full control over our data, storage and clouds, we can really talk about securing the data of our fellow citizens.

Madam Speaker, the bill spells out in black and white that the federal government intends to collaborate on cybersecurity with the provinces and territories. This caught my attention, and I want to come back to the word “collaborate”.

Collaboration often means that Ottawa imposes its will and everyone else does as they are told.

I would like to know whether, this time, the word “collaborate” means true collaboration, where the government consults the other parties concerned, gathers their advice and ultimately reaches a joint decision. In other words, Ottawa does not impose a decision.

Since the government claims that it wants to collaborate on this bill, there should perhaps be some guarantee that Ottawa has held consultations with the Government of Quebec and Hydro-Québec, which will have to live with the consequences of this bill.

Madam Speaker, I want to reiterate what I said earlier and I will repeat it again, to make it very clear.

Collaboration involves all stakeholders, including provinces, territories, and, as I said earlier, all industries, whether public or quasi-public. Why? It is because we want to act quickly, because the threat is there. In the meantime, we do not want to cause any disruption to industry. That is very important.

Stakeholders will be consulted and gradual action will be taken. We will consult with all stakeholders, including the provinces and industries.

Far be it from our government to want to disrupt industry.

Madam Speaker, I listened carefully to my colleague's very thoughtful speech.

I wonder if my colleague sees what else this law can bring. Can we have tools in this bill that can help inform and educate our communities so that people understand how to protect themselves in cyberspace?

Of course, the bill focuses on institutions, but I wonder if we can bring in tools to teach and educate people who spend time in cyberspace.

Madam Speaker, I talked about cracking down on crime, but my colleague is absolutely right to mention education.

I am not just talking about public safety, but also about other sectors and other areas. Departments need to have communication strategies that educate users so that their data is as secure as possible.

Madam Speaker, I want to thank my colleague, the member for Bourassa, for splitting his time with me.

Cybersecurity is no longer a distant concern of experts in back rooms; it is a kitchen table issue. Canadians expect their lights to come on, their paycheque to be deposited, their medical records to be private and their phone to connect them to loved ones without interruption. They expect those things to be safe from hackers, hostile states, nefarious actors and, yes, overreach by their very own government. Cybersecurity is not an abstract concern; it is about whether families can trust their power grid to stay on, whether a rural clinic can keep its patient records safe and whether small businesses can keep their doors open without fear of being taken down by hackers.

Canadians deserve real protections against cyber-threats. They are a reality in today’s world, and we all recognize that. In that respect, I acknowledge that Bill C-8 reflects a pressing reality: Canada must strengthen the resilience of our critical infrastructure. However, in our rush to act, we must also ensure that we get the right balance. If we protect our systems but undermine our rights, if we secure our networks but destabilize our economy, then we will have built a fortress with the doors left open.

Bill C-8 as it stands raises several concerns. The Liberals tell us the bill is proof of their so-called innovation agenda, but when we look closely at the fine print, the reality is far more complicated. Bill C-8 is a near carbon copy of Bill C-26, a bill that died when Parliament was prorogued earlier this year, and while some minor improvements have been made, some fundamental flaws remain. This is where I would like to focus my remarks as I and my colleagues in the NDP consider the ramifications of the bill. Allow me to bring those questions forward with the hope of bringing some clarity and changes to the bill.

First is the scope of ministerial powers. Under the bill, the Minister of Industry could compel telecommunications providers to rip out equipment, ban entire suppliers or suspend agreements. Imagine that a company might have to pass the costs of that on to its customers or close its doors entirely.

While the minister explained that safeguards exist to prevent disproportionate orders from crippling providers and leaving rural Canadians disconnected, Bill C-8 would grant sweeping powers to cabinet and the Minister of Industry: powers to ban telecom companies from using certain equipment, to force its removal, to suspend services and to terminate contracts. These orders could be issued without prior judicial approval, without parliamentary review and without independent oversight. When we concentrate this much power in the hands of a single minister, we need checks and balances. Where are they in the bill?

Second are the risks to privacy and civil liberties. The bill would allow for mandatory information sharing between telecoms, regulators and federal agencies, and possibly onward to foreign governments. The standard for this disclosure is simply the minister’s own judgment of what is “necessary”. This is vague, subjective and wide open to abuse. Why are there no requirements in the bill for privacy impact assessments? Why are there no guarantees that collected data would not be repurposed for unrelated purposes?

Third is the absence of compensation or worker protection. If a company is ordered to rip out equipment or shut down services, there would be no compensation. For small Internet providers, that could mean bankruptcy. For their workers, it could mean layoffs. For rural and remote communities, it could mean disruptions in already fragile service. Where is the government’s plan to support the workers, providers and communities that would bear the costs of compliance?

Fourth are the penalties. Bill C-8 envisions fines of up to $15 million a day for corporations and up to $1 million a day for individual employees. Think about that: A frontline worker following orders from management could face personal ruin under the regime. Where are the safeguards to ensure fairness, due process and appeal rights?

Fifth is the one-size-fits-all approach. The bill would lump together banks, telecoms, nuclear facilities and energy co-operatives under a single compliance framework. All of them would face the same 90-day timeline to stand up cybersecurity programs, no matter their size or capacity. For large corporations, perhaps this is feasible, but for small operators or co-ops, it could be impossible. Should compliance obligations not be tailored to the realities of different sectors?

Sixth are international consequences. Canada’s adequacy status under the European Union’s GDPR is the foundation of much of our digital economy. It is what allows European data to flow into Canadian systems, supporting banks, airlines and cloud providers, but the European Commission reviews adequacy every four years. If it sees that Canada is granting unchecked surveillance powers, or if it sees data repurposed without necessity and proportionality, we risk losing that adequacy decision. We have already seen what happened to the United States under Schrems II. Does the government truly want to put Canada in the same position?

New Democrats agree that cybersecurity is essential, but cybersecurity must not come at the expense of democracy, accountability, privacy or fairness for workers and communities.

Here are the questions we are putting on the record for the Minister of Public Safety and the government to answer. Why has the government chosen to concentrate so much power in cabinet without requiring independent judicial and parliamentary review? Why would there be no independent oversight body to ensure that orders are proportionate and justified? Why would the bill not guarantee privacy impact assessments or limit onward disclosure of Canadians’ personal data to foreign governments? Why has the government not proposed compensation or transition supports for workers and small providers who would bear the financial burden? Why would penalties be so extreme that individual employees could be personally liable for millions of dollars, even when following management orders? Why would the same compliance framework be applied to banks, nuclear facilities and small ISPs alike? Has the government conducted and published a risk assessment of how Bill C-8 could affect Canada’s adequacy standing with the European Union?

The Liberals say the bill would modernize our telecom laws and defend Canada, but democracy must not be sacrificed in the process. Strong cybersecurity should also mean strong democracy. It should protect Canadians from foreign threats without opening the door to unchecked government overreach.

New Democrats will continue to push for changes, independent oversight, stronger privacy protections, fair treatment for workers and communities, proportional penalties and sector-specific flexibility. We can protect Canadians from cyber-threats without trampling on rights, without ignoring workers and without undermining our economy. Bill C-8 is an opportunity to strike the right balance, but right now it does not seem well equipped to do that.

Canadians want more answers, transparency and oversight from overreach, as we have seen the tendency of the new Prime Minister to move headlong toward centralization without considering the consequences for public policy and its effects on everyday Canadians.

Madam Speaker, the member talked a lot about the protective measures, but the bill is one that has been in the House before. I think she supported it in the past as well.

Are amendments to establish a regulatory framework to strengthen the baseline of cybersecurity something the member would like to bring to committee to discuss and support, going forward with the bill?

Madam Speaker, yes, the bill, in the form of Bill C-26, has gone before Parliament. Some amendments were adopted, but having said that, I think more work needs to be done.

I raised a series of questions in my speech. I would like answers from the government. I would like to hear experts respond to those concerns, and then we can move forward with amendments to address, truly, a bill that would balance the need to enhance cybersecurity infrastructure for Canadians with protecting our rights.

Madam Speaker, let me congratulate and express deep gratitude to the hon. member for that excellent speech. I too am terribly concerned by the civil liberties restrictions that this bill would impose. I note that when this bill was in the last Parliament, several civil society organizations, including the Canadian Civil Liberties Association and the David Asper Centre for Constitutional Rights, penned an open letter saying it tramples our civil liberties.

To the deputy House leader's point, I would just like to point out that this bill has already been to committee. It has already been criticized by these civil liberties organizations.

Why did the Liberals not make the amendments these civil society groups asked for?

Madam Speaker, I cannot really answer why the government is doing what it is doing. It is doing many things I do not agree with, such as what it is doing with Canada Post right now. I cannot answer for the government.

What I can do, though, is to raise these concerns again and to put them forward. I expect we will hear from expert witnesses at committee. I expect amendments will be put forward, and I hope they will be taken seriously. I hope we can work collaboratively, because cybersecurity for Canadians is really important, but so too are our rights and our democracy. We can strike the right balance.

I really urge the government to stop centralizing all the power and making decisions behind closed doors and giving ministers, in this instance the Minister of Industry, this expansive power without transparency.

Madam Speaker, I also congratulate my colleague on her speech. She raised a number of very relevant points, particularly regarding the centralization of power within cabinet, which has ultimately resulted in a law marked by numerous ambiguities.

Of course, the Bloc Québécois wants to ensure that we have the means to deal with cyber-attacks, but we are very concerned about Quebec's jurisdiction being respected.

Given the excessive centralization of authority within cabinet, is my colleague prepared to work with the Bloc Québécois to ensure that the jurisdictions of Quebec and the provinces are respected?

Madam Speaker, it is important to respect jurisdictional authority, and I am not sure if the government actually struck the right balance in this bill. I am not sure it has struck the right balance in ensuring that respect is in place, but more importantly, to respect the privacy rights and those measures the government put forward that meet the standard of transparency and accountability.

There is a lot of stuff in this bill that comes without independent oversight, as an example. That is not good for Canadians; that is not good for anyone. We will see what happens at committee. I expect amendments will be put forward. The NDP does not have a seat at the committee table, but we will be watching to see how things progress and we will make a determination of how we can enhance Bill C-8 for all Canadians.

The hon. member is out of time.

Madam Speaker, the member brought up the issue of foreign interference, and I just cannot resist. We all know, when it comes to foreign interference, that the Leader of the Conservative Party has yet to actually get his security clearance.

If the Conservative Party wants any credibility whatsoever in dealing with the issue of foreign interference, would the member not agree that their own political leader, the Leader of the Conservative Party, should at very least get a security clearance done?

Madam Speaker, we are debating legislation brought in by the government to try to improve cybersecurity.

However, what I see is a law that would be as problematic as Bill C-26. There is one little improvement, but most of the contents of Bill C-26 will remain the same. How can the government say that this is going to protect Canadians more? Furthermore, this bill might address improving the pipe, but it does not guarantee or secure what goes through the pipe.

This is not real cyber-resilience. It is smoke and mirrors.

Madam Speaker, I congratulate my colleague on his speech.

We both have the privilege of sitting on the Standing Committee on Public Safety and National Security. We will be studying Bill C‑8 together in committee. I think we all agree that Bill C‑8 is important and that we will likely pass it after the study in committee. I do not think anyone here wants to slow down the work, but I think we want to take a close look at several aspects, including privacy protection.

It is also important for us to address the issue of federal interference in Quebec's areas of jurisdiction. Is my colleague willing to learn more about this part of the bill that the Bloc Québécois is keen to amend?

Madam Speaker, definitely. It was discussed at the last public safety and national security committee.

We listened to presentations from many witnesses, who told us about the problems with Bill C-26. If the bill goes to the committee again, we would like to hear more from experts, concerned parties and stakeholders on the problems that we have in the bill as presented.

Madam Speaker, I enjoyed the member's speech and I hear what he is saying.

However, I have one concern. I would like him to explain to me why his party is hesitant to support this bill, which will protect our families, our hospitals and our banks from cyber-attacks.

Madam Speaker, we are not hesitant to support a bill that would really protect Canadians.

However, the problem is that the bill is very narrow in scope and flawed in terms of giving the ministers too much power. There is no balance between rights and protections.

If the bill were amended according to what we suggest, we would like to see it discussed further. With the form it is in right now, we cannot support the bill.

Madam Speaker, I note that in 2021, the Liberal Party said it was going to combat authoritarianism worldwide.

I remark, with horror, I suppose, on the authoritarianism that I detect in this document that they are proposing to get through the House, after the strenuous objections of the Canadian Civil Liberties Association.

Does the member have any reflections on either the authoritarianism in the bill or the hypocrisy that such authoritarianism implies?

Madam Speaker, as I already pointed out, the bill would not really protect Canadians. It would only give the government and the ministers more power to intrude on the privacy of average Canadians. It is the secrecy in the bill that is problematic.

We have reflected on this many times at the public safety and national security committee, and I am sure we will hear more presentations and discussions on it if the bill goes to committee again.

Madam Speaker, it is an absolute honour to rise in this chamber to talk about a very serious matter: those who are and are not addressed in the bill before us, Bill C-8.

Let me hearken back to a previous parliament when I had my first opportunity to work with the splendid member for Parkland. We were both on the industry committee, and during our time on that committee, Ottawa had a tornado incident. This tornado scared a lot of people and caused a lot of damage to Ottawa. Many people were quite surprised that after about eight or so hours, they were not able to use their cellphones to get in touch with their loved ones. This surprised me, because most people assume that in an urban centre such as Ottawa, there is continuous service, even after a strenuous event such as a tornado. I can only imagine someone trying desperately to reach their family and loved ones or to connect with work to say why they could not be there. To not have the ability to do that caused a lot of consternation in the community.

The member for Parkland put forward a motion for us to study this further, and some of the things we found out in regard to it were not reassuring. For example, there is no regulation surrounding what telecommunications companies have to have as backup. Essentially, a telecommunications company, such as Rogers or Telus, often have backup generators, but there is no provision to say for how long. We saw a system strained by a tornado, and the damage and fear were compounded by the telecommunications companies not having sufficient gas in generator tanks for them to continue service after the tornado incident. This is a small example of the vulnerabilities that currently exist within our system that hopefully Bill C-8 will address.

There are two components to this particular legislation. One, as I was referencing, refers to the Telecommunications Act, and the other would create new provisions surrounding cybersecurity.

I think most Canadians understand the dependence we now have on our ability to communicate with one another and access information quickly. If the systems that we so heavily depend on in our modern life were to become compromised, the disturbance that could have is not just about the inconvenience of, for example, not being able to access Environment Canada's weather reports. There could be other issues when it comes to banking. One only has to think about the incident in Toronto when suddenly Rogers flickered and no one was able to access their accounts. In fact, business owners were not able to do Interac transactions, and of course, small and medium-sized businesses had no way to take payment, because many of us rely almost exclusively on credit and debit cards. When most people stop and think about how dependent they are on technology and how interdependent these systems are, they quickly come to the conclusion that there should be something there.

I believe, as every member in this place would probably believe, that the government has a responsibility to protect its own systems. That has been done over time. Has it been perfect? No. There have been privacy breaches and attacks by entities. The NSICOP reports talk about how we are frequently targeted by authoritarian regimes. For example, the Communist Chinese regime in Beijing is cited in the reports, as is Russia.

There are also non-state actors who will try to hack into our different systems, so it makes sense to people when we say that the government should protect our information, health records, tax records and any personal information we have. People understand that, and they want their government to be secure, particularly when we start talking about national defence or our different security and intelligence systems. However, people do not always assume that the same protections that government encourages and codifies in its own practices are being done in the private sector. Bill C-8 would create a set of provisions to do that.

Conservatives believe strongly in the need to protect our national security and to make sure these critical systems we depend on will function when Canadians need them the most, during times of emergency or if we are attacked by our adversaries abroad. I believe the government understands this issue and is trying to find the legislation necessary.

That is where I am going to stop saying what I agree with and point out a few things.

It seems the government has smartened up a bit and adopted certain amendments that were pushed by Conservatives at committee stage in the last Parliament. That is a good thing. A good idea should be seen as such, and it should not matter which side it comes from. That is a problem we have in this place. Too often it is on who proposes an idea that one decides the merit of it, and that is wrong. It should be on the merit of the idea for the betterment of Canadians.

What I will say is when a party, particularly the governing party, is given tremendous powers and uses that authority for its own purposes, that becomes a problem. I can already see some of my friends across the way starting to waver, wondering where I am going with this. When the Prime Minister dropped the writ and effectively launched an election this past spring, there were consequences. The fact that this bill did not make it through and become law is 100% on the Liberal government today.

I wanted to make sure I stated that for the record, because when a Prime Minister puts his own government's interest ahead of the public interest, it should be called out, and they should be held accountable. I think the Liberal Party needs to listen, in a minority government, to other viewpoints that say this should have happened and it should have passed. Maybe the Liberals could have waited a bit longer, but they did not. They decided to put their own electoral interests ahead of societal interests.

It is important to know that it rests with the government, but we are here now. We are offering similar critiques and are happy they were listened to, in part, in the last Parliament and have been incorporated into the bill, but there are still some oversights.

For example, with respect to privacy, in a previous Parliament when I was on the industry committee, Statistics Canada ordered Canada's banks to give it holus-bolus a large amount of information, everything from mortgages to debits. We called on the chief statistician to account for this new collection of a massive amount of information. By the way, to their credit, someone at the big banks leaked it to the media. That is the only way we would have known about it. We brought the chief statistician of the day forward, who assured the committee that Statistics Canada was going to, basically, anonymize all of the information. Within four questions, that argument crumbled.

It crumbled, and so did the collection exercise, because it became quite apparent that Statistics Canada had not informed the minister that it was doing this, something it is required to do under law. I was very lucky to have some privacy experts reach out to me and give me some direction about what to ask, and the chief statistician's whole argument crumbled. He basically said that even though Statistics Canada would anonymize the data, it was very simple to reassemble it, to realign it and have someone's complete information.

I can tell members that Canadians care very much about their privacy rights. In a world where we are more interconnected and utilize technology all the time, where our digital thumbprint, so to speak, is everywhere, people care about where that information goes. Under this regime, the government has given itself almost a complete pass when it comes to the management of the privacy of Canadians.

The government would essentially do the same thing Statistics Canada did, saying they could take the information, order the information and use it however they want without any oversight. That is wrong.

Conservatives at committee are going to be talking about privacy rights, even if the ministers and the members on that committee do not want to talk about this, because we are there to make sure—