Madam Speaker, I am pleased to rise and speak to Bill C-8 today. For those watching at home, in the previous Parliament, Bill C-8 was Bill C-26.
I was pleased to sit on the public safety and national security committee, which went over that bill. I want to provide a quick overview, because part of the debate we are having in the House today is about why we are discussing the legislation again when it was discussed and advanced, pretty much to the finish line, in the last Parliament.
Bill C-26 went through committee. There were numerous amendments made by all parties. It came out and went to the Senate. The government asked the House of Commons to fast-track a different bill on foreign interference. In the government's own incompetence, it did not seem to realize that its foreign interference bill contained provisions that nullified the entire second part of Bill C-26. The Senate actually identified this problem. This caused such a delay to the bill that when the Liberal government decided to prorogue Parliament, despite the fact that it had not tested the confidence of the House, it actually resulted in the legislation being killed.
The government has been saying, “The dog ate my homework.” The fact is that the Liberal government was the one that killed the legislation in the last Parliament. That is the reason we are back here today.
Cybersecurity is an issue of critical importance. Cybersecurity has an impact on all aspects of our life. More and more of our daily life is being spent online, and we are becoming dependent on services and infrastructure that are vulnerable to cybersecurity threats. The threats posed by malicious actors are touching every aspect of society. They are touching industry, hospitals, pipelines and individual households.
As we know, with the government's implementation of soft-on-crime bail policies, criminals will always follow the path of least resistance. It is no different in the cybersecurity environment. When a country has poor cybersecurity legislation, it makes itself a target for these malicious actors and encourages that behaviour.
The Liberal government originally introduced Bill C-26 in June 2022, over three years ago. We only started to study the bill two years after it was introduced. We heard repeatedly from the Liberals that cybersecurity has been a high priority and that this is critically important legislation, but here we are, three years later, in an entirely new Parliament, going over the same legislation again.
These delays could have been prevented, but the Liberal government failed. It is unfortunate because we have heard repeatedly that Canada's cybersecurity has been neglected and remains a vulnerable and soft target.
The bill proposes to give sweeping powers to the government, and Conservatives believe that we cannot give the government a blank cheque. We need to study the legislation to ensure that we are creating effective mechanisms for combatting cybercrime without creating unnecessary red tape, bureaucracy or charter rights implications.
The bill has two key objectives. First, it seeks to amend the Telecommunications Act, to give the government the power to secure the telecommunications systems. Basically, the government would have the power to tell the telecommunications companies and others to do things or to not do things, such as removing equipment provided by a hostile foreign power that is being used in our telecommunications systems.
Second, it seeks to create the critical cyber systems protection act; in theory, this would allow the government to impose cybersecurity requirements on federally regulated industries. These industries could include the energy sector, pipelines, nuclear plants, the financial sector, banks, the health sector and other areas.
I believe there are some positive steps towards enhancing public safety in the bill. It is important for Conservatives to point out that there are some serious weaknesses that remain in Canada's cybersecurity posture. In fact, we are the last G7 country without a robust regulatory framework for cybersecurity.
Last summer, the Auditor General released a damning report on the government's capacity to combat cybercrime. I am going to quote her conclusions, because they were scathing:
...the Royal Canadian Mounted Police (RCMP), Communications Security Establishment Canada, and the Canadian Radio-television and Telecommunications Commission (CRTC) did not have the capacity and tools to effectively enforce laws intended to protect Canadians from cyberattacks and address the growing volume and sophistication of cybercrime. We found breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime.
This raises an important point. We can have all of the laws we want that say all the right things, and we do have some laws on cybersecurity, but it is clear from the Auditor General's report that the government has not invested in the capacity, the resources or the tools to implement the current cybersecurity laws that we have. We need to be assured that, by bringing the legislation forward, the government is not only planning to grant itself these powers but also giving law enforcement the capability to do something with these powers. That is something that it has not really done.
The trend continues to worsen. The Canadian Anti-Fraud Centre projects that losses from cybercrime will surpass over $1 billion annually by 2028. There are actual insurance products being created to protect people from cybercrime. That is not just money being lost to fraud. That is broken lives and ongoing mental health challenges that are devastating our citizens.
We know that coordinated and strategic attacks on our national infrastructure by criminals or foreign adversaries have wreaked havoc, and will continue to wreak havoc, on our society. A cyber-attack on our power grid in the middle of winter would be devastating to hospitals with vulnerable patients or to pipeline infrastructure. Canada has already faced concentrated cyber-attacks against its telecommunication companies since at least 2021, with the Communications Security Establishment saying that it is aware of malicious cyber-activities from People's Republic of China state-sponsored actors.
Canada and our allies have already been the target of cyber-attacks carried out by hostile state-sponsored or aligned groups. In fact, the RCMP, FINTRAC and Global Affairs Canada, just to mention a few, have all been previously breached by cyber-attackers. The seriousness posed by these attacks on our nation's most sensitive information cannot be understated. We need to know that the government is taking action to secure its own systems, not just telling the private sector that it has to secure its systems.
We know that the private sector is taking proactive measures to invest in cyber-defence. With hundreds of thousands of cyber-attacks, and that is not hyperbole, targeting Canada in the first six months of 2025, they have been forced to step up and the government has not.
I hear from constituents on a regular basis that they are concerned that the government's own cybersecurity measures are not up to snuff, particularly in regard to the Canada Revenue Agency. As malicious criminals become more sophisticated, Canadians need to know that their data is being stored in a safe and secure way. Therefore, it is common sense that the Liberal government should hold itself to the same standards that it is holding the private sector to in the legislation.
Bill C-26 was introduced way back in June 2022. This was in the wake of the government's decision to finally, after tremendous political pressure, ban ZTE and Huawei from the Canadian 5G networks. This was long after decisive action had already been taken by all of our Five Eyes partners.
I am pleased to say that I think Bill C-26 left committee in better condition than when it went in, but we have heard from many witnesses who are concerned about the over-centralization of powers that this is giving to cabinet ministers. There is also concern that the bill in its current form gives the government excess executive authority without full proper oversight and guardrails. In Bill C-8, the government has continued to take a “trust us” approach to legislating Canada's cybersecurity, which is alarming to the many Canadians who are concerned that the government may overreach.
Conservatives believe that trust needs to be earned. As a great Conservative politician once said, “Trust, but verify”. Considering the Liberal government's habit of limiting free speech in bills like Bill C-11 and Bill C-18 in the last Parliament, and the illegal use of the Emergencies Act, I believe that many of these concerns are valid and should be addressed. Conservatives need to be able to study the bill, so we can provide amendments and listen to further witness testimony to ensure that accountability and oversight mechanisms are effective and that they are improved.
Another area of concern that was flagged by witnesses was the absence of a special national security-cleared lawyer to act on an applicant's behalf during a judicial review. This is actually a standard practice in other areas of national security when sensitive information is brought forward. Therefore, we find this omission questionable.
Basically, to explain that, part of the provision of the bill is to allow the government to conduct court hearings in secret. When we are dealing with top secret or sensitive information, we can see that there is a justification for that. We need to ensure that anyone who is caught up in that is getting the appropriate legal representation. That is a critically important factor.
Conservatives want to ensure transparency and accountability. We need strong oversight measures, clear retention limits and restrictions on how data can be collected, used and shared, especially with our foreign intelligence partners. We need to define “personal information”. The bill clearly fails to define what personal information is, which leaves the privacy of Canadians vulnerable. We need to ensure that the government is not allowed to keep these orders secret indefinitely without just cause, and we need to ensure there is no overreach of the powers it is giving itself.
Conservatives want to ensure there are appropriate consultations with and involvement of the Privacy Commissioner, the Intelligence Commissioner and other stakeholders in civil society in improving this legislation. We need independent oversight to ensure strong judicial oversight in accessing personal information. We need strong privacy safeguards to ensure that incident reports involving personal information are shared with the Privacy Commissioner. We need limitations so this data is only used in cases of cybersecurity. We need transparency requirements to mandate the disclosure of the secret orders after a reasonable period and consequences for failing to table those reports.
In summary, given the growing geopolitical tensions around the world, we cannot afford to be naive on matters of cybersecurity. We have sensitive research being conducted at our universities. We need to assert our sovereignty in the Arctic. Canada is a target for hostile powers wanting to undermine our country's national interests and go after our citizens.
We know that hostile states like North Korea, China, Russia and Iran have demonstrated the ability to hack into our critical infrastructure and will continue to take hostile action unless we take decisive steps to improve our cyber-defences. While this bill would be a step in securing our telecommunications systems and other federally regulated industries, it is not all-encompassing and there are some gaps. As Canadian society moves increasingly into a digital space, the government needs to remain vigilant and take proactive steps to ensure we are keeping up, because this landscape is always changing.
In conclusion, our Conservative team is looking forward to seeing this bill come back to committee, where we can propose meaningful amendments and listen to key witnesses and the concerns of Canadians so that they are addressed.
While this legislation is important, we need to ensure that we are not giving the government a blank cheque. We need to ensure that the government is held accountable so the powers it would be giving itself would only be used in a justified and proportionate manner.