Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
Welcome to meeting number 99 of the House of Commons Standing Committee on Public Safety and National Security.
Today's meeting is taking place in a hybrid format, pursuant to the Standing Orders. Members are attending in person in the room and remotely using the Zoom application.
I would like to make a few comments for the benefit of witnesses and members. Please wait until I recognize you by name before speaking. To prevent disruptive audio feedback incidents during our meeting, we kindly ask that all participants keep their earpieces away from any microphone. Audio feedback incidents can seriously injure interpreters and disrupt our proceedings. I'll remind you that all comments should be addressed through the chair.
Before I move on, I want to mention one thing quickly. We have had an invitation from the foreign delegation of Norway. The Norwegian Parliament's Standing Committee on Justice will be visiting Ottawa from April 7 to 9. The Norwegian delegation consists of members from six political parties. They would like to meet with members of our committee to discuss common interests such as civil preparedness and protection against future threats, including threats against critical infrastructure.
I just want to ensure that we have some interest in that regard from all parties, if that's possible.
I think that's a good idea, but could you just explain for me, the new one on the committee, just how the notice and whatnot will work for that? Will there be translation? What are the circumstances in which we'll have that meeting?
It will be an informal meeting, with interpretation. The meeting will be an extension of the regular hours that we have on that day. It will be from 5:30 p.m. to 6:30 p.m., just after our regular meeting.
I will now welcome the officials who are with us. They are available for questions regarding the bill but will not deliver any opening statements. From the Department of Industry, we have Andre Arbour, director general, strategy and innovation policy sector, and Wen Kwan, senior director, spectrum and telecommunications sector. From the Department of Public Safety and Emergency Preparedness, we have Colin MacSween, director general, national cyber security directorate, and Kelly-Anne Gibson, acting director, national cyber security directorate.
Before we get started, I just want to give a notice of motion. We won't get into a debate on it today.
In light of recent news about a Montreal food bank having to call in police officers to deal with hundreds of additional Montrealers seeking food, and given that we know the carbon tax does have an effect contributing to food insecurity and that food insecurity is indeed a public safety issue in this country, I'm just going to put on notice my motion that we report to the House to spike the hike and axe the tax so we can bring food prices down, so that police can deal with the very real issues that we've talked about in this committee instead of having to go to food banks to provide crowd control for the hundreds and thousands of hungry Canadians who are using food banks in this country.
Mr. Chair, I think this will go smoothly, and I hope we'll make a lot of progress today as we move through each of the articles as moved. I think it's fair to say that as you go through this process you'll enjoy it as well, as we all will, over the course of the next few hours, but I would ask that you proceed very methodically so that we can keep up with the paperwork, because we're managing, of course, the bill, the amendments list and the recommendations around each of the amendments as well.
I'd like to move government amendment G-1, which touches on proposed section 15.1.
We would remove “in the opinion of” in proposed subsection 15.1(1) and add a reasonableness standard. We've had organizations reach out, including civil liberties groups, and they want a reasonableness standard in the GIC order-making power.
Thanks to the government for moving this amendment.
I will ask this of our officials, in relation to G-1. It seems to me that this would be something that makes good sense. However, in terms of similar.... I'm curious about where the Governor in Council has the power to make appointments and whether the change being suggested by the government lines up with what the case would be in other areas of this act and across the areas of responsibility.
The reason I ask that question is to make sure that it's consistent, that it's understood and that there is a definition as to what reasonableness would be in determining what a Governor in Council appointment looks like—which, for those listening, is the minister making that appointment—and the difference between what was initially proposed and what my Liberal colleague talked about, that some of the civil society groups have asked for this reasonableness clause.
I'm wondering if you could unpack a few of those things. I'm also very curious about whether this is in conflict or continuity with other aspects, or makes any changes to other aspects of where Governor in Council appointments would be applied.
I'd like to organize my answer into two buckets. One is where this comes from and the lengthy case law that defines what reasonableness is. My second bucket is how this compares with some of the other proposals, including a notion of proportionality.
In terms of reasonableness, there are decades of case law established by the Supreme Court on what it means in an administrative law context. That's exactly what we're talking about here with orders in council. They do not deal with the appointments of personnel but rather with orders to telecommunications service providers, in particular, on whether to limit the use of or restrict certain forms of equipment, including high-risk vendor equipment. There's extensive case law on this. The Supreme Court's 2019 Vavilov decision goes into great detail on, specifically, what the criteria are for a reasonable decision.
Those criteria—to get to my second bucket—include principles of proportionality. That's in the Supreme Court's decision. This amendment does not bring up proportionality as separate text. It does not say “reasonable and proportionate”. It doesn't do that because proportionality is already bundled into the reasonableness standard, as established by the Supreme Court. First, it's there. Second, using it on a stand-alone basis is only done in a Charter of Rights context. The Oakes test established by the Supreme Court for reasonable limits on charter rights includes proportionality, but it's specific to charter rights and not, say, the regulation of Bell, Telus or Rogers. It includes a standard called minimal impairment, which asks the government to look at the least intrusive means of accomplishing an objective.
For instance, in this context, rather than have a regulation to restrict certain equipment, maybe you could have a subsidy program to pay the companies to remove that equipment. If that were applied in an administrative law context such as this, there would be the risk of orders being overturned by accident or unintentionally. However, to the extent there are concerns about charter rights, the decisions of the Supreme Court already apply.
I appreciate that. I will ask a follow-up question.
Welcome and thanks to all of you. I am new-ish to the committee, although I served for a segment of the 43rd Parliament. Thank you all for offering your expertise to the committee today.
You talked about the standard that goes into reasonableness, but what difference does that make in practice, in the context of the amendment versus what the original text would have empowered the Governor in Council to do?
I would say the difference is more in the zone of providing greater certainty. The requirements of the Supreme Court that decisions be “reasonable” exist irrespective of the text that is in the law itself. Those are fundamental principles that apply to any administrative law context.
What this does is make it clearer in the text of the bill that those principles apply.
(Amendment agreed to [See Minutes of Proceedings])
The Chair: We are on BQ-1.
If BQ-1 is adopted, CPC-1 on page 3 of the package, G-1.1 on page 3.1 of the package, G-3.1 on page 13.1 of the package, G-4 on page 16 of the package, G-4.1 on page 16.1 of the package, G-4.2 on page 16.2 of the package, G-4.3 on page 16.3 of the package, CPC-6 on page 17 and CPC-12.1 on page 36 of the package cannot be moved due to a line conflict.
You referred to all the amendments that couldn't be moved if BQ‑1 were adopted. Basically, with BQ‑1, we simply want to remove a word that appears a number of times in the bill. I don't want to speculate on my colleagues' intentions. However, I think that they were trying to achieve the same result as BQ‑1.
The companies, organizations and individuals that spoke to us repeatedly expressed concerns regarding the scope of the ministerial powers proposed in the bill in the interest of telecommunications security, particularly in terms of access to personal information. They thought that the addition of a proportionality test and the obligation to consult experts would prevent the minister from using trivial issues to justify disproportionately intrusive actions. The removal of the word “including”, which appears a few times, may strengthen the bill in a way and could limit the ministerial powers granted.
I'd like to move a subamendment to this amendment.
I'd like to modify paragraph (a) of this amendment, which replaces line 15 on page 1. I would like to replace that text with the substance of G-1.1, which replaces lines 15 and 16 on page 1 with similar text, but adds the word “degradation”. Basically, it adds the word “degradation” to the list.
I think what Mr. McKinnon was trying to do is get to where we're going with G-1.1. It might be simpler to defeat this amendment, and then deal with the following as they come.
However, before we get into that, perhaps I'll ask the officials about one of my concerns. I appreciate Madame Michaud's comments, and it is something we heard in terms of making sure that the powers in this bill are not so vast. However, when we're talking about cyber and cyber-threats, the concern is that by the time we print something on paper and it becomes law, it might already be outdated.
Officials, could you elaborate on whether or not the limits around only what can be considered might be deemed too limiting? Including the word “including” again in this section makes it clear that this is the intention of the bill but there is still flexibility, given the constantly changing nature of threats. Could officials elaborate on why there are concerns, or why there might need to be some parameters around this language?
Certainly the government appreciates the concerns from stakeholders about ensuring that guardrails are established in the bill. We'd start from the point of view that, first of all, anything within the bill needs to be in order to protect the Canadian telecommunications system, so anything that involves surveillance, for instance, is entirely separate from that issue.
With respect to the word “including”, the bill is crafted with the intention of trying to keep pace with an evolving technological landscape, but it's hard to know exactly what will evolve over time. Amendment G-1.1 looks at the word “including” but reframes it in terms of any threat, so rather than any thing, it's focusing on preventing threats. It then adds in the word “degradation”, which was a risk factor that wasn't in the original text but that, if the word “including” was removed, could present a vulnerability down the road.
Amendment G-1.1 again cleans up the language in terms of the concerns that were rightly raised, but it also keeps in the word “including” to ensure the legislation can keep pace with the evolving nature of threats, and it adds in the word “degradation”, which I think officials already spoke to, so I won't speak further to that unless there are questions.
Mr. Chair, as you will recall, we heard many witnesses from a number of sectors talk about ensuring consultation with prescribed persons and entities in a way that ensures that any orders are subject to the appropriate consultation process and also the appropriate transparency.
I particularly flag the president of the Privacy and Access Council of Canada, who talked about the importance of having that consultation with prescribed persons and entities. In terms of any government order on telecommunications systems, this would change and insert...to ensure that those consultations take place.
I move NDP-1. Hopefully, with the witnesses who were very clear in this regard, it will receive the support of the committee.
I would also like to thank Mr. Julian for moving this amendment.
I would like the witnesses to tell me something. If we were to replace this amendment with a sentence that says, on line 17, “after consultation with the persons the Governor in Council considers appropriate,” would it be more effective? Would amendment NDP‑1 be more effective, because it would seem more complete and would include more components? Which do you think would be better?
Mr. Chair, I would like to thank the member for her question.
The difference in wording concerns whether to proceed with a regulatory process before the consultation period.
Given the number of stakeholders involved and the fact that Innovation, Science and Economic Development Canada's regulatory processes are generally open to everyone, the possibility of bypassing a regulatory phase in order to try to specifically include the parties could lead to certain barriers in the regulatory process. Slightly more flexible wording that helps to bypass the regulatory phase before the consultation period would be more effective.
We'll be voting against this amendment. I'm sorry to disappoint my NDP friend, but we prefer the language regarding consultation in G-1.2 and G-3.2, which we will be supporting.
This is related to NDP-1 but has alternative language in G-1.2. We're moving that Bill C-26, in clause 2, be amended by replacing line 17 on page 1 with the following:
cil may, by order and after consultation with the persons the Governor in Council considers appropriate,
That's the amending language. Again, this is alternative language to NDP-1.
I would love to. I hope my coalition partners in the Conservative Party will vote for this as well.
You will recall, Mr. Chair, that a whole range of groups came before this committee. I'll just cite a number of them. There was the Privacy and Access Council of Canada, OpenMedia, the National Council of Canadian Muslims, Ligue des droits et libertés, the International Civil Liberties Monitoring Group and the Canadian Civil Liberties Association. They all urged that the provisions of the order within the purposes of the bill be subject to being reasonable and proportionate to the gravity of the threat of interference, manipulation or disruption.
It is a concern that has been raised, to have guardrails in this legislation. It's important. We heard much testimony to the effect that this is an important guardrail to ensure that the provisions of the orders and the powers that we're giving to the minister are exercised in an appropriate way.
This issue of proportionality is extremely important, and that's why I move NDP-2.
Given the language in G-1.1 that was approved, I move a subamendment. Following the word “manipulation”, add a comma and remove the word “or”, and then following the word “disruption”, add the words “or degradation”.
Yes. I am proposing that we add a comma following the word “manipulation”, remove the word “or” and then add the words “or degradation” after “disruption”.
Starting with the existing text of NDP-2, it sets out language around reasonableness and proportionality and brings up “proportionate” as a distinct concept from reasonableness. This has some substantial risks to implementation down the road.
I do appreciate the intent and the concern over adequate guardrails. I would note that the criteria for reasonableness, as established by the Supreme Court, has principles of proportionality embedded within it. That's outlined in case law and the 2019 Vavilov decision in particular.
Bringing out “proportionate” separately from reasonableness and inserting it into the bill has different connotations from the plain-language understanding of the word “proportionate”, and as a stand-alone concept outside of an administrative law context, it is only used in a charter rights context.
My understanding, based on the testimony or submissions I've seen, is that it's not the intent to apply a charter rights standard to the regulation of mundane equipment issues in the telecom sector. However, in writing it this way and importing that Supreme Court language, there's a risk of that down the road.
I have no issues with the subamendment, but I can't move a subamendment of my own now because of it. I will say—and then I'll come back to it after we deal with the subamendment—that we can't support this, especially based on what officials just said, if the word “proportionate” is in there, mainly because of the legal context of that word and because G-1 was adopted to add in the reasonableness clause, which I think is what everybody wanted. We can't support the subamendment or the amendment if they have the word “proportionate” in the text, but we could support this overall if that is taken out.
I think we should delve into that proportionality language and what it actually means for the bill when it's appropriate, but, again, I know that we're on the subamendment, so I have to wait for that to be dealt with.
I was going to suggest that we deal with the “degradation” first, as the subamendment, and then allow Ms. O'Connell to present her additional subamendment.
I think the important piece is that we keep “be reasonable to the gravity of the threat” and just remove “and proportionate”.
Officials spoke about this earlier. The term “proportionate” in the legal sense is different from just speaking it. It might seem very reasonable, but because we moved the G-1 amendment that added the reasonableness clause, we feel this moves to the heart of the intent of the concerns without getting into the legal and charter ramifications or usage of the word “proportionate”.
We can support these changes but not without the removal of “proportionate” as terminology in this bill.
Mr. Arbour, you indicated the charter concern. The whole bill has to be charter-compliant, obviously.
Can you explain this to us again, with specifics on what you think the concern would be about having “proportionate” in there, other than it might open up more of a charter argument? Specifically, is there an example that comes to mind to help clarify the concern?
First, yes, the bill and anything stemming from it would have to be charter-compliant. Any order coming from it would have to be proportionate, as established by the Supreme Court, regardless of the text of the bill itself.
The issue with taking the word “proportionate” out of the charter rights context and applying it to administrative law decisions writ large is that it takes criteria for reasonable limits on charter rights and applies them to the more mundane commercial activities of telecom service providers.
I'll give you a specific example.
When the Supreme Court does a test of reasonable limits on charter rights, one of the core factors is something called a minimal impairment test. If you're going to be infringing on an individual's charter rights, it asks whether you looked at the least intrusive ways of accomplishing that government goal. When we're talking about charter rights, of course that's a key consideration, because you're putting infringements on some pretty important issues, whether it be freedom of speech or what have you.
If that were to be applied to a case of high-risk vendor equipment, for instance.... Everyone understands the government's policy about restricting high-risk vendor equipment. That would include Huawei and ZTE. That is one of the core considerations of an order in council stemming from this provision. In the context of a challenge, someone could ask whether you used the least intrusive means to accomplish this goal. Yes, you have an order saying the companies must remove this equipment or cannot use this equipment, but a less intrusive option would be to have a subsidy program and pay the businesses to remove the equipment.
It's hard to say definitively what would play out in a legal challenge environment. However, given the case law around “proportionate” in a charter rights context, those are the risks we've identified.
On this “proportionate” question, there has been a lot of industry and business concern about the potential for companies to be given wildly large fines or very large penalties. Do you think the inclusion of the word “proportionate”...? Maybe not so much from a legal standpoint, but to create an assurance that when the government needs an order to bring an industry into line, it's not going to be.... If we remove the term “proportionate”, it seems as if we're creating some uncertainty.
I'm wondering if you could comment from the industry perspective. Is there not a concern that if we don't include terms like “proportionate”, we could be creating a lot of uncertainty in our economy?
Certainly we're live to the concerns about industry. Under the Radiocommunication Act, for instance, we currently license spectrum and wireless usage. We have spectrum auctions that are hugely consequential, that shape the industry and that have big implications for businesses. We are already subject to a range of administrative law requirements as established by the Supreme Court, so we're well habituated to that.
In this particular context, the addition of the reasonableness language makes that even further explicit in the bill, and the criteria as established by the Supreme Court for what makes for a reasonable decision include principles of proportionality and the impact on the entity in question.
I can pull up paragraphs 133 to 135 of the 2019 Vavilov decision, entitled “Impact of the Decision on the Affected Individual”. They say very clearly that the gravity of the obligation on the regulated entity, on the person, needs to be reasonably linked with what you're trying to accomplish. The more it is out of whack, the more it is likely to be determined an unreasonable decision and determined as invalid.
I completely understand the explanations concerning the notion of proportionality. However, if we remove it, the result is quite strange in French. It would look like this: “The provisions of the order must, in scope and substance, be reasonable to the gravity of the threat of interference...”
I don't know whether “reasonable to the gravity” is the right wording or whether we should add a word to make it flow better.
I think that the legislative clerk gets it.
I don't know whether this sounds right to you. If so, I'm fine with it too. I'm just asking.
I think the point has already been made, but I want to summarize it.
The fact that it needs to be reasonable is a position the government accepts. That's precisely why it was added already in G-1. However, with proportionality in this concept, Mr. Arbour, you used an example. You mentioned proportionality or the least restrictive.... Using your Huawei equipment example, one could argue that the least restrictive thing is just to leave it.
I would be concerned about leaving that door open rather than having the ability to take assurances against, for example, equipment that might pose a risk or leave a gap in the system. I feel comfortable that leaving in the language around reasonableness and what that triggers in the law accomplishes what stakeholders raised without getting us into a legal fight about proportionality using a charter standard. We're not talking about, potentially, people; we're talking about equipment within a system.
We want to ensure reasonableness in terms of the order, but let's make sure that it doesn't handcuff us from actually achieving the security features that might be needed in, for example, telecommunications equipment.
I have a quick question for officials based on that.
Is there a possibility that if “proportionate” is in there, it would not lead to removing the equipment if there was a threat, or would that not meet the standard of “least restrictive”? I mean, they have to do something. Is that a realistic possibility, from what my Liberal colleague just said?
In any context like this, it will depend on the specific facts of the case. The court would look at what you are trying to accomplish, at the status quo and at the minimum requirement to establish that.
It's difficult to comment on a hypothetical. I could imagine arguments being made that there's a natural equipment life cycle, and setting the requirements for the next generation of equipment and letting them life-cycle out could be another argument. That is an argument, in theory, that could be made, but it would have to be grounded in the facts and specifics of the case.
Most of my questions have been answered. This is just to ensure that on the record we have proportionality versus reasonableness, similar to the conversation we had surrounding G-1.
Just because “proportionate” isn't in the language, there is the expectation of proportionality if a charter circumstance were to arise, even if it's not understood in the context of a circumstance that we may face today. Reasonableness language, if I am properly interpreting your explanation from G-1, doesn't exclude that from the possible charter implications of proportionality in the future.
Do you agree with that? I'm wondering if you have any further comment. I think it's been pretty clearly articulated, but I just want to confirm that this is in fact the case.
Yes. That would be my short answer. The slightly longer answer would be that within reasonableness—the reasonableness standard is established by the Supreme Court—there are principles of proportionality established. To the extent that the language used is specific to an administrative law context, which is what we're dealing with here, were the government to issue an order that was not logically coherent with what was trying to be accomplished, it would be vulnerable to a challenge for being unreasonable.
To the extent that there is a concern about charter rights separate from administrative law decisions, yes, the Oakes test with reasonable limits criteria, including proportionality in the legal sense as opposed to just the common vernacular sense, would absolutely apply as well.
As we know, Bill C‑26 enables the government to issue confidential orders applicable to telecommunications service providers. While confidentiality can certainly be justified in certain situations, it shouldn't be the default rule. A number of civil liberties organizations have told us as much.
These organizations recommend a mandatory Federal Court order as a check and balance against government overreach. This could be an effective way to ensure that the government isn't hiding disproportionately intrusive actions. It adds some checks and balances to the legislation.
I'll read amendment BQ‑2, which proposes an amendment by replacement:
(2) On application by the Minister, the Federal Court may, by order, prohibit any person from disclosing some or all of the order's contents if it is satisfied that there are reasonable grounds to believe that such disclosure could be injurious to international relations, national defence or national security or endanger the safety of any person.
I'm wondering about part of line 3 of the amendment. The wording is “disclosing some or all of the order's contents.” That sounds funny to me. Again, I think that the legislative clerks are the experts on how to write this. If it sounds good in the legislative language, so much the better. I just wanted to make sure.
I have a question for the officials before we move on with the discussion.
I want to make sure that adopting this amendment wouldn't add lengthy delays to the process. Would it?
I want to thank the member for her question, Mr. Chair.
In some situations, this amendment could lead to efficiency risks. For example, a Federal Court process would take at least a few weeks. In addition, certain issues could arise, such as the 2020 cyber‑attack on SolarWinds, which supplied software and equipment to many key infrastructure sectors. This basically led to a crisis and the need to take urgent action to resolve the situation.
Requiring an appeal to the Federal Court would carry certain risks in this type of situation.
We share the concerns over the time delay in a situation where there could be potential risks to the systems or vulnerabilities. The court process could add that delay, which we all know with a cyber-threat could be significant. However, keep in mind that we agree with some of the concerns Madame Michaud and others have raised in terms of accountability and transparency when an order is made.
We have proposed in G-5.1 what we think might help address those legitimate concerns without slowing things down. It would require a notification to NSICOP and NSIRA of any order being made. Under the protections around confidentiality of national security information, this would alert both groups so they know that an order was made.
I think we heard that the question would be, “How would anyone even know there was an order to look into to see that parliamentarians have accountability?” We can't support this particular amendment, because of the delay and potential risk that we worry it could add. However, we acknowledge the overall concerns about accountability and transparency. We think that notifying NSICOP and NSIRA every time an order is made will allow for that reflection to be done.
Again, that is in G-5.1, so we can't support this as is. Hopefully we can find a balance later on in that amendment.
This is a very pleasant day, Chair. We're agreeing with our friends across the table a lot today. We will also not be supporting this amendment.
Just so everybody doesn't think we're trying to do something a little slippery, we will be withdrawing our similar amendment, CPC-3, once and if we get there.
G-2 adds proposed subsection 15.1(2.1). This amendment adds a non-exhaustive list of factors that the GIC must consider prior to issuing an order. The list of factors would include the financial impact on telecommunications service providers, the operational impact on TSPs, the delivery of services to consumers and anything else the GIC deems relevant.
This is something we heard during testimony from witnesses. Obviously, the government will conduct a thorough assessment and look at the impact of the order on implicated parties, but some stakeholders raised the issue that adding an explicit requirement within the bill will go a long way.
I apologize to my Conservative colleagues in advance for CPC-4 not being able to be moved if we adopt NDP-3.
We had a persistent theme in testimony before the committee that we need to ensure transparency around Bill C-26. What NDP-3 would accomplish is ensuring that orders are published “in the Canada Gazette within 90 days after the day on which it is made”. This has been suggested by coalition members who appeared before the committee, and it would ensure more transparency in the bill.
I hate to say this to my friend down the table, because he was so nice to us, but we will be voting against this amendment. If it moves forward, we will be withdrawing our next amendment, which is CPC-4.
This NDP amendment provides a 90‑day deadline. What is the usual deadline in legislation? Is 90 days enough time for the government? Should there be a longer deadline? What do we usually see? Is there a common practice?
I want to thank the member for her question, Mr. Chair.
We aren't worried about the deadline. To ensure that stakeholders or telecommunications service providers know about their obligations, the regulations must be made available well in advance. A 90‑day deadline wouldn't pose any issues.
I understand the statement you just made, Mr. Arbour, but I'm wondering if it could ever be an issue. Has it ever been an issue in the past? All we're trying to get at is a timely release of the information. I think that's what my NDP colleague was trying to do. We need to put some parameters around the time within which it should be presented. You say you have no problem doing that, which is great.
In general, on average, how much time does it take before matters from the public safety department get into the Gazette?
Just to clarify, I'll speak for ISED—Innovation, Science and Economic Development, of course.
Because parties need to know what the obligations are, we will coordinate the publication in line with when they're in effect. There is a bit of a period after you submit the package to the Canada Gazette—it can be a week and a half before it is published—and we'll coordinate accordingly, but even if there is some unexpected problem or something like that, 90 days allows for quite a comfortable period of time to get publication done.
This is about the order. You're saying that once an order is made, you have no issue achieving that 90 days, and even though the act doesn't specify a time, you're suggesting that you can easily do it within 90 days now and it's just a matter of.... My question was more this: The Gazette is going to need a week to get it published, so from the time an order is made and you give it to the Gazette to put in, are we talking about it being within a week as well, or two, potentially?
For an order in council, there is another, separate process through the Privy Council Office to get Governor General approval on the final order. We will coordinate that in parallel with the Canada Gazette process to make sure things are presented appropriately in public.
The way I read line 12 in the act is that it must be published in the Canada Gazette. It doesn't speak to a timeline, but it must be published. From your testimony, it sounds as though there's an immediacy factor to that or, in some cases, it must be done even in advance of the order taking effect. I bring that up because you're describing the circumstances for something being gazetted versus an explicit 90-day timeline that's listed here.
Could the 90-day timeline potentially reduce the requirement that it be done with the industry and timeliness mentioned in the current writing of line 12, which is in proposed subsection 15.1(4)? I'm just curious as to whether you can comment on that. If you're doing it immediately, is that what the expectation is with the current wording versus what it would be if you added 90 days? Could adding time into the way it is currently written possibly create complications?
No, I don't think it would contribute to a delay in publishing orders. With the way the current requirements are set up, we would announce something and publish an unofficial version—on our website, for example—and then we would have to publish the full version in the Canada Gazette. We would have submitted that, and that would come a week and a half later.
It's in our interest to have that out as quickly as possible. Adding a 90-day requirement does not delay it, but I can understand that if you didn't see a specific deadline in the bill, there could be some concern that the government could drag its feet on this. Adding a specific deadline doesn't create problems for us, but I can understand why it might provide some additional comfort.
Again, this is one of the recommendations from the coalition, which is concerned about the powers being given to the minister, to ensure there are more guardrails around that and to ensure the legislation is effective. What this would do is amend clause 2 by replacing line 23 on page 2 with “If there are reasonable grounds to believe that it is necessary to”, and replacing lines 4 and 5 on page 3 with “specified in the order and in respect of which there are reasonable grounds to believe is necessary”.
This is part of what I think we're all endeavouring to do: provide more guardrails in the legislation to ensure transparency and accountability.
I want to say that we agree with this and are supportive.
As with G-1, we acknowledge and accept adding additional language in the legislation to reiterate “reasonable grounds”. It is something we're supportive of. I don't think there was an intention to leave it out. It was assumed. We are supportive of any opportunity to put it in and clarify that.
The language in G-3 is in line with how the act reads, generally. The language as it's written in NDP-4, to me, says it in a backwards fashion. “If the minister believes there are reasonable and probable grounds that it's necessary” would be, to me, a proper way to put it. It falls in line with the way the wording is in the act for that type of language.
That's all I'm suggesting. It says the same thing, but one says it one way and one says it in an NDP-backwards sort of way.
This is coordinating with G-1.1, which the committee agreed to. We're saying that Bill C-26, in clause 2, should be amended by replacing lines 25 and 26 on page 2 with the following:
tem against any threat, including that of interference, manipulation, disruption or degradation, the Minister may, by order and af-
G-3.2 is similar to G-1.2. We are concerned about being too prescriptive and limiting the ability to consult with required people as to threats. Obviously, when we look at administrative law, there's a zone of expertise that we allow the agencies to have.
I move to amend Bill C-26, in clause 2, by replacing line 28 on page 2 with the following, which is referring, I assume, to the Minister of Emergency Preparedness:
Emergency Preparedness and with the persons the Minister considers appropriate,
This has always somewhat confused me. We do have a Minister of Public Safety and a Minister of Emergency Preparedness. However, all the legislation that gives the Minister of Public Safety power references him or her as being the Minister of Public Safety and Emergency Preparedness.
I'm just a bit confused by what Mr. Gaheer said. Are we suggesting that this legislation will fall under just the Minister of Emergency Preparedness, or will this fall under the Minister of Public Safety and Emergency Preparedness? I mean, it's technically two ministers, but in law it's actually under one ministry.
In legislation, we are required to use the legal name of the minister in question. For instance, you'll see a lot of references to the Minister of Industry and not the Minister of Innovation, Science and Industry, even though that is the name currently styled. The reference speaks to the legal name of the minister in the underlying enabling legislation for the department in question.
I'm just a bit confused by what Mr. Gaheer said. To clarify, this is going under the Minister of Public Safety, not the Minister of Emergency Preparedness.
You're just going at a breakneck speed here, Mr. Chair. I'm getting paper cuts now from moving through the clauses.
NDP-5 is very similar to NDP-2. Some colleagues around the table may want to delete “proportionate”, given that we have done that previously. It's not that I agree with that, but I certainly understand the consistency.
Again, NDP-5 comes from coalition recommendations. It would amend clause 2 by adding after line 12 on page 4 the following:
(2.1) The provisions of an order made under subsection (1) or (2) must, in scope and substance, be reasonable and proportionate to the gravity of the threat of interference, manipulation or disruption.
Once again, we have no issue if you want to add “degradation” to keep it consistent, but, again, our objection to proportionality is simply the legal term. If it's a question of subamending and removing that, we are willing to accept it, or we would have to vote against the amendment.
I will move a subamendment to remove “and proportionate” and then add “degradation” after “manipulation or disruption”.
This amendment may seem a bit odd, but I'll explain what it entails.
It seemed like a good opportunity to move this amendment to the bill, in the part where the minister may direct a telecommunications service provider to do anything, or refrain from doing anything, that is specified and that is, in the minister's opinion, necessary to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.
In the event of disruptions to the system, the minister may require that a provider have a backup system to power telephone towers.
The City of Terrebonne has been in touch with us about this issue. I imagine that other cities are in the same situation. In stormy or very windy weather, cell coverage drops because the cell towers don't have a backup system. In the event of a cyber‑attack, I think that this could ensure backup power while the situation is resolved.
We hope that our colleagues will support this amendment, which could make a big difference to many people's lives.
Could the officials explain to us or tell us how practical this is? I understand the importance of it, but is this something that's in the industry now? What is the impact of this compared to what is common practice?
Yes, considerations around backup power are important in the industry currently. There will be different systems of backup power at different parts of the network.
One thing that I would flag is that, while I understand the objective of the text, it could have a risk of accidentally limiting the government's authority, just because there are other parts of the telecommunications network that require backup systems or backup power. Backup power to fibre optic cables can be an issue, for instance.
Removing the reference to “power”, so that it is backup systems more broadly, and making reference to “telecommunications facilities”, as opposed to just “towers”, would solve that issue.
On the same point, I think we all agree with the intention, but I'm going to move a subamendment just to clarify the language, to require that telecommunications service providers use “a backup system for telecommunications facilities”.
Again, the intention there is just to clean it up, so that it's not limited to just “towers” and “power”. It's backup systems for telecommunications facilities, so it would encompass everything.
This amendment is in regard to concerns from civil liberties groups that the bill could be used to target individuals. This makes it clear that the bill deals with network security and it's not for intercepting communications.
I'll just read the language of it:
(2.1) For greater certainty, despite subsection (2), the Minister is not permitted to order a telecommunications service provider to intercept a private communication or a radio-based telephone communication, as those terms are defined in section 183 of the Criminal Code.
Amendment BQ-5 is a consequential amendment, a bit like amendment BQ-1 was, which removed the word “including”.
This is a way to counterbalance ministerial power, a proposal made by a number of organizations, some of which advocate for the protection of civil liberties.
I'll just quickly reiterate that I think we agree with the intention, in the sense that we want to create some oversight and accountability, but we worry that this language could add unforeseen delays in the ability to act quickly. We are hopeful that our amendment later—which is G-5.1, I think—will address some of the ability to have that oversight and review, but in a national security context.
We can't support this, given the timelines and delay, but we do understand the intention.
I thought it was a consequential amendment to remove the word “including”, but rather it is a consequential amendment regarding what I previously proposed—a review by the Federal Court.
Since we already voted against this before, I understand the government's position.
I'm not in the room, so I miss a lot of the nuances of what's going on. It would be most helpful to me to follow along with the many papers I have here if you would recite back the outcome of a vote on a particular amendment or subamendment.
This is similar to G-2, which the committee already voted on and accepted. G-2 looked at the non-exhaustive list of factors the GIC should consider. G-5 is adding a non-exhaustive list of factors the minister must consider prior to issuing an order. The list of factors would include the financial impact on TSPs, the operational impact on TSPs, the delivery of services to consumers, and anything else the minister may deem relevant.
This is similar to NDP-3. This would replace line 19 on page 4. We've already had this discussion, and the coalition was very clear about ensuring there is transparency around this legislation. One of the ways to do that is to ensure the orders actually appear in the Canada Gazette. This would oblige the minister to publish in the Canada Gazette within 90 days of the day an order is made.
I appreciate this opportunity, and I'm glad we've been able to have a productive meeting thus far. I would, however, like to take just a brief few minutes to move the motion that I gave notice of this past Friday.
I'll read the motion and move it here shortly, but I will simply say, for the context of it, that one of the conversations that I, my Conservative colleagues and, I would suggest, my colleagues from other parties are having is in relation to the very live conversation about the carbon tax.
The reason I am moving this motion today is that in about a week and a half—12 or so days—there will be a 23% increase to the Liberal-NDP carbon tax, which is driving up the cost of everything across our country. It's costing Canadians significantly, both in terms of the tax they pay directly and in terms of the significant impact the carbon tax has across the entire supply chain. From the farmer who grows the food to the trucker who ships the food to every single person who does almost anything in the economy, everyone is impacted by the carbon tax.
What has been so frustrating—I heard this when I did a series of town halls across my constituency and spoke to some folks across the country, including some Canadians from constituencies that are represented by members from other political parties—is that the carbon tax is truly having a devastating impact on Canadians' ability to make ends meet.
The specifics of the motion that I'm going to read into the record here shortly, in relation to that 23%, talk about some of the additional costs that Canadians ultimately pay. I think that's a key part of the discussion, which we do not hear an acknowledgement of from the government and those who support the carbon tax. One specific cost associated with the carbon tax is the budgets of the RCMP and other police forces across the country.
Canada is a cold country. It was snowing here in Ottawa today. I know there's snow forecast in Alberta tonight and tomorrow. While we will certainly enjoy and appreciate the moisture that snow brings, those freezing temperatures require everything to be heated. That includes the many local detachments, whether they be the many RCMP detachments in the rural and remote communities I represent, which the RCMP is working diligently to patrol, or those of the Camrose Police Service, which is the only municipal police force I have in my constituency, outside of bylaw enforcement. The impacts of the carbon tax mean increased costs associated with the ability of this essential service in our country to do its work.
That's not to mention that Canada is a big country. When it comes to the RCMP's work of policing rural Alberta.... The French acronym for the RCMP is GRC. Local Mounties have joked with me that it's short for “gravel road cop”. The reason I bring that up is that many Canadians see, and I'm sure many have experienced, the police forces behind the wheel of their cruisers.
The impact of that tax is substantial when it comes to the costs our police forces have to pay. It is tax revenue that goes to the government, and it is not going to other public safety measures, especially as crime and chaos seem to rule our streets. I have certainly heard a lot about that over the last number of weeks back in my constituency. There is also an unwillingness to acknowledge that this ultimately has an impact on affordability for Canadians.
(1820)
I hope we can find support to get answers, which is the first part of this motion, and ensure that Canadians know that their parliamentarians—I would hope from all parties, although I have my doubts.... Let's ensure we get answers first. It is time to spike the hike and axe the tax to bring home lower prices for everybody.
Mr. Chair, I will move the motion that I gave notice of on March 15, which has been distributed to committee members in both official languages. It reads as follows:
That given the April 1st Carbon Tax hike, the committee call on the Minister of Public Safety and Minister of Environment to provide a report to the committee in 30 days on the additional costs the carbon tax adds to the RCMP budgets and police forces across the country, and to work with their provincial counterparts to secure this information, and report to the house its recommendation to spike the hike, and axe the tax.
I look forward to what I hope will be unanimous support for a common-sense motion brought forward today from Canada's Conservatives on this committee.
The Conservatives did agree to go through Bill C-26 without filibustering. I hope Mr. Kurek now has a copy of that memo because we really need to get through this bill.
We will be moving that amendment, which was recommended by the Citizen Lab.
This amendment would require the minister to “prepare a report stating the number of times that an order...prevailed over a decision of the Commission made under this Act” and that it be tabled in Parliament. Hopefully we have support for it.
If this passes, I wonder if it would require the submission of a report separate from one that's already proposed in NDP-7, BQ-6 and CPC-9. I'm wondering if it would make sense to not move forward on this and, with the future amendments on reporting, have just one combined report.
Could you elaborate on or speak to whether you see having a stand-alone report in addition to the others as an issue?
This speaks to a separate clause that notes the possibility of an inconsistency between a government order and a CRTC decision. For greater certainty, it removes some risk that there would be confusion in the event of said inconsistency.
Certainly reporting—to the extent that this occurs—doesn't present any operational challenges. Having it as a separate, stand-alone report with some potentially different timelines—there's potentially a bit of ambiguity in the language here—doesn't present any big challenges.
To the extent that it could be folded into one clearer annual reporting requirement, that would be a bit cleaner.
Again, our issue is not with the intention. I'm not going to support this amendment because I think we can take the intention and deal with it as one overall report, which we have coming up in subsequent amendments.
Well, there's NDP-7, which would be next, and BQ-6 and CPC-9 also deal with reporting. It would be cleaner to have one report to talk about when orders were issued or “prevailed” over a CRTC decision.
Chair, if there's good intent on that, and seeing that the other side wants to have this in, we will withdraw our amendment and try to add it into the next one, NDP-7.
There is a recommendation from the coalition in the coalition brief. You will find it on page 16. Just to remind folks, it includes the Canadian Civil Liberties Association, OpenMedia, the Ligue des droits et libertés, the Privacy and Access Council of Canada and a number of other distinguished Canadians.
What they are looking for, as they proposed in their testimony, is for reports to be filed pertaining to orders and regulations as a way of ensuring complete transparency. The requirement is to file an annual report, and if the minister fails to file such a report, the minister would be required to come before a parliamentary committee to explain why that has not happened.
Those are the provisions. I won't read them out because they're fairly lengthy, but I move the provisions of NDP-7.
Because I just identified that we're open to the language from the Conservatives' amendment, I won't subamend yet. I'll let them introduce theirs.
I will say that we're comfortable with this. We just have concerns with proposed paragraphs 15.21(2)(e) and (f). We'd prefer to replace “the number” with “description of compliance”. Again, I will do that, but in fairness to my colleagues, I will let them have a chance to move their amendment.
If you go to proposed paragraph 15.21(2)(e) of the NDP amendment, it says “the number of telecommunications service providers that partially complied with an order”, and proposed paragraph 15.21(2)(f) is the same. It says, “the number of telecommunications service providers that fully complied with an order”. We would like to replace “the number” with “description of compliance”.
We were looking to add a paragraph (h), Ms. O'Connell, and it would basically be proposed subsection 15.2(6.1) from CPC-8.1. We would move that as the subamendment, if that's making any sense.
I'm just wondering, though, if that's only dealing with the number of times an order was “made under” and “prevailed over a decision” or if it's the number of times.... I guess it's “or”.
Could we park this one and work on some language to get consistency in what you want to add? Then we can see if it still complies. That's unless everybody else wants to move forward. I think it would make some sense for us to come together on this one.
I think there's some agreement that we want to see something here. I agree; let's park this, if that's the will of the committee. I agree with what my other colleague said. It would be better if we go with our extra paragraph and make it subsection 3 by adding what's in CPC-8.1, but I'm also fine with parking it, Ms. O'Connell.
I do apologize. It took a bit longer, but sometimes that's the way it goes. I think we have a good compromise now.
We will add, as our subamendment, subsection (3), which will state:
The report shall state the number of times that an order prevailed over a decision of the Commission made under this Act during the previous fiscal year and must cause the report to be tabled before each House of Parliament on any of the first 15 days on which the House is sitting after the report is completed.
We are just sorting out the French translation. I think the law clerk can help with that. You wouldn't want me to attempt that. I'd probably make it worse.
My subamendment, as I've stated, is for proposed paragraph 15.21(2)(e). I'll start with that one. It would change “number of” to “description of compliance”. Then in proposed paragraph 15.21(2)(f), very similarly, we would to replace “number of” with “description of compliance”.
This is just adding an NSICOP and NSIRA reporting requirement. There's a security-cleared group of individuals here that will be given transparency. It doesn't required that they act on the information, and therefore it doesn't interfere with their work either.
This is going to be, I think, one of these key decision points today in the legislation.
What was clear from the testimony we heard from a number of sources is that the cybersecurity protection act needs to be under the Statutory Instruments Act. In terms of transparency and the overall accountability of this legislation, there are a number of amendments we are offering that basically ensure the Statutory Instruments Act does apply.
This has come up as a recommendation from numerous sources in the testimony we heard. We have a number of amendments coming forward as we debate this bill. This is the first one. The Statutory Instruments Act should apply, and it should be accessible for regulations. The Standing Joint Committee for the Scrutiny of Regulations is something that we believe is important. That is why we're following up on the testimony we heard that clearly indicated this is an important component for transparency.
We do have some concerns with this. We think that adding the SIA becomes too broad and can add up to 18 months of regulatory processes. I want to make sure I'm clear and that all committee members can directly understand what this amendment would mean.
Here are my questions for the officials.
I'm curious about this amendment. If passed in the legislation and 18 months are added to a regulatory process, what damage could be done in that time frame and what harms to the network could be done in that time frame?
My second question is, does this have impacts on our national security and our relationships with other allies, like the U.S., with whom we have an interconnected grid? It's not just telecommunications, and that's what we have to remember.
Could the officials add some context to what harms, probably unintended, could come from adding this amendment?
Having followed the testimony, I certainly appreciate the sentiment behind the amendment. There are three categories of practical considerations that would pose challenges from an implementation standpoint.
The first is that the overall structure of the SIA—and the associated regulatory policy that goes with it—has challenges in a technological space and in a national security space given the range of incidents that can arise, that can arise quickly or that can evolve over time. In particular, more and more of our network is handled in software. With 5G, for instance, a lot of key functions are handled in a software patch-up that can move very quickly. There are incidents such as the SolarWinds incident I mentioned. This was a vendor that provided critical infrastructure subsystems to a range of different sectors. They themselves were compromised, which had spillovers all across different sectors.
The Colonial Pipeline incident with ransomware is another case. This ransomware incident for an oil distribution pipeline had huge impacts all across the eastern seaboard. Adding long stretches of delay throughout that process has real, tangible issues from an implementation standpoint.
A second exacerbating factor is that the underlying legislation we're dealing with is not subject to the SIA currently for the main activities, so this would be quite a large departure from the way regulation under the Telecommunications Act and the Radiocommunication Act is currently done. That would have further compounding effects.
The third category of consideration here is that the structure of the act was developed with the conception that the SIA would not apply. There are certain structures within the act to address the lack of the SIA applying. For instance, there are specific provisions around publication in the Canada Gazette when dealing with confidential orders. There are parallel provisions in the SIA. If we're going to have those parallel structures within this act elaborated upon with some of the amendments this evening, then reimposing the SIA will have some further parallel considerations.
I appreciate the intent behind it, but those are the practical considerations.
Just following up on the two real-world examples you listed, assuming that this legislation was in place and, with this amendment, the SIA was required, what would that mean in those two examples? You can choose one for the sake of committee discussion, but it's potentially 18 months. Is that correct? What specifically would this do in those real world examples? Is it just a time delay or are there other regulatory processes that would essentially make this legislation...? What's the point of it if, after 18 months, you're dealing with ransomware or a cyber-attack? At that point, I think this becomes obsolete.
Certainly, there would be real world consequences that would make it hard to keep pace with the developments of technology and the sector. That is one of the considerations in the current regulatory sphere we're dealing with, where the SIA does not come into play in regulating under the telecom act and the radiocom act.
This would have implications for urgent situations where we'd be working around that, but also for important circumstances like dealing with high-risk vendor equipment, which does not necessarily have an emergency context but does have real-world considerations for dealing with our allies and coordinating continental telecommunications infrastructure.
Amendment BQ-7 concerns information retention periods.
During our study, representatives of organizations told us that the bill should be amended to specify that information obtained from telecommunications service providers or operators designated under the Critical Cyber Systems Protection Act, or CCSPA, will only be retained for as long as necessary to make, amend or revoke an order under section 15.1 or section 15.2 or a regulation under paragraph 15.8(1)(a) of the Telecommunications Act or section 20 of the CCSPA, or to verify compliance with or prevent non-compliance with such an order or regulation.
Retention periods must be disclosed to telecommunications service providers from whom the minister has collected information.
We also propose amending the text to order the government to add provisions relating to retention periods and the deletion of data in agreements or memoranda of understanding with foreign governments or agencies. This adds a safeguard concerning organizations' fears about the information collected and the retention period for that information.
I hope my colleagues will vote in favour of the amendment.
We agree with the intention in terms of privacy and privacy rights. We understand the concerns raised by witnesses. We just think that, for clarity, although in essence the amendment itself is.... Again, we're okay with the intention, but we feel that the language is a little unclear. We actually prefer G-6.1, which reiterates that the Privacy Act would supersede the provisions in this bill to give that level of assurance. We did hear that, that it was silent. We just think it's clear and adds the certainty that this bill would have to comply with the Privacy Act. We just think it's a cleaner way of achieving the same things.
We won't support this language as is, but we understand and agree with the intention. That's why we have G-6.1, which comes up later.
Amendment BQ-8 is somewhat along the same lines. We simply want to add definitions that may apply to subclause 2(1)(d)—the definitions of the terms “de-identify” and “personal information”.
It's pretty straightforward. I know that this is a recommendation of the coalition that Mr. Julian has been talking about since the beginning, which seeks to protect civil liberties.
I just have a subamendment. We'd like to amend (d) and replace “or” with “and” for greater clarity, so it will be “personal information and de-identified information”.
We will be moving CPC-12.1. This amendment would ensure that information collected would be treated as confidential and would be disclosed only if doing so was necessary to secure the Canadian telecommunications system.
I think our concerns with this one were that there's a timing issue in that it would require a court order to be sought prior to the release of the information.
Maybe I'll turn to the officials to see if I'm understanding this correctly. Do you see this amendment as adding a requirement through a court order that would cause additional delay?
Yes. In certain circumstances where we would be dealing with an emergency situation, that could include, in the process of making the order, divulging certain information that has been designated confidential by a telecommunications service provider. This amendment would mean that a court order would be required before that information could be disclosed.
I would flag that the information could be disclosed only if doing so would protect the Canadian telecommunications system, so it would be possible only in certain very limited circumstances.
Can I just hone in on that a little bit? Are you saying that other provisions within the act clarify when that disclosure could be made? Is that right? That's why, with this piece to make a disclosure, you would have to seek a court order, which, if you were disclosing the information, would be a pretty big threshold, I would think. It would probably be under an emergency type of situation, and this would delay that.
The possibility for disclosing confidential information is quite narrowly constrained, but the circumstances in which that would be an issue would involve protecting the Canadian telecommunications system, and there would be an added requirement to go to court first.
I understand the intention. I just think the issue around disclosure of information is covered in other sections in which that would be appropriate, and adding a delay in terms of getting a court order raises concerns, given that what we would potentially be dealing with would be cyber-attacks. I think everyone understands the speed with which we need to address those.
I therefore can't support this as it is, just given that delay. However, I understand the intention.
Obviously, we want to make sure things are expediently dealt with. I'm just curious, though. I know this is a tough one to give you as a question to answer. With regard to obtaining a court order if necessary, can you give me a timeline on an instance like this that would be pertinent? How long would that take? Is there any idea?
As you may have surmised in your question, it can be very context-specific. However, another reason why it can be challenging to answer is that it can depend on what the court is dealing with and on broader, contextual factors. It could add days or weeks, depending on the context.
I know that my friend Mr. Motz has a strong, long-time law background. I'm going to see what he has to say about this. It's not a legal background, but—
This is proposed subsection 15.5(3). It's talking about exceptions.
(3) Information that is designated as confidential my be disclosed, or be permitted to be disclosed, if
(a) the disclosure is authorized or required by law;
(b) the person who designated the information as confidential consents to its disclosure; or
(c) the disclosure is necessary, in the Minister’s opinion, to secure the Canadian telecommunications system, including against the threat of interference, manipulation or disruption.
What we're doing is replacing (c) with the following:
(c) the disclosure is authorized by an order made under subsection (4).
We're changing proposed paragraph 15.5(3)(c). Unless our numbers are wrong, we're not adding this as a (d). We're replacing proposed paragraph 15.5(3)(c) with this. Is that correct? That's how I understand it.
I don't know where the caution would be, because this is in the event that a disclosure is going to be happening anyway, and we are saying, here are the reasons why disclosure can occur: one, two and three. Is that right? We're not saying that you have to go to court to get an order. Surely the government is not going to order disclosure. The government is going to be ordered to provide the disclosure. Your argument would make sense to me, Mr. Arbour, if we were talking about an active something that has to be disclosed, but we're talking about something that's disclosed after the fact, potentially. By adding this particular line, we are saying that a court has already made the decision that this order.... It has already been authorized to be disclosed.
Unless I'm missing something, I think we're conflating two different issues here, to some degree. What's your take on that?
I appreciate the intent behind the consideration of my understanding there. Because the text of the amendment replaces “is necessary...to secure the Canadian telecommunications system” with only “is authorized by an order” and then sets out that the order is granted by an “application by the Minister” to the Federal Court, that sets the gating factor there.
Proposed paragraphs 15.5(3)(a) and 15.5(3)(b) would give us some alternative mechanisms, but they're pretty limited. We'd essentially be relying on the telecom operator we collected the information from to consent to its disclosure.
This amendment specifies that when confidential information is shared between parties under proposed section 15.6, that information must continue to be treated as confidential. Under proposed section 15.6, information, including confidential information, can be shared between certain parties, including the Minister of Innovation, Science and Industry, the Minister of Public Safety and the Minister of National Defence, for example.
Thank you.
(Amendment agreed to [See Minutes of Proceedings])
Amendment BQ-9 is pretty straightforward. It seeks to add, after line 29 on page 7, the following:
(3) If an exchange of information occurs under an agreement or arrangement with the government of a foreign state or with an international organization established by the governments of foreign states, the Minister must, without delay, notify the person to whom the information relates of the disclosure and of the state or organization that received it.
This amendment was requested by organizations that appeared before the committee and is simply intended to add protection for personal information or other information that is disclosed by the government.
We feel that this amendment is unnecessary, given the other protections, like those in proposed section 15.7. The sharing of confidential information to many groups...there are already restrictions on that. How any non-confidential information can be disclosed.... Again, it's already addressed. Proposed subsection 15.5(3) only allows for the disclosure of confidential information in very limited circumstances.
We don't disagree with the intent. We just think it's redundant because it's already addressed in terms of how information can be shared.
Earlier, we dealt with adding clearer language to the Privacy Act provisions, and then anything around confidential information.... That confidentiality, which is what we just passed in the previous amendment, G-6, carries with it those limited circumstances, even when the information is shared.
We just feel it's not a necessary provision and it's already addressed in those other sections.
My other committee is the access to information, privacy and ethics committee. While it notably prosecutes Liberal scandals, it also does a lot with privacy.
I would ask the officials if they could weigh in. I appreciate Ms. O'Connell's statement about it not being necessary, but I would ask if the officials could weigh in on the specific application of the privacy-related sphere in this and whether the amendments would make a notable difference compared to what is currently listed in the act versus what is in Bill C-26, as well as its applications of the myriad privacy rules that overlap here.
Perhaps I'll start with the protections that exist, and then explain what this amendment would do over and above that.
There are already restrictions in the text on the ability to share confidential information, which would include personal information. Proposed subsection 15.7(1) has a prohibition on sharing information designated as confidential. Furthermore, proposed subsection 15.7(2) states that even sharing non-confidential information cannot be done if it is used for a purpose that would be penal. We've had some amendments today to further clarify the designation of personal information as confidential and the application of the Privacy Act.
What this amendment would do is specify that sharing any of the collected information with another party has a notification requirement that goes with it. It doesn't prohibit the sharing. It says we need to notify the parties. Given that personal information would already be restricted from being shared to begin with, we would be talking about notifying the telecom operators each time we share non-sensitive information with an ally. Essentially, we collect a range of information, such as the number of cyber-incidents over the past year and the causes of those incidents. Were we to share that information with an ally, we would then have to notify each of the telcos.
On the one hand, protections regarding personal information exist. On the other hand, it creates the unusual circumstance where we would be notifying the telecom community of international relations discussions.
I know there are often exceptions for national security and whatnot. How can Canadians trust that, when an exception is laid out in Bill C-26...? This is larger than the conversation about this current proposed section. The minister is given discretion quite often to ensure they can use information if it's related to national security, etc. How can Canadians trust that the right balance is struck? This is a bigger conversation, but I think it will help speed up some of the forthcoming amendments.
Could you outline the processes in place to ensure that privacy is in fact protected and that, when an exemption is laid out in legislation, it's not opening it up for abuse?
First, I'll start with the scope of the information that can be collected. It can only be collected if it's related to an order to protect the Canadian telecommunications system—to inform the development of an order, or to enforce or promote compliance with an order. Off the bat, the information of concern is not personal information. It is the corporate information of the telecom operators that own and operate the telecom networks we're dealing with. Personal information—web-browsing behaviour and what have you—is not germane to that. We cannot collect information that is out of the scope of the existing text.
The amendments that were passed just now further make that clear in the provisions for designating confidentiality. There are a number of factors that allow for what information can be designated as confidential. They make it clearer that personal and de-identified information as captured is there, along with making it clear that the Privacy Act applies.
Finally, under proposed section 15.7, there are two provisions that state that any information designated as confidential—for instance, personal information—cannot be disclosed internationally within this scope. At a few different steps—in terms of what information can be collected at the outset, or if, by some chance, personal information was provided by accident—the limitations on what we could do with that information set out a regime that does not involve ministerial discretion.
This amendment will require the minister to prepare a report stating the number of times that an order prevailed over a decision of the CRTC made under this act and to table it in Parliament.
Our concerns with this were, again, that it be contained within the annual report, not a separate report. As long as we can use that language from earlier, we're fine. Can we just get clarity whether that is the case?
I wish it were that simple. We found out there was a little glitch in that one earlier.
Maybe the chair and the clerk will help us a little on that. Can we roll that into part of what we were talking about and try to come back to it next time?
This carries on the earlier discussion about just creating a simpler annual reporting amendment. It encompasses, I think, some of what the Conservatives were trying to do in the last amendment, in terms of saying that the report must include the number of orders that were made in the fiscal year, including timelines of 15 days. We think that just captures some of what they were trying to achieve, notwithstanding that I understand the Conservatives want to come back with another amendment later, just to clean up some other language.
Are you suggesting that the only thing missing would be the one from the last amendment about any regulation that prevails over such a CRTC decision? Am I understanding correctly that that was the sticking point you wanted included?
The subamendment would just add, after how many orders were issued, “and the number of times an order prevailed over a decision the CRTC made under this act”.
It would be adding, at the end of G-6.2 on how many orders were issued, “and the number of times an order prevailed over a decision the CRTC made under this act.” That's the only part we're adding—that one sentence—into the current report.
(Subamendment agreed to)
(Amendment as amended agreed to [See Minutes of Proceedings])
This is another key decision point, and it's what we've repeatedly heard is the best route forward to improve Bill C-26. We heard from members of the coalition, and I'll remind you that the organizations involved include the Privacy and Access Council of Canada, OpenMedia, the National Council of Canadian Muslims, the Ligue des droits et libertés, the International Civil Liberties Monitoring Group and the Canadian Civil Liberties Association. All of them have said that an important component for ensuring that the public interest is protected is a provision for special advocates.
What this would do is add, after line 13 on page 8, the following:
(a.1) the judge must appoint a person from a list established by the Minister to act as a special advocate in the proceeding after hearing representations from the applicant and the Minister and after giving particular consideration and weight to the preferences of the applicant;
It would also add, after line 28 on page 8, the following:
(c.1) on the request of the Minister, the judge may exempt the Minister from the obligation to provide the special advocate with a copy of information if the judge is satisfied that the information does not enable the applicant to be reasonably informed of the case made by the Minister;
I won't read all of the amendment. I know that my colleagues around the table have had a chance to thoroughly review NDP-9, but the reality is that special advocates are top secret, security-cleared private practice lawyers, independent of government. We've already seen special advocates protecting the interests, for example, of permanent residents or foreign nationals subject to a security clearance certificate or other proceedings under the Immigration and Refugee Protection Act.
Currently, there is a list of special advocates who are cleared to defend individuals in matters like this, with the Immigration and Refugee Protection Act. There are apparently 10 special advocates available.
This is clear testimony we heard from numerous witnesses among the coalition members I mentioned. They are some of Canada's most reputable groups, and there is no doubt that having in place a special advocate would improve the legislation, so I want to move NDP-9.
We have a ruling, and I'm going to read it out, as the chair.
The amendment seeks to authorize a judge to appoint a person from a list established by the minister to act as a special advocate in the proceeding, creating a new and distinct spending to be drawn from the treasury.
As House of Commons Procedure and Practice, third edition, states on page 772:
Since an amendment may not infringe upon the financial initiative of the Crown, it is inadmissible if it imposes a charge on the public treasury, or if it extends the objects or purposes or relaxes the conditions and qualifications specified in the royal recommendation.
In the opinion of the chair, and for the above-mentioned reason, the appointment of a special advocate imposes a charge on the public treasury. Therefore, I rule the amendment inadmissible.
Mr. Chair, I have a lot of respect for you, but I am going to present a couple of pieces of information that I believe are relevant, and then I will be asking the committee whether or not they agree with your ruling.
First off, in the past, Speakers—and I am thinking of 2003 and Speaker Milliken—have found that a royal recommendation was not required because a bill did not immediately require the expenditure of public funds. In 2010, Speaker Milliken also found that Bill C-300 did not require a royal recommendation, as the bill provided only a requirement to undertake such a program but did not stipulate how the government should execute the program.
I think it's fair to say that special advocates exist already, and we're not talking about an additional charge to the public treasury. The reality is that the government could choose to make a recommendation, but it's fair to say that the jurisprudence on this in Speaker Milliken's repeated rulings, in both 2003 and 2010, indicate to this committee that, given the special advocate program is already in place, there isn't an additional charge to the public treasury.
On that basis, I would challenge your ruling, with deep respect for the work you do and the slow cadence that you've brought to our clause-by-clause deliberations.
We have had a number of discussions on this issue with telecommunications companies, which expressed their concerns, and rightly so, about the provisions dealing with administrative monetary penalties and violations, including continuing violations. I will read section 72.131 on violations proposed in the bill:
ç
72.131 Every contravention of a provision of an order made under section 15.1 or 15.2 or a regulation made under paragraph 15.8(1)(a) constitutes a violation and the person who commits the violation is liable to an administrative monetary penalty of an amount
(a) in the case of an individual, not exceeding $25,000 and, for a subsequent contravention, not exceeding $50,000; or
(b) in any other case, not exceeding $10,000,000 and, for a subsequent contravention, not exceeding $15,000,000.
The bill also proposes the creation of a section on continuing violations:
72.132 A violation that is continued on more than one day constitutes a separate violation in respect of each day during which it is continued.
The purpose of our amendment is to delete those lines—lines 24 to 26—because such penalties of $10 million or $15 million, which is already enormous for large companies, are devastating for a small business. The Canadian Chamber of Commerce has also recommended that this section be removed because presumably, in the aftermath of the violation, businesses are trying to solve the problem. It is not in bad faith that someone would be in continuing violation of the act.
Our reasoning is as follows. The section states that a continuing or prolonged violation of the act can be punishable by additional daily fines. As non-compliance is often related to systemic issues that are not resolved quickly or in a day, a single continuing violation of the act could result in substantial and repeated administrative monetary penalties. Such severe penalties could lead to widespread outages of telephone, Internet and mobile phone services owing to a lack of time to properly develop and test fixes, which may introduce unintended technical vulnerabilities. Removing section 72.132 would allow for separate violations to be recognized without reducing the government's ability to impose fines for continuing violations.
I hope my colleagues will vote in favour of this amendment.
Again, we understand that the intention is not to bring undue harm to, say, smaller companies or enterprises that may be subject to this. I think, though, we are concerned that for the big players in this space, if a fine, for example, were too small, it would not really be an incentive to comply. It would be the cost of doing business to move forward and pay the fine.
To the officials, do you see provisions in the bill to accomplish what Madame Michaud is concerned about—making sure that penalties are not overly harmful to smaller-sized businesses?
Indeed, proposed subsection 72.133(1) sets out the set of factors that must be taken into consideration when determining the amount of the penalty. It includes the nature and scope of the violation and any past history, but also, importantly, the person's ability to pay the penalty.
Furthermore, proposed subsection 72.133(2) states that the purpose of the penalty is to “promote compliance”, not to punish. This is parallel to existing administrative monetary penalties and sets out constraints such that any penalty must be reasonable when taking into consideration these factors. We'll also be taking up the issue of due diligence subsequently.
Just to build on that, in this circumstance, it is the larger carriers that have revenues north of $15 billion per year. The maximum size of the penalty is geared toward the largest players. Otherwise, if it costs $20 million to replace some equipment and the maximum penalty is $10 million, maybe they will just pay it. However, these protections have been geared such that, when taking into consideration the interests of small business, they are not unreasonable and not out of the scope of the person's ability to pay.
That being said, I think the concerns around protecting smaller businesses are built into the reasonableness and ability to pay. Although I agree with this, I think it's covered in other sections. I wouldn't want the unintended consequence of trying to protect the smaller players in this space to be that the bigger players, such as in the example just provided, are allowed to do nothing because a fine is cheaper.
I can't support it in that sense, but I feel confident that the protections are there in other sections.
If we are taking the trouble to establish criteria to determine the amount of a penalty, why bother mentioning the maximum amounts? However, you said that the maximum amounts were related to larger companies' ability to pay.
Is it common to set a maximum amount in legislation to indicate what the penalty could be? Does that have to be done? I think it frightens smaller companies. Later on, we understand that it can be adjusted based on many criteria.
In a bill like this, it is perfectly normal to indicate a maximum amount. This is an important principle in order to avoid the risk of having a very large amount.
In a sector with a wide variety of service provider sizes, there are very large players, with revenues in the billions of dollars, and hundreds of very small service providers. It's perfectly normal to have a high maximum amount to be able to impose an appropriate penalty on large players, but there are criteria to protect small service providers' interests.
It would require the government to consider whether a telecom “exercised due diligence to prevent the violation” when determining an administrative monetary penalty.
I think what we're looking for is pretty self-explanatory.
BQ-11 also deals with due diligence. We won't support CPC-17 or BQ-11 because we think it's cleaner not to support clause 10. I can get to that when we get there, but this would have the effect of allowing due diligence in a proceeding for a violation.
We think deleting the clause is easier than amending.
Just to clarify, it's CPC-18 in clause 10. Do you want me to go there or just wait until we get there?
Basically, the amendments being proposed right now all deal with due diligence. We think we have a cleaner way of dealing with it.
I don't know if you want to park those and deal with clause 10 to make sure everyone is comfortable. I don't know what the process would be. We're not supporting these amendments because we think we have a cleaner way of addressing the same issue.
Before we vote on amendments CPC-17 or BQ-11, the intent of which is the same, I want to make sure I understand the government's intention with respect to clause 10.
Clause 10 of the bill deals with defences. It reads as follows:
Subsection 72.15(1) of the Act is replaced by the following:
Defence
72. 15 (1) It is a defence for a person in a proceeding in relation to a violation, other than a violation under section 72.131, to establish that the person exercised due diligence to prevent the violation.
I'm not sure I understand what the deletion would do for the people who want to defend themselves. I would like Ms. O'Connell to explain the intent of this amendment. That would help us understand everything.
I think it would be simple to let officials explain the rationale of why deleting the clause would have the effect of what I think everyone is in agreement with.
The Telecommunications Act, as drafted currently, has a due diligence defence that applies broadly across the course of the act. Clause 10 of Bill C-26 would insert an exception that would essentially have it so that orders under Bill C-26 would not be subject to due diligence.
Rather than add amendments to insert due diligence back in, simply removing the exception in clause 10 would ensure that the due diligence defence that already exists in the telecom act would apply writ large. Just from a drafting standpoint, it avoids an exception and then a reinsertion of new language.
We're on CPC-17, and I think BQ-11 also deals with it, so if we could park those two, then, when we get to clause 10, we can do what is being proposed. I think it might address everything, and, if not, if committee members are not happy with that justification, we can go back to CPC-17 and BQ-11.
I will just ask something of the legislative clerks, who often don't get the thanks they deserve in helping us navigate some of this stuff.
I know we often hear about line conflicts in sequential order, so if we were to park these and find agreement on what's being proposed, because I think everything has been talked about on the record.... Would the legislative clerks be able to outline whether that would essentially deal with these in sequential order and address the line conflict issue? If I'm correctly interpreting what's happening, by my reading of some of the amendments, that would allow us to process this efficiently while not missing out on what I think we're trying to accomplish with our amendment.
Before I get into this, I just want to make sure with officials that I understand it correctly so I can move the correct amendment.
Essentially, as Mr. Arbour just stated, clause 10 creates an exception in the Telecommunications Act. What we are doing is just removing the wording that creates that exception, which in turn would allow for due diligence.
This amendment proposes the addition of “other than”.... Hold on. Let me just make sure that I have the right text here.
I'm sorry. Mr. Arbour, I want to remove “other than a violation under section 72.131”. Is that the exception that you feel would allow for due diligence if deleted?
It's the entire clause, then. I propose that we vote against clause 10, which would remove the exemption that takes away the ability for due diligence. I just want to make sure that we're doing it as cleanly as possible.