Conservative MPs disrupt hearings on Bill C-26, raising concerns over powers granted to the government in proposed cybersecurity legislation. (Parliament's public safety and national security committee)
In recent committee meetings addressing proposed cybersecurity legislation, Conservative Members of Parliament (MPs) have once again curtailed the testimony of witnesses. The focus of these meetings is on Bill C-26, aiming to amend the Telecommunications Act and introduce the Critical Cyber Systems Protection Act (CCSPA). These changes would impose new cybersecurity obligations on critical infrastructure providers, including telecom companies, banks, and energy firms.
During Monday's hearings on Bill C-26, Conservatives disrupted the session by introducing a motion to investigate the increase in carjackings in Canada, diverting attention from the legislation under discussion. On Thursday, after two witnesses provided opening statements, Conservatives again interrupted proceedings by proposing an inquiry into the Liberal cabinet's use of the Emergency Act during the previous year's Ottawa protests. Despite protests from other committee members, the second motion was temporarily suspended, leading to a delay in questioning witnesses.
The proposed legislation, Bill C-26, empowers the government to designate services and systems crucial for national security or public safety. This includes the authority to designate operators responsible for safeguarding these critical infrastructure elements. Companies falling under this designation would need to demonstrate a cybersecurity program and report specific cyber incidents.
Controversially, the Minister of Industry and the cabinet would have broad powers to issue cybersecurity orders to telecom providers and critical infrastructure providers, respectively. Civil rights groups express concern over the potential unchecked power granted by the term "anything" in the legislation. However, the Telecommunications Act provides examples of specific orders the minister can give.
While the legislation initially targets high-risk companies among critical infrastructure providers, the Business Council of Canada suggests targeted amendments to the CCSPA. These include limitations on the cabinet's power to issue orders and the incorporation of a risk-based methodology to reduce obligations on low-risk firms with robust cybersecurity programs.
During the committee session, witnesses Trevor Neiman and Byron Holland presented their statements, highlighting concerns and suggesting changes to the proposed legislation. Neiman emphasized the need for limitations on the cabinet's power, considering costs, alternatives, and effects on competition. Holland proposed additional safeguards, such as independent examination of cabinet orders and annual parliamentary reporting on issued orders.
Despite these concerns, time constraints prevented MPs from questioning Neiman and Holland fully. The subsequent witnesses, including Aaron Shull and Sharon Polsky, expressed mixed views on the bill. Shull supported the legislation but suggested incentivizing small and medium-sized businesses to invest in cybersecurity. Polsky raised significant concerns about potential privacy violations, backdoors, and the lack of checks and balances.
In summary, the ongoing discussions on Bill C-26 reveal a contentious debate over cybersecurity legislation, with MPs clashing over committee priorities and witnesses expressing both support and reservations about the proposed changes.
