Moved third reading of Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, as amended.

He said: Honourable senators, I rise today as the sponsor of Bill C-26 to speak at third reading. As you know, Bill C-26 is entitled “An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.”

I would like to begin by thanking both staff and my colleagues on the Standing Senate Committee on National Security, Defence and Veterans Affairs for their diligent study of the bill. I also want to thank the officials who worked tirelessly on this bill, and that includes those from Public Safety; Innovation, Science and Economic Development, or ISED; and the Communications Security Establishment, or CSE. They have been highly professional and extremely responsive during the review of this complex legislation.

I want to start today by giving an overview of the threat landscape in Canada. Right now, our country is facing unprecedented cyber-threats. The threats exist across all segments of our society. Government, industry, academia and individuals have been and are being targeted by increasingly sophisticated threats, including the malicious use of artificial intelligence.

Whether targeted by criminal organizations or state actors, Canada cannot afford to fall behind our allies when it comes to passing legislation that empowers the government to protect Canadians and the critical cybersystems they interact with each and every day.

Last year alone, automated defences used by the CSE protected the Government of Canada from 2.3 trillion malicious actions. Averaged out over the course of the year, that is the equivalent to 6.3 billion cyber-threats targeting the Government of Canada each day.

Despite this impressive record, we know that over the past four years, at least 20 networks associated with the Government of Canada’s agencies and departments have been compromised by the People’s Republic of China, or PRC, cyber-threat actors.

Think about that for a minute. In the past four years, there have likely been over 9 trillion malicious cyberactions taken against the Government of Canada, and as a result of those, we have seen 20 networks compromised. That’s one network every 450 billion attempts.

NASA estimates that there are approximately 100 billion stars in our galaxy. Before you wonder why I’m bringing up NASA, it’s to say that the needle in the haystack that we are asking our cyberintelligence service to find is within a haystack the size of four-and-a-half Milky Ways. Think about that the next time you look up at the night sky.

The Canadian Centre for Cyber Security, known as the Cyber Centre, is only able to tell us with some precision about the number of government compromises originating from the People’s Republic of China, or PRC, because they have total visibility and are in charge of running an entire system of defence and response to keep the Government of Canada’s data secure.

Colleagues, you may be thinking, “This is all well and good, but what does it have to do with the provisions found in Bill C-26, which do not apply to the Government of Canada networks?” Here’s my response: If the government is targeted 2.3 trillion times a year, how often do you think our telecommunications, transportation, banking and energy sectors are targeted? Do you think it’s more? Do you think it’s less? Do you think these industries have adequate capabilities to defend their organizations? Senators, there are no wrong answers to these questions and that is because, quite frankly, we do not yet have the answers ourselves.

Bill C-26 is designed to change that. It intends to bring in baseline cybersecurity programs and mandatory reporting for critical infrastructure operators. Through this bill, it will become incumbent upon federally regulated critical infrastructure operators in four key sectors to alert the government when there has been a significant attack on their infrastructure. We need this because we are heavily reliant on these four sectors of telecommunications, energy, transportation and finance.

In October of this year, the Cyber Centre released its updated National Cyber Threat Assessment. I encourage all senators to go on the website and read the document carefully. This updated threat assessment is another stark reminder of why Bill C-26 is timely, important and requiring our urgent consideration for approval. The Cyber Centre in that report tells us:

Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security. These cyber threat actors are evolving their tradecraft, adopting new technologies, and collaborating in an attempt to improve and amplify their malicious activities.

Canada’s state adversaries are becoming more aggressive in cyberspace. State-sponsored cyber operations against Canada and our allies almost certainly extend beyond espionage. State-sponsored cyber threat actors are almost certainly attempting to cause disruptive effects, such as denying service, deleting or leaking data, and manipulating industrial control systems, to support military objectives and/or information campaigns. . . .

The Cyber Centre goes on to say that:

State-sponsored cyber threat actors are very likely targeting critical infrastructure networks in Canada and allied countries to pre-position for possible future disruptive or destructive cyber operations.

Bill C-26 looks to implement the baseline safeguards necessary to ensure that timely cyberthreat information and mitigation advice is provided to federally regulated critical infrastructure operators in order for them to secure their systems and keep Canadians safe. Mandatory reporting of serious cyber incidents, as required by this legislation, will make one organization’s detection another’s prevention.

On November 13, 2024, the U.S. Cybersecurity and Infrastructure Security Agency along with the Federal Bureau of Investigation issued a joint statement on the PRC’s targeting of commercial telecommunications infrastructure in the United States. The joint release says that the Americans have:

. . . identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. . . .

Communications Security Establishment Canada, or CSE, confirms that PRC state-sponsored cyber threat actors tracked and known as Volt Typhoon are almost certainly seeking to preposition within U.S. critical infrastructure networks for disruptive or destructive cyberattacks in the event of a major crisis or conflict with the U.S. This Volt Typhoon prepositioning is especially noteworthy because the PRC has not historically conducted these types of campaigns against infrastructure in the United States before.

It gets worse. A November 22 article in the New York Times indicates it is now believed that hackers from a group called Salt Typhoon, also closely linked to China’s Ministry of State Security, were actually lurking undetected inside the networks of the biggest American telecommunications firms for more than one year. The article indicates officials have learned the hackers got a nearly complete list of phone numbers the Department of Justice monitors in its lawful intercept system, which places wiretaps on people suspected of crimes or spying. While officials do not believe the Chinese actually listened to all those calls, the hackers were likely able to combine those phone numbers with geolocation data to create a detailed intelligence picture of who was under surveillance. As a result, officials believe the penetration almost certainly gave China a road map to discover which of China’s spies in the U.S. have been identified and which they have missed.

Senators, I am providing you with this information to clearly indicate the threat is real, the threat is pervasive and the threat is happening now. CSE has warned that the PRC’s prepositioning within U.S. critical infrastructure increases the risk to Canada. Any disruptive or destructive cyberthreat activity against integrated North American critical infrastructure such as pipelines, power grids and rail lines would likely affect Canada due to their cross-border interoperability and interdependence. Bill C-26, through the new critical cyber systems protection act, or CCSPA, would help us safeguard the critical infrastructure mentioned above.

Non-state actors also pose a significant risk to our critical infrastructure. The Cyber Center has reported that some pro‑Russia, non-state cyberthreat actors have attempted to compromise operational technology systems within critical infrastructure in North America and Europe with the intent to disrupt those systems in retaliation for providing assistance to Ukraine. This activity targets internet-accessible devices and exploits basic vulnerabilities such as insecure remote access software or the use of default passwords.

For instance, in January 2024, a pro-Russian, non-state group, known as the Cyber Army of Russia Reborn, or CARR, claimed responsibility for the overflow of water storage tanks at water facilities in Texas. The compromise of the industrial control systems resulted in the loss of tens of thousands of gallons of water. Additionally, CARR compromised the supervisory control and data acquisition system of a U.S. energy company, giving them control over the alarms and pumps for tanks in that system. Despite CARR briefly gaining control of these industrial control systems, instances of major damage to victims have thus far been avoided due to CARR’s lack of technical sophistication.

It is the CSE’s assessment that pro-Russia, non-state actors will likely attempt to disrupt vulnerable internet-connected operational technology systems within Canadian critical infrastructure when the opportunity arises. The result may cause systems to malfunction, leading to damage or destruction of those systems and possible resulting harms to public safety.

An example of such an attack occurred in September 2023 when a pro-Russia, non-state cyber group claimed responsibility for a distributed denial of service campaign against Canadian websites, including Quebec provincial government websites, which resulted in Hydro-Quebec’s website, their app and the page for verifying power outages being taken temporarily offline. While Canadians may be aware of the threats posed by China and Russia, new adversaries are sharpening their tools and also emerging in this space.

Iran has taken advantage of its back-and-forth cyberconfrontation with Israel to improve its cyberespionage and offensive cybercapabilities and to hone its information campaigns, which it is now almost certainly deploying against targets in the West.

The Communications Security Establishment, or CSE, states that while it is unlikely that Canada is at present a priority target of Iran’s cyberprogram, “. . . Iranian cyberthreat actors likely have access to computer networks in Canada, including critical infrastructure.”

In addition, the CSE has said cybercrime is now the most prevalent and pervasive threat to Canadians and Canadian businesses, with ransomware at the top of the list.

The Cyber Center went so far as to say that ransomware is the top cybercrime threat facing Canada’s critical infrastructure. They say that critical infrastructure operators are more likely to pay ransoms to cybercriminals to avoid disruptions, and the primary strategy used by many of the most prolific ransomware groups impacting Canada is called “big game hunting.”

As the title suggests, big game hunting involves targeting critical infrastructure entities to extract larger ransom payouts or trophies. The services these operators deliver are so important that criminals have determined that they are more likely to be paid out big if they successfully breach one of their networks.

We saw the damage that such a cyberattack can cause when a U.S. energy company was the target of a ransomware attack in May 2021. A Russian criminal group extorted $4.3 million after they disrupted the largest fuel line in the United States of America. The incident was so significant that it led President Biden to call a temporary national state of emergency.

The CSE has warned that Canada’s oil and gas sector is also a likely target for similar disruptions. In an interview with CBC, the Chief of the CSE, Caroline Xavier, described the damaging possibility of such an attack to the CBC. She said:

Just imagine that if you get to a gas distribution and the pressure mounts, it could potentially explode and that could be really harmful to a local neighborhood, for example, or people that are surrounding it.

Over the last two years, we’ve seen a notable increase in these types of cyberattacks in Canada. Just between 2022 and 2023, the Cyber Center observed a 159% increase in ransomware incidents targeting the information technology sector, a 157% increase in the financial sector, a 122% increase in the transportation sector and a 67% increase in the energy sector.

Unfortunately, 2023 was also an auspicious year for ransomware criminals. The cybersecurity firm Chainalysis found that last year, over $1 billion was extorted globally in cryptocurrency payments from victims of ransomware attacks. This is the first time that the $1-billion mark has been breached or passed in the total amount received by ransomware attackers.

Colleagues, Canada must be better prepared to deal with these threats to our safety. I believe that Bill C-26 will be a critical component in achieving that.

I have provided a longer overview of the threat landscape than originally intended, but it is important to understand exactly what we are up against and how far behind we are currently.

As a reminder, Bill C-26 will help to promote and increase cybersecurity across four major sectors: finance, telecommunications, energy and transportation.

Part 1 of this bill would amend the Telecommunications Act to enshrine security as a policy objective and bring the security framework regulating the sector in line with those of other critical infrastructure sectors.

The amendments to the Telecommunications Act would enable the Governor-in-Council and the Minister of Innovation, Science and Industry to direct telecommunications service providers to take specific actions to secure Canadian telecommunications systems. This change allows the government to act swiftly in an industry where milliseconds can mean the difference between safety and risk.

When necessary, this means that Canadian telcos could be prohibited from using specific products or services from high-risk suppliers, which would prevent these risks from being passed on to users.

With these amendments, the Governor-in-Council and the Minister of Innovation, Science and Industry, as I said, would have the ability to take security-related measures, just as other federal regulators can do in their respective critical infrastructure sectors.

These authorities do not just focus on cybersecurity but can equally address situations of human error or climate-based disruptions that can cause risk of outages to these critical services. The minister will clearly be able to direct telcos to, among other things, remove products and services from their infrastructure for reasons of national security. As you know, it plans to do this with Huawei and ZTE. Without the ability to do this, the telecommunications sector is vulnerable to cyberattacks.

Part 2 of the bill introduces the new critical cyber systems protection act, which would legally compel designated operators in the four key federally regulated sectors to protect their critical cybersystems.

While the list of vital services and systems is currently comprised of sectors in the Canadian telecommunications system, the banking systems, energy and transport, the Governor-in-Council may also add new vital services and systems if and when it is deemed necessary. This part of the bill provides the tools the government needs to take further action to address a range of vulnerabilities.

To do so, designated operators of vital services and systems would be obligated to implement cybersecurity programs, mitigate the supply chain and third-party risks, and comply with cybersecurity directions. It would also increase the sharing of information on cyberthreats by requiring the reporting of cybersecurity incidents above a certain threshold. This ensures both industry and government are working from the same information to make informed decisions.

Currently, there are no such legal requirements for industry to share information on cyberincidents and no legal mechanism for the government to compel action in the face of known threats or vulnerabilities. This means that there could be potential threats the government is not aware of and not able to take action against.

Mandatory reporting will provide the government with increased visibility across the complete network and allows for the sharing of best practices to combat the exploitation of vulnerabilities.

The bottom line is this: If you are operating in finance, telecommunications, energy or transportation, you need a cybersecurity program in place and to report any cybersecurity incidents to the Canadian Centre for Cyber Security. This is not currently a requirement, which is creating a significant risk for our critical infrastructure.

Part 2 of Bill C-26 also aims to serve as a model for our provincial, territorial and municipal partners to protect critical cyberinfrastructure in sectors under their respective jurisdictions, like health care. It’s my understanding that two provinces, Ontario and Quebec, are currently using Bill C-26 as a model.

I want to briefly turn now to discuss the study of Bill C-26 at the Standing Senate Committee on National Security, Defence and Veterans Affairs. We heard from 31 witnesses over the course of four meetings and received 11 briefs. Witnesses included the Ministers of Public Safety and Innovation, government officials, members of industry and civil society, privacy experts, regulators of cyberspace and academics, as well as the Privacy Commissioner, the Intelligence Commissioner and the Superintendent of Financial Institutions.

Members of industry were largely supportive of this bill and highlighted the need for it. David Shipley of Beauceron Security said:

I want to acknowledge that important changes I, my colleagues on the cyber council and others advocated during parliamentary hearings and have been reflected. The deletion of clause 10 and subsequent restoration of the due diligence defence, the removal of the requirement for immediate reporting of cybersecurity incidents and the harmonization with existing obligations in North America were all needed changes.

Other witnesses raised concerns that Bill C-26 gives the government the ability to collect personal information. It’s critical to remember that this bill deals with systems, not personal information. A cybersecurity direction from the minister will focus on systems data.

Civil liberty groups and industry experts also raised concerns that new powers granted to the government under Bill C-26 are too broad. For example, stakeholders said there is the potential for orders or directions to be issued without the government consulting or considering relevant factors, such as whether reasonable alternatives exist to issuing the order or direction.

I want to remind colleagues that the amendments made at the House committee further enhanced privacy protections and transparency through the inclusion of the following: A reasonableness standard for both orders and directions was added; a non-exhaustive list of factors to consider when making an order or cybersecurity direction was added; notification requirements for confidential orders and directions were added; more explicit provisions on privacy and confidential information and specific reference to the applicability of the Privacy Act were added; federal-provincial considerations around information sharing were added; and an obligation for the Minister of Public Safety to notify the National Security and Intelligence Committee of Parliamentarians, or NSICOP, and the National Security and Intelligence Review Agency, or NSIRA, within 90 days after a cybersecurity direction was added.

Further, annual reports to Parliament will need to include information, such as the number of directions that were issued and the impacted designated operators, as well as an explanation of the necessity, proportionality, reasonableness and utility of the directions.

Additionally, colleagues, we heard at committee from many organizations advocating for the inclusion of a special counsel to be appointed during judicial review proceedings stemming from the new powers granted to the government to issue orders and cybersecurity directions under Bill C-26.

Through a coordinating amendment in Bill C-70, the Countering Foreign Interference Act, which received Royal Assent on June 20, there are now superseding provisions for the treatment of sensitive information during judicial review proceedings. The provisions found in Bill C-70 apply broadly to federal legislation and replace those that existed in Bill C-26, and they respond to stakeholder concerns raised during the other place’s study of Bill C-26, including a provision with respect specifically to the role of a special counsel.

Therefore, Bill C-70 amended the Canada Evidence Act to create a harmonized secure administrative review proceedings regime that now applies broadly to federal legislation, not just Bill C-26. The new secure administrative review proceedings regime can be found in section 84 of the Countering Foreign Interference Act and includes provisions that do the following: First, it allows a judge to base their decision on sensitive information while ensuring the continued protection of the information from public disclosure; second, it permits the appointment of a special counsel to represent the interests of the non-governmental party throughout the proceedings; and third, it provides for a summary of the confidential information to be provided or for information to be disclosed if the public interest outweighs the risks to national security.

I want to end my comments today by speaking briefly about similar legislation that has been brought in by our Five Eyes allies.

The United States has begun industry consultations on the Cyber Incident Reporting for Critical Infrastructure Act. Penalties for non-compliance include significant fines and imprisonment for terms of up to five years. Individuals can face federal contempt of court charges, penalties or disbarment if they are legal professionals. Unlike Bill C-26, which applies only to a few select segments of critical infrastructure at this stage, the U.S. government estimates 300,000 entities will be covered by the new act.

The U.K.’s Telecommunications (Security) Act 2021 is broadly similar to Bill C-26. That act requires telecom providers to have measures in place to identify and defend their networks from cyber-threats, as well as prepare for any future risks. Swift action must be taken under their legislation after a security compromise has arisen in order to limit, remedy and mitigate the damage.

Australia and New Zealand also have similar legislation actively in place at this time. When asked about the risk of Canada being left behind by its Five Eyes allies, Todd Warnell, Chief Information Officer of Bruce Power, who was a witness before the committee, said:

I would argue that when one party in a group is not pulling its weight, they usually get left behind. I would expect that a similar behaviour or outcome could be facing Canada if we do not create the right tool and capabilities in our national law to be able to stay at least aligned with our most important allies.

He went on to say:

Ideally, I’d like to see us leading the pack. We have amazing capabilities, leaders and technologists in the organizations that do this on a day-to-day basis on behalf of the Government of Canada. We need to be able to help them do their best, not only in Canada but for nations around the world.

Colleagues, the act of balancing personal freedoms and public interest against national security is always delicate. I take seriously the concerns raised by stakeholders about the privacy issues in the bill. I also believe this bill, as amended, does a good job of balancing those sometimes competing interests.

Let me be perfectly clear: Without this bill, we do not have the legislative authority to raise the baseline defences of our critical infrastructure. Without this bill, we are making it easy for both state-sponsored and non-state-sponsored actors to attack our networks. And without this bill, we are definitely lagging behind our Five Eyes partners.

There was all-party support and agreement on the importance of this bill in the other place. I hope we will see the same here in the Senate. I am going to close my remarks by again quoting Mr. Warnell. In his testimony before the committee, he said:

Bill C-26 represents a pivotal first step in fortifying the resilience and security of Canada’s critical infrastructure to ensure the safety, reliability and integrity of essential services for all Canadians. This legislation is not merely a policy proposal but a commitment to safeguarding the backbone of our nation’s economy and security in an increasingly complex and evolving global cyber threat landscape.

Colleagues, I can’t say it any better than that. I ask you to seriously consider supporting the passage of Bill C-26 and giving us the tools that we need to deal with this risk. Thank you. Meegwetch.

Honourable senators, I rise today to speak at third reading of Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts. I want to thank Senator McNair for his thoughtful remarks and stewardship of this very important legislation. Senator McNair has ably addressed cybersecurity in his remarks. My remarks will be focused on critical infrastructure.

As we have become acutely aware, communications infrastructure is increasingly essential and increasingly vulnerable against attacks and malfunction, which can lead to devastating consequences. The more vulnerable the infrastructure, the more at risk the population served by it becomes. Not surprisingly, Canada’s North is at a higher risk due to its lack of redundancies and its vast, relatively unprotected territory.

Honourable senators, my home territory of the Yukon, which I try to give a voice to in our upper chamber, has one fibre optic cable coming into the territory from the South. This is our communications lifeline and serves the entire population with cellphone and internet services, and this includes the territory’s emergency response systems.

When this cable is damaged or severed, which sadly is not an unusual occurrence — either due to wildfire, melting permafrost or being cut by a contractor in northern B.C. with a backhoe — the Yukon has no alternative but to utilize the increasing number of Starlink satellite dishes, the local Yukon Amateur Radio Association volunteers or, as a means of informing the public, the CBC on the FM band. I have outlined the importance of the public broadcaster in my speech on Senator Cardozo’s inquiry.

The Yukon and the Northwest Territories have been working with our communications provider, Northwestel, to create redundancy. The role of public funding for this project is a must since the number of customers and the vast distances involved makes the market forces unable to maintain and expand access at a reasonable cost.

The Dempster Fibre Line, connecting the Yukon fibre line with the Mackenzie Valley Fibre Link in the Northwest Territories, creates a loop, allowing for redundancy and for our communications to be more resilient against disruptions. Climate change is adding to the vulnerability with increased frequency and the scale of forest fires and the melting of permafrost.

This project, funded by Yukon, using their First Nation procurement guidelines, with contributions from Canada, is a living example of northern multi-use infrastructure. The three northern premiers have called on Canada to invest in such multi‑use infrastructure.

Multi-use infrastructure in Canada’s North is also part of our contribution to the defence of the circumpolar North and should be looked upon as part of our NATO contribution, although currently it is not. Government of Canada investments in this critical infrastructure are key.

Honourable senators, the Government of Canada has been clear in its rationale and intent with this legislative measure. There is a declared fear of the increasing use and control by certain foreign companies from certain countries, Huawei and ZTE being named. These are not the only actors in the market that may or may not have sinister motives or close ties to governments which Canada considers to be a threat or fierce competitors.

For NorthwesTel and other providers in the Canadian market who are expanding and maintaining their infrastructure, having legislation that controls who may be used for services and hardware supply in order to guide their procurement decisions is key. Our telecommunications must be competitive, strong, safe and secure.

As the bill states under Definitions in Part 2:

critical cyber system means a cyber system that, if its confidentiality, integrity or availability were compromised, could affect the continuity or security of a vital service or vital system. . . .

And:

cyber security incident, in respect of a critical cyber system, means an incident, including an act, omission or circumstance, that interferes or may interfere with

(a) the continuity or security of a vital service or vital system; or

(b) the confidentiality, integrity or availability of the critical cyber system. . . .

My greatest concern for Canada’s North is also availability.

Honourable senators, the skyrocketing use of Starlink in the Yukon is such a cause for concern. Recently, Yukon News reported that Starlink is “at capacity” in the Yukon. There are also reports of issues with connectivity and quality of the signal.

A third issue is that the supply chain does not allow for quick delivery of hardware if there are technical problems or a dish becomes disabled. Yukon’s first responders need to use Starlink to be able to communicate during internet and cellphone outages. Beyond capacity and availability concerns, predictability in delivery availability is also important.

From a national security perspective, these improvements are highly necessary in order to maintain secure connectivity in the North. The government’s recent announcement on financial support to Telesat is vital for NATO and NORAD modernization, as well as to the territorial governments and emergency infrastructure and response. It allows for better redundancy and avoids dependency on only one service provider.

Honourable senators, Bill C-26 is a vital tool for regulators to ensure our infrastructure is serving Canada and Canadians. Imposing prohibitions on telecommunications service providers using products and services from specific suppliers if considered to pose a risk is a necessary power in this legislation.

The question of identifying a critical cybersystem and the ability to determine cybersecurity incidents are of great concern. Senator McNair has addressed that in his remarks.

I wish to applaud Canadians and industry stakeholders for becoming increasingly aware of these threats and how to deal with them. We as a country have started the work we need to do to protect ourselves. Although we’re behind the curve, as stated in many committee testimonies, this bill will give us a framework within which we can continue our work to assess the need of future legislative changes and further improvements.

I urge honourable senators to support this bill’s adoption at third reading.

Thank you, shä̀w níthän, mahsi’cho, gùnáłchîsh.

Honourable senators, I rise today as the critic to speak at third reading of Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts. This bill is big, complex and highly technical.

The bill consists of two parts, the first of which makes amendments to the Telecommunications Act to:

. . . authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. . . .

Part 2 of the bill establishes the critical cyber systems protection act, which authorizes the government to protect critical cybersystems vital to Canada’s national security and public safety, namely in the financial, telecommunications, energy and transportation sectors.

In Part 1 of the bill, amendments to the Telecommunications Act will grant the government the power to direct telecommunications service providers on how to operate, including prohibiting them from providing service to individuals if the government has reasonable grounds to believe it is necessary to secure Canadian telecommunications systems from threat.

It also establishes monetary penalties to ensure compliance.

As I said, Part 2 of Bill C-26 enacts the critical cyber systems protection act and designates crucial federally regulated sectors and operators in those sectors with the responsibility to create and implement cybersecurity plans to protect critical infrastructure.

The act will require designated operators to report cybersecurity incidents to the government. It gives certain government agencies and departments oversight powers to audit and inspect relevant cybersecurity systems under their purview.

This bill has been a long time coming. The Trudeau government first held public consultations on it back in 2016. In 2018, the government released a National Cyber Security Strategy. It took another four years, until 2022, for the government to draft and introduce this bill in Parliament. It then took two more years to work its way through the House of Commons, which included significant amendments at the committee stage. Even after it passes the Senate, it is anticipated to take another two years in the regulatory phase before much of the impact of the legislation even comes into effect.

Altogether, it will take almost a full decade to bring protections on this critical topic into effect.

The Senate received Bill C-26 at the very end of the June session. Ultimately, the bill has only been before the Senate for two and a half months, but this Trudeau government is still trying to push senators to hurry up and pass this bill, as it so often does.

Even today, the sponsor just gave his third reading speech. Now I, as critic, have to give my third reading speech on this major bill today, without any time — not even one day — to properly reflect on it and react to it.

The experience of Bill C-26 shows us the danger of passing legislation too quickly, given the government was forced to amend its own bill at the last second because of an error in a coordinating amendment with the foreign interference legislation, Bill C-70, a bill the Trudeau government also whistled through Parliament earlier this year.

If the error had not been detected, it would have essentially gutted Bill C-26 altogether, deleting the major provisions meant to protect Canada’s cybersecurity in critical federally regulated systems.

Government officials at the Senate National Security and Defence Committee dismissed the error as “exceptional” and a “one-off.” When I asked them what processes the government had put in place to ensure such a problem would not happen again, their answer was big fat nothing. They are looking at it, trying to understand it.

But in a similar situation, they would hope it would be caught at the Senate clause-by-clause consideration. Thank goodness, in this situation, it was. But given the speed with which whole clauses pass at clause by clause, there’s no guarantee of that either. It certainly isn’t a plan for ensuring it never happens again, more like crossing your fingers and hoping it doesn’t.

The chair of the committee, Senator Yussuff, yesterday in the Senate proposed his plan to ensure this doesn’t happen again at the National Security and Defence Committee. He said:

. . . when we scrutinize the bill again in the future and officials appear before us, perhaps we can start by asking them the question, “Are there any mistakes in this bill of which we should be aware?” Maybe that will force them to read it thoroughly before we get to clause by clause.

With all due respect, Senator Yussuff, are you serious? Surely if government officials had read a bill closely and found errors in it, they would have fixed them before coming to Senate clause by clause.

In the case of Bill C-26, I asked the officials about the coordinating amendments between Bill C-70 and Bill C-26 when they accompanied their ministers at the appearances at committee. This was at least a month before this significant error was discovered.

I said:

There is part of your bill, of course, that is already outdated. Bill C-70, which we passed in the Senate in June, had a portion that has already outdated a certain portion of Bill C-26.

The official from Public Safety Canada answered:

To be honest, I’m not an expert on Bill C-70, but I think the intention there, if I understood the policy intent correctly, was actually to amalgamate the security requirements for administrative proceedings into one piece of legislation under the Canada Evidence Act as opposed to bespoke pieces of legislation like the Passenger Protect Program or Bill C-26.

For bureaucrats following the course of the legislation through Parliament, this should have been a signal to review those coordinating amendments again at that time.

The pressure from the government to pass bills quickly will only ensure more errors like this in the future. I wish I could say that Bill C-26 was an exceptional situation, but how many times has the Trudeau government urged senators to rush to pass their legislation? It happens all too frequently in this chamber. Massive supply bills, spending millions or billions of dollars, sail through the Senate in quite literally seconds. Bill C-76, the bill on Jasper National Park, passed the Senate within a few days this fall. Bill C-78, the government’s temporary GST tax trick for Canadians, arrived in the chamber on Tuesday and will be finished in the Senate very soon. And how many intensive committee studies have been bypassed in favour of one two-hour session of Committee of the Whole, where only a handful of senators get four or five minutes to question a single minister on a complex piece of legislation — with the vast majority of senators who do ask questions having been appointed by that government’s very prime minister? At least six in this parliamentary session, by my count, and some on controversial and complex bills like the assisted suicide legislation. This is not accountability, it is not parliamentary scrutiny and it is most decidedly not sober second thought. This is a government desperate to dodge questions and accountability.

Before getting further into the specifics of Bill C-26, I think it is worth examining the current state of the “new” and “independent” Senate, as well as how the current practices of this place are not conducive to proper scrutiny and good Parliament that would benefit all Canadians. Bill C-26 has been a victim of this failure.

I have raised several times in this chamber the reluctance of the Trudeau government’s Senate leader to answer questions on behalf of the government. Yet again, with Bill C-26, the government Senate leader has failed to deliver a speech at second reading or third reading, denying the rest of us here the opportunity to question the government on its legislation. This has become standard operating procedure for the Trudeau government.

Senator Gold, ostensibly the Government Representative in the Senate, has not delivered a second or third reading speech on any government bill — zero — since February 2023. That is shameful, honourable senators. It is not good Parliament, and it is shameful how many times I have had to say that in this place lately.

When I challenged Senator Gold on this recently, he said his three-member Government Representative Office relies upon the “. . . experience, expertise and willingness of senators . . .” to act as sponsors of government legislation and that:

. . . no one needs to listen to me to talk to know — that I, as a Government Representative, support a government bill.

Yet, recently, at the Standing Senate Committee on Legal and Constitutional Affairs, the sponsor of Bill S-15, a government bill, proposed a massive amendment to the bill, and Senator Gold would not commit the government to supporting it. So who’s to know? Senators aren’t the Amazing Kreskin, Senator Gold. We can’t read minds.

Independent senators who sponsor Trudeau government legislation are not — according to you, Senator Gold — representatives of the Trudeau government. Even though almost all of them were appointed by the Prime Minister and many of them have strong Liberal Party ties, they don’t and can’t answer for the government. The ability to ask the government questions and get answers from someone who is actually accountable to the government is fundamental to debate in the Senate Chamber and to our role. It is disheartening that the Trudeau government has so easily dispensed with that accountability.

Furthermore, the Trudeau government’s leader in the Senate has a lot of resources that are not available to individual senators, including a $1.5-million annual budget, multiple staff members and support from and direct access to the Prime Minister’s Office, cabinet ministers, the Privy Council Office and the government as a whole.

That Senator Gold claims independent senators receive the same briefings he does as the government leader and as a Privy Councillor who attends Cabinet Operations Committee meetings is stunning. If the Leader of the Government in the Senate truly receives no more information than an independent senator, that’s a big red flag that the Trudeau independent Senate is working neither properly nor effectively. And by the way, this is not how things worked under our previous Conservative government.

We see this inefficiency when it comes to amendments in the Senate, too. The Trudeau independent senators boast how many amendments they make to bills, but what is not reported is that a high percentage of those Senate amendments accepted by the government were, in fact, the Trudeau government’s own amendments correcting flaws in their own bills, changes that should have been made to correct errors much earlier in the parliamentary process than the final stage —

Senator Dagenais, do you have a comment?

I am the Deputy Chair of the Standing Senate Committee on National Security, Defence and Veterans Affairs. I would like us to talk about Bill C-26, but I don’t know if we’re currently talking about Bill C-26 or if we’re criticizing the Trudeau government. I’d like us to focus on critiquing Bill C-26.

I mean no disrespect to Senator Batters, but sometimes she says the Trudeau government is moving too fast, and sometimes she says it’s moving too slow and dragging its feet. Help me understand.

Senator Batters used some of her time to do that. I imagine she’ll get back to the subject at hand.

Regarding the amendments, what is not reported is a high percentage of those Senate amendments that are accepted by the government — as in the case of Bill C-26 — that were in fact the Trudeau government’s own amendments correcting flaws in their own bills, changes that should have been made to correct errors much earlier in the parliamentary process than the final stage of Senate committee clause by clause.

Under the traditional Senate system, where senators belonged to national party caucuses with their colleagues in the House of Commons, senators in the government’s national caucus could have input on legislation before it was even introduced in the House. This meant a more efficient progression of legislation through Parliament with a lot less scrambling at the last minute and better bills.

Instead, in this new, so-called independent, Trudeau-appointed Senate, the government does their best to confuse the issue for newer senators and to induce anxiety over passing any amendments that don’t originate with the government. The Trudeau government urges senators to pass legislation quickly and without due scrutiny in order to hit the government’s political goals and deadlines.

The government pushes the Senate to quickly pass legislation like Bill C-26 almost as soon as we receive it. This bill was eight years in development, including spending two years in the House of Commons, but it comes to the Senate and the Trudeau government wants it passed right now. It was amended many times — and significantly — at the House of Commons committee, but a reasonable, constructive amendment at the Senate committee was not accepted by the government as per usual, with the exception, of course, of the government’s own amendment fixing a near-fatal legislative flaw they should have caught far earlier.

Honourable senators, especially those of you are relatively new here, have you ever stopped to wonder why it is that MPs are allowed to amend legislation but senators are discouraged from doing so? There is a seemingly constant refrain from the Trudeau government and from its bill sponsors, including on Bill C-26, which is “Don’t let the perfect be the enemy of the good.” As I’ve said many, many times, this may be my least favourite phrase. We are the Senate of Canada. We’re supposed to be in the business of making legislation more perfect. Providing sober second thought is actually our job.

The government tries to scare independent senators into thinking that by returning legislation to the House of Commons with non-government amendments, it will kill the legislation. The government sets the legislative agenda in the House of Commons. The government also chooses whether Senate amendments will be accepted, and it can generally rally the votes in the House to ensure it will pass, given that the government holds the balance of power in the House.

This Trudeau government often tries to shove their legislative agenda through in haste, overriding a lot of good, substantive testimony that Senate committees hear. The Senate Standing Committee on National Security, Defence and Veterans Affairs held a comprehensive study on Bill C-26, hearing from many knowledgeable witnesses. Although all of the witnesses I can recall agreed Canada is long overdue for cybersecurity legislation, most only conceded that Bill C-26 was a first step in this regard. Almost all of the witnesses who testified expressed significant concerns with Bill C-26, particularly regarding serious gaps in the protection of Canadians’ personal information under this legislation. The committee heard from the Privacy Commissioner, the Intelligence Commissioner, representatives of civil liberties organizations, legal experts and academics, among others. Over several weeks, expert witnesses raised major concerns with the bill. Some of these witnesses provided dense briefs with several targeted amendments to fix major flaws in the bill.

Common requests for amendments coalesced around a few major themes including the need for increased transparency, oversight and accountability; further defining and clarifying “personal information” in Bill C-26; a need for a maximum retention period for the information collected; placing restrictions on the use of information collected under this law exclusively to cybersecurity and information assurance purposes; and a need for limitations to be placed on the sharing of information, particularly with the intelligence agencies of Canada’s Five Eyes allies.

Kate Robertson of Citizen Lab testified that the wide-ranging collection power in clause 15.4 of Bill C-26 was concerning because it lacked several safeguards, including judicial review. She said:

Right now, judicial review was mentioned last week as a way that the courts will be involved. It is not applicable to the collection power in clause 15.4. . . .

That is the most significant gap in this legislation: The Federal Court has been essentially ousted from a review of the collection power itself. That’s what we recommend in recommendation 6, which you will ultimately receive, which refers to the need for Federal Court review. However, recommendation 7 in the brief is also there to recommend that these powers do not balloon, essentially, into surveillance or national security powers. This committee was told that this bill is about cybersecurity and not about national security. However, we know from the departmental positions of national security bodies like the CSE, data received for cybersecurity purposes will be used across its mandate. That ballooning effect should be constrained through what I recommend as recommend 7, which is to limit the use of this data to cybersecurity mandates alone.

Ms. Robertson’s concern about the lack of judicial review was echoed by the Privacy Commissioner of Canada. Key messaging on his website states:

While directions and orders are subject to judicial review, the judicial review hearings may be held in secret and evidence used against applicants may be withheld from them.

Bill C-26 does not otherwise set out specific oversight measures for cyber security directions or orders.

This means that individuals whose personal information may have been collected by the government, and used to support a direction or order that affects them, may never know.

Matthew Hatfield, the Executive Director of OpenMedia, also had grave concerns about the bill. He said:

Bill C-26 is not yet fit for service, period. . . .

As things stand, people cannot trust Bill C-26. Yes, it was improved by MPs in its journey through the House of Commons, but it contains several ticking time bombs that may severely hurt Canadians in the future if you don’t fix them.

Time bomb number one is that Bill C-26 allows the government to keep its orders to telecoms entirely secret and indefinitely. We all understand the need to, at times, act quickly and conceal parts of decisions from Canada’s adversaries, but permanent secrecy without mandated disclosure is extremely dangerous. If this section is not fixed, we are laying the foundation for a vast and growing secret governance and surveillance architecture created by these orders that do not belong in additional democracy.

Time bomb number two is that Bill C-26 gives the government far too free a hand to order telecoms, banks and other designated institutions to hand over our private, personal information and use and share that information as it chooses, including with foreign entities. Canadians should have confidence that information collected for cybersecurity is used for that purpose alone, and not to trawl for signs of protest activity or to be given freely to law enforcement. Right now, that confidence simply isn’t there.

Time bomb number three is that Bill C-26 continues to give the government the power to install the devices on networks that break encryption. Forbidding the minister from directly demanding our private messages without additional safeguards is like saying Bill C-26 doesn’t require that we report our conversations directly to the government, only that we keep a government phone in the room and off the hook everywhere we go.

This is the kind of alarming testimony the committee heard about Bill C-26. That is one more reason why the exclusion of the Privacy Commissioner and Intelligence Commissioner from this legislation is so troubling. Testimony from Privacy Commissioner Phillippe Dufresne and Intelligence Commissioner Simon Noel revealed that the Trudeau government did not consult either official in the creation of this significant cybersecurity law. That is shocking. They are the first two officials who would come to mind when considering the security of information, especially the private information of Canadians.

Furthermore, when Trudeau government representatives make representations globally defending Canada’s data protection laws, they highlight the role of the Intelligence Commissioner in the process, but the Trudeau government has deliberately left the Intelligence Commissioner entirely out of Bill C-26. Privacy Commissioner Philippe Dufresne confirmed that the only input he had into the drafting of the bill was the public testimony he gave at the House of Commons committee.

We had the following exchange:

Senator Batters: Mr. Dufresne . . . when did the government consult you on Bill C-26?

Mr. Dufresne: I don’t believe we were consulted in the drafting part of that bill.

Senator Batters: Not at all?

Mr. Dufresne: We made recommendations at the House stage, and a number of them were reflected.

Senator Batters: At committee. Thank you, wow, that is . . . shocking.

Intelligence Commissioner Noel shared my bewilderment at the government’s decision not to consult his office. Last month, he testified:

I have no reason why the conceptualizers of this bill have decided to — I haven’t been consulted. I haven’t been briefed on it. Although, just a few days ago they made an offer, which I declined, because I’m an independent officer. I don’t know why they have decided to put this oversight apart.

He further indicated that the regime under Bill C-26 did not follow the usual protocols regarding pre-approval. He said that:

. . . the Intelligence Commissioner fulfills an oversight role, as opposed to a review role. My approval is required before the activities can be conducted. The Intelligence Commissioner’s approval is necessary because the activities the minister authorizes may be contrary to the law or breach the reasonable expectation of privacy of Canadians. My job is to ensure that the minister has struck an appropriate balance between the national security objectives, on the one hand, and the Charter and important privacy rights on the other.

A non-federal institution can ask for help or support with cybersecurity from the Communications Security Establishment Canada. If the cybersecurity activities the CSE wants to undertake in support of the non-federal entity could violate the law or lead to information gathering that infringes on Canadians’ lives, the minister needs to authorize the activities. If necessary, I then need to approve the authorization.

He continued:

. . . In Bill C-26, there is no pre-approval of activities where those activities may be contrary to the law. In particular, there are two areas I want to highlight for your consideration. First, the proposed clause 15.4 of the Telecommunications Act allows the minister to essentially compel the production of any information in support of orders. This information could include personal information which, under broad exceptions, could then be widely disclosed. Second, as you have heard other witnesses say, Part 2, clause 32, allows for the regulators to carry out the equivalent of unwarranted searches where, again, personal information could be collected.

The glaring absentee in this bill is the Canadian public. The information that is collected is Canadians’ personal information.

Information Commissioner Noel expressed concern that Bill C-26 also lacks the usual requirement for a warrant requirement regarding seizures except in the case of dwellings. He said that for everything else:

. . . when they go into the office of one of the regulators, the regulator will be able to go in and get what he wants. Normally, that would go against the Charter.

I’ve read the Charter Statement by the minister, and I haven’t seen anything in that statement that would give a justification under section 1 of the Charter. I haven’t seen anything. It’s a first in Canada where anyone can go and search. And the Supreme Court of Canada is very private about this information. In this case, it’s totally absent.

Just three days before clause-by-clause consideration was scheduled to start, the Senate sponsor, Senator McNair, circulated a copy of answers provided by the Trudeau government to questions that had arisen during the committee hearings. Clearly, the intent of the document was to allay any senator’s concerns that might cause them to question or amend the bill.

I asked one of the expert witnesses who had appeared before us during the committee study, Professor Matt Malone, to provide feedback on the document. Professor Malone provided major pushback on almost every point, often in diametric opposition to the assertions made by the government.

While the government maintains that information collected under Part 1 of the bill will be limited to only technical information and will not allow telecommunications service providers to intercept private communications, Professor Malone submitted:

Section 15.2(2) clearly states the Minister can order a [telecommunications service provider] to use “any product or service, or any product or service provided by a specified person, including a telecommunications service provider”; “implement specified standards in relation to its telecommunications services, telecommunications networks or telecommunications facilities”; or “do a specified thing or refrain from doing a specified thing”. These are very, very broad powers.

He continued:

Also arguably, section 15.4 provides a backdoor for intercepting private communications under the pretext of potentially making orders under sections 15.1 or 15.2.

These sections of the bill give the minister the authority to prohibit service providers from using any product or part of a network or facility if the minister believes on reasonable grounds that it is necessary to do so. Thus, this is strictly a subjective judgment. Of course, this is also in addition to the broad powers the minister has under section 15.4, which allows the minister to require anyone to provide anything or any information, at any time, if he or she believes on reasonable grounds that it is relevant to an order or regulation.

To the government’s assertion in that Q and A document that Bill C-26 is not intended for the collection of private information, Professor Malone said:

Intention is a misnomer; we should be looking at what the law permits. Section 15.4 clearly permits the collection of private information, and it lacks safeguards on repurposing the information. Therefore, the answer to this question (”Does C-26 allow the government to gain warrantless access to private information, with no limits on how that information can be used?”) is obviously yes.

Honourable senators, how can Professor Malone be wrong on that? It’s in the actual bill, whereas the government is relying on what they feel the bill intends. Government officials present at the committee’s clause-by-clause meeting could not explain away Professor Malone’s arguments. These were undoubtedly some of the authors behind the government’s answers in this Q and A. That their arguments did not allay these serious concerns about Bill C-26 was painfully obvious.

What most disturbed me was why most of the other senators on the National Security and Defence Committee were not also perplexed by the conflict between these two perspectives on key provisions of the bill? I found this astounding. I can only assume it was because their minds were already made up about the bill.

Though the problems with Bill C-26 are many, I intentionally proposed only one amendment during clause-by-clause consideration at the Standing Senate Committee on National Security, Defence and Veterans Affairs. My amendment was reasoned, based on solid witness testimony and endorsed by the Privacy Commissioner. My amendment would have ensured that the Communications Security Establishment would have to give a copy of any cybersecurity incident report to the Privacy Commissioner if it were likely that the incident had or could potentially result in the disclosure of personal information as it is defined under PIPEDA, the Personal Information Protection and Electronic Documents Act. We heard of the need for this amendment to the legislation from key witnesses who had appeared before the committee — chief among them, the Privacy Commissioner. He told the committee that this omission from Bill C-26 is highly problematic given that he can’t review an incident and launch an investigation if he’s not aware of it.

. . . my office may not be aware of an issue that’s going on if there’s confidentiality or if there is a breach. Hence, the recommendation that I included, that if there is a breach that’s reported to the CSE, then CSE should be reporting this to my office, and that strengthens our collaboration.

On recommendation of the Senate Law Clerk’s office, I also clarified the definition of “personal information,” which is undefined in that part of Bill C-26. For certainty, we tied the definition in the amendment to that contained in PIPEDA, which defines personal information as “information about an identifiable individual.”

I also asked the Privacy Commissioner to review the wording of my draft amendment, and he confirmed that it would provide the protection of Canadians’ personal information that he had been seeking. The Privacy Commissioner’s office told me:

We are supportive of adding a provision to the bill that would add a requirement for the Communications Security Establishment to provide the Office of the Privacy Commissioner with a copy of the incident report with respect to cyber incidents that may entail a privacy breach that presents a real risk of significant harm. We believe this would promote greater regulatory coordination and collaboration and ensure that the Office of the Privacy Commissioner is advised of real or potential breaches that may or may not otherwise be reported by designated operators under PIPEDA.

In response to my amendment, the sponsor of Bill C-26 expressed that he felt my amendment was not necessary, as he said designated operators were already required to provide reports to the Privacy Commissioner as provided under PIPEDA. Of course, I suspected that was not necessarily the case, as the Privacy Commissioner had already indicated some reports would not be provided to him. And when I probed the issue further with the departmental officials in the meeting, this government reasoning provided by Senator McNair fell apart.

I asked the officials if all designated operators were subject to PIPEDA. One of the officials from Public Safety replied:

Right now, the way the legislation is set up, we have not yet designated operators. That happens post-Royal Assent, if that comes to fruition. So we don’t technically have a list. However, the designated operators that we would envision who would become designated would be part of it.

Ah, so the government doesn’t know who will be included, but they envision it’ll be good. And it will be done during the likely two-year-long regulatory phase, kind of like that missing GBA Plus document no one seems to be able to find. It sounds a whole lot like “just trust us.”

You might find it surprising, but a government saying “just trust us” doesn’t go very far with me, particularly where the Trudeau government is concerned. Unfortunately, the “envisioning” answer was just indicative of the kind of answers we got from the Trudeau government all the way along on this bill.

Before my critic’s briefing, I asked for a copy of the government’s Gender-based Analysis Plus, or GBA Plus, of the legislation. This is an analytical document the Trudeau government proudly proclaimed it would produce for every one of its bills, applying an intersectional lens to the bill’s impact on a diversity of factors, including gender, race, ethnicity, disability, et cetera. Usually, the analysis is posted on the government’s website when legislation is first introduced.

When I couldn’t find the GBA Plus analysis for Bill C-26 posted online, I asked about it. The government told me that, “If passed, a GBA Plus analysis will be conducted as part of the regulations development process.”

So they were telling me that it didn’t yet exist. I relayed this response to the Senate in my second reading speech, but, magically, the day the ministers came to testify on Bill C-26 at committee, government officials revealed that they had sent a GBA Plus summary to committee members that day — only two hours before the meeting.

Later that week, I asked the Trudeau government’s Senate leader about it during Question Period, reasoning that if a summary exists, so must a full document. As such, I asked Senator Gold to give me the full GBA Plus document immediately. He gave no answer, and the document never materialized.

More than a month later, during clause-by-clause consideration of Bill C-26, I again asked government officials for a copy of the full GBA Plus document. This time a government official said the full GBA Plus exists, but he couldn’t give it to me because it’s “subject to cabinet confidence.” This made no sense, given that even if the GBA Plus had accompanied a Memorandum to Cabinet, so would have Bill C-26 itself and probably even the Charter Statement, both of which were later publicly available and posted online.

I asked government officials at committee why the more than two-page Gender-based Analysis Plus summary we had received contained only two lines about women. The response, from an official at the Department of Public Safety, was:

It would not have been just two lines in the Memorandum to Cabinet. It would have been summarized in two lines.

How would I be able to verify that when I can’t access that document? And if the government’s GBA Plus analysis is just too super secret to reveal, why wasn’t I given this answer more than two months ago when I first asked? I was told it doesn’t exist, that it would be done after the bill passed Parliament. Then I was told it was submitted with the Memorandum to Cabinet when this bill was first proposed, before it was introduced in Parliament. Given that Bill C-26 was publicly in the House of Commons for two years, both of these things cannot be true. I’m no Columbo, but that seems very suspect.

Government officials at the clause-by-clause consideration of Bill C-26 also revealed that there was no real consequence in the event of the government’s failure to table an annual report on the orders it makes under Bill C-26. An official said:

The authority is between the minister and Parliament. Ultimately, I believe it would be up to Parliament in terms of if it wanted to investigate and/or, for instance, call the minister to appear to explain why the report had not been tabled.

So, for all intents and purposes, there is no real penalty to the government for failure to provide transparency. Ho hum, just another day dodging accountability for the Trudeau government.

Bill C-26 contains provisions allowing for the seizure of information without warrant. Both the Privacy Commissioner and the Intelligence Commissioner, among other witnesses, testified that such seizures may well contravene the Charter and would be vulnerable to challenge in the courts.

Professor Malone also confirmed this in his Q and A rebuttal, as he stated:

Indeed, I suspect the provisions under Part I will be the subject of a Charter challenge at some point.

With respect to the government’s contention that section 184(1) of the Criminal Code makes it illegal to intercept private communications, Professor Malone countered, “Section 184 prohibits unlawful interception — irrelevant if the interception is lawful.”

Witnesses pointed to the widespread powers available under proposed section 15.4, which sets a subjective standard for the minister to require anyone, at any time, to provide any information the minister believes on reasonable grounds is relevant to an order or regulation.

Unbelievably, at this clause-by-clause meeting, government officials tried to dismiss the concerns of the Privacy Commissioner and the Intelligence Commissioner about warrantless searches raised by suggesting the commissioners’ concerns were due to a lack of legal knowledge. One government official from Innovation, Science and Economic Development Canada stated:

One thing I have encountered in discussions with the section is individuals who come from a privacy and a law enforcement background who are unfamiliar with administrative law and regulation of commercial activities.

I nearly choked. “Unfamiliar with administrative law”? The Intelligence Commissioner is the former associate chief justice and former interim chief justice of the federal court and a former professor of administrative law. The Privacy Commissioner was the law clerk of the House of Commons, the senior general counsel for the Canadian Human Rights Commission and is a leading expert on human rights, administrative and constitutional law. I think they’re definitely familiar with administrative law.

In general, the Trudeau government’s answers on this bill have been disappointing. For legislation that is so crucial to the security of Canada’s critical infrastructure, this government certainly doesn’t seem to take it seriously.

Further, it became obvious to me during the committee’s clause-by-clause review that some of the Trudeau government’s “independent” senators weren’t much interested in these answers either. At the November 25 meeting of the Senate Standing Committee on National Security, Defence and Veterans Affairs, I asked Senator Yussuff, chair of the committee, if senators would be afforded time to question government witnesses generally at the beginning of the meeting before proceeding into clause-by-clause examination of Bill C-26. He said, “Sure.”

By the time we assembled for the meeting the next week, on Monday, December 2, however, Senator Yussuff’s answer had changed. His initial inclination that day was to shut my whole suggestion down, calling it “inappropriate.” First, he said we had already moved into clause-by-clause consideration, which we hadn’t, as he had not yet asked the committee members whether that was agreed to. Then he tried to make me tailor my questions to fit according to the relevant clause within the clause-by-clause script. I tried to explain that some of the questions I wanted to ask the officials were of a more general nature and didn’t conform easily to the strictures of individual clauses of the bill. Plus, if senators aren’t allowed to ask questions about the general nature of the bill, why do government officials always attend these clause-by-clause meetings? For Bill C-26, the government sent about 20 departmental people. Yet, they still had a difficult time answering my questions.

I have been a senator for almost 12 years, and I have attended many, many clause-by-clause sessions, especially on the Standing Senate Committee on Legal and Constitutional Affairs. Proceeding with a general question period with government officials before conducting the clause-by-clause session on a bill is customary. When our Senate Legal Committee had a Conservative chair, clause-by-clause meetings followed this practice all the time. However, the Chair of the National Security Committee refused to allow it that day and forced me to ask my questions according to the related clauses instead.

Unfortunately, it seemed that many of the senators on that committee were not interested in obtaining those answers, preferring instead to go with the government narrative. I decided to proceed with asking these important questions to officials anyway.

Later in the meeting, I proposed my amendment to the committee. Since the government had already proposed and passed its own amendment correcting its numbering mess-up, I believed and expressed to the committee members that since the bill would already be returning to the House of Commons with an amendment to be approved anyway, this was a great opportunity for senators to consider another necessary change. But it became very apparent that this “independent” Senate system is just not working like it is supposed to. Even when expert witnesses provided evidence directly contradicting the government’s claims, most of the independent senators ignored it and voted along the Trudeau government line anyway. The committee vote on my amendment wasn’t even close, with only Senator Richards voting with me in favour, 10 Senators voting against and 1 abstaining.

Honourable senators, what is the point of proposing amendments when many “independent” senators’ minds seem made up before even starting committee examination of the bill? Why do we bother to bring all these great witnesses who tell us how to improve important bills if we do not listen to them? It is for this reason that I have decided not to re-introduce that amendment here at third reading. This is the new “independent” Trudeau Senate — sadly, an exercise in futility.

As the opposition critic of Bill C-26, I will say that it has been frustrating to feel resistance from independent senators toward even considering challenging this government’s decree. Contrary to popular belief, bills proposed by the Trudeau government are not handed down to the Senate like holy tablets. We as senators are allowed to ask questions to test legislation and propose amendments to improve it, even though the Trudeau government might try to scare you into believing otherwise. Making suggestions and making laws better is our duty as senators; that is why we are here. That is the very point of sober second thought.

We should not be approving this bill because the government wants it passed. We should not be approving this bill because you want to go home for Christmas more than a week before Christmas. In no other job do Canadians start their Christmas breaks that early. Honourable senators, we need to remember why we’re here in the first place.

Bill C-26 is an important piece of legislation. It is supposed to protect Canada’s critical infrastructure from cyber-threats, which is crucial and long overdue. However, this bill also gives the government a lot of power, and we have the responsibility — as senators and as custodians of the Constitution — to ensure that the rights of Canadians are not infringed by government overreach. Canadians have a right to privacy and a right to be free from unreasonable search and seizure. I am not convinced that those rights are adequately protected under the version of the bill we have before us today. I will therefore vote against this bill, and, honourable senators, I encourage all of you to do the same.

Thank you.

Yes.

While we would be very happy to go into an election period shortly here, I don’t think that is likely to happen. So, we will wait to see when that election actually comes. Obviously, there are many concerns that were expressed not only by me but also by my colleagues on the Conservative side in the House of Commons. They were successful in making the bill somewhat better over there. I am saddened that we have not been afforded the same opportunity over here to try to make it better.

Obviously, all those things will be considered as we look at the types of things that are important for the next campaign and the next platform and, hopefully, to form the next government. While that Conservative government may, as you say, send shivers down your spine, it makes me very happy at the thought of having a Senate that would be able to have issues like this dealt with in the Senate and at the national caucus perhaps.

I recall that when we were in the national caucus as a government caucus, these were the types of things that would be solved during the part of the national caucus procedures there, including having meetings with ministers and other MPs from our caucus to improve legislation before it was even tabled.

As I said, this is a very important bill and there are many parts of it that are important and good. I said that many times throughout my speech. It was a 40-minute speech, so I did say that many times. However, there are a lot of concerning elements to it. Just like many different bills that the Trudeau government has passed throughout the last nine years, I’m sure that these types of concerns that I’ve raised on this bill and many other key government bills — which my colleagues as critics have also raised — are things that we will certainly look at as we move forward toward the next election.

Senator Batters, your time is almost expired. Are you asking for more time to answer Senator Saint-Germain’s question?

I withdraw my request. Thank you.

Are senators ready for the question?

Is it your pleasure, honourable senators, to adopt the motion?

All those in favour of the motion will please say “yea.”

Some Hon. Senators: Yea.

The Hon. the Speaker: All those opposed to the motion will please say “nay.”

Some Hon. Senators: Nay.

The Hon. the Speaker: In my opinion the “yeas” have it.

I see two senators rising. Is there an agreement on the length of the bell? Thirty minutes? Is leave granted, honourable senators?

The bells will ring for 30 minutes, and the vote will take place at 4:51 p.m. Call in the senators.

Motion agreed to and bill, as amended, read third time and passed on the following division:

YEAS

The Honourable Senators

NAYS

The Honourable Senators

ABSTENTIONS

The Honourable Senators