Civil organizations voice concerns on Canada’s Bill C-26 for cybersecurity

The bill is meant to improve cybersecurity and mitigate threats to public

0
243
This photo is of a security camera built-into a lamppost outside
PHOTO: Michał Jakubowski / Unsplash

By: Pranjali J Mann, News Writer

Canada’s Bill C-26 on cybersecurity is raising concerns of privacy and lack of government accountability among citizens and civil organizations. Seven of the major associations of cybersecurity including Canadian Civil Liberties Association, OpenMedia, and Ligue des droits et libertés have written a letter underlining the worries. The joint open letter was addressed to the Canadian minister of public safety, Marco E. L. Mendicino

The federal bill was introduced on June 14, 2022. According to the Government of Canada’s website, “This proposed legislation will protect Canadians and bolster cybersecurity across the financial, telecommunications, energy, and transportation sectors.” Moreover, it aimed to “add security as a policy objective,” which gives the government authority to monitor Canadian companies’ activity and suppliers. 

With this bill, if the government suspects a threat of cyberattacks or manipulation it can force telecommunication service providers to remove or suspend services to said person. This bill also requires the service providers to form security plans.  

Considering cyberspace as “Canada’s critical infrastructure,” the legislation is meant to provide increased security for both private individuals and companies. This offers the government additional authority to “mandate any necessary action to secure Canada’s telecommunications system.”

However, the civil society organizations have stated this bill “grants the government sweeping new powers not only over vast swathes of the Canadian economy, but also to intrude on the private lives of Canadians.” 

To find out more about the bill and issues around it, The Peak interviewed SFU’s expert on cybersecurity, Darren Byler. Describing rationale behind the legislation, Byler noted, “It is ostensibly the government’s attempts to control new forms of spam and cyberattacks that are happening in Canadian society.” He also flagged the upward trend in spam and hacking attacks, on both individuals and corporations over the last decade. 

When asked if the timing of the bill had anything to do with cybersecurity concerns around the globe, he said, “That is a real concern I suppose. And that’s part of what this bill is also meant to address.” He elaborated, “The rise of sort of disinformation and misinformation that we see from national level actors like Russia, China, Iran, North Korea, and others, I think [those] are at a national level a source of concern, especially when we know that some of those state actors are attempting to influence democratic processes — elections and so on. We’ve seen that in the case of the United States.” 

Byler explained that under the existing systems, cyberspace was monitored by broad privacy mechanisms, but this legislation enables the government “greater access to information, they’ll be able to track who’s doing the misinformation, who’s sending the ransomware,” said Byler. “It would untie their hands [and allow them] to intervene and do investigative work at scale,” said Byler. 

He also signaled the lack of transparency in Canadian legislation. He explained, “It basically is promoting a kind of secrecy, opacity for the government, so that citizens won’t know what the government knows and what it is doing. That brings a lot of risk to individuals and companies because they simply don’t know what’s being looked at all the time and their property is basically being invaded.”

He added, “There’s also the possibility that in the way that the bill is framed, that services could just be cut off to individuals in a sort of arbitrary way without individuals and companies, without them knowing.” 

In terms of possible loopholes in the bill, Byler noted the need for public advising and participation of societal groups to work together. He stated, “I think the framing that enables this to accentuate and intensify secrecy that it should be removed and instead it should be much more transparent in terms of like this is what the government is collecting. How it’s making decisions around [ . . . ] what constitutes harm and needs to be terminated as a service.” 

Acknowledging this as a challenging situation and stance for the government, he said, “I think building it in a way that’s democratic and allows input from society and at the very minimum, [and] transparency as to what’s being done would be the best way forward.”  

The Peak reached out to the ministry of public safety office, but didn’t receive a response by the publication deadline.