Parliamentary Committee Notes: Q&A - Telecommunications Act Amendments
Part 1: Telecommunications Act Amendments
I. Overview of Bill C-26
Q1. What is the objective of Bill C-26 (Part I)? What do you hope this Bill will achieve?
Part I of Bill C-26 seeks to amend the Telecommunications Act by adding the security of the telecommunications system as a key policy objective. The Bill also grants new order-making and information collection authorities with respect to telecommunications service providers to advance this objective.
Q2. What are examples of the types of orders that could be made under this Bill?
The Bill grants powers to the Governor in Council and the Minister of Industry, allowing them to issue specific orders to telecommunications service providers (TSPs) to safeguard Canada's telecommunications system.
These orders may include, but are not limited to, prohibiting a TSP from using products or services from certain entities, requiring a TSP to conduct specified reviews of its networks or facilities, or mandating the development of a security plan by the TSP.
Q3. What is the urgency to pass Bill C-26? What would the risks be if this Bill does not pass in the current Parliament?
The Bill is designed to address a range of engineering, design, and other issues, which will be important to increasing the resilience of telecommunications systems.
Our critical infrastructure faces a growing array of cyber risks whether they be from hostile state actors or cybercrime and ransomware operations.
We also know that the resilience of these systems is growing more and more important, particularly in the event of extreme weather situations. Canada's 2023 wildfire season was the most destructive ever recorded. The impacts of climate change are leading to more and more severe weather events, with the trend expected to continue. The Insurance Bureau of Canada notes that weather-related insured damage has increased from an annual average of $400 million in the mid-1990s to over $3 billion annually in the last two years.
Bill C-26 seeks to better secure our critical telecommunications services in this precarious reality.
II. Stakeholder Concerns and Authorities
Q4. How have stakeholder concerns about Bill C-26 been addressed by amendments introduced at the House stage?
The Standing Committee on Public Safety and National Security (SECU) has made several amendments to Bill C-26 in response to concerns raised by stakeholders and the public. Industry has generally supported the bill and understands its objectives but raised concerns during the committee study around privacy protection, transparency, oversight and costs.
Amendments were made which respond to those key issues, including by adding text to strengthen the treatment of personal and confidential information, and implement transparency measurements for new powers. Industry's concerns about the potential costs and burdens of implementing the bill have also been addressed through the addition of an explicit ‘due diligence' defence to provide added protection for the sector.
These changes aim to respond to and address key stakeholder concerns, while strengthening the legislation and its core objectives.
Q5. At the House stage, stakeholders raised concerns about a lack of appropriate guardrails and significant new breadth of powers set out in the Bill. How have these concerns been addressed?
Specific parameters were added, including a reasonableness standard and a list of factors for the Minister and the GIC to consider before issuing any orders or directions, such as the operational impact on the company, the potential financial impact, and how the order would affect service to customers.
These add to the existing provisions that scoped the authorities to the protection of the telecommunications system and prevented surveillance or other uses, as well as protections in administrative law on procedural fairness and Charter protections.
Q6. At the House stage, stakeholders raised concerns regarding the handling of personal and confidential information. How have these been addressed?
Key changes include amendments to strengthen personal information protection by explicitly stating that data is protected under the Privacy Act, including definitions for “personal information” and “de-identified information,” and more explicit language affirming that confidentiality of information will be maintained. An explicit clarification was also added that the Bill does not allow for the interception of private communication.
Q7. Is this not just a way for the government to enable surveillance for law enforcement?
The Telecommunications Act amendments were developed to secure Canada's telecommunications system. The proposed order-making powers are tied to this specific policy objective, and cannot be used for general law enforcement purposes.
The Telecommunications Act changes do not rely on the metric of ‘national security' as is used in some other acts; the objective is specifically security of the telecommunications system.
For greater certainty, an amendment was adopted at the House stage that explicitly states that the order powers cannot be used to intercept personal communications.
Q8. The information collection provisions in C-26 seem broad, and even allow for sharing with foreign governments. How can Canadians believe their privacy is being protected?
Bill C-26 is clear about the reasons for which the information can be shared – it is strictly to be done to protect the Canadian telecommunications system. Amendments to the Bill allow for the designation of third-party information as confidential and establish a framework for its protection. This ensures that any confidential information collected must be treated as such and retained only as long as necessary to fulfill the purposes of the order (15.4-15.7(2)).
Confidential information cannot be shared with a foreign state. Information shared with a foreign state also cannot be used for criminal matters.
The Canadian Charter of Rights and Freedoms and the Privacy Act protect Canadians' personal information held by the government, including any information collected under Bill C-26. Amendments to the Bill, introduced in the House of Commons affirm that any orders issued must be reasonable in view of the threat and also cannot be used to intercept personal communications.
Q9. Why can confidential information be used during judicial review? What safeguards are there against abuse?
This process is not unique to Bill C-26, and the use of confidential evidence under certain circumstances has been accepted by the courts.
Since Bill C-26 was introduced, this process has been further developed in related legislation. Bill C-70, An Act respecting countering foreign interference includes considerations of treatment of confidential information and allows for the provision of a special advocate. These provisions apply broadly, including to the Telecommunications Act and Critical Cyber Systems Protection Act (CCSPA).
Q10. At the House stage, stakeholders raised concerns about accountability, transparency, and appropriate oversight, particularly in view of the fact that C-26 would allow the Government to issue confidential orders. How have these concerns been addressed?
Any Order-making process requires that the affected parties be consulted, and an explicit requirement was added to orders must be reasonable.
It was also amended such that Parliament will be provided an annual report on how the authorities were used, and a number of reporting criteria were specified for those reports. Additionally, in the event that a confidential order or security direction is issued, the National Security and Intelligence Review Agency (NSIRA) and the National Security and Intelligence Committee of Parliamentarians (NSICOP) must now be notified.
Q11. Why have secret orders? Does this not undermine the message that cyber security is a shared responsibility?
Orders will be public by default and published in the Canada Gazette. The use of confidential orders is limited to specific circumstances where immediate disclosure could compromise the security of Canada's networks. For example, confidential orders may be necessary if making the order public would expose unresolved vulnerabilities that threat a threat actor.
In the exceptional circumstance of a confidential order, the National Security and Intelligence Committee of Parliamentarians (NSICOP) and National Security and Intelligence Review Agency (NSIRA) must be notified to ensure appropriate oversight.
Q12. This Bill confers extraordinary powers, such as ‘terminating services to anyone'. How can the government ensure they aren't cutting off essential services for Canadians?
This is a significant power, and its use is intended to be very limited. This power is designed to secure networks from disruption, manipulation or interference. For example, if there are known network threats, the Minister could order those network connections to be suspended to restore broader network stability. The amendments ensure actions to restore security are balanced against their broader implications (Clause 2, Section 15.1(1.1)).
The Minister of Public Safety must be consulted before the Minister of Industry issues such an order (Clause 2, Section 15.2(1)). Additionally, the amendments clarify that Orders must be reasonable and ensure that specific factors must be considered, including the operational impact and the potential effects on the provision of telecommunications services across Canada (Clause 2, Section 15.1(2.1)). This ensures that the powers are reasonable and targeted to the threat they aim to address.
III. National Security and Telecommunications Risks (Including Huawei and 5G)
Q13. What were some of the findings of the government's 2022 5G security examination?
In terms of telecommunications security, the examination found risks will be more difficult to contain in 5G networks because of their higher degree of interconnectedness of sensitive network functions. High-risk suppliers' access to 5G networks should therefore be limited.
In conducting its security review, the government relied on many sources including classified intelligence, media reporting, and consultation with allies. Of particular concern, applicable to any vendor, is a requirement to obey extra judicial direction, as is the case with Huawei and ZTE.
Q14. Does this Bill represent a ban on Huawei?
The Government of Canada has serious concerns about suppliers such as Huawei and ZTE, who could be subject to extrajudicial directions from foreign governments.
Amendments to the Telecommunications Act would grant the Government authority to take action, helping to mitigate the risk of any foreign actions or influence that could conflict with Canadian laws or interests. This Bill will provide the Government of Canada with a clear and explicit legal authority to prohibit Canadian telecommunications service providers from using high risk products and services.
The Government's statement on telecommunications security makes it clear that Canada considers Huawei and ZTE high risk suppliers. The statement announced the intention to prohibit the use of designated products and services from these suppliers, subject to consultations. The amendments to the Telecommunications Act will provide the Government with a legislative tool to effect such a ban, with the added safeguard that any such orders must be reasonable and take into account the broader impact on the telecommunications system and the services provided to Canadians.
IV. Impact on Industry, Rural Communities, and Small Providers
Q15. How could a future decision on whether to restrict high risk suppliers from 5G networks affect Canada's rural communities' ability to access the Internet?
The proposed restrictions on high-risk suppliers for 4G and 5G networks announced in 2022 were designed to consider negative impacts on Internet access in rural markets with timelines that allow for replacement of equipment by 2027. This allows for predictability and changes in accordance with capital upgrade cycles.
Any actual Order to implement these restrictions will be subject to further consultation. C-26 also specifically requires the government to account for the operational and financial impacts on TSPs, as well as the provision of services in Canada, including rural communities (2.1).
Q16. Does C-26 ban compensation to providers for their actions in complying with the law? Won't this hurt small providers?
The Act requires the government to consider the operational and financial impacts on TSPs before issuing any orders (2.1).
The Government remains committed to ongoing collaboration with TSPs to phase out untrusted equipment and avoid future investments in such equipment.
While the text of Bill C-26 states ‘”no one is entitled to any compensation,” this does not prevent the Government from providing compensation should it choose to do so.
Q17. Does the Government have the necessary capacity (skills, financial, technical) to undertake the administrative burden that may be associated with the new powers set out in C-26?
Regulation of the telecommunications sector is not a new role for ISED as, for example, the department currently governs spectrum management and licensing and leads voluntary efforts for telecommunications security and resilience. ISED officials will draw on existing experience, expertise, skills, and established processes to ensure effective and efficient application of the new powers set out in this Bill.
V.International Relations, Best Practices, and Broader Security Measures
Q18. Will this framework address all security concerns in the telecommunications system?
Threats to Canada's telecommunications system will continue, even with this security framework. Malicious actors, both state and non-state, will use any means available to them to achieve their goals. Our proposed framework will give us the tools we need to mitigate these risks, but work must continue to assess and analyze the threat, along with appropriate Government responses.
Q19. Have additional risk mitigation measures, such as investment in counter (defensive) technologies and innovations, been considered in addition to this legislation?
Bill C-26 is one tool among many that the Government of Canada will leverage to address cybersecurity in our critical infrastructure. With regard to telecommunications, the Bill is designed to address a range of engineering, design, and other issues, such as increasing resilience in the event of extreme weather situations. We have seen the need for this recently with severe wildfire seasons and expect to continue to see this as a result of climate change impacts, such as the increased likelihood of flooding and storms.
Bill C-26 is one of many tools being used to address these challenges. We are also making advancements in post quantum encryption, for example. Additionally, the renewal of the National Cybersecurity Strategy is underway, and it will offer a collaborative means to promote innovation and security across sectors.
The Government will leverage a wide range of voluntary and collaborative measures to support Canada's cybersecurity posture, along with legislative backing from Bill C-26.
Q20. Is this legislation framed around international best practices?
While the legislation does not explicitly reference international standards, Bill C-26 is grounded in these principles. The reason for not directly citing them is that these standards can change over time.
Most telecommunication operations already follow established standards, like those set by the International Standards Organization or the International Telecommunication Union, those set by the technical community, or those set by agencies such as the National Institute of Standards and Technology (NIST), which many stakeholders adhere to.
- Date modified: