:
I call this meeting to order.
Welcome to meeting 12 of the House of Commons Standing Committee on Procedure and House Affairs. Pursuant to the order of reference of Saturday, April 11, the committee is meeting to discuss the parliamentary duties in the context of the COVID-19 pandemic.
Before we start, I want to inform members that pursuant to this order of reference, the committee is meeting for two reasons: one, for the purpose of undertaking a study and receiving evidence concerning matters related to the conduct of parliamentary duties in the context of COVID-19; and two, to prepare and present a report to the House by May 15 on the said study. The order of reference also stipulates that only motions needed to determine witnesses, and motions related to the adoption of the report, are in order.
Today's meeting is taking place via video conference. The proceedings will be made available via the House of Commons website. Just so you are aware, the webcast will always show the person speaking rather than the entirety of the committee on that webcast.
In order to facilitate the work of our interpreters and ensure an orderly meeting, I would like to outline a few rules to follow. Interpretation in this video conference will work very much like it does in a regular committee meeting. You have the choice, at the bottom of your screen, of the floor, English or French channels.
Before speaking, please wait until I recognize you by name. When you are ready to speak, you can either click on the microphone icon to activate your mike or hold down the space bar while you are speaking. When you release the space bar, your mike will mute itself, just like a walkie-talkie. When you have it pressed down, you're able to speak. When you release it, you'll be back on mute.
I would remind you that all comments by members and witnesses should be addressed through the chair. Should members need to request the floor outside of their designated time for questions, they should activate their mike and state that they have a point of order. If a member wishes to intervene on a point of order that has been raised by another member, they should use the “raise hand” function. This will signal to the chair your interest to speak. In order to do so, you can click on “participants” at the bottom of your screen. When the list pops up, you will see that next to your name you can click the “raise hand” function. It might also be at the bottom of your participants list.
When speaking, please speak slowly and clearly. When you are not speaking, your mike should be on mute. The use of a headset is strongly encouraged.
Should any technical challenges arise—for example, in relation to interpretation or a problem with your audio—please advise the chair immediately, and the technical team will work to resolve them. Please note that we may need to suspend during these times, as we need to ensure all members are able to participate fully.
Before we get started, can everyone click on their screen in the top right-hand corner and ensure that they are on gallery view? With this view, you should be able to see all the participants in a grid view. It will ensure that all video participants can see one another.
During this meeting, we will follow the same rules that usually apply to opening statements and the questioning of witnesses during our regular meetings. As per the routine motions of the committee, each witness has up to 10 minutes for an opening statement, followed by the usual rounds of questioning from members. However, due to the size of the witness panel, I am asking that all witnesses be as brief as possible in their opening statements in order to allow as much time as possible for questions by the committee members. Just as we usually would in a regular committee meeting, we will suspend in between panels in order to allow the first group of witnesses to depart and the next panel to join the meeting.
I'd now like to welcome our witnesses.
We'll start with Ms. Qaqqaq. I believe, if we do not have Ms. Ashton here yet.
Let's hear from Ms. Qaqqaq, please.
:
Mat'na. Thank you for having me.
I understand that we have some time limitations. I had provided a couple of pages of briefing notes, so I'll try to go through them as quickly as I can.
Thank you for giving me the opportunity, first and foremost, to speak at this committee. My name is Mumilaaq Qaqqaq. I'm the member of Parliament for Nunavut. Nunavut is Canada's youngest territory, and I'm proud to be the youngest person elected in the riding, and one of the youngest voices in this Parliament as well. Nunavut is also the largest electoral district in the world, with a population of approximately 39,000.
I was raised in Baker Lake, a growing community of 2,000. I now live in the capital of the territory, Iqaluit, which has a population of about 8,000. All 25 communities in the riding are fly-in and fly-out, with no roads to connect families and people across communities. Approximately 85% of my constituents are Inuk, or Inuit.
I am currently speaking to everybody here on the committee from Ottawa. I can't confidently say I could participate in a virtual Parliament or a virtual committee if I were actually in my riding. Connectivity is essential.
Unfortunately, our territory has the highest suicide rate per capita in Canada. This has tragically been the case for years. I grew up with this being perceived as our normal, which is wrong. I have lost countless friends and family to suicide. Everyone in the territory is, in some way, touched by suicide. This reflects the social determinants for individuals in the territory.
One-third of my constituents live in overcrowded homes. We also know that seven out of 10 children go to school hungry in Nunavut. There are communities that continue to see boil water advisories and limited access to clean drinking water. We have some of the highest living costs in the country. Along with investments in housing, building basic infrastructure is a must in the territory. Connectivity is essential.
Accessing critical and often life-saving information is frequently a challenge in Nunavut. Providing individuals with key information in their mother tongue, Inuktut, can be life-saving. In 2016, 23,225—approximately 65% of the population—reported Inuktut as their mother tongue.
I was glad to see during the previous parliamentary session an announcement that talked about a commitment of $42 million over the next five years to support Inuktut language initiatives. This was a collaboration among the Government of Canada, the Government of Nunavut and Nunavut Tunngavik Incorporated, the territorial advocacy organization.
Although the intentions of this agreement are good, I face many barriers as a member of Parliament in providing needed translation to my constituents. For example, I would need to translate all my work five times to make sure information is easily available to everyone. Guiding constituents to the federal services they need is a similar obstacle. Providing translation in Inuktut at the federal level for my constituency and other Inuit Nunangat communities would be nothing but beneficial for everyone. Connectivity is essential.
As we saw during yesterday's committee, even in some of the most prosperous parts of the country, technical limitations are impacting parliamentarians' ability to do their work. I thought it was important for everyone here at the committee today to get a sense of the Internet speeds here in Ottawa compared to communities in Nunavut. I reached out to some constituents and asked for their Mbps, or megabits per second, and was frustrated, but not surprised, by some of the numbers that I heard. For example, I did my own testing here in Ottawa. With my phone plan I have 180 megabits per second, and with my Wi-Fi I have 200 megabits per second. Please keep in mind that you need at least eight megabits per second to run a high-definition video conferencing call, and these results will be impacted if you are sharing a network with other people.
These are some of the constituent responses I had. I tried to hit all three of my regions. In Cambridge Bay, we see Wi-Fi at 14 megabits per second, and data at 51. In Baker Lake, my hometown, Wi-Fi is again at 14 megabits per second, and data is 85 megabits per second. Arviat's Wi-Fi is at six megabits per second and data is at 51 megabits per second. Sanikiluaq Wi-Fi is at two megabits per second, and data in Sanikiluaq is at 13 megabits per second. Connectivity is essential.
This isn't part of my notes, but earlier this afternoon during the session, a minister thanked the member for a question on the issue of rural broadband in his region. We know that before the COVID-19 crisis began the government recognized that fast, reliable and affordable high-speed Internet was a necessity, not a luxury, so clearly the federal government knows that this is a problem.
We continue to see large corporations like Bell charge ridiculous prices across Canada. Everyone here would agree that hours and hours of streaming parliamentary business on their data plans could result in some outrageous overage charges. During this crisis, we have also heard stories of cellphone and Internet providers suddenly charging Canadians more. How can we ask families to stay at home, parents to continue working and students to learn through online resources without providing affordable and accessible Internet services?
When I say this, I want you to keep in mind the fundamental human rights issues I have previously mentioned that too many of my constituents—Nunavummiut, Canadians—are facing.
Northwestel, one of the major telecom companies in Nunavut, has fortunately provided temporary Internet usage relief until May 31 for existing customers, which is one way we should be taking care of each other right now. Connectivity is essential.
With this in mind, I would like to talk about the proposed Kivalliq hydro-fibre link. I would like to echo the words of Premier Joe Savikataaq when he said, “The proposed Manitoba-Nunavut hydroelectric power line transmission and fibre optics project aligns with our Turaaqtavut mandate, Nunavut's growing telecommunications needs and the Government of Canada's goal to reduce the effects of climate change.”
The Kivalliq hydro-fibre link is an opportunity not only to promote cleaner energy but to provide much-needed Internet and data supports for our communities. We have yet to see the support needed from the federal government for this project. Connectivity is essential.
The amount of needed services in Nunavut is extremely high. Increasing accessible and affordable connectivity services could save lives. We could promote online counselling, education resource exchange, share information with one another and do so many other beneficial things.
Again, I'd like to thank everybody for this opportunity. I hope I was able to capture the basics of the reality in my riding and why connectivity is essential. There is much opportunity for us to do great things and provide these services to the people who need them.
Mat'na. Thank you.
:
Good afternoon, fellow colleagues. Thank you for having me as a witness today.
It's unusual to be on this side of the table, or the screen, as a witness at this committee. I truly value the opportunity to share the perspective of many in our region as your committee finds ways to make virtual Parliament work.
First, I want to be clear: I am a proponent of a virtual Parliament. I spoke out publicly about the need for a virtual Parliament early on in this pandemic. I also spoke out about the need to make Parliament more accessible, including virtually, for some time, even before this.
Currently, we are living in an unprecedented time of crisis. Many Canadians have had to take unprecedented steps to stay safe: physical distancing, working from home if possible, and juggling full-time parenting with work. For others, including essential workers, staying home is not an option. Many are dealing with the crisis of losing their jobs.
Throughout this time, our work as representatives and advocates has, if anything, become even more important. Over the last number of weeks, I've been in close contact with first nations leaders in our region who are doing everything they can to keep their communities safe, desperate for federal action. I've been in touch with front-line workers who don't have enough access to the personal protective equipment they need. I've been in touch with workers in work camps and mines across our north who are afraid to go to work because of a possible spread of COVID-19. I've been in touch with constituents stranded abroad, students who don't know how they'll pay their rent and seniors who are in need of support.
Our work has not stopped, but without Parliament and access to the accountability mechanisms that are integral to it, our ability to make change has been deeply impacted. Like many of you, I've been in contact with ministers, parliamentary secretaries and the media, doing everything possible to get action for our region. That is important, but fundamentally we are members of Parliament. Canadians expect us to represent them in Parliament, whether we are in government or in opposition.
Let's recognize that at a time when people who can are encouraged to work from home, we should be doing that too. For reasons of public health, we shouldn't be any different. We should be setting a high bar to show that it is possible to do a wide range of work remotely, including the work of Parliament. Let's be responsible in terms of our work. When we are told that we could be supercarriers of COVID-19, let's do everything possible to do our work safely from home.
Research has indicated that we could be dealing with future, and possibly multiple, waves of the coronavirus. This isn't a matter of weeks, but months and even years. We must be seen as leaders in terms of public health and do everything we can to keep our communities safe, including refraining from travelling across the country on a regular basis when we could be doing this work from home.
Right now, here in my home region, we have a travel restriction where people who do not live north of the 53rd parallel are not allowed to come in unless they work here. Non-essential travel is not recommended. These are public measures reflective of how vulnerable our region is. There are also widespread public health recommendations to avoid interprovincial travel. Given our work as leaders, we must go above and beyond to keep our communities safe and do our work from home.
A virtual Parliament is critical in terms of regional representation. Until now, no Manitoba MPs from any party have attended an emergency sitting of Parliament. We know that, again, for public health reasons, emergency sittings and the in-person sitting today are dominated by MPs from central Canada, those who are near Ottawa. This is not acceptable. A virtual Parliament is critical in terms of gender representation. Based on research by Samara Centre for Democracy, it has been noted that the percentage of women in the House during emergency sittings has ranged from 25% to 27%. While reflective of our general representation, which remains pathetic, the fact is that a virtual Parliament can allow for women MPs to be heard across the country and for parties to ensure that their voices, our voices, are heard.
Let's also recognize that other jurisdictions have taken on this work already and put in place parliamentary sittings virtually: jurisdictions such as Wales, the U.K., the European Parliament, Ukraine, Argentina, and the list goes on. However, in setting up a virtual Parliament, we must recognize that we are not equal as MPs. Our region here in northern Manitoba, like much of rural and northern Canada, has extremely poor access to the Internet.
The Winnipeg Free Press recently reported on the fact that, according to the CRTC, Manitoba has some of the slowest Internet speeds in Canada. A CRTC map of broadband coverage shows major gaps across our province. An internal briefing note prepared by Industry Canada noted that as of 2018, “Northern Manitoba has the worst connectivity in all of Canada.” Nationally only 27.7% of first nations and 37.2% of rural communities have access to fast, reliable Internet.
This crisis is exposing the second-class access to critical infrastructure that many on first nations and in rural Canada are living right now. It is exposing a glaring and growing inequality in our country. It's having a negative impact on our kids, kids who already face immense barriers.
A CBC report recently made it clear that for first nations kids in remote communities like Garden Hill, here in our region, online learning is simply not possible. Catherine Monias, Garden Hill's education director, said when asked about offering online learning, “We can't...Most students do not have access to a computer and a printer, and most students do not have internet at home.” Even if there were more access to the Internet, Ms. Monias pointed out, “Our internet bandwidth is so narrow, that it's impossible to [teach online].”
I have heard from worried parents, frustrated educators and leaders from our region who are concerned about their young people's ability to access an education. We cannot have a situation where a generation of kids is held back because of our failures.
My office and I have also heard directly from constituents who have no access or unreliable access to the Internet when it comes to applying for EI, the CERB or getting help from Service Canada.
This cannot stand, and we must be clear that it didn't just happen. Successive governments' choices to fund private enterprise in the hope of providing broadband have failed. Good public money has been poured into initiatives that have not solved the problem. Years of Conservative and Liberal promises to ensure access to broadband Internet have failed. We've heard the campaign commitments and seen the posters, but there is no Internet.
I know of one community in our region that accessed the federal funds some years ago to build a tower, only to have the tower bought out by our main telecom provider and then dismantled. To this day, they do not have access to broadband Internet.
It's 2020, and in one of the wealthiest countries in the world, we face a shocking and unacceptable digital divide. This pandemic crisis should be a wake-up call. We need the government to recognize access to broadband Internet as a public good, a basic necessity, an essential service. The government must use public ownership to ensure the construction of broadband Internet infrastructure and ensure regulated and affordable service. It should also work with first nations and indigenous communities.
Many have compared dealing with this crisis to a wartime effort and said that we should be looking within to provide what we need. We are an incredibly wealthy country. Let's respond to the urgent needs of people at this time and into the future through national action now to ensure equal Internet access for all.
Let's come out of this crisis better than we were. Let's build a Canada where we are not letting down the next generation, and where we are not contributing to growing inequality. Canadians, including the youngest among us, are counting on us to do this. Let's get it done.
:
Thank you, Madam Chair. I'm very pleased to be taking part in your work on this very relevant issue.
My name is Chantal Bernier. I'm a lawyer who specializes in privacy and cybersecurity law.
You invited me here today to outline the information security considerations associated with a potential virtual sitting of the House of Commons. I understand your concerns, particularly in light of media reports regarding security risks related to certain platforms. However, these risks must be put into context. First, they apply only to certain types of information. Second, they apply only to confidential debates. I'll address these distinctions.
[English]
In relation to the types of information you must protect by law as a public institution, there are two that are most relevant to your work.
The first category of protected information I will mention is information received in confidence in relation to the affairs of the Government of Canada, or received from another government, because the disclosure of that information would be injurious to the interests of the Government of Canada.
This type of information would never arise in the House of Commons. Should it arise in committee meetings, the committee should go in camera, and then the chair should ensure additional information security measures are applied, proportionate to the sensitivity of the information involved. The chair should not proceed to an in camera meeting unless there is assurance from the technology experts of the House of Commons that it can proceed securely online.
As a former senior public servant who had to lock her device in a little box every time she attended cabinet meetings, I can assure you that the Government of Canada has a long tradition of information security.
The second category of protected information I will mention is personal information. Personal information is defined as information that relates to an identified or identifiable individual, meaning that even if the information can be related to an individual only indirectly, it is still personal information, and you must, by law, protect it.
However, there are exceptions that are relevant to your work. These are types of personal information that you do not have to protect.
The first is information about an individual who is or was an officer or employee of the government institution where the information involved relates to the function of that employee or office. You also do not have to protect the fact that an individual is or was a ministerial adviser or a member of ministerial staff, as well as the individual’s name and title. As well, you do not have to protect information about an individual who is or was performing services under contract for a government institution when, again, the information relates to that contract. Finally, information relating to any discretionary benefit of a financial nature to an individual, such as the granting of a licence or permit, is also not subject to protection and can be disclosed.
In other words, the protection of personal information cannot undermine government accountability.
Moving, then, to the type of proceedings that call for security measures, sittings of the House of Commons and meetings of House committees, except when they must go in camera, do not create security risks. It's quite the opposite. Because House debates are always public and are accessible directly from anyone's computer at any time, moving online preserves the transparency of Parliament more than it creates information security risks.
While I'm here, I would like to bring to your attention real information security risks that have not made the news. I am referring to telework. Working remotely from our houses raises information security risks. I speak on the basis of practical cases I have seen.
The main risks are these. The first one comes from the fact that many of us share a home. Telework means that the arrangements must provide physical protection of confidential information. Not everyone has a house big enough to allow a separate room to work in. Measures must therefore be adapted to each physical setting to protect information on both paper and screen.
Government documents should never be transferred to personal electronic devices. These devices are not configured in accordance with government information security standards. Government electronic devices should also not be made accessible to anyone except the government employee to whom the device has been assigned, even for temporary use. The devices are most likely to contain documents protected by law, and access by an unauthorized person constitutes a breach.
While passwords are the basis of security on electronic devices, they become even more important in the context of telework, an environment where you are around people who know you very well and, therefore, could guess your password. It's not necessarily for nefarious reasons, perhaps only because they want to use the computer. Still, it constitutes a security risk.
Without the entry-exit controls of Parliament offices, screens should be set to lock automatically when they are not used for a set period. That set period should be as short as necessary, according to the circumstances. Privacy filters on a computer can be used to hide the screen or make it invisible to others.
Finally, I would caution you against the accidental use of one's personal email for professional use. In the home environment this confusion risk is higher.
[Translation]
In short, I want to both reassure you and caution you.
I can reassure you by putting into context the issue of information security as it relates to your work. Apart from when you must deliberate in camera, the Internet maintains the level of transparency that we all want in the House of Commons rather than creating an information security risk.
When you need to sit in camera, Madam Chair and your fellow committee chairs, you must ensure that all safeguards proportionate to the sensitivity of the information involved are applied.
Regarding my cautionary note, I strongly encourage you to speak to all the members of your team about the measures that they've taken to ensure the protection of information while teleworking.
Thank you for your attention. I look forward to answering your questions.
:
Madam Chair, thank you for the opportunity to appear before the committee. I look forward to answering questions in both official languages.
[English]
I will start with some ad hoc remarks about cybersecurity in the current context, and then pass to some broader remarks about the continuity of constitutional government in the context of an emergency and a crisis. I shall edit those remarks and I shall indicate to the translators the edits so that you have the full written version in front of you in both official languages.
With regard to cybersecurity, here are a few brief considerations.
The deliberations you are having are hard to mess with because they're in real time and they're open, so tricks like deep faking what somebody might be saying seems to me to be pretty hard and difficult to make effective. On the next panel, I know there's somebody who is going to raise concerns about the Zoom technology, but I actually think that this is not particularly relevant in the current context. Yes, end-to-end encryption is the gold standard, but in this case, we're talking about an open Parliament and open conversations, so if we have interserver encryption.... We want people to be looking in anyways. If our adversaries want to listen in and see what a resilient democratic conversation looks like, all the better.
No matter what tool you're going to use, all the tools have vulnerabilities and are somewhat insecure. Some are less secure than others, but inherently there's always an issue with regard to compromise. I actually think this is a misguided conversation. This points to technological determinism, and technology is not ultimately the issue. It's behaviour that's the issue. It's how we use the cyber domain, so we need to have a more human-centric conversation about cybersecurity.
Many of the measures technologically can be readily solved as your parliamentary administrators already have with regard to Zoom, by sending passwords separately and locking down meetings. Really, it's a matter of what conversations we can simply not have online because we have to assume the conversation is compromised. There's still a lot you can learn from the metadata, even if you have end-to-end encryption. For instance, are you logging in through a virtual private network when you're logging in as a member of Parliament?
The greatest risk is probably not the software but your personal device. Is it already compromised? What kind of device are you using? What mechanisms are you using to connect: hard-wired or mobile? Are you on an approved device? Is the device hard-wired on a secure network with unique key identifiers, with a KPI card? Are we routing the traffic through a Canadian network to ensure Canadian data sovereignty, or is it being routed the most efficient way?
All this is to show that we need to think in human-centric terms, including how our adversaries might be thinking about this environment and their intent, and not in tech-centric terms. It's about the human factors of cybersecurity. Humans are ultimately the greatest vulnerability, but they're also an underused asset.
I'll point to, in this conversation we're having, nine issues with regard to human factors and cybersecurity that we are all experiencing every day.
The first is societal issues: How do we ensure that our democracy and our institutions are adequately defended? How do we ensure that they are cyber-resilient? How do we adapt our democratic institutions and how do we ensure that we have evidence-based policies?
With regard to regulation, we want to think about how we protect privacy, how we increase transparency and accountability, and how we standardize cybersecurity.
In terms of behaviour, we want to think about criminal networks, about enabling the behavioural change by users, and about designing more usable machines and more usable interfaces.
This ultimately leads me to questions about the role of Parliament. Ultimately the underlying primary constitutional principle here is the principle of responsible government. It is about ministerial responsibility, first and foremost, during a crisis and an emergency. It is about holding government to account and it is, in the Westminster parliamentary system, about parliamentary supremacy.
What does this mean concretely? It means voting supply on spending, on accountability, but also on how we raise revenue. I'm deeply concerned about how Parliament had very little say in how we raised revenue. Usually we think of this as taxation, but what we have seen in recent weeks is the largest and most rapid expansion of government in the post-war era. It has imposed unprecedented intergenerational burdens. We have seen this previously. The percentage of the debt this year that is being taken up in new debt is roughly what it was in the early 1980s. It hobbled government for a generation and led to considerable fiscal challenges down the road, hamstringing governments.
What are the mechanisms that are being deployed to ensure the spending that we are taking up is the most efficient and the most effective? I'm deeply concerned, in the current environment, about the temptation of privatizing profits and socializing debt, including private debt. When we restart the economy.... People are already talking about infrastructure, but this is what some people have called the “she-cession”. Unlike in 2008, the people who are disproportionately affected are women, and they are women in precarious situations. Building lots of bridges, roadways and subways is not going to help them, directly at least.
How do we think about how we restart the economy? In all of this, Parliament has a very important role to play.
I shall now pass to my remarks. I shall read from the first page and then extract lines from subsequent pages.
This is the greatest test for the maintenance of Canada's democratic constitutional order in at least 50 years. It raises many important questions. What is the legitimate extent of the federal government's power during an emergency? Is the federal civil service that drives Canada's federal system for coordinated emergency response a boon or a bane during a complex multijurisdictional, prolonged emergency? Did the get the best advice? Was the Prime Minister aware that the World Health Organization has had a very troubled relationship with China since 1957? These challenges are not new.
What are the appropriate roles—before, during and into a recovery—of the executive, judiciary and legislative branches? To what extent can the executive abrogate civil and privacy rights in the public and common interest, especially if citizens' confidence were to falter? Metadata will be an important part for mobile devices in reopening, in particular aggregate metadata and understanding people's behaviour. These require conversations.
To what extent do the proximate failures of the Canadian government to protect the safety and security of its citizens at home and abroad expose distal failures and weaknesses in intelligence, strategic assessments, emergency preparedness, continuity of constitutional government and the civil service's capacity and commitment to provide the best possible impartial advice to the government of the day, along with weaknesses in the structures and institutions of the Government of Canada and constitutional governance? After all, many democracies have fared significantly better than Canada in the speed and agility with which they responded to the epidemic, without the massive expansion of the state to which Canada has had to resort at a cost of billions of dollars.
The underlying rationale for the answers to these questions needs to be transparent and intelligible. There are questions about proportionality and suitability of these measures, as well as the fundamental transformation of the social and economic role of the state and public sector, whose expansion in recent weeks is without precedent in the post-war era. There's no precedent within living memory for anyone in a position of leadership of how to govern in this crisis, so Canada's democratic institutional order is absolutely critical. It is insufficient simply to tolerate criticism. The resilience and superiority of the democratic way of life is at its best when objections to the way the state optimizes how to manage and contain societal risk are actively sought out, enabled, heard and reciprocated. Even during a crisis, the government's power should not be absolute, unchecked and without recourse.
The hallmark of constitutional democracy is that, even during an emergency, executive power is contingent: The people have recourse through their representatives in Parliament to check the executive. Under such extraordinary circumstances, what are the prerogatives of the legislature in holding the executive accountable within the prevailing ethical and moral framework?
I'll move on to the top of the next page.
For over three centuries, voting supply has been the bedrock principle of the Westminster parliamentary system [Technical difficulty—Editor].
The events of recent weeks appear to validate the resilience, adaptability and vitality of Canada's constitutional system.
I shall be on the last page, for the translators, and I shall make my remarks quick.
The Government of Canada has long taken a laissez-faire approach to departmental emergency planning, which facilitates event-driven reactions, where the perceived urgency trumps the actual importance. I'm concerned about overzealous experts who want to outlaw certain types of behaviour without interventions from politicians. Ottawa mayor Jim Watson's intervention with regard to people actually being able to have a beer in the driveway while respecting social distancing is a good example.
Especially during a time of crisis, Parliament has a supreme duty to hold the executive to account. Canadians need continuous parliamentary audit of the executive and the bureaucracy's judgment.
During the First World War, high commands often found themselves at odds with national assemblies. Indeed, national assemblies had conceded extra powers to the executive branch and exercised restraint over the way their military prosecuted the war. Assuming the war would be brief, they deferred to experts and professionals, but in the wake of a succession of failed offences and military stagnation, parliamentarians demurred. They attempted to regain control of the war effort by injecting criticism and new ideas. Georges Clemenceau, when he became premier of France in 1917, famously surmised, “War is too serious a matter to leave to soldiers.”
Then I go through a series of issues where the British generals got it wrong and Winston Churchill got it right. Military strategy requires civilian perspective and leadership. That's what we learn from civil-military relations. To paraphrase Clemenceau, a pandemic is too important to leave to health experts or the executive alone, hence the importance of the role of Parliament. Never has it been more important than today.
:
Thank you, Madam Chair and committee members for the invitation to speak to you today.
You're currently studying ways in which members can best fulfill their parliamentary duties during the COVID-19 pandemic. You're looking at the temporary modification of your procedures and technological solutions to support a virtual Parliament. We've been asked to speak to you today about privacy issues related to web-based video conferencing platforms as you consider potential solutions.
At this time, we're all navigating and adapting to a new reality of social distancing. Many of us have turned to video conferencing services for both personal and professional use. Governments and parliaments around the world are also using these efficient and readily available platforms to carry out important work.
We often see a connection between the privacy concerns and the cybersecurity risks and vulnerabilities of these platforms. These types of digital solutions are widely available and seamless to use, which explains their surge in popularity. However, there have also been reports of privacy and security issues related to their use. These issues stem from flaws with end-to-end encryption and data collection or sharing practices embedded in the terms and conditions. Specific risks along these lines would be unique to each video conferencing service in question. Any tool has its pros, cons, strengths and vulnerabilities.
[English]
There is a good reason to be prudent when considering cybersecurity concerns or vulnerabilities with any particular technology option. There have also been reports that the COVID-19 crisis has created new opportunities and motivations for cyber-attacks, which only increases the importance of ensuring there are adequate safeguards in place to protect against unauthorized breaches of personal information.
As you consider various technological solutions to support a virtual Parliament during this pandemic, it will be important to bear in mind that certain solutions may not be equally suitable for all situations. Parliament should first determine its needs and then assess the technical safeguards, the potential security risks and the privacy policies of each service before selecting a particular platform.
For situations that would involve government discussions requiring secure communications, I would defer to our government cybersecurity experts to provide specific technical expertise on appropriate solutions to support the work of Parliament. I would only add that a self-hosted web-based video conferencing system solution is generally more secure than using a web-based video conferencing system offered by a provider, because there is more ability to control certain technical features and, therefore, to adapt it to your specific needs.
If options other than self-hosted solutions are being considered, such as the numerous web-based video conferencing services that are broadly available, they should generally be reserved for public matters only.
[Translation]
A number of measures can be taken to protect privacy even when a system is used for public meetings. In such cases, we recommend the following:
The committee should conduct a careful review of the video conferencing service's privacy policies and terms of use to understand the terms for the collection, use and disclosure of personal information and third party contractual arrangements.
When using a private messaging feature during a video conference, pay particular attention to whether the messages remain private. Some messages may form part of the transcript of the meeting, and thus ultimately be more broadly available than the author intended.
For public committee meetings or House debates, the host—or in your case the chair of the committee—can prevent “Zoombombing,” gate crashers or other unwanted activities by disabling certain features such as “join before host,” screen sharing or file transfers.
Members who participate in a video conference should be careful about their own environment, such as where they sit. The people and items visible in the background can reveal a great deal of information.
Lastly, if members are using a web browser to participate in video conferences, it would be best to open a new window with no other browser tabs. Ideally, they should also close other applications to avoid inadvertently sharing notification pop-ups—showing, for example, new incoming emails—with other participants and the video conferencing service provider.
The Office of the Privacy Commissioner of Canada is currently preparing a list of best practices for individuals to mitigate common privacy and security concerns associated with web-based video conferencing systems. However, on their own, these measures don't guarantee that all privacy and cybersecurity risks would be adequately addressed, particularly in situations requiring secure communications. A more secure solution would likely be necessary.
Thank you for the opportunity to appear before you today. I now look forward to answering your questions.
:
Thank you, Mr. Turcotte.
[English]
I also found it interesting that you mentioned that we were to examine this carefully, yet we've been given, effectively, five meetings to do so. Thus, it's almost impossible to go through all the scenarios and all the plausible problems from a security standpoint that it might cause.
My next question is to Ms. Qaqqaq. We know, for example, that only 40% of the rural part of our country is covered by broadband.
I will correct something that Ms. Ashton said. Actually, the opposition House leader, , a Manitoba MP, was at the March 24 session of Parliament.
Ms. Qaqqaq, do you find your parliamentary privilege, your ability to represent your constituents, being jeopardized because of the ineffectiveness of rural broadband in the part of the country in which you live?
:
Thank you, Madam Chair.
I would like to take the opportunity as well to thank our witnesses for being with us this evening. It's always great to receive your feedback and your insight regarding this very important topic that we're studying.
As we all know, Canadians, including parliamentarians, are really trying hard to follow public health measures by staying home and working remotely. As we've heard this evening, many of us are using different platforms and different tools, and it's been quite successful for the most part, but we are also hearing concerns about cybersecurity. I know that on a daily basis we hear the words “threats” and “vulnerabilities”, and we've heard that many times this evening.
My question would probably be for Madame Bernier and perhaps Monsieur Turcotte.
What questions do you think we need to ask ourselves to ensure that we're respecting privacy concerns and security concerns in the virtual meeting part of it?
Madame Bernier, you also spoke about working remotely, and that really piqued my curiosity. I'm wondering if you would be able to elaborate a bit on that as well, as to what we should be doing and asking ourselves.
:
[
Technical difficulty—Editor] health care, education, and the list goes on, as you both mentioned. Thank you for your comments.
Dr. Leuprecht, we've met before, through the Eastern Ontario Wardens' Caucus. You had done a great report on policing sustainability.
For my first question I wanted to ask you maybe what you gave Mr. Gerretsen in the class you had with him. However, I'll pass on that and ask you to build on your comments about the parliamentary aspect. I respect what you say when you note that Parliament is open, transparent and on TV, in terms of the security risks there. My concern goes more to what Madam Normandin of the Bloc talked about, the caucus aspects and some of those in camera and behind the scenes stuff that are an essential part of seeing that public face of Parliament. I worry about some of those security aspects. I liked your line about building the plane while flying it, and agree that technology may not be the challenge as much as the human dynamic.
We have Zoom, for example, and we've been rolling these processes out. Do you not think that might be a human issue and not a best practice, at times? Yes, we want to get here quickly, but when you talk about the protocols, the connectivity and the devices, and those questions that you want to ask in a contract you would have with a company, do you not agree that perhaps as humans right now, who are rushing to do this, these might not be best steps, or maybe there's a higher risk of having the challenges of hacking or accessing our software outside of these programs?
:
Good evening, Madam Chair.
I want to thank all our experts for being with us today. As I listened, I heard a lot of important questions, obviously, whether it be about accessibility to high-speed Internet or privacy concerns. Those are important public policy issues. What we're dealing with today is an exceptional and, to use a phrase that has been repeatedly used, unprecedented situation. Almost 25% of our economy has been shut down. Millions of Canadians have been asked to stay away from their jobs and stay at home. Obviously, those are extremely exceptional circumstances, and we are asking for sacrifices. I think the challenge that this committee is tasked with is that, given this context that we're in, given that we're....
In theory, I think, if you asked anybody if tomorrow we should shut down a quarter of economy, nobody would say that would be a smart thing to do or a reasonable thing to do, but we are doing it for public health reasons. We are following the advice of public health officials.
Given the situation we are dealing with, which we know is not an ideal situation, what areas or what questions should we be focusing on, given the fact that we must find at least some form of virtuality for our Parliament?
:
Good evening, Madam Chair and committee members.
I had intended to speak a bit in French, but given the time and the technical issues, I think I will just continue in English for the translators' ease.
Thank you for your invitation. I understand that in this panel session the committee is focusing on possible video conferencing platforms and their feasibility as it relates to establishing a virtual Parliament.
In terms of the feasibility of the technology, I expect others on this panel will discuss virtual and interactive teleconferencing in light of the capacities of different mediated platforms, albeit with some inherent limitations, security considerations and the risk of malfunction.
In terms of the feasibility of the House's capacity to amend its internal rules to facilitate members' virtual presence in lieu of their physical presence, it is clear that this can be achieved constitutionally. From J.G. Bourinot, writing in 1901, to David E. Smith, writing in 2017, in our system “legislative bodies alone are masters of their proceedings”.
As someone who studies government in Canada, my interpretation of feasibility today revolves around what sort of costs and benefits the adoption of virtual legislative meetings implies for democracy within Canada and beyond the walls of the House of Commons, so I engage this question: Is virtual assembly democratically feasible? Below are five points that may be helpful to you in your deliberations.
First, technology is intrinsically disruptive. The first taxi drivers to use cellphones to plot their courses could not imagine how this technology would alter their industry within a very short time. Plus, the law of unintended consequences warns us that intervention in complex systems tends to produce unanticipated consequences. Taken together, technology plus systemic intervention equals deep change marked by unpredictable outcomes. We cannot know the consequences of such change, but they will not all be positive for our democracy.
Second, the Canadian Parliament is unique. It is sui generis. We have a complex, diverse, finely balanced political system. In the rush to address the pandemic, it is tempting to examine how other parliamentary systems are moving towards virtual sessions, but it is a profound mistake to simply assume that what works in other systems necessarily will work the same way here. Because technology is disruptive, we need to carefully study technological adoptions and adaptations before asserting that we can estimate the effects of such change. In the history of legislatures to this point, no advanced democratic legislature deliberates and votes virtually as a method of normal business. Especially because of our complexity, Canada should not be among the first to do so.
Third, the state of democracy in Canada is not static. It has changed and evolved and continues to do so. It is dynamic and responsive to the factors and pressures that bear upon it. This is to say that the change can diminish it, as well as enhance it. Indeed, the quality of democracy can be easily damaged and insulted, as we have seen recently in some of the world's leading democracies. Any diminution in the legislature's task of holding the executive to account, or the media's key role, lessens democracy.
Fourth, considering a move to virtual House of Commons sessions and committee meetings uncovers many complex issues. Of these, one of the more perturbing concerns the deliberative function. As Valere Gaspard and I have written elsewhere, “The opportunities for formal and informal exchanges during debate, in committee work, and at work-related social activities provide crucial interactions among the members. These interactions allow MPs to be exposed to different ideas and perspectives. Such encounters are a key part of our democratic politics.... By reducing parliamentary debate, interaction and exchange to the click of a button, we risk losing what makes our democracy work.” Smith observes, “deliberation is more than an aggregation of individual constituency demands”. One of the challenges in the move to virtual assembly is to ensure that e-deliberation is more than just an episodic, half-hearted online opinion poll.
Fifth, other witnesses have commented on the importance of member privilege, so I will not repeat that information here. I find it difficult to accept, at this point, that virtual sittings and sessions can fully facilitate all the aspects of privilege that members enjoy when meeting in normal conditions. In particular, I expect that the privileges around political speech will be difficult to ensure and safeguard in a virtual context. The capacity of members of the House of Commons to express dissent—such as by voting against their party leadership, absenting themselves from controversial debates, challenging a ruling of the Speaker or even being removed from the House—to have that dissent understood, and to be sanctioned in known ways in accordance with the legislature's rules and the rule of law is fundamental to democracy. All manifestations of dissent demonstrate that democracy is present. It's not at all clear to me how one dissents effectively in a virtual session when those who are not speaking are literally muted. If dissent is not present and not demonstrated, then is their legislature really free?
These five points illustrate some of the costs to consider in moving to some form of a virtual assembly. Against these costs is stacked a weighty benefit: minimizing the risk of infection for MPs, staff, security, administrators, technicians and all their families. The benefit of good health is inarguable.
Therefore, the committee may well decide that meeting virtually is the best among few viable options. In this case, my view is that virtual meetings should be held very sparingly and with the understanding that these are short-term measures taken during an extraordinary period. Certainly going forward there's merit to ensuring that the House can meet virtually as a default or a backup option for future crises, and much more careful research should be undertaken as to how best to effect this. Creating this sort of institutional e-infrastructure will require a large, careful effort to fully understand the implications of such change. This period of crisis, in other words, should not serve as an accidental gateway to bringing in a permanent method of virtual assembly that is not well understood and that carries large democratic implications for Canada.
Is virtual assembly democratically feasible? Perhaps it is, but in small doses and with the intention to return to normalcy as quickly as possible.
Thank you.
:
Thank you, Madam Chair and committee members. I'm glad to be here.
As was mentioned, I'm director of the Citizen Lab. The Citizen Lab does research on digital security issues that arise out of human rights concerns.
As much of the world moves into work-from-home rules of self-isolation, technology has become an essential lifeline; however, this sudden dependence on remote networking has opened up a whole new assortment of security and privacy risks. In light of these sudden shifts in practices, it's essential that the tools relied on for especially sensitive and high-risk communications be subjected to careful scrutiny.
In my comments, I'm going to first quickly summarize Citizen Lab's recent investigation into the security of Zoom's video conferencing application—the application we're using right now—and the company's responses to our published reports. Then I'll discuss a broader range of digital security risks that are relevant to the work-from-home routines that MPs and their staff are following. I will conclude with six recommendations.
First, with respect to our published report on Zoom, we published it on April 3 and did a follow-up on April 8. In essence, at the core of that report was that we found that Zoom did not seem to have been well designed or effectively implemented in terms of its encryption. Its public documentation made several misleading claims about its encryption protocols that did not match what we observed in our analysis. I invite committee members to take a look at that report.
We also found potential security issues with how Zoom generates and stores cryptographic information. While based in Silicon Valley, Zoom owns three companies in China, where its engineers developed the Zoom software. In some of our tests, our researchers observed encryption keys being distributed through Zoom servers in China, even when all meeting participants were outside of China. A company catering primarily to North American clients that distributes encryption keys in this way is obviously very concerning, because Zoom may be legally obligated to disclose those keys to authorities in China.
In our report published on April 3, we also discovered that there were issues with Zoom's “waiting room” feature. We didn't disclose those at the time, because we consider them very serious. We did a responsible disclosure to the company.
Now, in response to both of these reports, Zoom has taken a number of actions regarding security. It has committed to a 90-day process to identify and fix security issues, including a third party security review, enhancing their bug bounty program and preparing a transparency report. They've also committed to improving their encryption, including working towards the implementation of end-to-end encryption. They acknowledged that some Zoom users based out of China would have connected to data centres within China and indicated that they had immediately put in place measures to prevent that from happening.
They've released new versions of their platform. You can see that there are some new features, like we experienced today with waiting rooms and passwords and so forth, and they've done a very good job in terms of hiring people with credible expertise in the cybersecurity area.
While it's encouraging that Zoom has made these improvements, the sudden reliance by a very large number of people on a platform that was never designed for highly sensitive communications is symptomatic of a much larger set of problems related to work-from-home routines. It's imperative that we evaluate all the risks associated with this sudden change in routines, and not just those associated with one particular application.
Legislators working from home are connecting using devices, accounts and applications through widely differing home network set-ups, as are their staff. These networks may be shared with roommates and family members whose own digital security practices may vary widely. Whereas in pre-COVID times these devices were routinely brought back into the government security perimeter where sensors might detect problematic network behaviour, this is obviously no longer the case.
Generally speaking, the communications systems we rely on have rarely been designed with security in mind. Security is either routinely regarded as slowing the speed of innovation or impossible to patch backwards. The consequence is that there is a vast array of unpatched systems that leave persistent vulnerabilities for malicious actors to exploit.
Meanwhile, governments and criminal enterprises have dramatically increased their capabilities to exploit this ecosystem for a variety of purposes. Almost all nation states now have at least some cyber espionage capabilities. There is also a poorly regulated private market for cybersecurity that includes numerous companies that provide off-the-shelf targeted espionage and mass surveillance services. Our own research at Citizen Lab has shown that the market for commercial spyware in particular is prone to abuse and has been linked to targeted killings and the targeting of a Canadian permanent resident. These relationships may well open the door to the same tools being deployed against legislators and their staff in jurisdictions like Canada.
At the best of times, these problems present extraordinary challenges for network defenders, but now parliamentarians and their staff are at even greater risk, and threat actors are capitalizing on this new environment.
In terms of recommendations, I make six, and I'll go through these very quickly.
First, where possible, extend the digital security resources developed for the House of Commons to all Canadians. I think the IT team at the House of Commons will be severely taxed dealing with all the problems I'm describing here. Some measures have been taken already, with CSE helping out. There are ways in which the measures that CSE is undertaking to push threat indicators out to some organizations outside of the government perimeter could be done more widely, but I would urge that they be done in a transparent and accountable way.
The second recommendation is that the Government of Canada should evaluate and issue guidance on work-from-home best practices, including those for video conferencing applications. This should include recommendations for scenarios on the use of some applications for specific purposes but not others, and I assume that we'll get into that in the question and answer session. Some of that has been done already by the cyber centre, but these are dated and largely insufficient for the task at hand.
The third recommendation is to support independent research on digital security and the promotion of secure communication tools. At a time when we're depending on technological systems, there should be more high-quality, independent research that scrutinizes these systems for privacy and security risks. To assure Canadians that the networks they depend upon are secure, researchers must have the ability to dig beneath the surface of those systems, including into proprietary algorithms, without fear of reprisal. Presently, researchers can come under legal threat when they conduct this research, to the detriment of everyone's security, so we recommend that the Government of Canada pass legislation that explicitly recognizes a public interest right to engage in security research of this sort.
The fourth recommendation is to implement a vulnerability disclosure process for government agencies, including the House of Commons. These processes establish terms by which researchers can communicate the presence of vulnerabilities in organizations' systems or networks without fearing legal repercussions. I believe Canada should do this as well to mitigate vulnerabilities and make it comfortable for researchers to engage in this type of adversarial research.
The fifth recommendation is to establish a transparent and accountable vulnerabilities equities process. The Communications Security Establishment currently has a process by which it evaluates whether to conceal the presence of computer software vulnerabilities for use in its own intelligence operations or to disclose them to ensure that all devices are made secure. However, CSE is formally alone in making decisions over whether to retain or disclose a vulnerability. We therefore recommend that the Government of Canada broaden the stakeholder institutions that adjudicate whether vulnerabilities are retained or disclosed, especially in light of the enhanced risk that all government workers face when working from home. We also recommend that the Government of Canada follow international best practice and release a full vulnerabilities equities process policy, so that residents of Canada can rest assured that CSE and their government will not retain vulnerabilities that could seriously compromise the security of all Canadians.
My last recommendation is to support strong encryption. Given the potential for adversaries to take advantage of poorly secured devices and systems, we recommend that the Government of Canada support the availability of strong encryption so that MPs, their staff and residents of Canada can be assured that the government is not secretly weakening this life-saving and commerce-enabling technology to the detriment of all Canadians and our allies.
Thank you very much.
:
Madam Chair, members of the committee, good evening.
My name is Nathalie Laliberté, and I am Vice-President of Services to Parliament and Interpretation at the Translation Bureau, within the Department of Public Works and Government Services. With me today is my colleague, Matthew Ball, director of interpretation and chief interpreter.
I would like to thank you for this invitation to participate in your work concerning virtual sittings of Parliament.
The Translation Bureau is mandated to provide linguistic services for these sittings, and we are happy to share our views with the committee. I would like to specify, however, that our services do not cover technical support during the sittings.
As you know, under the Translation Bureau Act, we are responsible for providing services to both houses of Parliament and to federal departments and agencies in all matters related to the making and revising of translations from one language into another of documents, and to terminology and interpretation. We provide high-quality linguistic services in the two official languages, indigenous and foreign languages, and sign languages.
The Translation Bureau plays a vital role in implementing the Official Languages Act. This role makes the bureau a key player in communications with the public, the language of work in the public service, and the advancement of English and French in Canadian society.
Since 2017, we have followed a clear vision to guide our future as a centre of excellence in linguistic services for the Government of Canada. Under that vision, we launched major initiatives to increase quality control, modernize our business model and provide the most advanced language tools.
We expanded our capacity to provide services in indigenous languages, and we increased co-operation with the language industry in Canada. We introduced ways to better support our employees, deliver the training they need and take care of their mental health.
We revamped our recruitment processes and created partnerships to support the next generation of language professionals. For instance, we participate in the master of conference interpretation program at the University of Ottawa. We loan equipment and instructors to the university and, in return, we benefit from a pool of highly skilled new interpreters.
[English]
We are applying the same forward-looking approach as we adapt to the COVID-19 pandemic. Since mid-March, as you've seen, we've continued to focus on carrying out our mandate in helping Parliament meet its responsibility concerning the interpretation of proceedings and the translation of documents. That being said, we have the same issue with reduced capacity as the rest of government.
Luckily for us, translation lends itself particularly well to telework, and we've been able to maintain our services while having our translators work from home. As for interpretation, which is the focus of our discussions today, the bureau has been providing this service since 1959. Through the years, we have been successfully maintaining our services through the dedication of our outstanding employees and freelancers.
In this period of pandemic, given the technical requirements of interpretation, interpreters must continue to work on site in Parliament. However, I can assure you that their health is a top priority, and we have carefully applied expert advice to protect them.
We have added portable interpretation booths and installed partitions in existing booths so that there is some separation between interpreters who share the same booth. Interpretation booths are disinfected twice a day. We've provided interpreters with disinfectant wipes so that they can disinfect equipment before and after each assignment. We have loaned tablets to interpreters so that they can consult background information in the booth, without having to handle printed documents. We have reduced the size of teams and applied physical distancing rules to prevent contact between interpreters. We've made parking spaces available to interpreters so that they do not have to use public transit. We're taking into account the circumstances of interpreters who have young children or who must stay at home for other reasons, and we're keeping the lines of communication open with the unions.
You will ask, can an interpreter work from home? We've started to explore this possibility, but remote interpretation poses major challenges.
We use the term “remote interpretation” when one or more participants are not in the same location as the interpreters. In recent years, the increased popularity and accessibility of video conferencing has led to an ever-growing demand for remote interpretation. In response to this demand, the Translation Bureau began conducting its own tests and studying international best practices. However, the sudden onset of the pandemic forced us to step up our efforts, and for the last few weeks we've been actively working on this matter in collaboration with the House administration.
We have determined that certain criteria must be met in order for remote interpretation to work. These include the following: All participants must wear a headset with a microphone to ensure clear sound quality; participants must appear via video conference so that the interpreter can see their facial expressions and clearly communicate the tone of their message; participants must strictly adhere to the rules for speaking and must wait their turn to speak; a technician must be in the room with the interpreters at all times to address any technical issues; the audio feed of the interpretation consoles must have limiters or compressors to prevent acoustic shock; interpreters must be able to do sound checks with the technician and participants before each meeting begins; and, as always, participants who plan to read written statements must provide them in advance to our interpreters.
These criteria are needed to establish the optimal conditions so that interpreters can provide high-quality services in a safe environment. Abiding by these criteria will not completely eliminate the risk of interpretation service interruptions due to the technology used by remote participants, but it will greatly reduce this risk and help ensure the best possible interpretation.
The criteria on sound quality are particularly important, since sound is the cornerstone of interpretation. For example, if the sound quality is poor, an interpreter may mix up the words “symptomatic” and “asymptomatic”, which completely changes the message. Furthermore, poor sound quality puts the interpreter at risk. In the last two years, several health and safety incidents have been reported involving sound issues during teleconferences and video conferences.
Regarding the human resources required to provide interpretation at virtual sittings, the Translation Bureau will augment its team of interpreters. Variation in sound quality means that interpreters have to concentrate harder, which means they have to work shorter shifts. This means that we need to assign more interpreters per sitting. However, we will make every effort to meet this need.
[Translation]
Madam Chair, members of the committee, our mission is clear: we are here to serve Parliament, and we are doing our best to respond to the call. We are committed to pursuing our collaboration with the House administration and all our partners to help ensure that a virtual Parliament runs smoothly.
The Translation Bureau is proud to be able to help Parliament continue its essential work during this crisis, and we are proud to help the Government of Canada share the information Canadians need to stay healthy and up to date on what is happening in English, French, American Sign Language and Quebec Sign Language.
I would like to specifically commend our official language and sign language interpreters for the incredible work they are doing every day at the various press conferences. This crisis has shone a spotlight on their excellent work, and we are grateful for their dedication.
To close, I would like to thank the interpreters at this meeting. In addition, thank you to all the employees who work behind the scenes to make important meetings like this one possible, despite the difficult circumstances we find ourselves in. I would like to extend a special thank you to our invaluable partners at the House multimedia service and the committees directorate. I am sure you appreciate their efforts and expertise as much as I do.
Lastly, thank you, Madam Chair and members of the committee, for your attention and your interest in our services. Mr. Ball and I would be happy to answer your questions.
:
Thank you, Madam Chair.
I am pleased to be here today.
[English]
My name is John Weigelt. I'm the national technology officer for Microsoft in Canada.
I've had the privilege of working with the federal government for my over 30-year career in trustworthy computing, starting in uniform in the Royal Canadian Air Force, in the Treasury Board Secretariat as a public servant, and now as CTO at Microsoft Canada.
I'm grateful for the opportunity to appear before this esteemed committee and its members today as you discuss how technology can support the continuation of the Parliament of Canada during this unprecedented time. My remarks will focus on a thoughtful and deliberate approach to using technology to support virtual parliamentary activities, with privacy and security as the foundation.
You may ask yourself why we're focusing on security, as parliamentary proceedings are public and do not contain sensitive information. Microsoft believes that security must be the foundation of everything you do with technology, regardless of whether it's publicly available or involves sensitive material. Security protects against unwanted intrusions causing disruptions or introducing cyber-threats.
First, I'll give you some background.
Microsoft has a long history here in Canada. Since the establishment of Microsoft Canada in 1985, Microsoft's presence has grown to include 10 regional offices around the country, which employ more than 2,300 people. At our Microsoft Vancouver development centre, over 700 employees are developing products that are used around the world. Cutting-edge research on artificial intelligence is also being conducted by Ph.D.s and engineers at Microsoft Research Montreal.
These unprecedented times have forced every person in the world to adapt and dramatically change all aspects of their lives: how they work, how they learn and how they interact. We are proud to have enabled remote learning for students and educators. Virtual health visits are allowing for the delivery of health care while protecting patients and health care workers, and Microsoft technologies are empowering millions of Canadian workers in all sectors of the economy to work remotely during this COVID crisis. In fact, today over 100,000 federal public servants are now working remotely using Microsoft Teams, and this number is growing every day.
Today's technology and video conferencing capabilities are built on what we call cloud services. A cloud is information technology infrastructure upon which these virtual activities rely, and the safety and reliability of this cloud are key. Microsoft has been a long-standing partner of the Government of Canada, supporting the development of a thoughtful and deliberate approach through policy, guidance and standards for the government's adoption of cloud services. This strong partnership has enabled the rapid deployment of technology tools in response to the COVID crisis.
Our Canadian data centres in Toronto and Quebec City were the first to undergo independent audits and reviews against the government's security standard. As a result, the government certified Microsoft's services to safeguard the Government of Canada's information at the Protected B level. This is the government security classification for sensitive and personal information.
In addition, Microsoft has also worked with leading Canadian privacy experts to conduct a review of these services. We've published and shared this analysis in what is called foundational privacy impact assessments, setting a precedent across the industry. These assessments help public sector organizations of all types across the country understand how Microsoft cloud services, including video conferencing, address their privacy obligations. In addition, we're the only cloud provider that publishes all of our compliance and audit information, as well as the results of our security tests, publicly on our website.
I'm here to tell you that technology exists today to support virtual parliaments in a secure manner. Using our Microsoft Teams platform, we've been supporting parliaments in various jurisdictions. For example, the U.K. House of Lords is currently sitting remotely via Microsoft Teams, as are committees of the Quebec National Assembly. Virtual activities in these jurisdictions have been the result of close collaboration between the various Microsoft teams and the procedural and technical teams of these legislatures. This is new for everybody, and putting in place virtual parliamentary activity has required flexibility and adaptation on everyone's part. It's a mix of technology, process and people.
With over 75 million daily users worldwide, and now having exceeded 2.7 billion meeting minutes in a day, Microsoft Teams provides a robust environment for people to do their best collaborative work. It includes video conferencing and has many of the same features you've come to know with Skype and Skype for Business.
But video conferencing is only the beginning of what Microsoft Teams can do.
While the emphasis in this conversation has been on video conferencing capabilities, this flexible platform offers a broad set of collaboration services that we believe are useful in digitally transforming government and committee meetings. For example, it could facilitate the transfer of meeting minutes, pre-readings and written submissions. While we recognize that this is not a priority in the short term, this should be something that Parliament looks at in the future term. Microsoft Teams has the ability to support this activity in a secure way.
Further embedded in Microsoft Teams are a variety of assistive technologies to support individuals with unique accessibility requirements due to mobility, seeing or hearing challenges. We are pleased that Microsoft Teams is currently in the process of being deployed to each member of Parliament and employees of the House of Commons.
To be clear, security is at the heart of everything we do at Microsoft. We employ over 3,500 security engineers and run the Microsoft security response centre, which operates 24 hours per day, seven days per week, every day of the year. We analyze trillions of events encountered from our global footprint to keep ahead of threats. Since security is a shared responsibility that no single organization can address on its own, we have exceptionally strong connections to the government's cybersecurity team, and we work together to protect both the federal government's cyberspace and Canada's cyberspace.
While the technology does exist to support virtual Parliament, there are still privacy and security considerations despite the public nature of these meetings. For example, in the virtual space, how would you prevent unwanted disruptions by unauthorized individuals? Just imagine for a moment, if you will, that the public galleries are filled with hundreds of unruly spectators. In the physical space, the Sergeant-at-Arms and the Parliamentary Protective Service would ensure that they don't cause unwanted disruptions. How would you put in place similar safeguards in a virtual space to protect the integrity of proceedings? Solving for these security and privacy issues is a matter of correctly configuring privacy and security controls, and also making sure that you have the right security development cycle.
Similarly, individuals should have confidence that the software they deploy on devices, whether it's Windows, their Mac, their iPhone or Android, only does what they expect it to do. Recognizing this as a top priority for customers almost 20 years ago, Microsoft implemented the trustworthy computing initiative. This means that privacy and security are part of every step of the development of our products and services, and follow the privacy-by-design principles, which were invented here in Canada. This is a fundamental commitment that Microsoft makes to its customers.
Microsoft's privacy commitments, which exceed those found in Canada's privacy legislation, provide the confidence that Microsoft will never use customer data for any other purpose than providing the service.
In closing, I fully recognize the complexity of the procedural and technical work associated with examining remote options, and I applaud this committee's very important work and the work of the House of Commons. I have deep respect for the institutions of Parliament, and I am confident that the possibilities technology can offer to support your work in a virtual fashion can enable parliamentary activities to take place in a new and different way, all while maintaining the integrity of the democratic system.
It will be my pleasure to receive your questions. Thank you.
:
Thank you, Madam Chair and members of the committee, for inviting Zoom to participate in this important hearing today.
I firmly believe that the role you play and your decisions on how best to proceed with Parliament in these extraordinary times are truly significant. Ensuring that the House of Commons continues to be productive and operational is more important than ever.
We at Zoom are committed to helping support your efforts and to providing any information you need in advance of your presentation to Parliament on May 15. With millions of people around the world working from home due to COVID-19, video communication companies like Zoom are playing an integral role in ensuring that businesses, hospitals, schools and, importantly, government can continue to collaborate securely and remain operational.
Zoom recognized early on that we were uniquely positioned to help in this time of need, and we felt compelled to act. We feel a tremendous responsibility to our users. In February, we committed to doing everything in our power to support those impacted by COVID-19, and that promise very much continues to date.
By way of background, I have over 40 years of technology experience, most recently as the CIO for KPMG U.S. and the CIO for Blackstone. In December 2017, I retired, and shortly afterwards Zoom invited me to join them as their global CIO. Once I met Eric Yuan, our CEO and founder, and conferred with industry veterans and my peers, I was inspired to join his elite team. Eric, who had 14 years of experience building Webex, and a team of engineers founded Zoom in the U.S. almost 10 years ago, in their mission to build a seamless and frictionless video-first communications platform based on four principles: security, reliability, functionality and cost-effectiveness for their customers.
There were several objectives, most notably the seamless and frictionless experience, intuitive ease of use, the elimination of the “meeting tax”, and doing this agnostically across platforms to enable the energy of the participants to be focused on the substance and not the logistics and operations of the meeting.
Today, Zoom is the leader in modern enterprise video communications. Zoom's sole focus is providing a secure, reliable platform that works seamlessly across devices and is incredibly easy to use. We are proud of what we have accomplished with our users, from individual subscribers to the world's largest global enterprises, which is reflected in our customer satisfaction in the 90-plus percentile.
There is a reason people say, “Zoom, it just works.” In light of COVID-19, usage of Zoom has ballooned in recent months. We have grown from 10 million daily meeting participants as of December 2019, to over 300 million per day in April, with incredible service reliability. We are proud to be doing our part to keep people connected and organizations working during the pandemic.
As part of this effort, we opened up the platform to new types of users, such as offering free video conferencing to primary and secondary schools around the world. To date, over 100,000 schools in 25 countries have used Zoom's free services to stay connected to their students during this pandemic. We have also served numerous government customers for years, and in the current environment, with COVID-19, our service has become more essential than ever to ensure that governments around the world can continue to function during the difficult days ahead.
For example, in the U.K., we are proud to be helping MPs fulfill their parliamentary duties. They have successfully rolled out a hybrid Parliament with a maximum of 50 lawmakers physically in the debating chamber and another 120 permitted to join via Zoom.
In Canada, we are humbled to have been selected to support the House of Commons. We have worked very closely with Soufiane Ben Moussa, the CTO of the House of Commons, to ensure that we are providing Zoom's trademark ease of use coupled with training on Zoom's leading security features, as well as technical support to meet specifications such as enabling simultaneous channels for English and French.
We have always been a leader in innovating at speed and scale, and are equally committed to doing that with respect to privacy and security. In its current form, Zoom unequivocally delivers a safe and secure virtual meeting environment when used with the appropriate safeguards to protect meetings. As sophisticated organizations across the globe do exhaustive security reviews of our user network and data centre layers, they continue to confidently select Zoom for complete deployment. In fact, we have seen a surge in this regard recently.
To echo the words of our CEO, our chief concern is ensuring that the safety, privacy and security of our platform is worthy of the trust our users have put in us. As such, and in light of new use cases and public attention on Zoom, we have made a number of changes across the platform. We have wasted no time in executing the 90-day plan we announced on April 1 to better identify, address and fix issues proactively. A summary of our plan, including all of the actions we committed to, can be found in the briefing materials we submitted.
A couple of examples include that we enacted a feature freeze and shifted all of our engineering resources to focus on trust, safety, security and privacy. We also launched an industry agnostic CISO council, in partnership with leading CISOs, to facilitate an ongoing dialogue regarding security and privacy best practices.
Most recently, we announced robust security enhancements with the general availability of Zoom 5.0, which, among other key features, adds support for AES-256 GCM encryption across Zoom's infrastructure. This increased level of encryption enables Zoom to provide industry-leading protection for meeting data and resistance against tampering and unauthorized access. Zoom's security features, which have previously been accessed throughout the meeting menus, are now at hosts' fingertips. They are grouped together and easily found by clicking the security icon in the meeting menu bar on the host's interface.
With regard to data routing there are several facts that I would like to share. The Zoom platform only collects information necessary to provide the service. Where all meeting participants are using the Zoom client, all meeting data—audio, video and content—is fully encrypted among all participants, and it is never encrypted until it reaches a participant's device, including its transit through our data centres. There are exceptions to this, such as a participant joining via a phone line, a cloud recording or other features—for example, streaming to YouTube without encryption being enabled.
Zoom has 17 data centres around the world, one in Toronto and one in Vancouver. We supplement our data centres with cloud providers, which, among other things, are used for authentication, cloud recordings and metrics.
We also understand there are concerns and sensitivities around data travelling to certain countries. We maintain geofencing around China specifically, ensuring that users outside of China do not have their meeting data routed through China. We are aware of recent reports suggesting that a small fraction of non-China meetings were inadvertently routed through Chinese servers. Zoom investigated this issue and has ensured that it will never happen again.
To provide additional comfort and control for our users, we recently added a feature that enables paid Zoom customers to customize which data centre regions their account can use for real-time meeting traffic. We also enhanced the Zoom administration dashboard to show additional transparency on data routing.
With respect to privacy, Zoom does not and has never sold user data; does not monitor meetings or their contents; and complies with all applicable privacy laws, rules and regulations in the jurisdictions within which it operates. Zoom has fully implemented compliance programs designed to meet the requirements of the Canadian data protection regulations, including the Personal Information Protection and Electronics Document Act.
:
Thank you, Madam Chair.
I have a comment and, then, a question. I'll be switching languages.
Ms. Laliberté and Mr. Ball, I'm certain that I speak for my fellow members when I say thank you. We appreciate the services you provide to the House of Commons every single day.
I'm from New Brunswick, Canada's only bilingual province, so please know that both official languages mean a lot to me. From the bottom of my heart, thank you for the work you do.
[English]
Mr. Moseley, yesterday I realized there is a new verb out there called “zooming”; we've been doing an awful lot of zooming lately.
I'm wondering if you would be able to tell us what steps Zoom is taking to protect our personal data. We've heard a lot of about that in our first session today.
Also, could you talk to us about what steps you are taking to protect our privacy?
The clock says 8:31.
Ms. Normandin, Ms. Blaney, I really want to give you the time but they're telling me they need to clear the room.
Is it okay if we call this meeting to a close today?
Perhaps we can work something out for tomorrow's meeting. I know there won't be the same witnesses, of course, but...
That is the end of the meeting. There are a couple of housekeeping things to do. I'm going to flag them today because we don't have enough time and we can discuss them tomorrow if needed.
The next meeting is on April 30 and the first panel will be other parliaments or institutions. The second panel will be procedural, legal and constitutional witnesses.
I also want to remind everybody to start thinking about recommendations for the final report. We will only have about two meetings to discuss the draft report. As much as possible, could we start thinking about that or if there are going to be any dissenting reports?
But we can speak about that tomorrow.
Yes, Ms. Blaney.