I'd like to thank everybody for coming to the 137th meeting of the Standing Committee on Access to Information, Privacy and Ethics.
Pursuant to Standing Order 108(3)(h)(vii), we continue our study of privacy of digital government services.
Today we have with us, from Waterfront Toronto, Meg Davies, chief development officer; and Kristina Verner, vice-president, innovation, sustainability and prosperity. From the Information Technology Association of Canada, we have André Leduc, vice-president, government relations and policy; and Michael Fekete, partner, technology, national innovation leader, Osler, Hoskin & Harcourt LLP.
First of all, I'd like to give Mr. Angus a second. He wanted to talk about witnesses.
Good afternoon, bonjour
, and thank you for your invitation to speak today. My name is Meg Davis. I am the chief development officer at Waterfront Toronto. With me is Kristina Verner, Waterfront Toronto's vice-president of innovation, sustainability and prosperity. She has worked in the field of intelligent and smart communities for over 20 years. We are pleased to have the opportunity to share with this committee background on Waterfront Toronto and our Quayside project, and the roles and responsibilities of Waterfront Toronto and our innovation funding partner, Sidewalk Labs.
Of particular interest to this committee, we also want to address the policy considerations presented by the Quayside project and Waterfront Toronto's perspective on those matters. Let me assure the committee that Waterfront Toronto is approaching the Quayside project with the full force of the fundamental right to privacy, beyond the strict letter of the law.
For those of you not familiar with Waterfront Toronto, we were created in 2001 by the Government of Canada, the Government of Ontario and the City of Toronto. We were given a mandate to transform 800 hectares of former industrial lands on the shores of Lake Ontario into thriving neighbourhoods that grow our economy and improve the quality of life. I'm proud to say that the revitalization of Toronto's waterfront is the largest urban redevelopment project currently under way in North America, and it is one of the most significant waterfront revitalization efforts ever undertaken in the world.
This unique tri-government model is clearly working. Since Waterfront Toronto's inception, we have helped generate over $10 billion in new private sector investment and create 26 hectares of new public spaces, including award-winning iconic parks such as Canada's Sugar Beach and Corktown Common. This investment helped create over 14,000 full-time years of employment, 5,000 new residential units, about 600 affordable housing units and 1.5 million square feet of commercial office space to date.
As members of this committee are aware, in March 2017, Waterfront Toronto launched an international request for proposals seeking an innovation and funding partner to transform part of the waterfront called Quayside. This innovation and funding partner would help create a plan for the future neighbourhood and address key priorities, including fighting climate change by radically reducing energy consumption and household waste; offering affordable housing to families and single people alike; reducing traffic congestion and improving road safety for drivers, pedestrians and cyclists; and creating jobs and prosperity by serving as a testbed for Canada's clean tech, building materials, and broader innovation-driven sectors.
The goals we set for Quayside are about using innovation and new ideas to deliver a better, more affordable quality of life. Protecting data and privacy are integral to the realization of these goals.
Like you, Waterfront Toronto is committed to ensuring the use of technology to facilitate better services for people, while at the same time absolutely protecting personal privacy.
After a rigorous competitive selection process, Sidewalk Labs was selected as our innovation and funding partner. Their sole job at this point in time is to prepare for our consideration a master innovation and development plan, or MIDP, for Quayside. They are spending up to $50 million of their own money to prepare this plan. As Kristina will elaborate, the plan will be subject to approval, which is contingent upon the protection of privacy as a condition.
Waterfront Toronto has developed a rigorous process to evaluate the MIDP. This evaluation will use subject matter experts and a due diligence panel, and it will seek public input on the MIDP through consultations. The plan will be reviewed by all levels of government and Waterfront Toronto's board of directors. If approved, any MIDP proposals will be subject to all usual federal and provincial regulations, and municipal planning approvals.
To be clear, if the MIDP proposed by Sidewalk Labs does not deliver on these priorities in a manner that is in the public interest, then the proposed plan will not be approved by Waterfront Toronto and will not be implemented.
I'd like now to turn the microphone over to Kristina Verner to discuss our approach to the protection of privacy.
I know that the protection of privacy is top of mind for every member of this committee as it is for Waterfront Toronto and the public we serve, and I appreciate this opportunity.
As Meg just stated, any individual component selected for implementation at Quayside will be subject to all applicable laws from all levels of government. This of course includes Canada's privacy laws.
While Canada's privacy laws, relative to the rest of the world, have proven remarkably effective, we recognize that technology is changing all the time, and this requires Canadian privacy law to evolve. As a result, I want the committee to know that Waterfront Toronto is approaching the Quayside project with an expectation of the protection of the fundamental right of privacy well beyond the strict letter of the law. We know that if this project is going to proceed, it must reflect Canadian values on privacy.
We are guided in this effort by expert committees and advisers, all three levels of government and continuous, ongoing public consultation.
To this end, Waterfront Toronto has established the digital strategy advisory panel to guide us on how to best incorporate data privacy, digital systems and the safe and ethical use of new technologies while ensuring digital inclusion in the next phase of waterfront revitalization, starting with the Quayside project.
The panel is led by Dr. Michael Geist, the Canada research chair in Internet and e-commerce law at the University of Ottawa and a senior fellow at the Centre for International Governance Innovation. I understand that Dr. Geist appeared recently before this committee.
We are also working closely with Chantal Bernier, who spent nearly six years leading the Office of the Privacy Commissioner of Canada, as interim privacy commissioner and as assistant commissioner. She now serves as the national practice lead of privacy and cybersecurity at Dentons. Chantal is here with us today. We also regularly seek insight from former three-term Ontario privacy commissioner Ann Cavoukian.
I would like to specifically outline some of the key commitments that Waterfront Toronto has made to protect privacy in this project.
First, in addition to all existing legislative and regulatory requirements, we are committed to the principles of privacy by design. A plan for Quayside would only be approved if it adheres to these principles.
Second, with respect to the protection of personal information ,there will be no preferential treatment to any Alphabet company, including Google, regarding linking to, sharing or the use of personal data.
Third, data cannot be used for advertising purposes without express positive consent.
Fourth, any personal information will be de-identified at source, unless express consent is knowingly and explicitly given for a specific purpose.
Fifth is minimization of data collection so that only the data needed and identified for a limited and specified purpose would be collected.
Sixth, our commitment is that data collected for the Quayside project will be stored in Canada.
Sidewalk Labs has already committed to abiding by all of these key requirements. We agree with what Ann Cavoukian has often said. We are looking to create a smart city of privacy on Toronto's waterfront and we are firmly committed to working with our government stakeholders to ensure that this is precisely what is delivered.
At this point I'll turn it back to Meg.
Mr. Chair, honourable members of the committee, it's our privilege to be here today to discuss the security and privacy of data and information when delivering digital government services.
The Information Technology Association of Canada, also known as ITAC, represents some 340 member companies, from the very largest multinationals to the smallest SMEs. We are the leading voice of Canada's ICT industry, an industry that includes some 37,000 companies, most of which are small and medium-sized enterprises. The industry generates over 1.5 million jobs, contributes more than $77 billion annually to the GDP, and invests over $4 billion in annual R and D, which is the largest private sector industry contribution to the nation's R and D.
ITAC is appearing before you today in support of its efforts for the development of a robust, competitive, sustainable digital economy and digital government in Canada. In recent years, ITAC has partnered with the federal government in various fora to help modernize the government's IT procurement processes and enhance the government's ability to successfully leverage IT and ICT to improve the delivery of public services.
The committee's study comes at an opportune time. The Government of Canada, as was pointed out by some of your witnesses earlier this week, has an ambitious vision for transforming and providing digital services to Canadians. Addressing security and privacy risks is a prerequisite of this transformation. Canadians expect and deserve digital government services that provide effective security and privacy.
The key question for the committee is how the Government of Canada can both achieve its vision for digital service delivery while also protecting security and privacy. It is ITAC's view that by adopting a balanced approach and by adjusting elements of its current data classification system and security framework, these two objectives are both compatible and interdependent.
I'll now ask Michael Fekete, chair of ITAC's legal committee, and counsel for Microsoft at Osler, to speak.
It's clear that the Government of Canada has recognized the need for a balanced approach. This is reflected in the Government of Canada digital standards, which call for a balanced approach to managing risk and implementing appropriate privacy and security measures. Similarly, the Government of Canada's cloud adoption strategy requires departments and agencies to adopt a structured risk management approach that takes into account the integration of cloud services in their government IT services.
The Government of Canada has adopted a cloud-first strategy. It did that last year. Notably, it was the last of the countries that make up the Five Eyes to do so. The rationale for a cloud-first strategy has been clearly articulated in the government's own white paper on data sovereignty and the public cloud.
The paper indicates that cloud computing represents a significant opportunity to address a number of inherent risks that the government is currently facing. These include: aging IT infrastructure, through which the government's mission critical IT infrastructure is aging and at risk of breaking down; cyber hygiene gaps, whereby the government's inability to quickly identify assets and perform timely patching and remediation of known vulnerabilities leaves it exposed to cyber-threats; the availability of non-cloud solutions—increasingly, industry is providing only public cloud solutions or focusing their development efforts on cloud services, and the on-premises software we've been accustomed to in the past is no longer available in the same way—and of course the government's plan to digitally transform the delivery of government services.
Cyber hygiene in particular is something I want to draw attention to, as there is an increasing recognition that cloud providers often implement and manage better IT security controls than internal IT teams. Cloud providers are investing billions of dollars to address security of data, going well beyond what any customer can do on its own. By enabling state-of-the-art machine learning and AI solutions, cloud providers are protecting customers at machine speed from the latest known and even unknown threats.
Despite the many benefits of cloud services and a cloud-first procurement strategy, it's clear that the Government of Canada is lagging behind other governments in terms of cloud adoption. It's important to recognize that cloud is different, and doing government digitally is different. To be effective, federal digital services need to be redesigned. This requires in many cases a redesigning of existing policies and processes.
New technologies will need to be explored, including artificial intelligence and the Internet of things, to power digital services. These new technologies are available through the cloud. Generally, they aren't available without accessing the cloud.
The other thing to note is that there are international best practices from which important insights can be drawn. By way of example, the United Kingdom's G-Cloud is considered a model for digital government and cloud adoption. Cumulative sales under the G-Cloud framework up to July of last year were over £3.5 billion, with 46% of total sales by value and 69% by volume having been awarded to small and medium-sized enterprises.
The success of the U.K. approach followed deliberate policy changes that supported implementation of the U.K. government's cloud-first policy. These changes included a simplified data classification regime, non-prescriptive security requirements, accountability for decisions to procure bespoke solutions, and a willingness to accept a supplier's contract with a wrapper of government terms.
While each of these changes is important, the first two warrant additional discussion in the context of the committee's deliberations.
The U.K. streamlined its data classifications so that information assets are classified into only three types: official, secret and top secret. Each data type attracts a baseline set of security controls providing appropriate protection against typical threats.
Significantly, U.K. government guidance indicates:
ALL routine public sector business operations and services should be treated as OFFICIAL....
Personal information that is required to be protected under Data Protection legislation or other legislation (e.g. health records)
It's noteworthy that virtually all routine information within the government is treated as official, which is the lowest standard. That includes even sensitive personal information such as health records.
Information classified as official in the United Kingdom constitutes 90% of all U.K. government data. This data is deemed to be suitable for processing in the public cloud and is not subject to geographic limitations on processing. Rather, a risk-managed approach has been adopted, with U.K. government departments and agencies being required to evaluate a cloud service against 14 cloud security principles. These principles serve as a checklist for effective security safeguards without prescribing how a cloud provider needs to demonstrate compliance.
When contrasting the U.K. approach with Canada's, it's clear that the Government of Canada's framework for protecting security and privacy is underpinned by a materially different data classification system and security framework. Canada has nine different data classifications, with personal information—which is typically treated in the U.K. at the lowest level— generally being classified as Protected B.
Once data is classified as protected or higher, specific security and privacy protections set out in Government of Canada policies and directives apply.
For example, data that is classified as Protected B is subject to stringent requirements governing data residency, security clearances and departmental security controls. These requirements are often incompatible with the supply of public cloud solutions.
A cloud service is, by definition, a non-customized shared service that relies upon economies of scale achieved through standardization. To the extent that a government procurement mandates that a service provider satisfy security or privacy requirements that have not already been operationalized, the procurement is on its face incompatible with the supply of a cloud-delivered solution. Because data classifications in Canada are matched with security requirements that are incompatible with cloud services, it is not surprising that cloud adoption within the Government of Canada is lagging behind adoption in the United Kingdom.
The U.K. experience does not display a reckless approach—
The DSAP resignations happened very early in the process of the committee's setting up, before real work had gotten under way and certainly before we had any grist in the mill, if you will, for the committee to begin to think through what the main issues were.
The committee is now very well guided by Dr. Geist's leadership. We have a vice-chair from IBI Group, Charles Finley, who was one of the co-founders of Code for Canada.
We have also just completed a recruitment for new panellists, which had a very warm reception from the communities. We're in the process of selecting three new panellists.
It's unfortunate that we lost some very valuable perspectives when those resignations occurred, but we certainly have extremely valuable contributions that we're having around smart cities. We're still hopeful that we'll be able to engage those individuals in the conversation moving forward.
I don't think the Auditor General actually said there was preferential treatment. She said there was a risk.
Waterfront Toronto conducts its RFP process very independently. It was an independent RFP process governed by Justice Coulter Osborne as our fairness commissioner.
We conducted a pre-RFP process called market sounding, which is very typical for complex RFP processes where we meet with a lot of companies. We met with over 50 companies, most of whom we met with before we ever met with Sidewalk. We had discussions with a lot of other interested parties, etc., beforehand.
The Auditor General also said the process was a bit too short. In fact, it was 159 days. It's the second-longest procurement we've had at Waterfront Toronto. We had six proponents, and three were shortlisted. None of the proponents asked for any additional time. We felt the process was very robust and appropriate for what we were asking for, which was to prepare a plan. There's no transaction of land; there's no development happening. This is just a plan for us to think about.
Thank you, Chair, and thanks to all of you for attending today.
I'd like to pick up on that last point, but before I get to my questions, I just want to do a bit of a scene set recap of the chain of events.
It's not surprising there's a widespread belief that a political fix of sorts has been in for Sidewalk Labs' preferential treatment, since met with Alphabet's former chair Eric Schmidt at the Google Go North summit in 2017. As you've just referenced, Waterfront Toronto chose Sidewalk Labs to develop a data-driven neighbourhood in a process that the Auditor General, I believe, did in fact question as preferential and certainly rushed. John Brodhead, one of the Liberal government's top infrastructure operatives, the 's former chief of staff and a long-time friend of the former PMO principal secretary, was then installed in a senior management position.
Next, after those very notable resignations from Sidewalk Labs' associated panel over the secrecy and privacy issues, we suddenly discovered last week that far from a relatively compact 12-acre digital neighbourhood, Google's plan—or Sidewalk Labs', Alphabet's plan—is for the entire 350 acres of Toronto's Port Lands.
Those leaked documents basically indicated that in return for its investment in the 12 acres, Sidewalk Labs wants a share of all eventual development fees across the dockland, and property taxes on appreciating land values as a result of the Quayside project, apparently in perpetuity.
Do you believe that even after these revelations—of which the Toronto mayor's office, the Toronto council, the premier's office and the cabinet were unaware—the original RFP and the agreement that was subsequently signed are still valid?
If we look back at the RFP, we didn't specifically ask for technology. We really were looking for.... Let me take a quick step back.
Waterfront Toronto's mandate is to bring economic development, private sector investment and innovation all to the waterfront, and to use that as an economic engine. We have the ability to transform the market and have effective leadership of public lands. We don't own all of it; a lot of it's owned by the city. Ten years ago we set a sustainability standard, for example, of LEED gold. People may not know much about that, but it's an international standard of sustainability that a building must meet. There's a whole process that needs to be gone through, and it's third party adjudicated. That was transformational at the time. Ten years ago people said, “You've got to be kidding me,” but we now have development partners, Tridel for example, building LEED platinum on one of our projects without even being asked to do so. That's table stakes now.
The 12 acres at Quayside are owned primarily by Waterfront Toronto. There's a very small portion that the city owns and a small portion that is owned by the private sector. We asked ourselves what we could do with that land that would be different. We have an affordability crisis in Toronto. We are dangerously close to a sustainability crisis in terms of climate change and mobility. The congestion in Toronto is unbearable. It takes me over an hour every day to get to work on the subway. We asked, “What can we do, as a public agency of all three levels of government and with this land that we own, to push the envelope again and really raise the bar on all these elements?”
We put in an RFP for a thinking partner and somebody who might have some money to help us do some research element. When we were looking for the innovation and funding partner.... It is not a development proposal. The intention in the RFP and reflected in the plan development agreement, which is the agreement we have now with Sidewalk, is to come up with these ideas and standards so we can then engage the Toronto community or the international development community to help us build out the Quayside property.
The other thing the RFP and the plan development agreement allow for is thinking at scale. If we wanted to get to carbon neutral or climate positive, what would we have to do to get there? Twelve acres probably isn't going to get you there. You need district energy systems. You need different electric grids. You need transportation systems, etc. What would it take to get to some of these very lofty objectives that Waterfront Toronto set?
The RFP and the plan development agreement allowed the successful proponent to think at scale, to think bigger, to think beyond Quayside, and to come up with some ideas—innovative funding ideas around transit, for example. We have a transit need in the waterfront. We've had one for a very long time. The city has identified it as a priority, but the city has a lot of priorities, so we were looking for innovative opportunities in order to help fund a Waterfront Toronto LRT system.
In fact, I am surprised people think there was some sort of fix in. This is what Waterfront Toronto was set up to do. We ran a process like all the other processes we've run, and we selected an innovative thinking partner, who also agreed to spend $50 million thinking about things and suggesting ideas to us.
The other thing I'd like to say about the fix being in is that we haven't even seen the proposal yet. We've seen little pieces—we've all seen what was in the paper last week—but we don't have a final proposal that brings together all the innovations, the financials, and all of that. We are going to go through an incredibly rigorous evaluation process that will include all of our government partners. Through our intergovernmental steering committee, we will spend a lot of time analyzing that proposal, so we haven't offered anything to anyone. Sidewalk doesn't have rights to land. We haven't transferred any land. Most of those lands are owned by the city. The city will have to be the decider on whether or not there are any property taxes or development charges provided to Sidewalk. All those things are yet to come and will be discussed and debated in the public forum.
My question, on a completely different subject, is for Mr. Leduc.
You represent many companies in the new digital age. Obviously, the Government of Canada has chosen to provide digital services to Canadians. Some countries refuse to use 5G technology from the Chinese company Huawei. Huawei's 5G network is used in Canada. Some Canadians have concerns about this.
Should we follow the example of countries that have banned or are banning this company? If so, why? Are we still safe with this technology? When the data is inside the network, it can be sent elsewhere.
Thank you very much, Chair.
Just to be very clear, I believe that Waterfront Toronto is a wonderful organization with a terrific history, but given the secrecy and the initial statement by Mr. Doctoroff, “give us a city to run”, there is widespread suspicion. In the last week, social media has been alive with it. I've talked to councillors. I've talked to MPPs in the provincial legislature, who are very worried that Waterfront Toronto, a worthy organization with decades of worthy goals for the Toronto waterfront, is being steamrolled by a Google sibling.
The parliamentary secretary may not have been following this committee's work for the past year since the Cambridge Analytica-Facebook-AggregateIQ scandal, but in the testimony that we've taken, we have learned some very serious and, in some cases, very disturbing truths about the data-opolies, including the Google family.
I hope you understand that this is the impression. I understand also.... I don't know if it's true, and I'd like to ask you to speak to this. I'm told that the mood of the staff of Waterfront Toronto and its various internal divisions is not good because of the overwhelming preoccupation of the Sidewalk Labs project. Could you address that? Is that a wrong impression?
First of all, I'm going to let Kristina talk about the sort of accountability framework that will be in place, but I go to work every day excited not just by the Quayside project but also by what we might able to achieve on affordability, sustainability and mobility. Kristina looks after the tech part.
I'm excited to go to work every day. People are very enthusiastic. I know that there are some folks out there who are very concerned about the project. We're concerned about data and privacy, like everybody else, but we're also enthusiastic, and there are a lot of people who come to our public engagement and round tables, etc., and who are enthusiastic and want to see where this might go.
We also have a lot of other projects that we're working on. We have flood protection, which this government has very graciously given us $400 million to do. We're enthusiastic about all those projects as well.
Kristina, did you want to talk about it?
We're doing some work right now, actually, with the MaRS Solutions Lab about civic data trusts, since this had been tabled early on in the Quayside project.
One of the first phases we've looked at is doing a civic data trust primer, so that we can build civic literacy around this concept and people can engage in that conversation, since it is relatively new in the Canadian environment. The board of trade report tabling the notion and the library playing that very critical role is actually quite compelling. Libraries have always played a very vital role as the keeper of the universe of knowledge in cities.
That being said, there are other options. There could be a notion around a sort of post-secondary model, whereby a university or college becomes the Switzerland of data brokerage, if you will, in the community, the municipalities themselves.... I think civic data trusts offer one potential governance model. There are others that we need to look at as well, once we understand more fulsomely what is actually being contemplated for this area.
I have two more questions.
One is with respect to the hypothetical case studies that Sidewalk Labs put in their October 2018 report. One example is pedestrian counters, where Sidewalk Labs consider themselves as submitting an application, the data trust publishes the RDIA and the information presumably is publicly available, but the second case study is actually that of “Startup A”, a small Canadian start-up.
Because the small Canadian start-up requires the ability to monetize given that they're putting money into the project initially, the idea is that they would be able to monetize the data. It would be proprietary for a period of time. Then, says the report, “After a time, the data is made freely and publicly available.”
That makes a certain degree of intuitive sense to me, but then the question I have is: Who decides when that data becomes publicly available? Do you have a view of that as far as it goes or that's all time—