:
I'll call this meeting to order. Thank you, everybody, for being here.
Welcome to meeting number 12 of the House of Commons Standing Committee on Government Operations and Estimates.
The committee is meeting today from 2:37 my time, which would be 3:37 eastern time, until 5:37 p.m. We will hear from witnesses as part of the committee's study on the Nuctech security equipment contract and then we will discuss committee business in camera.
To ensure an orderly meeting, I would like to outline a few rules to follow.
Interpretation in this video conference will work very much as in a regular committee meeting. You have the choice at the bottom of your screen to choose “floor”, “English” or “French”, and we would ask you to use the language that you will be speaking.
Before speaking, please wait until I recognize you by name. When you're ready to speak, you can click on the microphone icon to activate your microphone. When you're not speaking, your microphone should be on “mute”.
To raise a point of order during the meeting, committee members should ensure that their microphone is unmuted and say “point of order” to get the chair's attention.
In order to ensure social distancing in the committee room, if you need to speak privately with the clerk or analyst during the meeting, please email them through the committee email address.
For those people who are participating in the committee room, please note that masks are required, unless seated, and when physical distancing is not possible.
We're going to have five minutes of opening remarks from our witnesses. We will go in order. I'll call your names out.
I understand, Mr. Elcock, that you aren't going to be giving a presentation, so we will start with Mr. Charles Burton.
I invite him to make his opening statement.
:
Thank you, Mr. Chair, and good afternoon.
I would like to supplement the evidence this committee heard from civil servants on November 18 by providing information about the relationship between Nuctech and the Chinese Communist Party apparatus that is the regime of the People's Republic of China.
The Nuctech corporate organigram shows the Chinese Communist Party branch and its party secretary, Chen Zhiqiang, at the apex of Nuctech's corporate pyramid. The party branch is at the top. The Nuctech board of directors and senior executive management is therefore subordinate to direction from the Chinese Communist Party.
Indeed, party secretary Chen is also the chairman of Nuctech's board of directors. As a very senior official of the Chinese Communist Party, Mr. Chen is also currently a member of China's National People's Congress. The party secretary is thus the highest ranked and most powerful official at Nuctech.
The Chinese state heavily subsidizes Nuctech and other Chinese hardware and software development and production to make it highly competitive in global markets. That's why they tendered the cheapest bid to us. Like all Chinese state enterprises, Nuctech's raison d'être is not primarily economic profitability; it is also to serve other overall PRC regime purposes.
As was mentioned in the evidence in a previous meeting, China's National Intelligence Law of 2017 compels all Chinese nationals, including those working for Nuctech at home and abroad, to collaborate with agents of the Chinese state on request, to further Chinese state interests by, you know, purloining confidential data and engaging in compromise of infrastructure around the world.
This intelligence law is really just pro forma. In fact, Nuctech's connection to the Chinese party/military state is much more than a master-servant relationship; it's really a symbiotic relationship. What I mean by that is that Nuctech, like all Chinese state enterprises, is fully integrated into the PRC party, state, military and security apparatus because, as party general secretary Xi Jinping has put it, “Party, government, military, civilian, and academic, east, west, south, north and centre, the Party leads everything.”
Just as the Chinese Communist Party does not allow for true civil society or non-government sectors, there are also no industrial enterprises in China existing independently from China's party state. In terms of assessing bids, we have to understand that Nuctech is of a substantive nature utterly different from that of its foreign competitors, those existing in a civil space outside of political institutions.
This is a hugely significant distinction between Nuctech and non-Chinese security equipment concerns. Nuctech's purposes are actually the Chinese Communist Party's purposes for Nuctech. Because of its role as an integral element of the unified Communist Party regime, Nuctech's primary purpose is not to generate profits but to serve the overall interests of the Chinese Communist Party at home and abroad, including China's massive domestic and international intelligence-gathering program.
Nuctech can reciprocally draw on Chinese military and intelligence services to obtain foreign technologies and foreign data to serve its advantage. It's fully supported by the Chinese Communist Party's extensive United Front Work Department operations, coordinated out of the PRC's embassies and consulates abroad.
This is because Nuctech, like all PRC enterprises, is mobilized by the Chinese Communist Party to serve PRC regime geostrategic goals throughout the world. That's why you have the Chinese Communist Party branch party secretary, Chen Zhiqiang, as the highest ranked official of Nuctech.
The key here is to recognize that Nuctech is a function of an integrated party-state-military-civilian-market PRC regime complex whose strategic intent is severely at odds with the interests and values of the liberal democratic west, including Canada.
My conclusion will be very brief.
Canada's country-agnostic approach to procurement, while arguably politically correct, should not be applied to bids from People's Republic of China enterprises, state or otherwise. Because China routinely grossly flouts the norms of the international rules-based order in diplomacy and trade, this country-agnostic approach obscures the realities of Chinese regime enterprises and the threat they pose to Canada's national security. In short, like the Chinese Communist Party, Nuctech cannot be trusted by Canada under any circumstances.
Thank you, Mr. Chair.
:
Ladies and gentlemen, thank you for your invitation. I'll speak in English, but you may ask your questions in the language of your choice.
[English]
There is a written submission that hopefully you have received. I shall have to abstract from that submission. I co-authored that submission intentionally with my colleague, David Skillicorn, from the School of Computing at Queen's University, in order to lend greater heft to the actual security assessment of the technology.
We have long argued that Canada's strategic and policy engagement needs to be far more nuanced to reflect the complexity of a relationship that is evolving rapidly. On some matters China is a partner, on some a competitor and on some an adversary. These three challenges converge on matters of technology, security and procurement.
Our assessment of the security risk is that on the technical side they are moderate and manageable, although there are risks. The broader issue at stake is from a democratic government or procurement perspective of procuring such technology from China, and in particular from state-owned enterprises.
First, as Professor Burton has already pointed out, China is playing the long game and is engaging in predatory market practices in order to undercut other companies. You can find this well documented in a report released last month by the United States Senate Committee on Foreign Relations that goes into substantial detail on Nuctech and other Chinese technology companies and how exactly this works.
On principle, SOEs or partial SOEs from non-democratic regimes should be excluded from Canadian public tendering processes because they're not competing on a level playing field. In other words, this matter of Nuctech should be referred to Canadian competition authorities. In lieu of that referral, I suppose, we're here today having these meetings.
In case there's any doubt about just how arm's length Nuctech is, it was founded in 1997 by the son of former Chinese leader Hu Jintao, which makes him part of the notorious “princelings” of the “red royalty” that are widely despised across China. Doing business with Nuctech is bad for Canada's image, bad for China, and bad for Chinese and our image with the average Chinese.
Second, Canadian companies are precluded from competing for public procurement tenders in China. The principle of reciprocity suggests that companies that are either explicitly excluded from foreign tenders or that structure their markets so that foreign companies cannot compete should not be able to compete for federal public tenders in Canada.
Third, Canada should not be doing government procurement business with a country that engages in hostage diplomacy, bullies Canada and some of its closest allies, spreads blatant false information, engages in large-scale and systematic foreign interference, regularly flouts international laws, including endangering allied warships, and is responsible for large-scale human rights abuses on a scale not seen for decades. Nuctech is complicitous in this regard because its relations in selling equipment to the Xinjiang Public Security Bureau goes back well over a decade, as recently testified on July 20 before the Subcommittee on International Human Rights of the Standing Committee on Foreign Affairs and International Development. Therefore, Canada shouldn't be duplicitous in terms of doing business with a company that then on the other side engages in large-scale human rights abuses, and at the same time criticizing China for how it treats individuals of the Uighur minority in Xinjiang.
Fourth, the 21st century is really about data and technology, and China is doing both to enable and promote digital authoritarianism and undermine democratic values, and to actively compromise and interfere in sovereign decision-making. We are now witnessing this on a daily basis and every successful public tender for Chinese technology in Canada is an accelerant towards this dystopian future.
Ergo, Canada should be banning any Chinese state-owned enterprises, partial SOEs, or companies suspected of receiving undisclosed government subsidies, and all Chinese technology companies from Canadian federal public procurement, including standing offers. In cases where that would be in breach of Canada's international trade or legal obligations, the decision should rest with the minister, who should make that decision public.
Finally, and I conclude on this, this matter is indicative of broader issues that have long plagued federal public procurement in this country, especially on matters of security and defence. I remind the committee of the U.S. Department of Commerce's annual report on most difficult countries for military procurement, for U.S. companies to do procurement for U.S. military assets, and Canada ranks second on that list of countries most difficult to do procurement in.
That is robust outside validation of the dysfunction of procurement with which this committee should be seized. The Government of Canada has an opportunity to learn and leverage the visibility from this near-miss with Nuctech, which manifests the extent to which the broad scale and threat risk of this bilateral relationship continually outstrips the government's current tool kit in governance capacity.
This is an opportunity to realize that instead of fending off the alligator that's closest to the boat, the tool kit that enables these examples is simply not fit for purpose. However, in court we have tools to review investments against national security considerations, such as the ICA, and more are coming with respect to critical infrastructure. If there are no comparable tools in place or even under discussion for national security reviews of research and development partnerships, even for domains under the federal government's agreement, such as the tri council grant funding agencies, associate university research and national labs, such a built-for-purpose tool kit on procurement is long overdue.
:
Thank you. I'll again offer a few opening comments.
On one level, what we're seeing with the Nuctech affair is the kind of disconnect that plagues bureaucracies. I was aware of the risk of disconnect when I served as ambassador to China. We had a dozen different organizations at the embassy, each working directly for managers in Canada. I used to say that my role as ambassador required me to be connector-in-chief. This was essential because failure to connect and to see the bigger picture almost always meant failure at the level of larger Canadian interests.
Some very significant Canadian interests were at risk in the Nuctech affair, and you've heard about some of them already. Briefly, it's not in Canada's interest to advance the global dominance of a Chinese state-owned technology powerhouse, or to create long-term access and partnerships in our system that could make us vulnerable in the future.
Although bureaucratic disconnects happen in normal times, these are not normal times. I was secretary to the independent panel on Canada's future role in Afghanistan, also known as the Manley panel. Canada's mission in Kandahar was failing because the Canadian Forces, Foreign Affairs and CIDA each saw the mission differently.
The very wise people on the panel said that Afghanistan was a once in a decade challenge, one that required new structures and new approaches. We needed a single vision, one that was owned and led by the Prime Minister. We needed to identify achievable objectives, to assign responsibilities clearly, to resource the challenge appropriately and, above all, to see the mission as a Canadian priority, one that transcended specific military, diplomatic or aid objectives.
The panel's focus on process was unorthodox. Ottawa is a town that is in love with policy ideas and bored to tears by policy implementation, by the details of how things actually get done. As the panel pointed out, however, attempting something of national importance without mobilizing and organizing for success is irresponsible, and a dereliction of duty to Canada and Canadians.
Managing the Canadian implications of the rise of China isn't a once in a decade challenge. It's closer to a once in a century challenge, requiring a complete rethinking of foreign and domestic policies.
The Nuctech case is more than a bureaucratic disconnect, more than a performance failure by a government that is more challenged than most when it comes to actually getting things done. The experience offers us a brief worrying glimpse of the state of China competence in a government that has had vivid daily warnings of the extent to which China poses what the Deputy Minister of Global Affairs has referred to as “a strategic challenge to Canada”. However, we've seen no signs of heightened awareness, no sign of increased urgency to identify and better manage anything and everything having to do with China, and no evidence of any effort to galvanize the entire government, all departments and agencies, in an effort of pressing national importance.
This isn't actually a policy problem. It's a problem arising from the absence of policy. The officials you've already heard from were well-intentioned, but they didn't display any real sense of urgency or even much awareness of our China challenge. This isn't their fault. It points to a failure of leadership, a lack of that sense of priority and high-level accountability required to face up to and intelligently manage what may well be a once in a century challenge.
I note that my computer has glitched throughout, so hopefully I will be able to make it through. I believe you have my written testimony, and I would be happy to repeat if required.
Thank you for having me here today. Before I begin, I feel that I should disclose that I worked for the Canadian Security Intelligence Service between 2012 and 2015 as a strategic analyst. I did not, however, specifically work on this file, and my interest in the nature of Canada's relationship with China comes from my own scholarly interests, research and activities.
In that sense, I'm very pleased to be able to speak with the committee today about this important issue. My argument is essentially this: The Nuctech contract is problematic, but not for any of the reasons that have been discussed in the media.
Yes, the scanners are made in China, but so are the computers our embassies use, and the phones and basically all the telecommunications equipment. Also, all the technologies that are made elsewhere probably contain components that are in fact made in China. For better, and quite possibly worse, it is not possible at this time to have technology that is not made in China or with parts that are somehow made in China or sourced from China.
Now, of course there is a risk here, but at the same time it's not clear that banning all this technology is going to make us safe either. Indeed, it's more problematic to suggest that bans on equipment make it safer. By this I mean that China is good at getting the information it wants through a variety of means, and many, if not most, non-Chinese technology firms, particularly in the telecommunications sector, have security flaws and vulnerabilities that can be and most certainly are exploited by malicious actors.
Frankly, there are many ways to spy on Canadian embassies abroad: physical surveillance, phishing attacks, insider threats and exploiting vulnerabilities in software. An X-ray machine in a non-classified area seems to me one of the clumsier ways of trying to do it. In that sense, I feel that the technical threat element has been overstated in the public discourse.
Now, I want to be clear. This does not mean that the Nuctech contract is fine. There are clear problems with it and the procurement process, which this entire matter illustrates.
The first issue is that of state-owned enterprises, or SOEs. I don't think I need to explain to the committee why these are a problem generally, but in this particular case it is worth noting that these are firms that can normally depend on extremely generous support from the state in terms of money or strategic information often gathered through corporate espionage. These advantages give SOEs the ability to undermine any competition. Because they do not have to adhere to the normal business practices, they can bid on contracts at very low prices in order to win, without having to worry about profit or answering to shareholders. In the long term, this can lead to moves that effectively skew the market in certain strategic areas. In this sense, it is clear that some SOEs represent a geo-economic challenge to Canada and western technology firms in their ability to engage in anti-competitive practices. This behaviour should not be rewarded by the federal government.
That relates to a second concern about Canada's procurement practices. It is worth noting that Canada is increasingly developing processes around foreign investment by SOEs generally and has recently tightened restrictions around certain sectors such as health care during the COVID-19 pandemic. However, for some reason, it appears that protective measures around foreign investment do not extend to the federal procurement process.
Based on the testimony provided to this committee on November 18, 2020, by Mr. Scott Harris, vice-president, intelligence and enforcement branch of the Canada Border Services Agency, his organization “leaned into our colleagues at CSE and elsewhere to gather their expertise” on the issue of security threats from Nuctech technology. If this consultative step was taken in the case of CBSA, why is this not standard practice across the federal government? The lack of standardized policies and procedures, where some departments seek security advice and others do not, seems to be a serious problem.
In conclusion, my recommendations are as follows:
First, Canada should have a policy in place where the procurement of goods and services provided by SOEs by any department are given additional formalized and consistent scrutiny to make sure such investments align with Canadian priorities and values. To be sure, all SOEs are different, and some are simply profit motivated. In this sense, a total ban does not make sense. However, it is something to be risk managed in co-operation with Canada's security agencies.
Second, the federal government needs to develop what is often referred to as a “defence in depth” policy when it comes to the procurement and use of technology, particularly as so much of it presently comes from China.
This is a layered security approach, where multiple steps emphasize measures that control physical access, technology controls that limit what adversaries can do should they get access to a system, and fundamentally for the issue before us, administrative measures that ensure the right policies are in place to prevent security breaches.
Bans will likely not solve our problems, but risk management with layered security approaches will likely be more successful in the long run.
Of course, implementing such a policy will be difficult. In our federal system, many different agencies have different slices of the security and procurement pie. CSE is responsible for the technological assessment, CSIS for the geo-economic threat context, PPSC for ensuring the best value for money, etc.
Media reporting has indicated that tensions have emerged in similar exercises by federal departments, such as the investment reviews required by the Investment Canada Act. However, our federal departments and agencies continue to work together on these new security challenges, and they are learning to get along for the greater good. There is no reason why this could not happen in the area of securing procurement for the federal government.
Thank you.
:
With regard to the question of the security threat, there is no question in my mind that the Chinese government seeks capabilities that may be useable if its intent comes later. Capability plus intent is a threat.
In the installation of these very reasonably priced X-ray systems and so on, aside from the concern that CSE raised the last time about USB ports or hard drives inside, there's also just the idea that people who are possibly agents of the Chinese regime would have the opportunity to spend a lot of time in embassy premises—at the door, potentially interfering with the equipment or installing phone chips and that kind of thing—which I think in general the Chinese regime would see an opportunity, in having the ability to access the embassy.
I have heard of a Chinese-installed streetcar system in Britain in which the company found out to their surprise that in fact, on the basis that they needed to service it, the streetcar system was connected to China via a telephone link, which would allow people in the city of Nanjing to stop and start those streetcars remotely.
I think they want that kind of capability, not necessarily because they have the intent to use it immediately, but because there is the potential to make use of this as an opportunity for the Chinese state to realize its geostrategic purposes in the future.
Let me say one other thing. As someone who spent a lot of time in China—I was educated in China—if I went to an embassy and saw that I was being scanned by a Chinese-manufactured machine, I would be quite reluctant to go in, just because of the potential of using sophisticated artificial intelligence and so on to monitor, as we have seen with this kind of equipment as it's used in places such as Xinjiang against the Uighurs.
I think in general we have to be very cautious about any firm that is connected to the Chinese state.
I have the impression that everyone knows this, but that many don't dare to act because of economic considerations.
As Prof. Carvin mentioned, Nuctech's embassy systems are one thing, but the systems we acquire are sometimes made in China. We let them into our government systems. We can leave the private sector out because we're here to talk about the Government of Canada facilities, but I think we're being a little careless.
We noticed a lack of consistency when we met with officials two weeks ago. There is no relationship between the different departments. A Deloitte report, commissioned by Global Affairs Canada, cost us $60,000 per page. All this to get us to give recommendations that will not solve the problem.
What do you think the Government of Canada should do immediately to try to resolve the situation quickly?
:
Yes, I agree absolutely with what Stephanie Carvin has said, that we need to get better procedures in, fully aware of the potential security risk of acquiring Chinese equipment. They bid the lowest price, similar to the way the Chinese firm Huawei was underbidding Ericsson and Nokia to the order of something like 30%.
I think we have to be aware that there is a security threat posed by companies of this nature, which as I said in my opening statement are of a substantive character completely different from that of other companies.
If you look at the difference, a Canadian company like the BlackBerry company could not draw on the resources of CSE to get information about technology being produced by their competitors or to acquire data about bidding and so on, whereas Chinese state firms absolutely have the resources of the state at their disposal, because it's an integrated, unified system.
From that point of view, awareness of this is the key, and proper procedures to ensure that this never happens again would be terrific. I also very much agree with Mr. Mulroney that our government has simply not put enough resources into getting the expertise necessary to fully understand the nature of our engagement with China, which opens up many issues that make it different from our engagement with really any other country in the world.
I would like to also thank all the witnesses. It was quite an informative presentation, which covered the spectrum of points of view and our relationship vis-à-vis China.
The comments that inspired me or raised my eyebrows were those made by Mr. Mulroney. I jotted a number of points down on which I'd like to get some points of view from Mr. Mulroney.
In summary, the way I took it was that there's an absence of policy vis-à-vis China or the broader relationship with China. You talked about centralized leadership, about alignment across many various departments, about mobilization of organizations for success and about a high level of accountability. What stood out was that you indicate there's an absence of policy.
Given that you worked in the embassy and represented Canada, can you share your point of view vis-à-vis the Canadian government's policy toward China over the last 10 to 15 years? We know there's been a shift in their policies. Have our policies aligned themselves with them, and specifically with regard to technology, investment, socioeconomic and foreign affairs policy?
Can you shed some light on this question?
:
I think the first thing to remember is that China is extremely dynamic, and so it's changing. The China of Hu Jintao which was becoming more aggressive and assertive, has been replaced by the China of Xi Jinping, which is extremely aggressive and assertive. To that extent, no, we have not kept up with the changes.
A wise person in Australia once said that while Australia didn't have a China policy, China very definitely has an Australia policy. It very definitely has a Canada policy.
Let me say two things about this issue. One, I don't think it's a procurement issue. I think the real issue is a China issue. Two, we shouldn't underestimate the challenge of galvanizing and bringing the government together.
I'm not as optimistic as Professor Carvin about the ability at the grassroots of people to come together. This takes real leadership. It requires everybody in government to take note and to pause when China comes up anywhere and consult.
It requires a much higher level, a raising of the bar, when it comes to the security standards that we expect of China. This isn't just like buying a computer that may be made in China. This is a long-term relationship with a company, Nuctech, that would be across the board for all of our embassies, whereby China can find the weakest link in that chain of embassies.
By the way, they will find a weak link somewhere. This is larger.
Finally, this isn't just a Canadian problem. We have allies who are in exactly the same boat. This is where our diplomacy should be directed, to be sitting down with the Australians and the New Zealanders, with the Danes and the Swedes and the Brits, to talk about how they're dealing with this issue. I think we would find that there's common cause.
We're a long way behind. I have great faith in our ability to catch up, but it takes high-level will.
Thank you.
My first question is for Dr. Burton.
Dr. Burton, I've had the pleasure of reading a few of your articles, including the one in The Globe and Mail on December 4. It was about the situation between China and Australia. In retaliation, China has imposed huge taxes on barley and wine that have cost Australia billions of dollars.
There are similar situations here, in Canada, such as with Huawei. In addition, Nuctech's contracts with China run until 2023, if I remember correctly.
If Canada puts its foot down, and we stop working in isolation, what could be the consequences—positive or negative—from an economic and national security perspective?
:
Thank you. I think in that regard there is no question the Chinese regime will attempt to pressure us through diplomatic and economic coercion if they feel that will achieve their purposes. We now have the situation of the hostage diplomacy of Michael Kovrig and Michael Spavor, for example. I suspect that when Ms. Meng Wanzhou was given authority by the Chinese Communist Party to transit through Canada, the assumption was that Canada would simply ignore our obligations to the United States under the extradition treaty because there was sufficient knowledge in Ottawa that one should not be detaining Ms. Meng. Now Chinese diplomats say, “Well, the fact that you held her means that you must be punished.” So, even if Ms. Meng is eventually able to return to China under some means, a deferred prosecution agreement or withdrawal of the extradition request or determination by Justice Holmes that the extradition doesn't stand up, we're still going to be punished. The question is whether we respond.
Australia does, I think, over one-third of its external trade with China, so the $20 billion in sanctions that China has imposed on Australia, directly connected to 14 different conditions, damages them much more. They want Australia to seek funding for the Australian Strategic Policy Institute, for example—it has found out a lot of things about Chinese espionage and influence operations—and to agree to Huawei and to stop their press from reporting negatively, and any number of things that the Chinese regime believe that we can achieve.
I think from that point of view we have to be prepared for retaliation, and the only reason this will not happen will be that the Chinese recognize that we will not be bowing to this kind of pressure and making concessions to them because they are pressuring us. Right now, by holding Kovrig and Spavor, they have managed to stop us from getting any response to Huawei 5G. We're not enacting the Magnitsky Act against Chinese officials complicit in genocide in Xinjiang, and we're not upholding our obligation to sign the British joint declaration with regard to people in Hong Kong who will be subject to persecution under what we would regard as the illegal national security law, so from the Chinese point of view, Canada's response is the one that they want.
I think it's the wrong response. I think it's time for us to make it clear to the Chinese regime that we will not be bullied and intimidated. Australia is certainly setting a very good example for us of the right way to go.
:
That's actually a great segue, because I tend to agree that we don't always have to go to Deloitte to tell us things that we ought to know already.
This question, through you, Mr. Chair, is for Mr. Manley. I certainly would agree with my members on this committee that this is a fascinating opportunity here, with people with significant past experience both on the government side and on the China-Canada relations and policy side.
On November 18, Public Services and Procurement Canada confirmed that the department intended to stop doing business with Nuctech, but that “based on the standards, rules and approaches we use or the legislation, I cannot guarantee or tell you that will be the case.”
Mr. Manley, in your experience, what Canadian standards or legislation poses barriers to ending Canada's relationship with Nuctech or other companies it deems to be a security risk?
I think there are things that come up. We see officials, with justification, talking about government procurement and regulations within the WTO, and there may be other contracting issues. With respect, this is sometimes the last refuge of the bureaucracy when it doesn't want to do something important.
As important as the government procurement regulations are in the WTO, regulations which, as Professor Burton has pointed out, China largely ignores, and as important as they are for us—and I get that—our national security is more important. We need to have an understanding within the government that China and dealing with the rise of China is a priority that requires fresh thinking, and that we won't accept as the final word, “Well, there's this government procurement regulation, so we can't do it.” We need to think this through and take more time to think it through.
:
I think that is the overall thrust of the statement that this is a strategic challenge, but the strategic challenge then also needs to understand that, inherently, out of the umbrella remarks that have been made about the geostrategic engagement by China flow definite risks.
The problem is that we often, as Professor Carvin pointed out, start the conversation on the wrong end. We start focusing on the micro risks the particular technology poses rather than the broader macro scale, the macro elements, both in terms of strategic policy orientation as well as how that then is not reflected in adequate procurement practices and in adequate national security vetting that would then forgo having to have the micro conversation about the threats.
Make no mistake. These are real threats. As Professor Burton pointed out, any software ultimately needs to be updated, so the updates in and of themselves pose a significant risk.
This is the part that people don't get about Huawei, where people ask, “How is it that there are no back doors?” Well, there's no back door to date, no compromise today, but you need the back door built in by definition so that you can actually update the software in the actual equipment. Overnight, the hostile actor can embed malicious technology. Look, there's a lot to be learned, for instance, about traffic that comes through the embassy, the types of material and when that traffic comes in at unusual hours and so forth.
:
I think this was backed up by Christian Leuprecht's testimony, in the sense that the risk is fairly moderate. Of course, these devices do have to be updated, and there is the fact that perhaps Chinese individuals would be coming in to fix the equipment. All of these are serious risks, but I suppose the point I was trying to make with that remark is that just because you ban a technology doesn't mean the threat is gone.
I'm concerned in particular with, say, the 5G discussion, in that we talk about banning a technology and we think that's going to make us safer. It may in some ways, but the fact is that all security products have flaws in them. All these vendors have serious issues. Just because they're not Chinese doesn't necessarily mean they're secure.
We need to be doing these tech reviews on all technology, for the reason that we do know that states like China are trying to hack into our embassies and other places. To me, it's not even just the Chinese, even though I think that should be, for reasons of the problems related to SOEs that have been I think well discussed in this particular session.... We need basically all of our technologies reviewed consistently and thoroughly. Clearly, that's not something that's in the procurement right now.
Yes, this is my concern. By focusing on this narrow issue of the X-rays themselves and whether or not they're vulnerable, we overlook the broader issues with regard to malicious action, say by China, against our embassies abroad and against our government, probably as we speak. We're probably being hacked as we speak. This is the reality.
That's what I meant about that specific technical threat being overstated. It's missing so many of the other broader issues that I think this specific committee could be dealing with in regard to broad overarching strategies for procurement.
:
It has to come clearly and unequivocally from the top, and that is the . It's not even just the foreign ministry, because the fact that we have this.... If you listen to the testimony about the procurement, you'll see that even Global Affairs doesn't have the voice and, for a variety of reasons, isn't always listened to. It has to start from the top.
People will say that we can't speak about China because of all the things they've done to us, including holding Michael Kovrig and Michael Spavor. There's a lot of truth to that, but it's also China's objective. By silencing the government, largely, and by keeping the government passive, China.... I've often said that the people who are affected by this aren't the Chinese. The Chinese are very skilled operators. The people who are affected by the silence of the government are Canadian public servants, who continue to pump missions and visits into China and continue to treat procurement as business as usual.
Let me, if I may, just add one observation as someone who has spent a lot of time in Canadian embassies. The reassurance you got that vendors are supervised inside the embassy is something that you should be very skeptical about. I've made it my business to travel around and to see what was happening when service was being done. This is seen as a very boring joe job and it's often given to—and I mean no offence—family members and to kids who are returning from university. When I went through, I saw people looking at their phones and reading magazines.
All China has to do in this relationship that it would establish through Nuctech is find a few weak links, and believe me, they'll find some.
:
The challenge is that we have to get this on time.
Witnesses, I'd like to thank all of you for being here today and for your answers to our multiple questions. It's very tough to answer some of these questions in a short time frame, but we do appreciate your comments.
Again, thank you for being here. You are now welcome to leave.
Committee members, we are ending the public portion of our meeting and we are going in camera.
In order to do that Zoom will end. You will need to go out and come back in on the Zoom attachment that you were given, plus the new code that you were given.
With that I'll suspend the meeting until we are in camera.
[Proceedings continue in camera]