Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 100 of 139
View Steven Guilbeault Profile
Lib. (QC)
Thank you, Mr. Chair.
Mr. Chair, members of the committee, good morning.
I would first like to acknowledge that I am joining you from Montreal, on the traditional territory of the Mohawk and other Haudenosaunee peoples.
Thank you for inviting me to speak to you today. With me, as you said, are Joëlle Montminy, senior assistant deputy minister, cultural affairs, and Pierre-Marc Perreault, acting director, digital citizen initiative.
Like you and many other Canadians, I am concerned by the disturbing rise and spread of hateful, violent and exploitive content online and on social media.
As a legislator and father of four children, I find some of the content of these platforms to be profoundly inhuman.
I am also deeply troubled by the consequences and the echoes of that content in the real world.
The overall benefits of the digital economy and social media are without question. In fact, I published a book, shortly before I took up politics, wherein I talked about the benefits of the digital economy, of artificial intelligence in particular, but also about some unintended negative consequences.
In Canada, more than 9 out of 10 adults use at least one online platform, and since the beginning of the pandemic, online platforms have played an even more important role in our lives.
We use social media platforms like Facebook, Twitter, Instagram and YouTube to stay connected to our families, friends and colleagues. We use them to work, to conduct business, to reach new markets and audiences, to make our voices and opinions heard, and to engage in necessary and vital democratic debate. However, we have also seen how social media can have negative and very harmful impacts.
On a daily basis, there are Internet users who share damaging content, either to spread hate speech, the sexual exploitation of children, terrorist propaganda, or words meant to incite violence.
This content has led and contributed to violent outbursts such as the attack on the Islamic Cultural Centre in Quebec City in 2017, and similar attacks in Christchurch, New Zealand, in 2019.
Canadians and people all over the world have watched these events and others unfold on the news with shock and fear. We all understand the connections between these events and hateful, harmful online discourse. We worry about our own safety and security online. We worry about what our children and our loved ones will be exposed to.
According to a recent poll by the Canadian Race Relations Foundation, an overwhelming 93% of Canadians believe that online hate and racism are a problem, and at least 60% believe that the government has an obligation to prevent the spread of hateful and racist content online.
In addition, the poll revealed that racialized groups in Canada are more than three times more likely to experience racism online than non-racialized Canadians.
Since the beginning of the COVID‑19 pandemic, we have seen a rise in anti-Asian hate speech on the Internet and a steady increase in anti-Semitic rhetoric, further fuelled by recent events.
A June 2020 study by the Institute for Strategic Dialogue found that Canadians use more than 6,600 online services, pages and accounts hosted on various social media platforms to convey ideologies tinged with white supremacism, misogyny or extremism. This type of content wreaks havoc and destroys lives. It is intimidating and undermines constructive exchange. In doing so, it prevents us from having a true democratic debate and undermines free speech.
The facts speak for themselves. We must act, and we must act now. We believe that every person has the right to express themselves and participate in Internet exchanges to the fullest extent possible, without fear and without intimidation or concern for their safety. We believe that the Internet should be an inclusive place where we can safely express ourselves.
Our government is therefore committed to taking concrete steps to address harmful content online, particularly if the content advocates child sexual exploitation, terrorism, violence, hate speech, and non-consensual sharing of intimate images.
In fact, this is one of the priorities outlined in the mandate letter given to me by Prime Minister Justin Trudeau. So we have begun the process to develop legislation that will address the concerns of Canadians.
Over the past few months my office and I have engaged with over 140 stakeholders from both civil society organizations and the digital technology sector regarding this issue. This has included seven round-table discussions. We also spoke with indigenous groups, racialized Canadians, elected provincial officials, municipal officials and our international partners to assess our options and begin to develop a proposed approach.
In addition, given the global nature of the problem, I have hosted a virtual meeting with my counterparts from Australia, Finland, France and Germany—who were part of the multi-stakeholder working group on diversity of content online—to discuss the importance of a healthy digital ecosystem and how to work collectively.
I am also working closely with my colleagues the ministers of Justice, Public Safety, Women and Gender Equality,Diversity and Inclusion and Youthas well asInnovation, Science and Industry to find the best possible solution.
Our collaborative work aims to ensure that Canada's approach is focused on protecting Canadians and continued respect for their rights, including freedom of opinion and expression under the Charter of Rights and Freedoms. The goal is to develop a proposal that establishes an appropriate balance between protecting speech and preventing harm.
Let me be clear. Our objective is not to reduce freedom of expression but to increase it for all users, and to ensure that no voices are being suppressed because of harmful content.
We want to build a society where radicalization, hatred, and violence have no place, where everyone is free to express themselves, where exchanges are not divisive, but an opportunity to connect, understand, and help each other. We are continuing our work and hope to act as quickly and effectively as possible. I sincerely hope that I can count on the committee's support and move forward to build a more transparent, accountable and equitable digital world.
I thank you for your attention and will be happy to answer any questions you may have.
View Charlie Angus Profile
NDP (ON)
Rose Kalemba contacted our committee and asked us to fight for her. At age 14, she was kidnapped, brutally tortured and sexually assaulted, and her videos were posted on Pornhub, downloaded and promoted.
In your view—and I just have to be blunt here because we've talked about some really difficult stuff at our committee so I hope you don't find me being too blunt—would you believe that the posting of those videos represents criminal acts?
View Steven Guilbeault Profile
Lib. (QC)
As you are well aware, they are criminal acts according to the Canadian Criminal Code, yes.
View Charlie Angus Profile
NDP (ON)
Good, because it has sections 162, 163 and 164, and yet those laws are not being applied.
I need to know why we need a regulator to oversee something that's already under the Criminal Code. The promotion of these videos, according to law, is a criminal act, so why don't we just apply the law?
View Steven Guilbeault Profile
Lib. (QC)
As I said earlier, the challenge that we in Canada, and countries all around the world, are facing is that the tools that we have to deal with these issues in the physical world just aren't adapted to the virtual world. This is why Australia created a new regulatory body to deal with that, and it is why a number of countries either have created or are in the process of creating new regulations, new regulators, or both, to deal with this. It's because the tools we have just aren't adaptable.
View Charlie Angus Profile
NDP (ON)
Are you saying we simply don't need to use the Criminal Code? What surprises me is that internal documents from the RCMP's December 12 briefing note on Pornhub pointed out that your office is going to be taking the lead.
According to those documents, they are not going after Pornhub, so did cabinet tell the RCMP to stand down while you developed this regulator? Why is it that the RCMP are under the impression that you're the lead on this, and that the Canadian laws that exist are not going to be applied?
View Steven Guilbeault Profile
Lib. (QC)
I respectfully disagree with the premise of your question. As I stated earlier, the legislation will address five categories of online harms, which are already criminal according to Canadian law, and which are already criminal activities under the Canadian Criminal Code.
View Charlie Angus Profile
NDP (ON)
I get that. I guess my concern is that you haven't actually come up with legislation. You don't know when this regulator's going to appear, and the RCMP internal notes say your office is taking the lead.
We have survivors who suffered serious crimes and abuse. We have the Criminal Code. I'm wanting to know why your government is saying that it will be the regulator that handles that, as opposed to telling the RCMP and the justice minister to do their job.
View Steven Guilbeault Profile
Lib. (QC)
I think you're misunderstanding what we're trying to do.
There are many reasons we need to create a regulator. One—
View Charlie Angus Profile
NDP (ON)
I don't have a problem with the regulator. What I have a problem with is the fact that we actually have criminal laws in place, and it seems that the RCMP has decided that Pornhub doesn't have to actually follow the law—there's voluntary compliance; your Attorney General says he's not even sure if they're a Montreal company; you're telling us there's going to be some kind of regulator, but you don't have one....
I just have to be honest. Having the minister of culture and communications handle a file about horrific sexual assault videos to me is like asking the minister of transportation to look after human trafficking.
Why is it that the laws of the land are just not being applied? You can go and get a regulator, but why are the laws not being applied?
View Steven Guilbeault Profile
Lib. (QC)
Your analogy would be correct if I were the only one doing this. I'm not.
As I stated in my remarks initially, I am working with the Minister of Public Safety, with the Minister of Justice and with a number of other colleagues. This is a whole-of-government approach. It's not—
View Charlie Angus Profile
NDP (ON)
I know, and they say you're the lead on this. They defer to you.
View Charlie Angus Profile
NDP (ON)
We don't have a regulator. We don't have any action. Again, what do I tell the survivors who are being told, sorry, not much is going to happen but maybe a regulator, and maybe there will be a new CRTC for porn? How long are they going to have to wait before they actually see something?
View Steven Guilbeault Profile
Lib. (QC)
This was in my mandate letter when I was nominated as the Minister of Canadian Heritage. We started right away, despite the most important pandemic we've seen in the last 100 years, doing public consultations, doing the work. Some people may like—
View Steven Guilbeault Profile
Lib. (QC)
I have not personally, but the department and people on my team have, so yes, we have, but it's not something that can be solved overnight. It's a complex issue. As we're seeing all around the world, countries are struggling with this.
Charles DeBarber
View Charles DeBarber Profile
Charles DeBarber
2021-06-07 12:03
Hello. Good afternoon. My name is Charles DeBarber and I'm a senior privacy analyst with Phoenix Advocates and Consultants. My background is U.S. Army cyber-intelligence and cybersecurity.
I began my work with victims of non-consensual pornography, or NCP, in 2015, when I worked for the elite firm Fortalice. As the program manager for open source intelligence, I assisted victims of NCP through our reputation services. Since departing Fortalice in 2018, I have done freelance work on behalf of victims of revenge porn, extortion schemes and cyberstalking, and on purging content for victims of human trafficking. I've written bespoke information guides for clients to help protect their digital privacy and to reduce the chances of their being a target of successful doxing.
My background gives me deep insight into the sources of content on the Internet, and today I want to share with you guys some knowledge about the surface web, deep web and dark web. In addition, I'd like to share some research about the sources of adult NCP on these three layers.
As a disclaimer, I want to be clear that my data regarding NCP is limited in a few ways. First, my data is limited to the 90-plus cases that I've undertaken since 2019. You'll see these are sourced as “PAC Research 2016 to 2021”. I recognize there's a selection bias to that data due to it being from only our casework. Second, much of my information on NCP involving children is largely anecdotal, as I've never produced statistics on it. In addition, the bulk of my work has been with adult victims. Third, I am discussing the concepts of surface web, deep web and dark web and how they relate to the volumes and types of NCP often found on them. This is not to paint any of these layers as good or bad. The dark web has an especially heinous reputation, but remember that there are people who use the dark web to subvert censorship or express their free speech in countries where freedom of speech is very limited.
You'll see in the handout the beautiful iceberg graph that is commonly used to explain the three layers. You have surface web, deep web and dark web. We'll start with the surface web.
The surface web is basically the Internet content indexed by search engines themselves and things you can directly jump to from search engines. It's aggregated web content that can be found with web crawlers, also known as spider bots or spiders. Make note of that, because it is very important for one of the points I'll make later. The surface web is the minority of online content, around 4% to 5%.
What's the deep web? That's the majority of the web, more than 90% of it. It's Internet content that's not part of the surface web and is not indexed in search engines. It's mostly content that is not readily accessible through standard means, such as search engines. As I said, it's the majority of content on the Internet.
Then there's the dark web. It's part of the deep web, but what makes it different is that you have to use encryption software and special software to access it—things like Tor Browser or Freenet or Freegate. It's also used interchangeably with dark net. It can be called both.
NCP comes in many forms. Some of the key forms for adult victims include revenge porn, non-consensual surveillance, human trafficking and data or device breaches. We have the following statistics from our casework. The majority of adult NCP, 73.5% of our cases, was found on the surface web. We believe that the reason for this is that adult NCP pornography easily blends in with amateur pornography. The ease of use and popularity of video- and image-sharing sites on the surface web is the main cause of this.
On top of that, the deep web accounts for about 23.2%. These are often private forums for pirated content, BitTorrent sites, and VoIP and messaging apps like Discord communities. The more compartmented nature of the deep web leads to a lower volume of content that is also less viral.
The dark web accounts for little of our content. Content there, in our experience, includes things that we consider highly illegal, things you would find only on the dark web because they are highly illegal. This could be things like hidden bathroom cam footage, extremely violent content, child pornography and bestiality. NCP blends in with amateur pornography and is readily available on upper layers. There's no reason to go to the dark web for it. Only a minority of Internet users have enough expertise and knowledge of the dark web to use it anyway. The even more compartmentalized nature of the dark web just keeps people off it. This results in more extreme and illegal content being relegated to the dark web.
In our casework, only about 3.3% is dark web content.
There are a few observations I would like to share with the committee. I've removed over 100,000 pieces of NCP content in the last five years. My average client has between 400 to 1,200 pieces of content, and that could be the same picture, video or handful of pictures, but it's shared on many different sites. Viral content itself can be upwards of 6,000 pieces of content and above. Very rarely do I utilize the NCP removal processes created by search engines such as Google or Bing or social media like Facebook, Twitter or Reddit.
I normally use the copyright removal process here in the United States, known as the Digital Millennium Copyright Act. The NCP process often is more complicated and takes longer for victims who have to follow it for every piece of content. Imagine, if you have 400 pieces of content out there, that might be 400 different applications you have to put out. These companies, frankly, respect intellectual property more than victims, because the copyright process is so much easier.
The removal process is costly in both time and resources. I utilize automation, which is not cheap. For a client with more than 400 pieces of content, it would usually cost $2,000 for automated removal and $5,000 for bespoke removal services, and that just mitigates the problem. Victims using it manually require a certain level of understanding of information systems, search engines and web caching, and that is if the victim can find most of the content without using automated aggregators. My junior analysts, some of them with information systems and computer science backgrounds, take up to a month of hands-on work to learn how to effectively purge content. The average victim is expected to have this expertise if they cannot afford professional services. The tools for victims to effectively mitigate their digital footprint of content aren’t readily available.
Great strides have been made to get Silicon Valley to recognize the issue, and I don’t wish to demean those efforts or that recognition. Laws in my home country are now in 48 states and two territories to protect victims of NCP. However, picking up the pieces after NCP floods surface web sites is still an uphill battle. We’ve worked tirelessly so clients can google their name without NCP coming up. One of our clients lives in fear of her 10-year-old using the computer and googling her name. Others have lost job opportunities, housing opportunities and relationships. Many of our clients have contemplated or attempted suicide.
Finally, video upload sites that allow pornography, such as Pornhub or Xvideos, have exacerbated the problem. This is one of the big points I want to make. Content goes viral a lot faster with these sites, and these sites use what is called search engine optimization to flood Google with their content. Even if the content is deleted within 72 hours, it often takes days, frankly, for a victim to even find out that they're a victim. Smaller video upload sites then aggregate this material from search engines and repost it, making this a feedback loop that keeps feeding the search engines and makes it a viral issue.
The issue has become so significant that when a victim’s name is posted in a video title that they're aggregated in and it's then used in search engine keywords for porn sites that don't even have their content, it just becomes a random keyword—their name—and God forbid you have a unique name. Imagine googling your name, and hundreds of porn sites coming up because your name is a keyword empowered by SEO techniques.
We need to find a balance between verification and privacy. That's very easy for me to say, but sites having a reasonable policy for age verification is required. I compliment Pornhub in adopting a verified content policy in late 2020. I'm very angry [Technical difficulty—Editor] and I badly want them held accountable for that, but I want to make sure it's also not so cumbersome that sex workers who are free agents can't operate without reasonable privacy.
Search engines—and this is a key one, and I would recommend you put this forward, or at least encourage them to change their policies—shouldn't allow indexing from adult video image upload sites that do not come from verified accounts. This means that, with verified accounts, the spiders can be turned on so that they can feed into Google, Bing and so on. However, spiders should be turned off on any website where any Joe Schmo can come and upload content, whether it be videos or images. They should be turned off on that content until it is verified. That keeps it from hitting search engines in 72 hours.
Remember, with all NCP, you're really fighting time, and that keeps it from going viral a lot more quickly, quite frankly. It makes the clean-up process significantly better, and it can mitigate it. Furthermore, it would probably protect the intellectual property of other sex workers. As I said, Pornhub and other major tube sites have more or less put NCP into the express lane via SEO techniques.
Finally, the doxing of victims and sex workers is a very serious issue. Despite many of my clients being Jane Does, I can't get Google to delist web pages that post the real names of victims. I wish there was a policy that allowed the delisting of the real names of Jane Does, of sex workers, that exist on sites such as the defunct Porn Wikileaks, which were very dangerous for them and were made for doxing victims.
I'm very open to questions you may have and appreciate your welcoming me today. I'm honoured to be here.
Thank you.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-06-07 12:35
I think this is probably what's mind-boggling to many of us on this committee and probably many Canadians listening. A colleague said to me recently that, somehow, organizations like ag societies and school fundraisers and Legions are put through mountains of paperwork and administration to, say, play certain songs or use certain visual material. Then there are also online sites, say, that sell cannabis or alcohol, or host gambling, and in those two cases the country seems fairly effective at having a set of laws and bylaws and policies and regulations for these organizations [Technical difficulty—Editor] seem to manage to enforce and crack down on all of that being done illegally.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-06-07 12:36
I would just give you the opportunity to expand on any other specific recommendations in terms of both the enforcement and protections to combat the proliferation of child sexual abuse material and other illegal content, while also maintaining free expression, privacy and the right of individuals to have ownership and choice over their own images.
Melissa Lukings
View Melissa Lukings Profile
Melissa Lukings
2021-06-07 12:37
Thank you.
Privacy is very important, and it's also a safety issue in a lot of these situations. I can't provide any specific solutions. I'm not [Technical difficulty—Editor]. I definitely recommend asking Dr. Lashkari about that.
In terms of law, we need to remember the foundations of law, so what is the Privacy Act based on? What are the rights and freedoms that Canadians hold as important? Our rights to freedom of expression, freedom of association and all these things need to be considered when we're implementing new technology and new standards for technology.
As for specifics, that wouldn't be my area. I would be more like poking holes in why those things aren't private enough.
View Matthew Green Profile
NDP (ON)
We've heard lots of discussion around the prevalence of CERB fraud, and yet we hear Mr. Brouillard talk about 50,000 identities stored in the dark web. Have there been any early indications or cross-reference between information that was taken through these breaches and potential fraudulent applications for the CERB?
View Matthew Green Profile
NDP (ON)
Before that happens, Mr. Chair, can I just ask Mr. Jones if something like that would be in his purview before it's passed along?
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:15
We're really talking about two different things, Mr. Chair. I think there's the number of data breaches that have happened. The Privacy Commissioner of Canada, in our national cyber-threat assessment where we highlight this, said that 28 million Canadians last year had their information taken. That information has then been reused to target the Government of Canada. By reusing passwords, for example, somebody was able to log in.
We're not talking about information that was taken from the government. It was taken from other data breaches, but people reuse things. Our security questions are the same. What's your favourite colour? What school did you go to, etc.? That's the information these criminals have stolen, and because passwords are horrible and we all have too many of them, we tend to reuse them. A lot of Canadians reuse them, and so those were able be reused. That's what credential stuffing is. Really, we're talking about information from other data breaches then turned and used against the Government of Canada. But Marc, maybe—
View Matthew Green Profile
NDP (ON)
I do say this respectfully, because it's not often that we have a member from the Communications Security Establishment before us. This is why I'm trying to get the most out of this intervention, because I don't know when you may be back.
Is there a scenario—this is for my own edification—where the information that might have been obtained through the CRA's vulnerabilities could then have been used to re-access fraudulent CERB applications? Maybe I'm oversimplifying it or conflating it.
I'd love to hear from you, Mr. Jones.
Scott Jones
View Scott Jones Profile
Scott Jones
2021-05-31 16:16
I think that would be a pretty unlikely scenario, to be frank, because that wasn't what we saw happening here. We saw Canadians being impersonated in this activity where they were using their legitimate credentials, so essentially logging in as them. I think that's kind of my overall response to this, but Marc might be able to tell you more.
View Joël Lightbound Profile
Lib. (QC)
Have you seen an acceleration as a result of the pandemic? I think that this was noted in your report.
People are spending more time online, and there are more conspiracy theories, for example.
Has this affected radicalization and the rate?
View David McGuinty Profile
Lib. (ON)
For each of the five topics that we covered in the report, we tried to provide, at the end of a chapter, an analysis of what has happened since the COVID-19 pandemic and the impact on the five areas.
In that analysis, we know there has been a decrease in mass gatherings. We know there has been a closure of public spaces and limits on travel. These things may have had a bearing on driving activity further online.
This is something the RCMP is examining. They believe it could result in people looking for advice or information over the Internet and accessing what we call extremist echo chambers. We believe that COVID-19, more social isolation and more financial hardship during the restrictions have likely put more of this type of IMVE and incel activity online.
View Greg Fergus Profile
Lib. (QC)
I'd like to thank the witnesses for being with us.
As I'm sure you've noticed, this is a very thorny issue that deeply affects all members of Parliament who have participated in these meetings. Before I put my question to the two ministers, I'd like to raise a few points.
Mr. Lametti, you said that we have a very powerful law, but that a few things need to be strengthened to better reflect the international nature of cybercrime, if I can use that term, because the actions of MindGeek and Pornhub are indeed criminal. The problem is the location of their computer servers.
I can also note that despite the fact that a willingness to act seems to transcend partisanship, the official opposition voted against increased funding for the RCMP to combat the scourge of online child pornography. That said, I know that the members here are acting in good faith and that they want to do the right thing now.
Mr. Lametti and Mr. Blair, what do you need, both in terms of resources and improvements to the legislative framework, to address these crimes in a way that takes into account their international nature due to the nature of the Internet?
What other tools and funding are needed to properly prosecute these people and bring justice to the victims of these crimes?
View Bill Blair Profile
Lib. (ON)
Thank you very much, Mr. Fergus, for what is a very important question.
As you've already indicated, we do supply funding to the RCMP to run the National Child Exploitation Crime Centre, which has a number of significant responsibilities, including the investigation of these predators to gather the evidence to bring them to court and to prosecute them. It also has the purpose of identifying and rescuing victims on the international front.
Because of the nature of online harms generally, and certainly of this most terrible crime, there is a very significant international component. That's why, in the five-country ministerial meetings that I have attended for each the last three years, the focus in each of those meetings has been on online child sexual [Technical difficulty—Editor] and implementation of principles to guide industry efforts to combat online crimes and child sexual exploitation.
In addition, we are part of an initiative called the WePROTECT Global Alliance, which is a movement dedicated to national and global action to end sexual exploitation of children online. It includes like-minded states, NGOs and civil society organizations.
Finally, Mr. Fergus, I would point out that the RCMP actually chairs a group called the Virtual Global Taskforce on child exploitation. This is an international law enforcement alliance that is engaged in intelligence sharing, data sharing and dealing with this issue globally. I think it is a demonstration of both Canada's commitment and the RCMP's global leadership on this critically important issue.
View David Lametti Profile
Lib. (QC)
Mr. Fergus, I would just add that we're working with other countries on mutual legal assistance treaties to facilitate the exchange of information between our police forces, multilateral conventions on cybercrime, as well as bilateral agreements with countries such as the United States, for example, to facilitate the exchange of information in a context where it needs to be done quickly.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2021-04-12 12:15
Thanks, Chair.
I have some questions for you, Commissioner Lucki. I have been looking at the website for the various child sexual exploitation units in the RCMP. I would also just note the recent reporting by the director of Cybertip, who says that in 2020 his [Technical difficulty—Editor] spike over April, May and June [Technical difficulty—Editor] youth who had been sexually exploited and reports of people trying to sexually abuse children.
I wonder if you could confirm that cases of child sexual exploitation online have increased during the past year. In that context, could you also shed some light on exactly what the support and resources were that the public safety minister says he offered when he reached out to the RCMP after members of Parliament and victims spoke out on this travesty last year?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-04-12 12:16
Thank you so much for that question.
COVID-19 especially has had a heightened risk to children, as offenders have taken advantage of the fact that children are spending more time online and are often unsupervised. Since the onset of the pandemic, the centre has seen increased online activity related to online child sexual exploitation. From March to May 2020, the centre has recorded an approximately 36% increase in reports of suspected online child exploitation, attributed in part to the increase in viral media and a tangible increase in self-exploitation cases.
We also anticipate more reporting of child exploitation offences, both online and off-line, when the pandemic-related restrictions are slowly lifted and the children have access to trusted adults once again—their teachers, caregivers and community support services. It was largely limited at the onset of the pandemic, likely preventing children from reporting abuse to trusted adults outside of their homes, which is such a crucial part.
In terms of your question with regard to Minister Blair reaching out to the RCMP, whenever a huge...for example, when this arose about the increase in child exploitation, we're always having a conversation about the things we can do to prevent them. Obviously, we're looking at legislation and we're looking at the mandatory reporting act. We spoke about resources. We spoke about technology. We've talked about things within the acts and how that could improve law enforcement and how we could better reach out to law enforcement.
View Bill Blair Profile
Lib. (ON)
Thank you very much, Mr. Chair. I'll accept your remarks with respect to charm, but I'm afraid, with respect to looks, it's contrary to the evidence before us.
I'd like to thank the committee for the invitation today, and I'm pleased to present the 2021 supplementary estimates (C) and the 2021-22 main estimates for the public safety portfolio.
I'm very ably joined today by a number of my colleagues. Respectfully, in the interest of time, I will not introduce them, but I'd like to take the opportunity to acknowledge that, during these incredibly difficult and challenging times over the past year, they've all stepped up to the plate. They've been working diligently to keep our borders, communities and correctional institutions safe as well as to protect our national security.
Today, Mr. Chair, I believe these estimates reflect that work.
I'll go through the supplementary estimates (C) for 2021 in order to present these items chronologically. The approval of these estimates will result in funding approvals of $11.1 billion for the public safety portfolio, and that represents an increase of 3.3% over total authorities provided to date. I will briefly share some of the highlights here as they relate to how we manage our critical services during the pandemic.
The first is $135.8 million for the Correctional Service of Canada for critical operating requirements related to COVID-19.
The second is $35 million for Public Safety Canada, to support the urgent relief efforts of the Canadian Red Cross during the pandemic. Mr. Chair, as you know, the many volunteers and staff of the Canadian Red Cross have been there to support Canadians from the outset of this pandemic, including at long-term care homes right across the country.
I would ask this committee to join me in thanking them for all their service and for providing help where it was needed most. I’ll also note that this funding is in addition to the $35 million of vote 5 funding to Public Safety from Health Canada to support rapid response capacity testing being deployed to fill gaps in surge and targeted activities, including remote and isolated communities.
Included in these supplementary estimates is funding to enhance the integrity of our borders and asylum system while also modernizing the agency’s security screening system. This funding will ensure that security screening results are made available at the earliest opportunity under a reformed system.
I'd like to take this opportunity to highlight that CBSA employees have done a remarkable job in keeping our borders safe in response to COVID-19. I'd like to take the opportunity as well to thank them for their continued hard work in keeping Canadians safe.
We're also working through these supplementary estimates to increase funding to end violence against indigenous women and girls and to provide essential mental health services.
For the RCMP, we are investing significant funds through both the supplementary and main estimates to support improvements to the federal policing investigative capacity by bolstering its capability with additional policing professionals, investigators and scientists. This will be used to deal with federal policing initiatives, which include responding to money laundering, cybercrime such as child sexual exploitation, and national security such as responding to terrorism and foreign-influenced hostile activities.
Mr. Chair, if I may, I'll turn to the 2021-22 main estimates. The public safety portfolio, as a whole, is requesting a total of approximately $10 billion for this fiscal year. As I’ve previously noted, the portfolio funding has remained stable over the last few years. I will endeavour to break down the numbers by organization.
Public Safety Canada is seeking a total of $1.1 billion in the main estimates. This represents an increase of $329.9 million, or 45.5%, over the previous year. The bulk of this increase is due to the grants and contributions regarding the disaster financial assistance arrangements program, or DFAA. It’s an increase in funding based upon forecasts from provinces and territories for expected disbursements under the DFAA for this fiscal year. This represents a critical part of my portfolio as minister of Public Safety and Emergency Preparedness.
In these main estimates, increases also include $15 million for incremental funding to take action against gun and gang violence. As this committee knows, I introduced Bill C-21 in the House not very long ago, a bill designed to protect Canadians from firearm violence and to fulfill our promise of strengthening gun control.
Mr. Chair, I know that this committee will have the chance to review that legislation at some future date, and I look forward to discussing it with them at that time.
I want to focus on a number of ongoing issues and our responses to them, starting with Correctional Service of Canada, which is seeking $2.8 billion this fiscal year, which represents an increase of $239.8 million or 9.4% over the previous year. This net increase is primarily due to a net increase in operating funding, which includes an increase for transforming federal corrections as a result of the passage of the former Bill C-83, which introduced the new structured intervention unit model.
That bill represents a major change in the way our correctional institutions operate, and recent reports have been clear that more work must be done. Funding is just one part of the solution. With the creation of data teams, efforts to replicate best practices nationally and enhanced support from independent, external decision-makers, I am confident we will deliver on this transformational promise.
I want to again acknowledge the troubling findings that were made in the Bastarache report, which I know this committee has examined and reviewed with concern. We are seeking funds to establish the independent centre for harassment resolution. This will be responsible for implementing the full resolution process, including conflict management, investigations and decision-making.
Mr. Chair, we know more work needs to be done. I'd like to conclude by noting the importance of our oversight agencies. You will see in the main estimates that we are seeking to increase funding for the Office of the Correctional Investigator, the CRCC and the ERC, the latter by close to 100%.
With that, Mr. Chair, I thank you and the members of the committee for your patience as I delivered my opening remarks. I'm happy to answer questions that members may have about these estimates and the collective work of our portfolio.
View Pierre Paul-Hus Profile
CPC (QC)
How many officers do you have in Canada dedicated to online crime?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-03-11 18:42
In national security in total, we have 600 resources, and that covers the entire gamut of the types of investigations we do. Of course, each and every one of those investigations touches on the cyber portion of the investigations, but they aren't specific to cybercrime specifically.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Mr. Chair.
Ms. Lucki, in March 2020, you mentioned in your report that you did not have enough resources for terrorism, foreign interference and cybercrime.
If we set terrorism aside, do you have the same problem with foreign interference and cybercrime a year later?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
Yes, we are constantly working on foreign interference. It's one of our priorities.
In the national security programme, we have the primary responsibility for investigations of that nature, and obviously we work with our domestic and international partners to investigate those illegal activities where such foreign interference is suspected. We also work with our security and intelligence partners to detect and disrupt the interference activity of these foreign actors. This type of activity can manifest itself in different ways.
View Pierre Paul-Hus Profile
CPC (QC)
Resources were a problem for you. Have you obtained additional resources, or are you at the same point as in 2020?
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
We have not increased our resources in this area.
Brenda Lucki
View Brenda Lucki Profile
Brenda Lucki
2021-02-25 20:00
But in the federal policing program we have the flexibility that if such a file raises itself.... For example, when we had the terrorist file in Kingston, we were able—and that's the beauty of the RCMP—to move the experts into the area from across Canada and get those specialized resources into that area to investigate those files.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:32
Thank you very much for that, Mr. Chair.
Good afternoon, committee members.
Thank you for the invitation to appear today to discuss cybersecurity and specifically the “National Cyber Threat Assessment 2020” report released on November 18.
As the head of the Canadian Centre for Cyber Security at the Communications Security Establishment, I am very pleased to be here. CSE is Canada's foreign intelligence agency and lead technical and operational agency for cybersecurity. As was mentioned, I have appeared here a few times before.
Created in 2018, the cyber centre is a unified source of expert advice, guidance and support on cybersecurity operational matters. We work closely with other government agencies, industry partners and the public to improve cybersecurity for Canadians and to make Canada more resilient against cyber-threats.
Our goal with the national cyber-threat assessment is not to frighten Canadians or to be downers, but rather to inform all of us about the threats we will be facing in the coming years. I hope it spurs many of us to take simple actions to protect ourselves. We have seen that easy, simple actions can greatly increase our individual security.
Canada is one of the most connected countries in the world, which the NCTA highlights, and the COVID-19 pandemic has accelerated our reliance on the Internet to meet basic needs. We are increasingly leading our lives online, and at the same time threat actors continue to pursue new ways to use the Internet for malicious purposes. While this assessment does not provide specific mitigation advice, more guidance and best practices can be found on the cyber centre's website and through our “Get Cyber Safe” public awareness campaign. As I've said before, by taking even a single action, all Canadians can help shape and sustain our nation's cyber-resilience.
For those Canadians who would like to learn more, we have also published an updated “An Introduction to the Cyber Threat Environment”, which I will confess I may slip and call the “cyber primer”, in which we explain many of the terms and techniques used in cybersecurity.
The assessment analyzes cyber-trends since 2018 and draws upon the cyber centre's unique view of the cyber-threat environment to forecast those trends to around 2022. The assessment also highlights the most relevant cyber-threats to Canadian individuals and organizations.
Before I discuss those threats further, though, I would note that the assessment's findings are based on reporting from multiple classified and unclassified sources, including those related to CSE's foreign intelligence mandate. While the cyber centre must protect classified sources and methods, we have tried to provide readers with as much information as possible, including footnotes.
I'll now provide a brief breakdown of the cyber centre's key findings regarding the cyber-threat landscape. Broadly, these can be grouped into three key observations for our discussion today.
The NCTA 2020 highlights several key observations.
First, cybercrime is the threat most likely to impact Canadians now and in the years ahead, and cybercriminals often succeed because they exploit human and social behaviours.
Second, ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers.
Finally, while cybercrime is the main threat, state-sponsored cyber-programs of China, Russia, North Korea and Iran pose a strategic threat to Canada.
First, we assessed that cybercrime remains the threat most likely to impact Canadians. Now and in the years ahead Canadian individuals and organizations will continue to face online fraud and attempts to steal personal, financial and corporate information. Cybercriminals often succeed because they exploit deeply rooted human behaviours and social patterns as well as technological vulnerabilities. Unfortunately, as a result of this reality, Canadians are more at risk for cybercrime than ever. This has only increased during the COVID-19 pandemic.
Malicious cyber-actors are able to take advantage of people's heightened levels of fear to lure and encourage victims to visit fake websites, open email attachments and click on links that contain malware. These website emails and links frequently impersonate health organizations or the Government of Canada. Defending Canadians against these threats requires addressing both the technical and social elements of cyber-threat activity.
Second, the ongoing safety of Canadians depends on critical infrastructure as well as consumer and medical goods, many of which are increasingly being connected to the Internet by their manufacturers. However, once connected, these infrastructures and goods are susceptible to cyber-threats, and maintaining their security requires investments over time from manufacturers and owners that can be difficult to sustain.
We have assessed that ransomware directed at Canada will continue to target those large enterprises and critical infrastructure providers. As these entities cannot tolerate sustained disruptions, they are often willing to pay up to millions of dollars to quickly restore their operations. Many Canadian victims will likely continue to give in to ransom demands due to the severe costs of losing business and rebuilding their networks and the potential consequences of refusing payment. The protection of these organizations and networks is crucial to the productivity and competitiveness of Canadian companies, and vital for Canada's national defence.
Finally, state-sponsored actors are very likely attempting to develop cyber-capabilities to disrupt Canadian critical infrastructure to further their goals. However, we judge that it is very unlikely that cyber-threat actors will intentionally seek to disrupt critical infrastructure and cause major damage or loss of life in the absence of international hostilities. Nevertheless, cyber-threat actors may target Canadian critical organizations to collect information, pre-position for future activities, or as a form of intimidation.
While cybercrime is the most likely threat to impact the average Canadian, state-sponsored cyber-programs of China, Russia, North Korea and Iran pose the greatest strategic threat to Canada. We have assessed that state-sponsored actors will almost certainly continue to attempt to steal Canadian intellectual property, proprietary information and, in today's context, information specifically related to COVID-19.
We have also assessed that online foreign influence campaigns are no longer limited to key political events such as election periods. They are now the new normal. Adversaries now look to sustain their influence campaigns across all levels of discourse deemed to be of strategic value. While Canadians are often lower-priority targets for online foreign influence activity, our media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as well.
I want to reassure you that CSE and the cyber centre are working hard to mitigate many of these threats and protect Canadians and their interests through targeted advice and guidance. CSE continues to leverage all aspects of its mandate to help ensure that Canada is protected against threats. Not only is the “National Cyber Threat Assessment” meant to inform Canadians, but it is also setting the priorities for action by the cyber centre on what actions we can take, often with partners in the private sector who are willing to stand up and assist in directly addressing these threats facing each of us.
A key example of this type of partnership is the Canadian Shield initiative from the Canadian Internet Registration Authority, CIRA. CIRA Canadian Shield is a free, protected DNS service that prevents you from connecting to malicious websites that might affect your device or steal your personal information. The service is provided by the Canadian Internet Registration Authority, a not-for-profit agency that manages the “.ca” Internet domain. The service uses threat intelligence from the Canadian Centre for Cyber Security. In simple terms, if someone who is using Canadian Shield clicks on a link that is known to be malicious, they will be stopped from going to that bad site.
CIRA has seen a number of Canadians pick up the use of this tool, although we would certainly like to see it accelerated more. We are just past the six-month mark. We do recommend that all Canadians take advantage of this free service built by Canadians for Canadians and designed to protect Canadians' privacy.
Through targeted advice and guidance, the cyber centre is helping to protect Canadians' cybersecurity interests. We are dedicated to advancing cybersecurity and increasing the confidence of Canadians in the systems they rely on. We hope this report will help raise the bar in terms of awareness of today's cyber-threats. I encourage Canadians who are looking for easy-to-follow tips on cybersecurity, such as our holiday gift guide, to visit our website, GetCyberSafe.gc.ca.
For businesses and large organizations, or if you would like to read more of the publications of the cyber centre, we can be found at cyber.gc.ca.
Thank you again for the opportunity to appear before you virtually today. I'll be pleased to answer any questions you may have.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:40
Thank you, Chair.
Thank you to the witness for being here and for your time, your report and all of your work. It's eye-opening and deeply alarming, so I think we're all glad that you're there.
In your comments and in your report you touched on the cost of foreign hacking to western companies and governments, even to the tune of individual Canadians losing over $43 million to cybercrime fraud in 2019, according to the statistics from the Canadian Anti-Fraud Centre.
Could you explain to us what costs the criminals and the foreign state-sponsored actors who engage in foreign interference in our democracy and society face? I wonder if you have any comments on whether or not they seem to act with relative impunity, without any serious risk of costs to their actions.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:41
Thank you for the question, Mr. Chair, and your comments on the report.
I think there are a few things. If we look at cybercriminals, they very much reply upon an extremely developed ecosystem that relies on things like anonymous financial transactions—Bitcoin and the like. Having online digital currencies really does facilitate that.
In terms of the risk, it's certainly a question that I wish one of my colleagues from the RCMP were here to talk about in terms of prosecutions, but it remains a challenging environment in which you can achieve fraud against a Canadian from remote jurisdictions. As the report points out, there are many jurisdictions in which you will not suffer consequences from local authorities because as long as you don't target their citizens, they're not going to go after you. A bit of a quid pro quo seems to exist, and it certainly has been highlighted in some of the research.
In terms of some of the costs, we do try to impose costs. The government has done a number of attributions to call out state activity that we feel is crossing thresholds and crossing lines. Earlier this year we called out Russia for its activity against vaccine research companies. We have certainly joined our allies a number of times to do that. That was one instance in which we joined in with the United Kingdom and the United States to do that, specifically because it was targeting our areas, but we have, at some points, along with our allies, called out behaviour of each of the four nations I mentioned.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:43
Could you expand on the importance of attribution and exposing their intent? Also, do you have any other comments on possible other options to fight back, such as sanctions or other tools?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:43
The value of attribution is pretty variable. The primary value of being a cyber defender and somebody who is worried about cybersecurity is that it spurs action. When we do an attribution, it tends to get organizations to take seriously the alerts we put out. When we say, “You need to apply this patch; it's important,” people will respond. When we say, “Apply this patch because country X is targeting this sector, ” they pay attention and they do it. It does have an effect domestically in getting the potential victims to take it seriously and to take action.
In terms of the international side, we certainly have not seen a significant change in the actors' behaviour because of it, but it does form norms. That is something that is probably more appropriate for my Global Affairs colleagues to talk about, and they're probably better positioned to talk about some of the things like sanctions and other aspects of foreign policy. I tend to try to stick to the technical and the cybersecurity elements.
View Angelo Iacono Profile
Lib. (QC)
Thank you.
For several years, we have been aware of the illegal activities and transactions that take place on the deep Web. For example, there is drug trafficking, prostitution, arms trafficking and even contract killings.
Can you tell us if we have been able to put in place means to reduce these worrisome activities and track the criminals in question?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 16:35
I think that investigators at the RCMP, or perhaps at the Sûreté du Quebec, for example, might be in a better position to answer about the investigation phase.
One of the risks we see is that the dark web is certainly facilitating cybercriminals and cybercrime tools. There is an entire ecosystem out there where you can go on and say, “I want a tool that's going to allow me to do this.” Let's say you want to target this type of organization, or even a specific organization. They'll bid and tell you what it will cost. You can pay for 24-7 support or you can pay for a custom tool to be developed for you to achieve your goals.
Then there's the organized crime that goes behind all of that. It is a large enterprise out there. It's facilitated by the dark web and anonymous payment systems like Bitcoin and online currencies. One of the key challenges is that the entire system is designed to be anonymous and to not have attribution.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Minister. I will ask representatives of another department.
In your opening statement, you spoke about programs that were put in place quickly in response to the COVID-19 crisis. But this was accompanied in June by the inconvenient fact that the personal information of 5,500 people with a Canada Revenue Agency account had been compromised. Later, we learned that this was 11,200 accounts, some of which were accessible by means of a GCKey, a system that affects 30 departments, and other portals.
We even learned that these figures had quadrupled. According to information that we obtained, almost 50,000 Canadians had their personal information stolen when they were using government sites.
Can you confirm how many people in Canada were victims of identity theft as a result of using programs related to COVID-19 ?
View Joyce Murray Profile
Lib. (BC)
First, I'll say that we have a core responsibility to protect Canadians' information, and I take that very seriously. The government GCKey platform itself was not compromised, but like any large organization, the government's systems are constantly under attack using illegally acquired information and log-ins. We're committed to always responding, and I would like Marc to be able to talk more specifically about the numbers and what—
View Pierre Paul-Hus Profile
CPC (QC)
All right, I will let Mr. Brouillard answer.
I want to know whether 50,000 Canadians were victims of identity theft.
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:08
I can explain the situation to some extent.
The numbers changed as we conducted our investigation. According to the most recent reported figures, there were 9,300 GCKey accounts. This system is part of the identity program for more than 24 departments. The problem occurred more specifically at the CRA, which uses a different system. Of the 14 million CRA accounts, suspicious activities were identified in 48,500 accounts, which were then suspended.
View Pierre Paul-Hus Profile
CPC (QC)
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:09
I can't answer that. It's under investigation by the RCMP.
View Iqra Khalid Profile
Lib. (ON)
Thank you very much, Mr. Chair. I thank all of the witnesses here for your very compelling testimony.
I would like to start by giving Ms. DJ Switch the opportunity to finish her narrative of the events that Ms. Ojigho also highlighted. Ms. Switch, take your time, but I hope that you'll leave me some time to ask some follow-up questions. In your remarks, please also address the Cybercrime Act in Nigeria and its impact on your advocacy in the online space.
Please go ahead, Ms. Switch.
Obianuju Catherine Udeh
View Obianuju Catherine Udeh Profile
Obianuju Catherine Udeh
2020-11-06 13:22
Just to quickly round that up so that I can leave you some time, we were able to hold our ground. Then the military left after a commandant came and we got his name. We just guessed they must have found out there were a lot of people who were watching what was going on. Forty-five or 50 minutes later, the police came and did the same thing, and actually killed people. That's just to wrap it up as quickly as possible.
With regard to cybercrime in Nigeria, if I understand your question, yes, it's a problem. Just as I said when I started speaking, something about Nigerians is that we're very hard-working. We have this survival instinct at every level. There's this desperate need to survive. I'm not excusing that act, because it is criminal, but all I'm saying is something led to something. There's not enough sensitization. There's not enough education for people to understand what they can use their skills for. It's a broad scope. It's something that needs to be addressed, because there are intelligent people in Nigeria who don't use it for anything but criminal things online.
Byron Holland
View Byron Holland Profile
Byron Holland
2020-05-20 15:09
Thank you very much, Madam Chair and honourable members of the committee.
Most people know the Canadian Internet Registration Authority, or CIRA, as the operator of the .ca registry. Our primary mission is the operation of a safe, stable and secure .ca domain space.
CIRA is recognized as a global leader in the domain name industry. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.
To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, since January we have registered over 200,000 .ca domain names. This is aligned with what we are seeing from our peers in Europe and around the world, where COVID-19-related domains make up less than 1% of registrations so far this year. However, it’s also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid19.ca, a campaign to support first responders.
We scrutinize all COVID-19-related domains carefully to ensure that they comply with our rules, particularly Canadian presence requirements, and to ensure that all domains stay Canadian. We are also working with our global domain name community, including organizations like the Council of European National Top-Level Domain Registries, to ensure that we are aligned with the best practices of our peers around the world.
However, it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet, and related threats, is global. While .ca domain names are bound by Canadian law, thousands of other threats come from outside our borders. There are well-established existing tools and processes in place to deal with fraud online and cyber-attacks. If Canadians come across any domain they suspect of being used fraudulently or maliciously, they should contact the Canadian Anti-Fraud Centre or the Canadian Centre for Cyber Security. We work closely with both of those organizations.
When it comes to fraud on the Internet, it is important to remember that hackers love a crisis. While technical solutions form an important barrier to online fraud and cyber-threats, the biggest attack vector is human frailty. Cyber-thieves exploit anxiety, uncertainty and fear to prey on Canadians when they are at their most vulnerable. Unfortunately, the current COVID-19 pandemic provides fertile ground for these criminals.
In this environment, we launched CIRA Canadian Shield. This is a free security and privacy solution for individual Canadians and their families. Working with our partner, the Canadian Centre for Cyber Security, we are already protecting more than 50,000 Canadians with Canadian Shield as they work, learn, teach and socialize while at home during the pandemic. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians. We look forward to the opportunity to protect every Canadian with this free service.
CIRA is helping to protect Canadian hospitals, schools, universities and municipalities through our enterprise cybersecurity service DNS Firewall. It has an install base of more than 1.1 million users, which includes students, teachers, doctors, municipal workers and first responders across Canada.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:15
Good afternoon, Madam Chair and committee members. Thank you for the invitation to appear today, from my dining room, to discuss pandemic-related cyber-fraud.
I am Scott Jones and I am the head of the Canadian Centre for Cyber Security at the Communications Security Establishment. CSE is one of Canada's key intelligence agencies and the country's lead technical authority for cybersecurity. Launched in October 2018, the cyber centre is a relatively new organization, but one with a rich history and over 70 years of cybersecurity experience, having previously functioned under CSE's long-standing IT security mandate. The cyber centre is a unified source of expert advice, guidance, services and support on cybersecurity operational matters, providing Canadian citizens and businesses with a clear and trusted place to turn to for cybersecurity advice.
Specifically, the cyber centre focuses on five main areas. We first inform Canada and Canadians about cybersecurity matters. Second, we protect Canadians' cybersecurity interests through targeted advice, guidance, hands-on assistance and strong collaborative partnerships. Third, we develop and share specialized cyber-defence technologies and tools, resulting in better cybersecurity for all Canadians. Fourth, we defend cyber systems, including government systems, by deploying sophisticated cyber-defence solutions. Fifth, we act as the operational leader and government spokesperson during cybersecurity events.
That point brings me to the specific topic of today's discussion, to speak to you about cybersecurity when it comes to COVID-19. As we noted in the national cyber-threat assessment in 2018, the biggest threat facing Canadians online is cybercrime. I would like to provide the committee with an update on the work that the cyber centre is doing to protect Canadians from cyber-fraud occurring before, during and after the pandemic.
During these uncertain times, cyber-threat actors are attempting to take advantage of Canadians' heightened levels of concern and fears around COVID-19. Many Canadians are naturally feeling fearful and stressed, and those emotional responses can be exploited online. We've seen an increase in reports of malicious actors using COVID-19 in phishing campaigns and malware scams.
COVID has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake sites, open email attachments and click on text messaging links. These websites, emails and links frequently impersonate health organizations and can pretend to be from the Government of Canada, among others. They are trying to spread malware and scam Canadians out of their money or private data.
The cyber centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cybersecurity of Canadian health organizations involved in the national response to the pandemic. I want to reassure you that CSE and the cyber centre are working hard to mitigate these threats and protect Canadians.
I am pleased to share with you the steps we're taking to protect the Government of Canada, systems of importance, and all Canadians from cyber-fraud during these times. We continue to leverage all aspects of our mandate to ensure that Canada is protected against threats and that the Government of Canada has access to information that can help inform decisions on our approach to COVID-19. The cyber centre is working tirelessly to continuously raise public awareness of cyber-threats to Canadian health organizations by proactively issuing cyber-threat alerts and providing tailored advice and guidance to Canadian health organizations, government partners and industry stakeholders.
In addition to our advice and guidance for Canadian organizations, we continue to enhance the Get Cyber Safe campaign to help all Canadians take action to help themselves be safe online. In coordination with industry partners and the international network of cybersecurity organizations, the cyber centre is contributing to the removal of fraudulent sites and other materials used to lure Canadians, including sites impersonating the Government of Canada.
To support programs of importance to the government, we have also continued to monitor and protect important Government of Canada programs against cyber-threats, including the Canada emergency response benefit web application. [Technical difficulty—Editor]
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:20
Members of the committee, good afternoon and thank you for having me today.
My name is Simon Marchand, and I am the chief fraud prevention officer at Nuance Communications Canada. Nuance is an American company with a strong presence in Montreal. It develops technologies that rely on artificial intelligence and voice biometrics for use in fraud prevention, among other things. My specific role is to apply those voice biometric technologies to identity theft prevention. Nuance's products are widely deployed throughout Canada, with most of the big banks and telecommunications carriers using its biometric-based technologies. Nuance also has an extensive international clientele, including major U.S. banks and most of the world's big companies. We develop solutions for law enforcement agencies and government service providers, as well, to help them gather evidence and identify citizens.
I am here today to share with you some of our observations. In my capacity, I'm obviously abreast of all the major scams around the world. I'd like to tell you what we've seen in relation to the COVID-19 pandemic and flag some of the risks that need to be addressed, to help ensure Canada's legislation is equipped to deal with fraud-related issues that may be imminent.
I'll start with some of the internal risks. In response to the COVID-19 pandemic, companies quickly reorganized their operations to accommodate telework. I'm not here to praise or criticize telework, but I will say that it poses real risks, especially in connection with customer service. All customer service representatives who usually work in call centres are now working from home, in an unsupervised environment. Despite having few tools, they now have access to sensitive information about consumers, ranging from information about their assets to information that someone could use to impersonate someone else.
The current socio-economic reality will no doubt put pressure on many households. When it comes to internal fraud, we know that pressure and opportunity are the two basic factors that drive an employee to go against their employer's interests and commit fraud, including stealing information belonging to the organization. Let us not forget that some organizations collect highly sensitive information about Canadians.
These changes in how work is organized raise the possibility of information being stolen and eventually posted on the dark web. That will definitely serve identity thieves well.
Other witnesses have talked about phishing scams, a problem that's already well documented. Sophisticated criminals have adapted to the pandemic and are using COVID-19 as a cover to trick people into providing their information. Some areas have seen a 600% increase in the number of phishing scams involving COVID-19; attachments, links to websites and other methods are being used to lure victims.
Fraudsters will be able to get their hands on vast amounts of consumer information, which they won't use in the next few weeks. Rather, they'll wait six to 18 months before opening up accounts, taking out financial products and acquiring products from telecommunications carriers.
Since banks and telecommunications carriers are federally regulated, lawmakers need to be aware of these risks. Much of the focus is on the company's responsibility to protect the data entrusted to it. I think, though, the focus should be on accountability and the responsibility companies have in relation to the information they use to deliver services. When a bank's system is hacked and client information is stolen, it calls into question the bank's responsibility, which is protecting that information. No one asks about what will happen to the information once it's collected. There's a huge accountability gap.
I would be happy to answer any questions you have on the subject.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:26
I've been alerted to where I was. Thank you. I'm sorry about that. Technology affects us all.
In coordination with our industry partners and the international work of cybersecurity organizations, we have contributed to removing of fraudulent sites, and I talked about the protection of the CERB, the Canadian emergency response benefit.
Cyber-attackers are now looking to exploit teleworking connections because so many people are now working outside of their organization's traditional IT security perimeters. In response, the cyber centre has partnered with the Canadian Internet Registration Authority, or CIRA as you've heard, to create and launch CIRA's Canadian Shield. This is a free DNS firewall service that will provide online privacy and security to Canadians. CIRA has shown tremendous leadership in giving Canadians an option to better protect themselves online, and I thank them for their partnership.
To further protect Canadians, the next important step we've taken is informing Canadians about cybersecurity matters. Through targeted advice and guidance, the cyber centre is helping to protect Canadians' cybersecurity interests. We shared cybersecurity tips on video teleconferencing tools and telework to help inform and educate Canadians about how to stay safe online, particularly while many of us are working from home.
The cyber centre has created a collection of advice and guidance products, many of which are now more relevant than ever. I encourage Canadians to visit our website to learn more about our specific guidelines and best practices that can be applied to protect yourself from cyber threats.
Finally, it is important to note that the Government of Canada has a strong and valuable relationship with our international cyber partners. We regularly share information, which has a significant impact on protecting our respective countries' safety and security. CSE and the cyber centre are working to address cyber threats facing Canadians during these times; however, cybersecurity is everyone's responsibility and will take all of our expertise to protect Canada and Canadians.
Thank you again for the opportunity to appear before you today, and thank you for your patience with technology. I am pleased to answer any questions you may have.
Byron Holland
View Byron Holland Profile
Byron Holland
2020-05-20 15:33
I have changed my mike and headset. Hopefully, that will be better.
Madam Chair, thank you for the opportunity to present yet again. I will start at the beginning, as you've asked, to make sure that the folks who were not able to hear can.
My name is Byron Holland. I'm the president and CEO of the Canadian Internet Registration Authority. Our primary mission is the operation of a safe, stable and secure .ca domain name registry.
We are recognized as a global leader in our space. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.
To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, we've added more than 200,000 .ca domain names since the beginning of the year. This is aligned with what we are seeing from our peers around the world where COVID-19-related domains make up less than 1% of total registrations. However, it is also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid.ca, a campaign to support first responders.
We scrutinize all COVID-19-related domain names carefully to make sure that they comply with our rules, particularly our Canadian presence requirements. We are also working with our global domain name community, including organizations such as the Council of European National Top-Level Domain Registries, to ensure that we are aligned with best global practices.
However, it's important to note that it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet and related threats are truly global. While .ca domains are bound by Canadian law, there are thousands of other threats that come in from outside our borders. There are well-established existing tools and processes in place to deal with online fraud and cyber-attacks. If Canadians come across any domain names that they suspect are being used fraudulently or maliciously, they can contact the Canadian Anti-Fraud Centre or as we've heard, the Canadian Centre for Cyber Security. We work closely with both organizations.
When it comes to fraud on the Internet, it's important to remember that hackers love a good crisis. While technical solutions form an important barrier to online fraud, the biggest attack vector is human frailty, which cyber-thieves exploit. Unfortunately, the current pandemic has provided these criminals with an atmosphere of heightened anxiety in which to operate and has simultaneously forced most Canadians to work, learn, teach and socialize from their home networks and personal devices, most of which are not equipped with enterprise-grade security.
It is in this environment that we've launched CIRA Canadian Shield, a free security and privacy solution for all Canadians and their families. We've done this, as you heard, in partnership with the Canadian Centre for Cyber Security. We currently protect more than 50,000 Canadians, with a growing user base. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians, and we look forward to providing the opportunity to protect every Canadian with this free service.
We also help protect Canada's hospitals, schools, universities and municipalities through our enterprise cybersecurity service, CIRA's DNS Firewall. We have more than 1.1 million users, who include students, teachers, doctors, municipal workers and first responders across Canada. We are providing this service free of charge to all Canadian health care facilities and small businesses until September, hopefully when this crisis will be starting to recede.
Finally, the most important factor in protecting Canadians from fraud on the Internet is knowledge. Much like how your parents taught you to look both ways when crossing the street, Canadians need street smarts on the Internet to be able to identify fraud, fake news, misinformation and scams. The best way to do that is through awareness and education.
At CIRA, we have partnered with Beauceron Security, a great New Brunswick success story, to launch CIRA cybersecurity awareness training, a platform that provides education, benchmarking and ongoing testing to ensure employees have the most up-to-date cybersecurity street smarts. We have also launched a free cybersecurity course, Cybersecurity for Remote Workers, to help the thousands of Canadians now working from home to keep themselves and their organizations safe from cyber threats.
Everything I've mentioned so far represents elements of Canada's leadership, innovation and expertise in the area of cybersecurity. However, as Canada and the world enter an era when the Internet is proving to be the lifeboat for the global economy, we believe Canada must do more to be a global leader in cybersecurity. We would encourage the Government of Canada to dedicate more funding to cybersecurity research, solutions and platforms to protect Canadians and ensure the security of our digital economy. Only through investment can we ensure Canadians have the education, tools and platforms to protect themselves and their businesses from online fraud and malware.
There is no silver bullet. The threat landscape is constantly evolving, and our cybersecurity awareness and technology must keep pace. At CIRA, we're eager to help any way we can.
Thank you for your time.
View Glen Motz Profile
CPC (AB)
Thank you very much, Madam Chair.
Witnesses, thank you for your great introduction to this topic today.
I'm going to focus primarily in this round on Mr. Jones and the Communications Security Establishment.
If I heard you correctly in your opening remarks, as you advise on cyber-related attacks and frauds, you have been advising the government on foreign attacks and areas of cyber-related concerns throughout this COVID pandemic.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:40
Yes, that is correct, absolutely. We continue to advise on all aspects, although the majority of activity we have seen is related to cybercrime.
View Glen Motz Profile
CPC (AB)
When there is a cyber intrusion, do you know off the top whether it's fraud related, cyber espionage, corporate espionage, a random attack or another purpose?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:41
Typically, when there is a report of some type of breach, our first action is to really look at how we can somehow do containment versus some type of attribution, meaning looking for the actor behind it. We always assume that it's the most sophisticated actor possible and that the actor is looking to take information or implement some type of advanced technique, but the fact is that almost every compromise we've seen or every incident we've seen reported is related to cybercrime right now.
We look first to contain, to help the victim make sure they're able to lock down their defences, improve their security, take action to prevent that adversary from spreading throughout their network, then work back from that and engage the right organizations, such as law enforcement, or our partners in the Canadian Security Intelligence Service if it is a foreign actor, and then, of course, CSE's own foreign intelligence mandate as well.
View Glen Motz Profile
CPC (AB)
Right.
Attacks on our front-line health workers could be designed to steal information, to sell personal information or to facilitate fraud. Has CSE been called in to deal with any of these intrusions or attacks on our health care institutions and front-line health care workers since the pandemic began? If so, how many times?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:42
There have been instances of cyber-incidents in health care-related fields, research and development organizations. We've intervened in a small number in terms of responding to the incident and giving advice and guidance.
The majority of our activity, though, has been focused on trying to provide information in advance, alerting to vulnerabilities, for example, that are growing or being announced, so that health care organizations can take proactive action. We really try to get information out about what an actor is doing to protect organizations in advance. We really are trying to be proactive in preventing any breach.
View Glen Motz Profile
CPC (AB)
Good.
Has CSE been called in to deal with any attacks on our own government's research into COVID vaccines?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:43
The Government of Canada defences are something that we have integrated into the ongoing operations. The way the government has been able to layer its defences over the last decade as we've built them out, it really is to proactively stop any malicious activity. There haven't been any breaches of the government, because our defences are layered in such a way that it is heavily protected.
View Glen Motz Profile
CPC (AB)
To reiterate what you just said, we have had attacks but there has been no intrusion, which is good to hear.
What's their intent in these attacks? Is it to take intellectual property or is it to gain economic opportunity? What is your assessment of that?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:44
Our assessment with regard to cybercriminals is that it really is about financial gain. They're looking to see what they can leverage. If you're looking at nation-states, we are seeing that everybody is trying to understand what's happening in the world. This is something that we've become alerted to, that there's a general increase in nation-state interest around these topics.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:45
Then, of course, we've seen that targeting Canadian industry intellectual property has been an ongoing activity.
View Glen Motz Profile
CPC (AB)
You commented that obviously intrusions into research have occurred. Do you recall back in 2014 the cyber-threat that occurred inside the systems of the National Research Council? It resulted in a complete shutdown of their entire network and, in fact, it had to be entirely replaced right down to the wiring. This intrusion is said to have cost in excess of $100 million to remedy. Do you think the motive behind that was fraud as well or some other purpose?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:45
We assessed that the National Research Council breach was very much focused on intellectual property theft.
View Glen Motz Profile
CPC (AB)
You guys were involved in that investigation. Did you also help secure the new network?
View Glen Motz Profile
CPC (AB)
Okay, good.
The government of the day pointed the finger at Chinese-state-sponsored actors. Would that be correct in your assessment?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:46
That was the statement given by the government at the time.
View Majid Jowhari Profile
Lib. (ON)
Okay. Let me move to CSE.
Mr. Jones, I was reviewing the Library of Parliament notes, which indicate that the “effectiveness of CIRA's technology relies on intelligence provided by the Communications Security Establishment's CCCS”. Can you shed some light on the technology you're referring to?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:51
From our perspective, we're one intelligence thread that is fed into CIRA. I'll let our colleagues at CIRA talk about the broader approaches, but our feed comes from our defence of the Government of Canada. As we see attacks or compromises happening, such as, for example, spam emails being sent to us or attempts to defraud the government, etc., we share those indicators regularly with our partners, including CIRA.
In CIRA's case, then, with Canadian Shield, they're able to take those and put those to block, so that even if a Canadian were to click on the link they wouldn't be able to get to the bad or malicious site. That's an advantage. We do that same level of defence on the Government of Canada as well, but that's where we get the information from. It's really from our defence of a coast to coast to coast and global network. We try to feed that into our partners at CIRA to make sure Canadians are protected.
View Sébastien Lemire Profile
BQ (QC)
Thank you, Madam Chair.
I'd like to start by recognizing Mr. Masse's contribution; he's been making us more aware of the issue for quite some time. Thanks to him, it's on our radar and we are learning more about it. As a member of Parliament, I think it's incumbent upon us to act to better protect our constituents.
I'd like to follow up on Mr. Marchand's comments. One thing he mentioned was that, as people's socio-economic conditions worsen, external attacks become much more frequent. He referred to a 600% increase. What's more, he said information that's stolen isn't used immediately; that tends to happen down the road, within approximately 18 months.
Mr. Marchand, you said there was an accountability gap because the current state of affairs makes it easier to open fraudulent accounts and carry on criminal activity. Can you tell us, in concrete terms, how that's problematic and how companies could be held accountable?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:53
Thank you, Mr. Lemire.
To start, I'll provide some clarity around the 600%. It refers to the increase in the number of attacks involving COVID-19 during this very specific period of time, not necessarily to the increase tied to economic factors. Naturally, during times of economic crisis, the number of scams goes up. The percentages vary.
That said, the lack of accountability in federally regulated companies is problematic in that all the current legislation—think of the Personal Information Protection and Electronic Documents Act, for example—forces companies to disclose that they were hacked and data was compromised. In Canada, however, we don't have an overall sense of how many people fall victim to identity theft once their information is stolen. Since banks and telecommunications carriers are federally regulated, they are making crimes involving one another easier to commit. In other words, much of the credibility for an identity is based on the fact that the individual has a cell phone account or bank account. These companies have tremendous amounts of sensitive information at their disposal, so once a hacker gets in, they can commit more and more fraud.
I have over a decade of experience in prevention, and I work with the fraud prevention teams in those companies. I can tell you that a bank's or telecommunications carrier's prevention team is under no obligation to disclose how many fraudulent accounts were opened daily or annually. They don't even have to contact or identify identity theft victims. That means you may have been the victim of identity theft, that your identity may have been used to open an account with a telecommunications carrier, for instance. The team in charge of fraud was able to detect the fraudulent use of a person's identity and reverse the transaction, but it doesn't have to notify the individual, in other words, the consumer. Consumers are completely clueless. No one has any idea when their identity has been used. The person can't take further steps to protect themselves in the future. That lack of accountability prevents the government from taking clear action to regulate the process of identifying or authenticating people who open bank or cell phone accounts.
View Sébastien Lemire Profile
BQ (QC)
Mr. Marchand, I gather that the Canadian Anti-Fraud Centre must be informed of this type of situation, for example.
For a company, what are the advantages and disadvantages of strong accountability when it comes to fraud? We know the advantages and disadvantages for individuals and for the public, but what about for companies?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:56
The primary benefit of accountability is that it gives the government a clear picture of the situation. This makes it possible to determine the exact number of victims and to guide the steps needed to strengthen security measures in banks and telecommunications companies.
This certainly imposes a burden on the companies that must submit reports. However, I don't think that this burden is excessive, since the work has already been done. The data is already known. The data simply needs to be passed on to the legislator, to an organization overseen by the government. This organization could present the data on a broader and more anonymous basis so that the members of Parliament can access the information and know exactly what's happening in Canada.
View Sébastien Lemire Profile
BQ (QC)
I now have a question for Mr. Fortin from the Autorité des marchés financiers.
Mr. Fortin, what do you think of the potential requirement for companies to inform the anti-fraud centre of situations involving fraud?
Jean-François Fortin
View Jean-François Fortin Profile
Jean-François Fortin
2020-05-20 15:57
Thank you for your question, Mr. Lemire.
This issue doesn't necessarily fall within our jurisdiction. We're a law enforcement agency. I would still say that it's a good idea. I don't know what would be legally feasible. I was listening to you speak earlier and I was thinking that the methods used to prevent fraud obviously include education and transparency. This is a key component.
In this type of situation, the question that you asked Mr. Marchand about informing people who have been victims of identity theft or whose information may be used by third parties could be a good way to prevent fraud.
View Sébastien Lemire Profile
BQ (QC)
My last question is for the representative of the Royal Canadian Mounted Police.
Would the requirement for companies to provide much stronger accountability help you with your work, if the legislation were amended, for example?
Eric Slinn
View Eric Slinn Profile
Eric Slinn
2020-05-20 15:58
It's a difficult question to answer. A lot of companies want to protect the integrity of their systems and all that kind of stuff, so they're apprehensive about coming forward sometimes.
View Glen Motz Profile
CPC (AB)
Thank you, Madam Chair.
Mr. Masse, I appreciate that line of questioning. I think it's certainly an issue that we need to get some resolution on in the very near future.
I want to go back to Mr. Jones just for a quick minute before I connect with my friends from the RCMP.
I appreciate your comments that you were involved in this latest collaboration on the vaccine. I'm curious; are these the types of partnerships, the kinds of things we would be worried about in terms of stealing intellectual property and espionage?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 16:06
When we are working with any government department, it is primarily so that they are aware of the possible risks that come with any sort of activity online. The one truism is that no matter what technology you use, it always comes with risks.
We really do try to work proactively to figure out and understand what's happening, so that we can, first of all, understand the activity and make sure our defences are aimed toward that, but also give the advice that we would have so that they can take action to protect themselves.
View Glen Motz Profile
CPC (AB)
During this pandemic, have you invoked a request for proactive measures to stop or mitigate cyber-fraud in Canada?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 16:07
We work with partners around the world, including commercial partners. If we do see, for example, the Government of Canada's websites being impersonated, we ask for those to be taken down.
We'd also work with our law enforcement partners if we thought there was a criminality element to that, of course, and we collaborate closely with the cybercrime coordination unit under the RCMP.
View Glen Motz Profile
CPC (AB)
In your assessment, based on the information you guys are gathering and what you're seeing through this COVID, are doctors, nurses or front-line health care workers a top target of fraud or cyber-attacks during this pandemic?
Guy Paul Larocque
View Guy Paul Larocque Profile
Guy Paul Larocque
2020-05-20 16:10
I'm not sure if we know specifically at the Anti-Fraud Centre if a specific group of people in the population is being targeted. What we see is that fraud typically targets many people. Fraud doesn't have any discrimination. Everybody can be a potential victim at one point in time.
View Tako Van Popta Profile
CPC (BC)
Thank you very much.
My first question will be for Mr. Marchand.
Thank you for your testimony. Thank you for educating us on some of these important statistics.
You told us about increased identity theft associated with so many Canadians who are teleworking, as we are today. I think you mentioned a 600% increase in phishing. Again, thank you for that information. What do we, as legislators, do with that? Do you have any specific advice for what we as legislators can do to help you help Canadians better protect themselves?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 16:16
Thank you for the question.
Perhaps we could look at two tools in the short term. The goal is to provide tools to companies that face these risks. Now that the fraudsters have access to the information, how can we equip banks and telecommunications companies with tools to prevent the fraudsters from successfully attacking them?
The STIR/SHAKEN standards are included in these tools. Of course, in my view, because the Americans will implement these standards quickly, we can expect fraudsters to come north of the border and to take advantage of a gap in Canada's legislation and regulations.
In my opinion, the STIR/SHAKEN standards are an essential tool because fraudsters use scooping to carry out certain types of identity fraud. This isn't just a matter of robocalls, but also a matter of identity theft.
As for the other tool, I think that the rules for identifying customers should be strengthened. Right now, a social insurance number, a driver's licence or a health insurance card is enough to open a bank account or a telephone account. These pieces of identification are outdated. We must start looking at the issue of digital identity and biometric identity.
Several countries have already transitioned to these higher levels of identification. To protect Canadians, we must consider whether some form of more advanced biometric identification should be required to open accounts.
Results: 1 - 100 of 139 | Page: 1 of 2

1
2
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data