Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 15 of 19
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Thank you for being here today, Mr. Flynn.
It's important that we talk about this situation because, as my colleague pointed out, people are worried. It's essential that we find out more about the federal government's capacity to take action and the means we have at our disposal, especially since the committee just wrapped up a study on cybersecurity in the financial sector before Parliament rose in June. I'll touch on some of the things the committee looked at in its study because they pertain to the matter at hand.
I'd like to follow up on some of your answers. First of all, it is rumoured that personal data was sold to criminal organizations outside Quebec and Canada. I know you can't comment on this case specifically, but at what point does the RCMP step in to assist the highly competent people at such organizations as the Sûreté du Québec when a case involves a criminal organization operating outside Canada that the RCMP is already monitoring?
View Matthew Dubé Profile
NDP (QC)
Thank you.
You said local police forces, the Sûreté du Québec and the Ontario Provincial Police were very competent when it came to dealing with cybersecurity issues and had significant powers. Does the RCMP have special expertise or information that could help them?
The reason I ask is that the government touted the consolidation of the cybersecurity capacity of the Communications Security Establishment, or CSE, the RCMP and all the other agencies concerned as a way to ensure information was shared and everyone was on the same page. I'll be asking Mr. Boucher, of the Canadian Centre for Cyber Security, about this as well when we hear from him.
Do you engage municipal or provincial police, as the case may be, in the same way?
View Matthew Dubé Profile
NDP (QC)
Thank you. I don't mean to cut you off, but I have a limited amount of time.
When the committee was studying cybersecurity in the financial sector, we talked about the fact that people tend to think of state actors as being the threat. I won't name them, but I'm sure everyone has an idea of the countries that could pose a threat to Canada's cybersecurity.
I realize you can't talk about it, but in this particular case, we are dealing with an individual—an individual who poses a threat because the stolen data can be sold and could end up in the hands of state actors. One of the things the committee heard was that individuals represent the greatest threat. Is that always the case? Does a lone criminal wanting to steal data pose a greater threat than certain countries we would tend to suspect?
View Matthew Dubé Profile
NDP (QC)
I have to cut you off because I'm almost out of time.
Has the presence of organized groups or countries with ill intentions seeking to buy personal data created some sort of marketplace? Do individuals like the alleged perpetrator in this case have an incentive, albeit a malicious one, to steal information and sell it to interested parties? Does the existence of these groups incentivize individuals who have the expertise to do things they wouldn't normally do?
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Mr. Boucher, I didn't get a chance to ask you questions earlier.
My first question is about something your colleague Scott Jones said when he appeared before the committee as part of the other study we've been referring to a lot today. He said it was important that institutions and businesses report data breaches and thefts that affect them.
In its recommendation, the committee remained rather vague. Should it be mandatory to report such breaches to police in order to minimize the impact on the public and catch those responsible?
That brings me to two other questions. They're for you, Mr. Flynn.
Since the information remains online forever, should police treat these threats in the same way they do physical ones? If a murderer or someone else poses a physical threat, I imagine police investigations are conducted with a certain level of urgency. Should the same apply to cyberthreats? Desjardins contacted Quebec provincial police in December, if I'm not mistaken.
My last question is about background checks and ongoing security checks. Given how savvy individuals are these days, should these checks become the norm?
You can have the rest of my time to answer.
View Matthew Dubé Profile
NDP (QC)
Wouldn't it be appropriate to acknowledge that this kind of incident has a lifelong impact on a person and to respond with that in mind?
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Thank you all for taking the time to come here today.
Ms. Boisjoly, I was struck by one point in your reply to Mr. Drouin. You said that a personal data breach does not lead to identity theft. That is basically what brings us here today. Canadians want to avoid identity theft, of course; it’s their main concern. I have some questions about it.
You said that people should report suspicious activities associated with a social insurance number. I am a federal lawmaker and I don’t know what a suspicious activity associated with a social insurance number is. I have never been a victim of fraud, thank heavens, and the same goes for the people around me, touch wood. However, I do know people who have been victims. They find out when they receive a bill for a cellphone they do not have, or for a Canadian Tire credit card that they never applied for. They end up with debts and obligations that are not theirs.
Can you tell me exactly what a suspicious activity associated with a social insurance number is?
View Matthew Dubé Profile
NDP (QC)
I am sorry for interrupting you, but my time is limited and I only have one round.
The suspicious activities or problematic transactions that we may be able to see on our credit card statements can be associated with all kinds of things. It may be someone who has stolen our mail and obtained our address. That is information that is probably easier to obtain. You rightly mentioned that, in terms of the situation we are discussing today, the person has complementary information. In principle, with all the information that has been stolen, that person could easily call Revenue Canada and obtain a new password. If you have someone’s entire file, you have all the information you need.
View Matthew Dubé Profile
NDP (QC)
As for getting a new social insurance number, I have a little difficulty understanding. Basically, the argument is that it becomes complicated for people. In principle, a social insurance number is issued for reasons of efficiency. A unique identifier makes transactions with government agencies easier.
Forgive me if this analogy may not be an exact one. If I see a problem with my credit card today, the bank or the company that issued it is still able to transfer a balance or to link the legitimate transactions on my credit card that has been used fraudulently and the new one it sent to me.
Why would a financial institution be able to do that, while you are not able to say that someone’s social insurance number has been compromised and to give them a new number? A former employer, for example, might have to take care of questions about that person’s pension. Knowing that is the same person, why are you not able to link the previous social insurance number to a new one? You may perhaps have to do some additional checking, given that the number has been compromised. But I am still having a little difficulty understanding why you can’t do it.
View Matthew Dubé Profile
NDP (QC)
I am sorry to interrupt you, but, if I lose my credit card, it does not necessarily mean that it has been stolen. It may have fallen down a sewer somewhere, meaning that it will never be seen or used again. I would still call my bank, Visa or whomever, to ask them to cancel the card. I would still keep checking and I would have some peace of mind, knowing that I am protected.
Why not use the same logic for victims of breaches of personal data, especially ones that are all over the news? To make sure they are protected, people want to dot all the i's and cross all the t's that they can. They change their credit cards and everything, as they do when they lose their wallets. Why not proceed in the same way?
View Matthew Dubé Profile
NDP (QC)
I have less than a minute left.
At the risk of tangling ourselves up in technical details, I would like to understand this better. If an employer wants to use a social insurance number, how does that work? Surely, things come together in some way when you move up the ladder.
I have one final question, which goes back to what Mr. Paul-Hus rightly said.
Let me take Quebec as an example. When there is flooding, police forces and the Government of Quebec hold public consultations on the spot so that people can attend.
Mr. Guénette, I respect what you said, but perhaps advertising campaigns or posts on social media are not enough.
Given the extent of this theft, this breach, have you considered organizing consultations in person in the key places in Québec, the major centres of Longueuil, Montreal and elsewhere?
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Mr. Cormier, Mr. Brun and Mr. Berthiaume, thank you for being here. You're welcome here. I think that you've fully understood our objective, which is to share information to restore the confidence of people who are extremely worried. You said it well. Like you, we're hearing from these people. This is all the more beneficial to us, since we've just completed a study. We've opened the door for members of the next Parliament with respect to cybersecurity in the financial sector. As such, we're particularly interested in this matter.
Since it hasn't been mentioned yet, I'd say that, as Quebec MPs, we're not here to conduct a witch hunt. Based on the number of activities that we're involved in, we can clearly see that Desjardins is a local partner in the community. We want to work together, and I think that your recommendation today reflects that. Thank you very much.
I want to touch on a few points, in the hope that you can answer some questions. I understand the constraints that you're operating under. The first thing is very simple. It seems silly, but it concerns Equifax's French services. A few people have reported difficulties with obtaining services in French. Have you worked with Equifax to ensure that your members, the vast majority of whom are French-speaking, receive service in French?
View Matthew Dubé Profile
NDP (QC)
It's not necessarily specific to what we want to review, and it doesn't fall within the mandate of the committee. However, you'll appreciate that I still wanted to get the facts straight. Thank you.
I want to focus on regulations. We heard a bit about them from the government officials who spoke before you. Are the regulations becoming cumbersome when it comes to achieving your objectives and ensuring the security of your members' data? In your particular situation, you're subject to both Quebec and federal government regulations. Compared to traditional financial institutions and large banks, you're in a somewhat unique situation. You'll forgive me for perhaps not using the correct terminology, but I think that you understand what I mean. Can this different situation cause problems?
Simply put, would it be in our interest to ensure a better alignment between the Quebec government and the federal government requirements, so that you don't need to turn left and right to comply with two different regulatory entities?
View Matthew Dubé Profile
NDP (QC)
Thank you.
It may be more difficult to answer my next question, as the police investigation is still ongoing.
Given the growing cyber security expertise, especially among people who work in that field, do you think it would be appropriate to recommend ongoing background or behaviour checks for employees who have access to sensitive information and can use the information belonging to other users, other employees?
I am not saying that you have failed in that area, but everyone is starting to recognize the existence of people whose expertise is growing. Their expertise is being used, but it can also have more harmful consequences.
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
I have a question that is somewhat similar to what Mr. Graham was saying about Internet and telephone access. Seniors have special needs.
Are we also looking at that?
Results: 1 - 15 of 19 | Page: 1 of 2

1
2
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data