Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 30 of 295
Mathieu D'Anjou
View Mathieu D'Anjou Profile
Mathieu D'Anjou
2020-06-18 15:15
Good afternoon. Thank you for inviting me to appear before you today.
It's clear that the COVID-19 pandemic is having dramatic human consequences around the world and is posing many major challenges for our society. We have already raised some of them. It's a health crisis, first and foremost, but the economic consequences are as dramatic. That's what I'm going to focus on today in order to give you some perspective.
To begin with, I'd like to remind honourable members that Desjardins is the largest co-operative financial group in Canada and that it offers a comprehensive approach to its seven million members and clients, including over 360,000 businesses. Desjardins's strengths in responding to the challenges of the crisis revolve around a democratic proximity governance aligned with the interests of individuals and business people. This allows us to maintain close relationships with our members and clients, especially in Quebec and Ontario, the regions most affected by COVID-19.
A good part of my job at Desjardins involves making economic and financial forecasts. I won't hide the fact that it's particularly difficult at this time, when we're going through a crisis for which it's very difficult to find a historical precedent. It's sometimes compared to the Spanish flu, but it's not a perfect comparison, and that took place about 100 years ago, which is quite a long time ago.
What we're experiencing now is more like a recession in war times or during a natural disaster than a classic recession. Prior to COVID-19, the economic outlook was quite favourable and there was no sign of an impending recession in North America. The unemployment rate in Quebec had even reached an all-time low of 4.5% in February. Two months later, it had jumped to 17%. That's unimaginable in normal times, and it's an all-time high.
From a purely statistical point of view, the magnitude of the current crisis exceeds anything that has been experienced since at least the depression of the 1930s. Between February and April, more than three million jobs were lost across the country and the real GDP declined by more than 17%. The magnitude of these declines is about three times larger than the very serious recession of the early 1980s, which lasted six quarters.
In our opinion, and this is an important message, we must still be very careful when comparing the current crisis to usual recessions, since it is completely different. It's an external shock that doesn't reflect existing financial imbalances or economic problems.
For the time being, the drop in activity and in the number of workers can be explained mainly through the containment measures put in place to stop the spread of COVID-19. We can speak of a desired pause in the economy, which is very different from an uncontrolled meltdown like the one experienced in the United States in 2008, for example. Moreover, this economic pause is accompanied by unprecedented support from the governments to limit the financial consequences for households and businesses. Financial institutions have also contributed by providing important relief measures to ensure that the pause in the economy does not result in a rise in bankruptcies. At the moment, there are none.
At Desjardins, we're proud to have been one of the first institutions to implement these relief measures for our members and clients, and we're determined to maintain our support to help them get through the crisis. To date, we've received close to 950,000 requests for our relief measures, which is huge.
Through the various measures offered, the dramatic fall in activity and employment is not, for the time being, accompanied by a general increase in financial distress. In fact, both in the United States and Canada, household incomes are increasing and savings are rising dramatically. It's very different.
The essential support of central banks in the current crisis must also be acknowledged. By mid-March, the situation was threatening to turn into a cash crisis and a financial crisis. The Federal Reserve and the Bank of Canada, however, acted to ensure the proper functioning of financial markets by injecting massive amounts of cash and even buying riskier assets directly. Today, financial markets are functioning well and cash is abundant. This allows financial institutions to continue to play their role, in particular by providing affordable credit to households and businesses.
In my opinion, it's far too early to say that we are experiencing the worst economic crisis in recent decades and that a depression is inevitable. The drop in GDP around the world will be dramatic this year because of the months of pause we've experienced, but if we manage to reopen over the next few months, the consequences for households and businesses could be quite limited. I'm not saying there won't be any, though.
Our forecast is for a strong rebound in activity over the next few months, but the effects on some sectors will last longer. We expect it will take until 2022 before real GDP returns to pre-crisis levels. That's still a long time. In the short term, a decline in unemployment rates is almost certain if reopening continues. We are already seeing it in Quebec, where the unemployment rate fell in May.
In fact, the question is whether Canada's unemployment rate will return to 10%, 8% or 6% in a few months. Then, we'll have to watch the trend of the economy. I think this will depend on the evolution of the pandemic, the distancing measures and the rebound in household and business confidence.
View John McKay Profile
Lib. (ON)
Folks, we're trying to get back on our timeline here. We are waiting for our other witness, but in the meantime, we will proceed with RCMP captain Mark Flynn.
You will make your presentation, and if the folks from the Communications Security Establishment come, we'll make arrangements for them to speak as well.
The meeting is now public, by the way.
For those who are presenters, the real issue here is that the members wish to ask questions. Therefore, shorter presentations are preferable to longer ones.
With that, Superintendent Flynn, I'll ask you to make your presentation.
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:29
You'll be happy to hear, as I understand the committee was informed, that I won't be making any opening remarks. I am present here today simply to address any questions you may have. As this, on its surface, does relate to an ongoing criminal investigative matter, it would be inappropriate for me to provide details of an investigation, particularly an investigation that is not being undertaken by the RCMP.
I welcome all questions. I am here to provide whatever assistance I can.
View David de Burgh Graham Profile
Lib. (QC)
It's a little harder to ask questions without an opening to work off.
The first question I have is this. If somebody calls the RCMP with a suspicion of data theft complaint, how does the RCMP treat that from the get-go?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:30
That will depend on the jurisdiction where it occurs. In the jurisdiction where we are, the police have jurisdiction, so they have the provincial and municipal responsibility. It would be forwarded to our intake process there, whether it be our telecoms office, the front desk of a detachment or a particular investigative unit that's identified for that.
In cases where we are not the police of jurisdiction, like in Ontario and Quebec where we are the federal police, we will become aware of these instances through our collaboration with our provincial and municipal partners. We will look at the information and determine whether or not there are any connections to other investigations that we have ongoing, and offer our assistance to the police of jurisdiction should they require it, although on many occasions this type of incident is very well handled. We have very competent provincial and municipal police forces that are able to handle these on their own.
View David de Burgh Graham Profile
Lib. (QC)
At what point does something become federal? If something is provincial jurisdiction but affects multiple provinces, does each province have to deal with it separately or is the RCMP able to step in at that point?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:31
The RCMP doesn't automatically step in solely because it crosses multiple provinces. As occurs with traditional crimes, whether a theft ring on a border between two provinces, or homicides, the police forces in those jurisdictions are used to collaborating and do so very well.
When there's an incident that occurs from a cyber perspective, if it's going to have an impact on a Government of Canada system, a critical infrastructure operator or there are national security considerations to it, or if it's connected to a transnational, serious and organized crime group that already falls within the priority areas we're investigating, then that matter will be something we will step into.
From a cyber perspective, we have ongoing relationships and regular communication with most of the provinces and municipalities that have cyber capabilities within their investigative areas. We know that many of these incidents occur in multiple jurisdictions, whether they be domestic or international, so coordination and collaboration are really important.
That's why the national cybercrime coordination unit is being stood up as a national police service to aid in that collaboration, but prior to that being implemented, one of the responsibilities of my team in our headquarters unit is to have regular engagement, whether regular telephone conference calls or formal meetings where we discuss things that are happening in multiple jurisdictions to ensure that collaboration and deconfliction occurs, or on an ad hoc basis. When a significant incident occurs, our staff in the multiple police forces will be on the phone speaking to each other and identifying and ensuring that an appropriate and non-duplicating response is provided.
View David de Burgh Graham Profile
Lib. (QC)
In the case of the incident we're here to discuss, which is obviously a major incident, is the RCMP being kept apprised of what's happening, even if it's not their investigation?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:33
I'd like to stay away from discussing this particular investigation, but I can tell you that investigations of this nature absolutely will lead to discussions occurring. That happens as a consequence of the fact that we do have those regular meetings, whether it be in cyber or other types of crime that are going on in different jurisdictions. These, obviously, on a scale of this nature, would lead to discussions.
I am not involved involved in any of those discussions at this time. It is not something I have knowledge about.
View Francis Drouin Profile
Lib. (ON)
Thank you, Mr. Chair.
Mr. Flynn, thank you for being here. I know that you will not comment on the ongoing investigation, but as a member of Parliament who represents a lot of members who have been impacted—I have been impacted as well—I am looking more at the potential impacts of fraud.
I know that many Canadians get fraudulent calls from CRA. I myself called back somebody who pretended they were you guys. They wanted to collect some money for a particular person. They were demanding. They were really adamant. They gave a callback number, and I provided that callback number to the police. Is that something you would advise Canadians to do where obviously the RCMP, or your local police force, is the first point of contact?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:35
Absolutely. We actually have a program at the Canadian Anti-Fraud Centre and a close relationship with telecommunications service providers, who have been very helpful in addressing some of the challenges we've had around telemarketing and the mass fraud committed over the telephone. As we learn about numbers that are utilized for fraud, we are validating that, and the telecoms industry is blocking those numbers to reduce the victimization. We have adapted some of our practices to ensure that this occurs at a much more timely rate than it has historically.
View Francis Drouin Profile
Lib. (ON)
Just from your experience, and learning from cases of fraud, we know that some of them may have my social insurance number. They may have my email address, as well as my civic address. It could be a very convincing case for them to pretend that they're either a government official or from some type of financial institution. What would you advise Canadians on the best way to protect themselves?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:36
With any mass fraud campaign, whether it be tied to an instance like this or just in general, people need to have a strong sense of skepticism and take action to protect themselves. There are many resources under the Government of Canada, with such organizations as the Canadian Anti-Fraud Centre and Get Cyber Safe, that provide a list of advice for Canadians. It simply comes down to protecting your information and having a good sense of doubt when somebody is calling you. If it's a bank calling, call your local branch and use your local number. Don't respond to the number they provide and don't immediately call back the number they provide. Go with your trusted sources to validate any questions that are coming in.
I have experienced calls similar to yours. I had a very convincing call from my own bank. I contacted my bank and they gave me the advice that it was not legitimate. It was interesting, because in the end it turned out to be legitimate, but we all felt very safe in the fact that the appropriate steps were taken. I would rather risk not getting a service than compromising my identity or my financial information.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Mr. Chair.
Thank you, Mr. Flynn. I'll come back to you in a few moments.
The leader of the Conservative Party of Canada, Andrew Scheer, asked me to contact my fellow committee members to convene this meeting. He sent an open letter to the media on July 12, and I'd like to paraphrase a few paragraphs.
Like the vast majority of Quebecers and all Canadians, I am worried about the the security of our information technology systems, identity theft and privacy protection.
This is a very serious situation, and I understand the fear and anxiety of the victims, whose personal information, including their social insurance number, was stolen. They are worried about how this will affect them in the future. They will have to spend considerable time and energy dealing with this.
It is reassuring to see that the leadership at Desjardins Group is taking the matter seriously and working hard to protect and reassure members. The federal government, too, has a responsibility and duty to support all victims of identity theft by learning from the past and strengthening cybersecurity in partnership with all stakeholders across the industry.…
I want the victims of this data breach, as well as all Canadians, to know that we stand with them and that a future Conservative government would be committed to tackling the privacy challenges confronting Canadians.
View Pierre Paul-Hus Profile
CPC (QC)
We want to be very clear about what an important and serious issue this is—so important, in fact, that we felt it was necessary for the committee to meet on this sunny July 15.
Mr. Flynn, you answered the questions of my Liberal colleagues, but I find the RCMP's response to the situation rather weak. Allow me to explain. Some 2.9 million Desjardins account holders are very worried right now. About 2.5 million are Quebecers, and 300,000 are in Ontario and other parts of the country. For the past three weeks, constituents have been contacting our offices non-stop, and the government has yet to respond. The reason for today's emergency meeting is to figure out what the federal government can do to help affected Canadians.
You said the RCMP isn't really involved, but can't it do something given that it has its own cybersecurity unit, works with organizations like Interpol and has access to other resources? I don't want to interfere in a police investigation, but we heard that people's personal information was being sold abroad. Isn't there technology or techniques the RCMP can use to detect potential fraud?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:40
The RCMP's role, as I explained earlier, in many of these situations is to work with our provincial and municipal partners. It's important to recognize that our provincial and municipal partners are very skilled at responding to many of these incidents. It's not always the case that the RCMP has additional powers, authorities or capabilities to the ones they have when dealing with an incident that is singular in nature, where an individual is involved in a single event, as opposed to a broader one.
However, there's always a standing offer from the RCMP to our provincial and municipal partners, that should they require technical assistance, advice or guidance, we are available to them for that. It would be inappropriate for the RCMP to inject itself into the jurisdiction of another police force to run the investigation they are operating.
View Pierre Paul-Hus Profile
CPC (QC)
I understand what you're saying about the investigation probably being conducted by the Sûreté du Québec, but what the Conservatives and NDP want to know is this. What can the RCMP do about the personal information of 2.9 million people that was handed over to criminals? I don't want to discuss the investigation; I want to know whether you have resources. If you don't, we want to know. That's why we are here today. If personal data was sold on the international market, neither the Quebec provincial police nor Laval police is going to deal with it. I think it falls under RCMP jurisdiction.
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:42
Again, outside the scope of this particular investigation, cybercriminals do commit the majority of their crimes to gain access to personal or financial information for the purposes of gaining access to financial institutions and the money that's housed in those locations. The RCMP work continuously with the international community to identify and pursue the individuals who are committing a great number of these crimes.
The RCMP are working closely right now with those international partners, as well as many of the large financial institutions in Canada and the Canadian Bankers Association, to ensure that we are targeting the individuals who are causing the most significant harm. Our federal policing prevention and engagement team has hosted sessions with both the financial institutions and the cybersecurity industry. We have a new advisory group that's helping us target those individuals.
As far as knowledge goes, it's only in the hands of those cybersecurity and financial institutions. We're trying to ensure that as we are putting the resources we have into investigations, we are targeting those individuals who are causing the most harm.
We do that, as well, internationally. As incidents occur, we speak to our international law enforcement partners. We identify the behaviours we have in our cases or in our Canadian law enforcement partners' cases, so that if there are connections or individuals who are in those other jurisdictions, we're using the mutual legal assistance treaty, and we're using police-to-police collaborative efforts that we have to ensure that, internationally, all of those efforts are put towards a problem.
Now, I want to stay away again—and I apologize for doing that—from this exact incident. I cannot express what is or is not being done in this particular incident.
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:44
I am unable to speak about this particular incident. It would be inappropriate for me to do so.
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Thank you for being here today, Mr. Flynn.
It's important that we talk about this situation because, as my colleague pointed out, people are worried. It's essential that we find out more about the federal government's capacity to take action and the means we have at our disposal, especially since the committee just wrapped up a study on cybersecurity in the financial sector before Parliament rose in June. I'll touch on some of the things the committee looked at in its study because they pertain to the matter at hand.
I'd like to follow up on some of your answers. First of all, it is rumoured that personal data was sold to criminal organizations outside Quebec and Canada. I know you can't comment on this case specifically, but at what point does the RCMP step in to assist the highly competent people at such organizations as the Sûreté du Québec when a case involves a criminal organization operating outside Canada that the RCMP is already monitoring?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:46
We have formal, regular engagement with our policing partners across the country. That occurs on a monthly basis in the cyber area, as well as biweekly in some other areas. However, when there are incidents such as this, as you described, there are immediate calls that go out to ensure that collaboration is occurring and that any of our international partners' information that's relevant could be utilized to aid in those investigations.
View Matthew Dubé Profile
NDP (QC)
Thank you.
You said local police forces, the Sûreté du Québec and the Ontario Provincial Police were very competent when it came to dealing with cybersecurity issues and had significant powers. Does the RCMP have special expertise or information that could help them?
The reason I ask is that the government touted the consolidation of the cybersecurity capacity of the Communications Security Establishment, or CSE, the RCMP and all the other agencies concerned as a way to ensure information was shared and everyone was on the same page. I'll be asking Mr. Boucher, of the Canadian Centre for Cyber Security, about this as well when we hear from him.
Do you engage municipal or provincial police, as the case may be, in the same way?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:48
Yes, we do. We work very closely, as I've stated, with our provincial and municipal police agencies. In fact, I take great pride in the fact that at some of those meetings that I described, where our federal policing prevention and engagement team brought together the private sector, financial institutions and cybersecurity, one of those policing partners actually stood up at the front of the room and thanked the RCMP for the collaboration they are seeing in the area of cyber, which is far better than anything they've ever seen in their career.
I take great pride in that because that has been a priority for me, my staff and our engagement folks, to ensure that we are not being competitive but are being collaborative and, in that collaboration, we are supporting each other. We are not superseding other police forces' authorities, but we're also ensuring that we can assist the others in that.
View Matthew Dubé Profile
NDP (QC)
Thank you. I don't mean to cut you off, but I have a limited amount of time.
When the committee was studying cybersecurity in the financial sector, we talked about the fact that people tend to think of state actors as being the threat. I won't name them, but I'm sure everyone has an idea of the countries that could pose a threat to Canada's cybersecurity.
I realize you can't talk about it, but in this particular case, we are dealing with an individual—an individual who poses a threat because the stolen data can be sold and could end up in the hands of state actors. One of the things the committee heard was that individuals represent the greatest threat. Is that always the case? Does a lone criminal wanting to steal data pose a greater threat than certain countries we would tend to suspect?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:50
The threat comes from multiple directions, and I can't say which is greater, because, in our experience, we have seen a significant number of organized groups or individuals perpetrating the crimes across the Internet. The Internet is an enabler as much as it's a tool for us to use in leveraging and utilizing all the fantastic services that are out there.
View Matthew Dubé Profile
NDP (QC)
I have to cut you off because I'm almost out of time.
Has the presence of organized groups or countries with ill intentions seeking to buy personal data created some sort of marketplace? Do individuals like the alleged perpetrator in this case have an incentive, albeit a malicious one, to steal information and sell it to interested parties? Does the existence of these groups incentivize individuals who have the expertise to do things they wouldn't normally do?
Mark Flynn
View Mark Flynn Profile
Mark Flynn
2019-07-15 13:51
Yes, absolutely. We have seen a rise in what we refer to as cybercrime as a service to aid others who are less skilled at committing cyber offences, whether they are creating the malware, operating the infrastructure, or creating the processes by which somebody can monetize the information that is stolen. That is a key target area for the RCMP under our federal policing mandate, and we are targeting those key enabling services so that we can have the most significant impact on the individual crimes that are occurring, as opposed to chasing each individual crime.
André Boucher
View André Boucher Profile
André Boucher
2019-07-15 13:52
Thank you, Mr. Chair. As requested, I'll keep my presentation on the shorter side.
Mr. Chair and honourable members of the committee, my name is André Boucher, and I am the associate deputy minister of operations at the Canadian Centre for Cyber Security.
Thank you for the opportunity to appear before you this afternoon.
Let me begin with a brief overview of who we are.
The Canadian Centre for Cyber Security was launched on October 1, 2018 as part of the Communications Security Establishment. We are Canada's national authority on cybersecurity and we lead the government's response to cybersecurity events.
As Canada's national computer security incident response team, the cyber centre works in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to prepare for, respond to, mitigate and recover from cyber events. We do this by providing authoritative advice and support, and coordinating information sharing and incident response.
The cyber centre's partnerships with industry are key to this mission. Our goal is to promote the integration of cyber defence into the business model of industry partners to help strengthen Canada's overall resiliency to cyber threats. Despite these efforts and those of Canada's industry, cyber incidents do still happen.
This brings me to the topic we are here to discuss today. The cyber centre is not in a position to provide any details on this incident and does not comment on the cybersecurity practices of specific businesses or individuals. Any cyber breach, not just this specific instance, can be taken as an opportunity to revisit best practices and to refine systems, processes and safeguards.
In this case, media reporting and public statements indicate that the disclosure of personal information occurred as a result of the actions of an individual within the company—what is termed insider threat.
In our recent introduction to the cyber-threat environment, the cyber centre described the insider threat as individuals working within an organization who are particularly dangerous because of their access to internal networks that are protected by security parameters. For any malicious actor, access is key. The privileged access of insiders within an organization eliminates the need to employ other remote means and makes their job of collecting valuable information that much easier. More broadly, what this incident underscores is the human element of cybersecurity. The insider threat is only one example of this.
Cybercriminals have proven especially adept at exploiting human behaviour through social engineering to deceive targets into handing over valuable information. Fundamentally, the security of our systems depends on humans—users, administrators and security teams.
What can we do in a world of increasing cyber-threats? At the enterprise level, adopting a holistic approach to security is critical. This means starting with a culture of security and putting in place the right policies, procedures and cybersecurity practices. This ensures that when something goes wrong, as it almost inevitably will, there is a plan in place to address it.
Then we need to invest in knowing and empowering our people. Training and awareness for individuals and businesses are very important. Only with awareness can we continue to develop and instill good security practices, a fundamental step in securing Canada's cybe systems.
As well, we always need to identify and protect critical assets. Know where your key data lives; protect it; monitor the protection, and be ready to respond.
At the cyber centre, we'll continue to work with industry and to publish cybersecurity advice and guidance on our website. We regularly issue alerts and advisories on potential, imminent or actual cyber-threats, vulnerabilities or incidents affecting Canada's critical infrastructure.
Under, we hope, different circumstances, we'll continue to participate in conversations like this one, which help to keep the spotlight on these issues.
Ultimately, there is no silver bullet when it comes to cybersecurity. We cannot be complacent; there is too much at stake. While long-promised advances in technology may make the task easier, the need for skilled and trustworthy individuals will remain a constant.
Thank you, and I look forward to answering your questions.
View Michel Picard Profile
Lib. (QC)
I would like to preface my remarks by pointing out that the incident we are discussing today falls entirely within the parameters of the study we began in January on cybersecurity and financial crime.
As suggested by my fellow Liberal members, I put forward a motion that we study the issue. That shows how deeply concerned we are about cybersecurity in financial institutions. I'm delighted that Mr. Scheer commended our efforts in relation to the study. He fully supports my motion, and I'm glad that his party is joining the Liberal Party in its efforts to address the issue of cybersecurity in financial institutions, so thank you.
Mr. Flynn, I think it's important to speak to Canadians today to help people manage their expectations when something as serious as identity theft occurs.
The public wants the police to conduct a criminal investigation. Generally, people want something done about the loss of their personal information. They want their identity to be restored, without having to worry that five, 10 or 15 years down the road, they will once again be targeted. In terms of a criminal investigation, what are people's expectations?
Results: 1 - 30 of 295 | Page: 1 of 10

1
2
3
4
5
6
7
8
9
10
>
>|
Show both languages
Refine Your Search
Export As: XML CSV RSS

For more data options, please see Open Data