Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 43 of 43
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 11:30
Expand
I appreciate that, Minister, even though I remain unconvinced.
The other point I want to get to quickly, with the minute I have left, is on publicly available information. The deputy chief mentioned last time that information obtained unlawfully would not be included under that definition. When we look at the situation right now with Facebook, for example, it's not quite clear whether that information was obtained unlawfully. Under the current definition, as spelled out in the law, could the type of information we're looking at in this scandal, essentially, fall under the definition of publicly available information that—
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 11:30
Expand
I'm talking about information that is out there, that is obtainable, that's not necessarily obtained in an illegal fashion, and that is therefore technically legally obtained, even if it's nebulous at best. What happens in those situations?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:00
Expand
It's the first time I've ever liked daylight saving time.
Voices: Oh, oh!
Mr. Matthew Dubé: Really quickly, I have just one question. I want to get back to the details I asked about on the Cambridge Analytica situation with Facebook.
There's clearly not a situation here of the information having been obtained illegally. It's nebulous, and perhaps dubious and immoral, but it's not quite clear that it's illegal. Information like this that is being obtained and being used by political parties in a variety of countries around the world arguably could fall under the definition of publicly available information. How do you see that, Minister, and how does CSE see that?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:01
Expand
I appreciate that, Minister. If we're talking about operating legally, and this information is obtained legally—although arguably the laws should be changed in that context—doesn't that mean that CSE could obtain that information under publicly available information?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:19
Expand
Thank you, Mr. Chair.
I want to go back to the question I asked the minister, but to which I did not get an answer, in my opinion.
In a context where the information can be obtained legally by a company, such as Cambridge Analytica, even if it can be said that it is immoral and that it should be illegal, does that correspond to the definition of publicly available information?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:21
Expand
The part of the bill dealing with publicly available information specifically exempts the prohibition on targeting Canadians. So you might not be actively collecting it, but you are permitted to collect it as part of the research that's being done under clauses 24 and 25, if I'm not mistaken.
You mentioned information that's hacked or stolen, but under the current legislation, arguably, the information that we're discussing in this particular example—I'm sure there are others that we just don't know of—was not obtained unlawfully. So the work Cambridge Analytica—and probably other companies of that sort—was doing for political parties, for example, was obtaining information through Facebook on people, and that's being done legally.
Would that not fall under publicly available information, if a company like that is able to obtain it? There are no legal repercussions because it's not illegal. Could CSE not do the same thing under those dispositions even if incidentally, as laid out in the law, in Bill C-59?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:23
Expand
That's fair enough.
You mentioned the Privacy Commissioner's investigation, but I'm understanding that both your organization and CSIS have also been tasked with looking into that situation, and so in that particular context, when you're doing the research that's prescribed in the legislation where these exemptions exist, notwithstanding section 25, which talks about protecting privacy, would research not be done on, for example, things like Facebook, as part of this information infrastructure? I don't know if that would fall under the definition of information infrastructure, but if you're being tasked with looking into the situation as well, would you not inevitably come across Canadians' information and be allowed to obtain it even if incidentally under what's prescribed in Bill C-59? And under those circumstances, even though it would be in respect of the mandate—I understand that—while I understand you're taking steps to protect privacy, the information nonetheless could be collected over the course of that type of investigation.
Would that not be accurate?
Collapse
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2018-03-22 12:26
Expand
Thank you.
I will ask my questions in French, if you don't mind.
I will go back to a few points that we discussed about Canadian citizens potentially being targeted.
Clearly, the CSE does not investigate Canadians abroad. Also, when there is information that might involve a Canadian abroad, it is ignored; the information is destroyed.
The CSE is a partner with several departments in Canada, but also an international partner. It therefore exchanges information. How does the CSE have to manage information that comes from international partners that are not subject to restrictions when it comes to investigating Canadians?
Collapse
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2018-03-22 12:31
Expand
The aspect of the issue I wanted to address does not concern so much the information that goes abroad, but rather the foreign partner who informs you that, after their investigation and analysis, they have identified four persons, one of whom is Canadian. This foreign partner is not subject to the restriction of not investigating Canadians and sends you information. Since this is a person of interest to the foreign partner, does it change the status of the person and, therefore, the process you have just explained to us? Do you retain the information and confirm that this person represents a threat or, on the contrary, are you required to reject that information?
Collapse
View Pierre Paul-Hus Profile
CPC (QC)
I would now like to talk about information.
The amount of information you gather is huge. I cannot even imagine the amount of intelligence that goes into Canadian networks. That said, there are two parts: government networks and civilian, or private, networks.
Are you able to collect information from private networks? You are not only dealing with the government aspect, but also with the private aspect.
Collapse
View Pierre Paul-Hus Profile
CPC (QC)
For example, if CSIS needs information, does your centre have to look for it in private networks, for example in emails, on behalf of CSIS?
Collapse
View Pierre Paul-Hus Profile
CPC (QC)
Suppose I communicate with someone and CSIS suspects that communication would endanger Canada's security. However, it must obtain evidence. Under your mandate, do you have systems that allow you to get that evidence? Is that how things work on your side?
Collapse
View Pierre Paul-Hus Profile
CPC (QC)
If someone outside the country, for example from another government, contacted a Canadian, it would therefore be possible to get that information. You would need a warrant from a judge, of course.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:55
Expand
I appreciate that. I don't have much time. I apologize.
Clause 23 of the proposed CSE act, under part 3 of Bill C-59 says that activities can't be carried out against Canadians. Subclause 24(1) says that “Despite subsections 23(1) and (2)”—which is the prohibition—“the Establishment may carry out any of the following activities in furtherance of its mandate...”. Then it talks about ensuring the protection of information on these networks.
Social media is part of these networks, and that information is at risk. You have been tasked by a minister to ensure that this information is safe, and you're exempt from the prohibitions on collecting Canadians' information as part of that research.
How can we be assured that Canadians' information will not be collected incidentally, as the possibility of the incidental collection of that information is specifically outlined in the bill?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-03-22 12:56
Expand
No, I'm talking about this: if a company that's hired by a political party or a polling company is able to obtain its information legally, that information falls under the definition of publicly available information. So, if that information is able to be collected as part of the research that you're doing on the safety of these networks—and you've been tasked with looking into this type of situation, as Acting Minister Brison said this week—would that not then lead to the situation in which Canadians' information can fall under that?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-08 11:26
Expand
Thank you.
I think we've confused citizen activism with state surveillance, but that's a whole other discussion.
I want to ask about this notion in the bill of publicly available information. When the Canadian Bar Association was here, there was a discussion about how there isn't really any kind of jurisprudence or legal definition in Canadian law about what publicly available information is. I think a lot of people have assumed, perhaps wrongly, that this basically means that if I Google something right now, that's publicly available information. What some witnesses brought up was that it could mean information being sold for advertising purposes by social media or search engines like Google, and it could perhaps even go further than that. I know that at OpenMedia you've been very active on some of these “digital clauses”, for lack of a better term, in trade agreements and things like that, which, arguably, from this very broad discussion that's happened over publicly available information, could potentially be what that means when companies start being able to freely exchange information across borders in that way.
First of all, I'm just wondering what you think publicly available information means. Secondly, why would that be a cause for concern in the context of what's being presented here, both with the datasets for CSIS but also with the capabilities of CSE?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-08 11:29
Expand
The natural follow-up to that is what's collected incidentally, which is also brought up in the legislation. The counter-argument could be made that when they do collect incidental information, keeping it requires authorization, but it feels as though the way the thresholds are defined is not sufficient and that it would be relatively easy to justify the collection of incidental information while going after someone else. What are the concerns about incidental information being collected?
I think to some people in the digital world incidental information means something very different from what it would have meant for a more old-fashioned police or national security investigation from 25 or 30 years ago, for example.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-08 11:40
Expand
Thank you.
We don't want to start trends here or rumours of any kind.
I just want to go back to the issue of datasets. Even for parliamentarians there is some confusion as to what that means.
The Privacy Commissioner made an important and interesting point when he mentioned that you always have to consider the future definition of datasets as technology evolves, but also how it's being defined currently. I'm just wondering what you think of the definition and whether or not that's appropriate for now, but also for how things will change in the future.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-06 12:41
Expand
Thank you, Mr. Chair.
Thanks to all our witnesses for being here today.
I would like to ask you a question about information that is acquired incidentally. This issue comes up in two areas, particularly in connection with data collection by CSIS, but also by the CSE.
Does this concern you? Even though the need to justify retention of information acquired incidentally is addressed further on in the bill, my impression is that, during an investigation, one could justify it quite easily and start creating a fairly broad range of data.
Do you share this concern? Could you discuss it with us?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-01 12:41
Expand
Thank you very much, Mr. Chair.
One of the questions that often comes up deals with publicly available information, as we find in parts 3 and 4 of the bill. Could you tell me whether Canadian legislation or case law contains a definition of what “publicly available information” means?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2018-02-01 12:43
Expand
Okay, but the bill, in paragraph 24(1)(a) of part 3 or in subsection 11.24(1) of part 4, refers to publicly available information. Part 3 deals with the CSE and part 4 deals with data collected by CSIS.
Do you consider that publicly accessible information is defined in the bill? Is there a need to define what exactly is understood by ”publicly accessible”?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-07 9:14
Expand
Thank you.
In terms of the datasets that the Canadian Security Intelligence Service will be collecting, do you think the bill sets out an adequate definition?
I'll start with that question and follow up with my next question in a moment.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-07 9:17
Expand
I am going to stay on the topic of datasets.
The definition is rather broad. On one hand, we heard from witnesses on Tuesday about the benefits of having a broader definition; they claimed that it would keep agencies from having to play a constant game of catch-up. The pace of technological change is something that comes to mind.
On the other hand, I wonder whether there isn't cause for concern, since we don't know what this type of data collection—which the various agencies need to carry out their mandate—will look like in five or 10 years.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-07 9:18
Expand
Okay.
My last question is about the Communications Security Establishment (CSE) mentioned in part 3 of the bill.
Despite the fact that its mandate is to address foreign threats, do you think, in the operations that the CSE will now be able to conduct, there is a risk of casting a large net that could subject Canadians in the information infrastructure to phishing?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-07 10:32
Expand
I also wanted to look at proposed subsection 24(4), Information acquired incidentally. I don't know if you had any thoughts on that, where it says:
The Establishment may acquire information relating to a Canadian or a person in Canada incidentally in the course of carrying out activities under an authorization issued under
and then it lists the appropriate subsections.
Especially in the context of information sharing, is there any concern with that type of provision?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-05 10:29
Expand
Okay. Thank you.
Moving backward to an earlier section of part 3 of the bill, proposed section 24 is one that I'm particularly concerned about. There are a few elements that I want to get to. I want to skip ahead to proposed subsection 24(4) because it does mention information acquired incidentally, which was something that was raised in your remarks. Proposed subsection 24(4) says:
The Establishment may acquire information relating to a Canadian or a person in Canada incidentally in the course of carrying out activities under an authorization issued under subsection 27(1), 28(1) or (2) or 41(1).
Are there sufficient safeguards beyond these vague notions of privacy for that kind of information being collected through the course of CSE's activities?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-12-05 10:31
Expand
Lastly, very quickly to both of you because I'm on my last minute here, I'll just go to another part of the bill on the metadata or the datasets, depending on your preference—that seems to be the synonym, more than anything, but....
I tried to ask the director of CSIS about issue. It seems unclear to me in what way it will parse through...because its operations will be authorized, it seems to me, in a more general way. The way it chooses to retain doesn't necessarily seem to be subject to the same kind of scrutiny. It's not going to be piece by piece of the information, but rather this sort of general collection of datasets.
Am I misconstruing that? I'm just seeking some clarity in my last 30 seconds.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 9:11
Expand
Thank you, Mr. Chair.
Minister, thank you for being here.
I want to point out a couple of things for the record before we get going.
A lot has been made about our ability to study the bill more thoroughly by doing this before second reading, but at the end of the day, we still only get you for one hour on a 138-page bill. Certainly, I want to express some disappointment about that. At the end of the day, beyond the question of scope of amendments, it doesn't necessarily allow us more space to study quite an extensive bill, as you can see from the size of our binders.
The other thing I want to mention in this notion of unscrambling eggs is that certainly I have no doubt of the ability of the justice department to do what my colleague Randall Garrison did in his BillC-303, which is on the order paper right now and which repeals in its entirety all of the provisions that were brought in by former BillC-51. I would argue the notion that it is unfeasible is incorrect, because we have been able to develop such a bill.
Those things being said, I do have questions.
The first one I want to get to is the changes to CSE in part 3 of the bill, in proposed subsection 24(1), in paragraphs (a) and (b) specifically, where we talk about “acquiring, using, analysing, retaining or disclosing publicly available information”. That section specifically mentions “Despite subsections 23(1) and (2)”, which are the subsections that are specifically protecting those actions from being done to Canadians and in Canada. Therefore, my understanding is that it obviously means that, for any of this data being acquired in this way, these actions can be done to Canadians and in Canada.
I just want to understand here, because certainly the argument can be made that it's publicly available information and that's too bad for people who maybe don't manage their social media very well. However, a few things are of concern, specifically language like “disclosing...information”, and who that—
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 9:13
Expand
It goes on in proposed paragraphs 24(1)(a) and (b), with (a) “acquiring” the information and (b) talking about “infrastructure information for the purpose of research and development...testing”, and so on. Then, in 24(1)(c), it has “testing or evaluating products, software and systems, including testing or evaluating them for vulnerabilities.”
Is there not a concern that we can get a web of inference here and that, despite the publicly available nature of this, we can start going through someone's social media information that might be public, creating profiles of people who might not necessarily be national security threats, and having this data stored? That's my first question.
Second, what is meant by “disclosing”? Who exactly is that information being disclosed to?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 9:16
Expand
Fair enough, but if we look at proposed subsection 23(1), we see that it specifically mentions that the activities done by the centre “must not be directed at a Canadian or any person in Canada”, while proposed section 24 says, “Despite subsections 23(1) and (2), the Establishment may carry out”, and it goes on to what was already read. Essentially, we're saying that normally it wouldn't be against Canadians or any person in Canada, but now that's no longer the case, because it's specifically saying that it's “despite” proposed section 23.
Certainly, I understand the hypotheticals that are being offered, but does that section not allow for the retention and use of technology that can create these large webs that will inevitably catch people in Canada? We think of StingRay technology and things like that which can be used. Is that not going to be a potential...? The way this section is drafted, certainly it could, when we're looking at this:
acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cybersecurity and information assurance activities on the infrastructure from which the information was acquired
To me, that seems to create a situation whereby you could be collecting information from infrastructure here in Canada, which obviously Canadians are using, without necessarily the same accountability that's created by omitting Canadians in proposed section 23.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 9:18
Expand
Certainly.
Minister, I want to go back to the information sharing section. I want to understand, because this is what you said in the House: that there's a difference between the language of disclosure that's now there, versus the language of sharing that was there. I want to understand what legal grounds that has to create any sort of difference.
Collapse
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2017-11-30 9:19
Expand
Thank you, Mr. Chair.
Mr. Minister, my thanks to you and your team for making yourselves available.
My question is about the Canadian Security Intelligence Service, or CSIS, and about the fallout from Justice Noël's decision.
That decision found problems with the types of information that can be investigated and kept, and with the extent to which it is possible to investigate. I would like to know how those obstacles have been overcome. As the judge said, it is impossible to keep information, even though it could be useful for investigations that are under way.
Collapse
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2017-11-30 9:23
Expand
Transparency is often welcome.
That said, this gives you greater flexibility in gathering information and, as a result, in being able to have more and better quality information. The downside of that is the possibility of having information about third parties.
As of now, what steps are you taking to protect information about third parties?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 10:07
Expand
Thank you.
Mr. Vigneault, I would like to ask you about the unselected datasets. It is about the kind of net that can affect a number of people while you are conducting your activities. One of the justifications in the bill is that the Minister and the new commissioner are going to determine whether or not it is appropriate to gather and keep that data.
How do you go about distinguishing between the datasets? For example, the Minister or the commissioner could decide that one dataset is appropriate, because it relates to someone who poses no threat but who may have had a conversation with a suspect you are targeting. How do you distinguish that dataset from the other information about legitimate associates of the person who may be a threat too?
Put in a better way, how do you go about distinguishing between the other data and the unselected datasets that affect people who have nothing to do with the suspect?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 10:10
Expand
When you accumulate datasets, one of civil society's great concerns is that the data can deal with all kinds of information that is not essential to your work and that can interfere with privacy. In that sense, it may also include what the bill calls unselected data.
Technically, how do you proceed? If the court determines that you have the right to collect that information because the target is legitimate, how do you go about distinguishing the legitimate target from the unselected data that will inevitably be collected? Has a system been put in place? Perhaps my level of understanding is not as high as yours, but, when you are collecting datasets, the net is clearly cast very wide and the information is not automatically relevant to the investigations.
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 10:12
Expand
In a situation where a dataset comes from a widely cast net, how do you go about telling relevant information from the rest?
You set it aside, and that is fine; the intention is good. But how do you go about deciding which information, which data, will be set aside?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 10:42
Expand
Thank you.
The last part of your answer is perhaps germane to the question I am going to ask.
Let me go back to proposed section 24 that we discussed earlier, and to the issue of information on infrastructure. Proposed paragraph 24(1)(b) reads as follows:
24(1)(b) acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development…
I will let my colleagues read it in its entirety.
Further down, in the definitions, it says:
24(5) … Information relating to(a) any functional component, physical or logical, of the global information infrastructure; or(b) events that occur during the interaction between two or more devices that provide services on a network…
I would like to be sure I understand correctly. In light of the power you are being granted under the bill, what sort of infrastructure exercise would be conducted to help you do that kind of study or analysis on the sustainability and security of the network? I understand that your mandate deals with foreign threats, as you told me earlier, but you will inevitably be working on the Canadian network.
Can you give me an example of what would be done under the power granted in proposed section 24?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-11-30 10:44
Expand
Can I just quickly ask a question on that point, though? My time is very limited.
Those measures protect privacy but they don't prevent you from collecting the data to begin with. Is that correct?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-10-24 9:13
Expand
The committee of parliamentarians and what's being proposed in Bill C-59 is the first time we're seeing any kind of review for CBSA. In that context, if I'm not mistaken—I just want to make sure I'm understanding correctly what's being proposed—that would only be for issues related to national security. Is that correct?
Collapse
View Matthew Dubé Profile
NDP (QC)
View Matthew Dubé Profile
2017-10-03 9:18
Expand
Thank you, Mr. Chair.
Minister, let me echo what you said about the events in Edmonton and Las Vegas.
Welcome back to the committee. I'm going to apologize in advance if I have to cut you off, as I do have several questions.
The first one is about the information-sharing regime put in place under what was Bill C-51 and that is maintained mostly in its integrity under Bill C-59. Would this information be shared among the government agencies covered by what is now referred to as SCISA?
Collapse
Results: 1 - 43 of 43

Export As: XML CSV RSS

For more data options, please see Open Data