Parliament has passed a long-delayed cybersecurity law granting Ottawa new powers to protect critical infrastructure and telecommunications networks, though senators warn the legislation still raises concerns over Canadians' privacy rights.Blacklock's Reporter says Bill C-8, the Act Respecting Cybersecurity, received final approval after lawmakers amended earlier provisions critics said were overly broad and vulnerable to abuse.“Yes, this legislation is long overdue,” Sen. Denise Batters told the Senate during third-reading debate.“We have taken a few runs at this. The House of Commons committee made quite a few amendments that greatly improved this bill, but there are still several legislative holes that are concerning from a privacy perspective.”The legislation gives the federal cabinet expanded authority to protect Canada’s telecommunications system from cyber threats, including foreign interference and attacks targeting critical infrastructure.The House of Commons passed the bill on March 26 before sending it to the Senate for final approval.Batters said the growing pace of cyber threats made action necessary, even as concerns remain over government powers.“Our critical systems are currently vulnerable to attack and it is better to have at least that basic protection in place,” she said.“I have some sympathy for that argument. It is a dangerous, fast-paced world and global cyber threats seem to only be accelerating at breakneck speed.”“We don’t want to fall behind or make our citizens, our country, vulnerable to attack.”.However, Batters argued national security concerns should not come at the expense of civil liberties.“The right to privacy is really one of the most fundamental constitutional rights Canadians have, the ability to choose what thoughts and beliefs in our minds and hearts we share with the external world,” she said.“There can be very grave, life-altering consequences if one’s privacy is sacrificed. Cybersecurity experts and privacy officials have warned us repeatedly that this remains a risk.”Privacy concerns prompted Conservative MPs on the Commons public safety committee to amend portions of the bill earlier this year.One controversial provision would have allowed the government to issue secret orders preventing telecommunications providers from using products or services supplied by specified individuals or organizations.Civil liberties advocates warned the original language granted ministers sweeping powers with little oversight.Appearing before the Commons public safety committee last October, Canadian Constitution Foundation counsel Josh Dehaas argued the legislation could have been used against political activists and protest movements.“It is dangerous to civil liberties to allow the minister the power to cut off individual Canadians without proper due process and keep that secret,” Dehaas testified.He cited the example of a protester suspected of participating in a distributed denial-of-service attack, a tactic sometimes used by activists to overwhelm websites and disrupt online services.“Think for example of someone who wants to take over the Prime Minister’s website through a distributed denial of service attack,” Dehaas told MPs.“Maybe a group is planning to do this as some sort of protest. As punishment without due process, a minister could do this and keep that secret and we might never find out.”Despite those objections, senators ultimately concluded the revised legislation offered stronger protections than the original version while providing Ottawa with tools to respond to increasingly sophisticated cyber threats targeting Canada’s infrastructure and communications networks.
