Canada’s Bill C-26: Yet Another Government Power Grab

Pixabay
Canada’s Bill C-26 is a cyber-security and infrastructure bill that is open-ended and fails to define terms so that it may be easily manipulated, it contains secrecy provisions, it imposes outrageous penalties, and it fails to provide due process. Canada’s telecom and internet sectors will be subject to the whim of bureaucrats and politicians. The legislation literally grants those in power to order a telecommunications service provider to “do anything, or refrain from doing anything” that is deemed “necessary”. There appears to be no limit to the word “anything”. It can cut off any user. The penalties for non-compliance are onerous: $1 million per day for individuals and $15 million per day for any other entity.

.

Excerpt from Easy DNS:

We mentioned C-26 in AxisOfEasy #273 citing Gowling WLG’s coverage of it by Brent Arnold (Brent Arnold sits on the Internet Society Canada Chapter board, as do I, but I am writing this post from my role as easyDNS CEO, and not ISCC.)

The Government Hereby Grants Itself The Following Powers:

The new bill is ostensibly a cyber-security and critical infrastructure bill, but it is riddled with nebulous, open-ended terms, Kafka-esque secrecy provisions, onerous penalties and conspicuously absent of any semblance due process:

It effectively subjects Canada’s telecom and internet sectors to the whim of unelected bureaucrats and political functionaries.

Am I being bombastic? You tell me: given that the legislation that grants them the power to order a telecommunications service provider “to do or stop doing anything“. 

“Part 1 amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system. It also establishes an administrative monetary penalty scheme to promote compliance with orders and regulations made by the Governor in Council and the Minister of Industry to secure the Canadian telecommunications system as well as rules for judicial review of those orders and regulations.”

I guess it all comes down to what you mean by “anything”.

Speaking of anything, the government can deem “any” service or system a vital service or system – which then makes that entity subject to requirements, that…

(a) authorizes the Governor in Council to designate any service or system as a vital service or vital system;

(b) authorizes the Governor in Council to establish classes of operators in respect of a vital service or vital system;

(c) requires designated operators to, among other things, establish and implement cyber security programs, mitigate supply-chain and third-party risks, report cyber security incidents and comply with cyber security directions;

(d) provides for the exchange of information between relevant parties; and

(e) authorizes the enforcement of the obligations under the Act and imposes consequences for non-compliance.

Each one of these bullet points opens a can of worms unto itself,  combined they have the potential to effectively nationalize Canada’s information infrastructure.

The penalties for non-compliance are onerous: $1 million per day for individuals and $15 million /day for any other entity.

But wait, there’s more:

Under C-26, orders are filed in secret, telecommunications service providers (TSPs) can be ordered to cut off any user (including another TSP) while being barred from even informing the entity that it’s happening, let alone why.

The contents of said orders are secret and not even divulged to the target. I recommend listening to the Michael Geist / Brenda McPhail podcast above to understand the threat to Canadians’ privacy.

Me, sitting here with my easyDNS hat on, running an internet service provider, I’m dialled in on the due process aspects.

More accurately, the complete absence of due process. We’ve got twenty-five years experience of being told by various governments and their agencies to forgo due process and do things that would otherwise disrupt businesses, individual rights and even the network itself if we listened to them.

Being told to do or stop doinganything” seems overly broad.

It gets worse:

Similar to previous legislation, there are provisions for warrantless entry into places of business, or private homes, to search, copy or remove anything they deem relevant – including documents or telecommunications equipment.

C-26 also permits the government to share data with foreign entities. Again, this is all done without any of the privacy safeguards most citizens think they have as a constitutional right, because this bill, and this government, mostly ignores that those rights exist.

Non-Hypothetical Example

Last year, around this time, the same government that is introducing this bill arbitrarily enacted bank account seizures, not only against protestors, but also targeting crowdfunded contributions to their fundraisers.

This was done under the aegis of the Emergencies Act, however the seizures started before the EA was even ratified in Parliament, and the list of fundraising contributors was largely sourced from a third-party spreadsheet that was hacked from a foreign crowdfunding platform.

Nevermind that the entire thing went away within a week – rationalized as “mission accomplished” (the reality was the measure sparked a run on banks and nearly blew up the Canadian financial system),

The 2022 invocation of the Emergencies Act made it clear that our government is perfectly willing to act unilaterally, without due process, in contravention of basic human rights to unbank people at whim.

Bill C-26 will give them a veneer of Soviet-era legislation to unperson you in the online realm.

Read full article here…

Visit our Classified ads.

Check out our Classified ads at the bottom of this page.

Recent stories & commentary

Classified Ads

The appearance of ads on this site does not signify endorsement by the publisher. We cannot vouch for accuracy of statements or integrity of advertisers. We will investigate complaints, however, and remove any message we find to be misleading or that promotes anything fraudulent or unethical.
For ad rates, click here.

Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Andrew
Andrew
1 year ago

These financial penalties they wish to use are ridiculous for the average person – reminds me of Dr. Evil’s ransom “One hundred billion dollars” Maybe they will make the fines generational and demand one’s first born as payment?