OTTAWA — The Liberals have combined their promised ban on Huawei and ZTE equipment from advanced Canadian telecom networks and a new corporate cybersecurity regime into one bill, which Public Safety Minister Marco Mendicino introduced Tuesday.
Here’s what you need to know about Bill C-26:
OTTAWA — The Liberals have combined their promised ban on Huawei and ZTE equipment from advanced Canadian telecom networks and a new corporate cybersecurity regime into one bill, which Public Safety Minister Marco Mendicino introduced Tuesday.
Here’s what you need to know about Bill C-26:
The 5G rules: The first part of the bill is short but sweeping. It gives the government the power to order telecom providers to not use equipment from any specific supplier and to remove any such existing gear.
The bill also gives the industry minister authority to order providers to not use particular products and to refuse to serve particular companies or people.
In a news conference, Mendicino and Innovation Minister François-Philippe Champagne (whose portfolio includes industry, so he’s getting these new powers) said this is about keeping their promise in May to exclude the Chinese telecom giants from Canadian 4G and 5G wireless networks, and to give them powers they might want to deal with future threats.
Who pays: The telcos and their customers. The bill specifies that nobody gets any compensation for such orders.
Chris Parsons, who studies cybersecurity at the University of Toronto’s Citizen Lab, told The Logic that lack of reimbursement will have different impacts on giants like Bell, Telus or Rogers versus small regional providers, especially those who serve Indigenous customers in remote areas.
“I think there’s a real question as to whether [small providers] have the operational capacity to do that,” Parsons said.
New cybersecurity demands: The other part of the bill will require “designated operators” of “critical cyber systems” to maintain cybersecurity programs, be subject to inspections and report breaches to the Communications Security Establishment immediately.
This will apply only to federally regulated businesses (such as banks, airlines, telecom companies and operators of nuclear plants or interprovincial pipelines), but the government hasn’t decided which ones yet. The details are to be set once the bill is passed.
Individuals could be penalized up to $1 million for non-compliance. Corporations could be charged up to $15 million.
What’s missing: Parsons said the legislation should include more public disclosure and reporting requirements: which threats are addressed, what improvements are made and what the costs are, to start with—in broad terms, if not in detail.
If part of the problem the law is meant to address is that the federal government doesn’t know enough about the cyber threats affecting Canada—hence the reporting requirements—it could be premature to give the government new powers in the same bill, he said.
Loading...
You have shared 5 articles this month and reached the maximum amount of shares available.
CloseIf you would like to purchase a sharing license please contact The Logic support at [email protected].
CloseYou have gifted 0 article(s) this month and have 5 remaining.
Recipients will be able to read the full text of the article after submitting their email address. They will not have access to other articles or subscriber benefits.
Photo: The Canadian Press/Lars Hagberg
Great journalism delivered straight to your inbox.
Get up to speed in minutes with insights and analysis on the most important stories of the day, every weekday.
See the bigger picture with reporters and industry experts in subscriber-exclusive events.
Membership provides access to our popular Slack channel, participation in subscriber surveys and invitations to exclusive events with our journalists and special guests.
