Overview of the Proposed Changes to the Telecommunications Act
On June 14, 2022, the Government of Canada tabled an Act Respecting Cyber Security in the House of Commons. Included in this legislation are proposed amendments to the Telecommunications Act (TA) that would establish new authorities that enable the Government to take action to promote the security of the Canadian telecommunications system, which could include taking measures with respect to high risk suppliers, as well as information sharing and enforcement powers.
The TA currently contains nine objectives, which guide how it is applied and which are linked to the various regulatory functions in the Act. These are broad statements of principle including, for example, that telecom services should be reliable, high quality and affordable. A new objective would be added to promote the security of the Canadian telecommunications system, enabling the Minister Industry and the Canadian Radio-television and Telecommunications Commission (CRTC) to consider this objective when exercising their respective powers under the TA. It would allow for the same thing under the Radiocommunication Act (RA) which incorporates the TA objectives by reference.
Enacting Security in Telecommunications
The legislation will enable the Government to impose prohibitions on the use of products and services from specific suppliers by Canada’s telecommunication services providers (TSPs), should those products be deemed to pose a risk to the security and reliability of the Canadian telecommunications system. Under these new powers, TSPs could be prevented from using or be required to remove all products and services from designated suppliers. This would be done by an order issued by the Governor in Council.
Additional Order-Making Powers
Additional authorities to promote the general security of the Canadian telecommunications system will rest with the Minister of Industry; the bill contains several examples of the types of orders the Minister can make but the list is non-exhaustive. These include ministerial orders to manage and assess the security posture of the TSPs. The Minister will also be provided with enforcement authorities.
In specific cases, the Minister of Industry will be obliged to consult with the Minister of Public Safety before issuing an order. Those cases involve orders obligating a TSP to cease providing services, or suspend the provision of services for a period of time, to any person, including to another TSP. For example, this would enable the Minister of Industry to take urgent action to address malicious network behaviour or traffic flows (e.g., redirection, hijacking of internet routes, denial of service using high-volumes of network traffic).
Other ministerial orders could require that operators submit their network design, their equipment and their planned equipment purchases to a review process. This is so the Government can help identify possible security risks, and can require that actions be taken to address any vulnerability or deficiency as necessary. Given that functionality and software can evolve over time, orders could be issued to prohibit a TSP from upgrading any specified product or service, should there be concerns about another party interfering with or materially altering the software.
In addition, the Minister of Industry could require TSPs to implement their own internal security plans to protect their systems and equipment, and to asses the effectiveness or weaknesses of those plans, directing improvements as needed. Leveraging the work of the private sector and the international technical community, Ministerial orders could be used to require Canadian operators to implement specific standards or frameworks, whether technical or procedural.
As a practical reality, all communications technologies have some flaws; in some cases however, the risk of using a particular piece of equipment or service may be too great. As such, the Minister of Industry will be able to impose, by order, conditions or restrictions on the use of individual products or services, or could prohibit their use outright. This is distinct from the authority vested in the Governor in Council, in which all products from a supplier could be prohibited from use.
These authorities would rest with the Minister of Industry as they are more technical and administrative in nature. They are designed to make iterative adjustments in the security of Canadian telecommunications networks. The Governor in Council would have the ability to issue regulations capturing anything which could be otherwise addressed as a Ministerial order.
Orders will be exempt from the Statutory Instruments Act and, if deemed necessary, they can be confidential.
Provision of Information and Information-Sharing Powers
The Minister of Industry would have the authority to compel any person to provide information in order to implement the provisions of the legislation. There would be provisions to maintain information in confidence where so designated, such as in the case or trade secrets or economically sensitive data.
The TA has existing information sharing provisions between the CRTC and ISED. These would be broadened to include other Ministers and agencies for purposes of making an order, or undertaking investigation and enforcement activities in relation to an order.
Inspection, Enforcement and Offences
The proposed amendments would establish an enforcement regime under which the Minister could designate inspectors to verify compliance or non-compliance with eventual orders. An administrative monetary penalty (AMP) regime and an offence would also be created to allow for enforcement of orders.
Should an order be challenged in court, judicial review provisions would allow for the judge to hear submissions from the Government on evidence and other information that could be injurious to international relations, national defence, national security or endanger the safety of any person, and rely on such evidence without it being disclosed to public, including the applicant and its counsel. These provisions would ensure fairness within the judicial process by requiring that the applicant be provided with sufficient information to be reasonably informed of the Government’s case. They are narrowly scoped and would only apply to those portions of the judicial review proceedings that involve this type of information.
- Date modified: