:
I call this meeting to order.
Welcome to meeting number 22 of the House of Commons Standing Committee on Procedure and House Affairs.
The committee is meeting on its study of parliamentary duties and the COVID-19 pandemic. Pursuant to the motion adopted by the House on May 26, the committee may continue to sit virtually until Monday, September 21, to consider matters related to COVID-19 and other matters.
Certain limitations on the virtual committee meetings held until now are now removed. As mentioned, the committee is now able to consider other matters, and in addition to receiving evidence, the committee may also consider motions as we normally do. As stipulated in the latest order of reference from the House, all motions shall be decided by a recorded vote.
Finally, the House has also authorized our committee to conduct some of our proceedings in camera, specifically for the purpose of considering draft reports or the selection of witnesses. On this point, however, I would like to clarify that the Clerk of the House has informed the whips that, until the House administration finalizes a process to switch between public and in camera proceedings within the same meeting, all virtual meetings that begin in public must remain in public until the end, and all virtual meetings that begin in camera must remain in camera until the end.
Today’s meeting is taking place by video conference and all the proceedings will be made available via the House of Commons website. The webcast will only show the person speaking, rather than the entire committee.
To ensure an orderly meeting, I would like to outline a few rules to follow. Interpretation in this video will work very much like in a regular committee meeting. You have the choice, at the bottom of your screen, between either floor, English or French. As you are speaking, if you plan to alternate from one language to the other, you will also need to switch the interpretation channel so it aligns with the language you are speaking. You may want to allow for a short pause when switching between languages.
Before speaking, please wait until I recognize you by name. When you are ready to speak, you can click on the microphone icon to activate your mike.
This is a reminder that all comments by members and witnesses should be addressed through the chair.
Should members need to request the floor outside their designated time for questions, they should activate their mike and state that they have a point of order. If a member wishes to intervene on a point of order that has been raised by another member, they should use the “raise hand” function. This will signal to me your interest to speak. To do so, you should click on the “participants” icon on the toolbar below. When the list pops up, you will see the “raise hand” function next to your name, but for some it may be at the bottom of the participant toolbar.
Please speak slowly and clearly. When you are not speaking, please ensure your mike is on mute.
Headsets for all our witnesses are strongly encouraged. Of course, all members of Parliament already know this.
Should any technical challenges arise, for example, in relation to interpretation or a problem with your audio, please advise the chair immediately and the technical team will work to resolve the problem. Please note that we may need to suspend during these times as we need to ensure all members are able to participate fully. We have had some of these issues occur in the past. Please try your best to inform me or the clerk that you're having some difficulty so we can try to get you back online or get your audio working.
During this meeting, we will follow the same rules that usually apply to opening statements and the questioning of witnesses during our regular meetings. The witnesses will have seven minutes for opening statements and that will be followed by two rounds of questions by the members. As usual we will suspend between panels to allow the first group of witnesses to depart and the next panel to join the meeting.
Before we get started, can everyone please click on the top-right side of their screen and ensure they are on “gallery view”? With this view you should be able to see all the participants.
Without further ado, I would like to welcome the witnesses. This is a long-awaited panel. There have been a lot of questions surrounding security and IT.
We're very happy to have our witnesses today: Mr. Essex, associate professor at the University of Western Ontario; Madam Goodman, assistant professor at Brock University; Mr. Roberge, president of Arc4dia; and Mr. Morden, research director at Samara Centre for Democracy.
Thank you so much for being with us today.
Can we begin with Mr. Essex, please?
:
Good morning and thank you, Chair.
Thank you for this opportunity to speak to the committee.
As I was preparing for this statement, my son reminded me that a group of owls is called a parliament, so let me say what a hoot it is to be here this morning.
My name is Aleksander Essex. I'm an associate professor of software engineering at Western University. My research is in cybersecurity and cryptography, but my expertise is in the cybersecurity of elections.
I've studied cybersecurity issues of online voting extensively in Canada and abroad. I frequently share these findings with election agencies and commissions, municipal councils and associations. I co-authored the 2013 cybersecurity analysis of vendor proposals for the City of Toronto regarding their online voting RFP. I led a cybersecurity study of online voting use in the 2018 Ontario municipal election. In February I spoke at the New South Wales parliamentary committee on electoral matters about their online voting system. Next month I'll be speaking to a Northwest Territories legislative committee about their new online voting system.
More recently, I've been working with Dr. Goodman—who's speaking next—to try to advance the cause of cybersecurity standards for online voting in Canada. Our country actually has one of the highest rates of online voting use in the world, but somehow we have no standards for any of it. As you can imagine, this has led to a number of troubling incidents and, in my opinion, a very intolerably high cyber-risk exposure.
I've seen a lot of bad voting technology in my time, so back in March, when Dr. Goodman and I heard that Parliament was studying the issue of remote legislative voting, we wanted to get out in front of any potentially dubious proposals, such as the EU Parliament’s idea to use email for voting. We wrote an article in Policy Options to try to provide some food for thought. It was interesting, because although the article was about how to do remote legislative voting in a safe, cyber-conscious way, all the feedback we received revolved around the importance of parliamentary tradition.
I agree that parliamentary tradition is really important, but our present circumstance isn't exactly traditional. The Globe reported this week that there have been 38 regular sittings of the House in the past 12 months. That's not tradition. There were 30 members voting on historic spending measures. That's not tradition. All the members were meeting in a kind of supercommittee but not actually voting. That's not tradition either.
Here we are. What are we going to do?
The good news is that remote legislative voting happens to be a way easier technical problem than online voting for general elections. There are a couple of good reasons for that. One is that unlike a general election, Parliament can support MPs with secure technology and training. Most importantly, legislative votes are not secret. They're a matter of public record. That means you can go back and check what was recorded. It means you can actually detect when things go wrong.
Here's where we have to be careful: It's not enough to be able to check. You need to actually do it, and you need to have procedures in place so that you know what to do when things go wrong.
This might seem like a totally obvious statement, but it's actually not. I mean, it should be, but our experience has demonstrated, time and again, a kind of bias in the election world to, frankly, only prepare for disasters after they've already happened. We're saying let's not wait. Let's anticipate. Let's build it right from the beginning.
Let me give you an example. Six months before the 2018 Ontario municipal election, I did a story with CBC about how I was worried that the cities that were doing online voting didn't seem to have a cyber-incident response plan. Imagine the Internet goes down on election night; what are you going to do? What's your game plan? CBC then went and interviewed a number of city clerks. Several of them admitted that they actually didn't have a plan. One even literally said that they were hoping nothing happened.
What do you think happened? One of the online voting vendors accidentally didn't provide enough bandwidth. The online voting websites of 43 different cities, accounting for almost a million voters, went down on election night, and 35 of those cities used emergency measures to extend the voting period by 24 hours. It wasn't just that these cities didn't have a plan in place. It's that they didn't think it was enough of a risk to even have a plan for it.
You might think that this was just a fluke, but a similar situation happened in New South Wales last year, which is why I was testifying there. I was telling them about what happened in Ontario because it was related. Their registration went down on the eve of the election. You might think that this is all good, that this all applies to general elections, that legislative voting is different. However, just last week in Sarnia, Ontario, a city council vote actually passed by mistake. It turns out that the world “disagree” sounds exactly like the word “agree” if the first syllable drops out in a glitchy Zoom connection.
Fortunately, the staff was on the ball, and they caught it this time, but what about next time? Obviously, we need procedures to make this kind of checking repeatable and, by the way, part of the ultimate eventual tradition.
We have only touched on accidents and mistakes, but we're also worried about deliberate efforts from advanced persistent threat actors like nation states. We have seen these kinds of advanced threat actors living in the IT infrastructure of our cities. If they're willing to spend months mapping out a system for a few thousand dollars of potential ransom money, imagine what they could do to an election. Then, why even hack an election when you could just hack the law itself?
Let me conclude by summarizing a few takeaways. Secure, remote online voting for non-secret parliamentary divisions is doable, but it has to be done right. There have to be procedures for detecting errors, whether they are due to hacking or accidents or disasters. Someone has to be responsible for checking that an MP's vote was correctly recorded. There have to be procedures for granting opportunity to recover from that error, and we have to confront our temptation to think that nothing is going to happen.
I heard that people were talking about tornadoes last night and windows blowing open, and these sorts of things don't happen until one day they do.
Madam Chair, thank you for letting me share these thoughts with you. It would be an honour to answer any questions the committee may have.
Thank you.
:
Good morning. I’d like to begin by thanking the chair and members of the committee for the invitation and the opportunity to speak today and share my research and thoughts.
I've spent the past 11 years working in the area of electronic voting, both within Canada and internationally. This work has involved leading and coleading projects to examine the effects of remote online voting in the context of municipal elections, indigenous elections and a range of political party votes. Beyond social and political effects, I have been looking at the cybersecurity of digital voting from a policy perspective and exploring regulatory possibilities. Much of this work has involved collaboration with my colleague Dr. Essex.
Today I’d like to make four specific points: one, why online voting works for legislative voting; two, the types of remote electronic voting that could work in a legislative context and which one is best for Canada’s House of Commons at this time; three, how this work could make the legislature more flexible and accessible in the future; and four, some opportunities for thought leadership.
To begin, I’d like to provide the committee with some context about the core debate surrounding voting remotely over the Internet.
There are two primary sides of the debate, which usually focus on deployment in public elections. On the one hand, there are arguments for the benefits of online voting, such as enhanced accessibility, convenience and increased turnout. These benefits have been documented in municipalities and first nations in Canada. On the other hand, however, there are concerns about the cybersecurity and privacy of the vote. In some instances, online voting trials supporting public elections have been halted or cancelled due to security concerns or the detection of vulnerabilities. Two examples include a system in Switzerland and one in New South Wales, Australia.
This debate is relevant for the committee’s consideration because remote online voting can support Parliament to continue during the pandemic without sacrificing representation and the inclusion of members. At the same time, there are unique characteristics about legislative voting that make remote online voting possible and the cybersecurity more solvable than in public elections. As my colleague mentioned, the reasons for this are outlined in our brief to PROC: An MP’s vote is a matter of public record, and the federal government has the resources and capacity to support the cybersecurity infrastructure and implement necessary policy and procedures.
Based on our review, there are four main types of electronic voting that could enable remote voting for MPs. There's email voting, where members receive a ballot form electronically via email and submit their votes via email. This approach is being used in the EU Parliament. There's web-based voting, which is used in public elections and party votes in Canada. This involves ballots being accessed and cast via a website. An example of this is the U.K. House of Commons' MemberHub system. There's application-based voting, where members download an application to access and cast ballots. The Chamber of Deputies in Brazil has taken this approach. There's also video voting, where members vote via video by a show of hands or by voice. This is being used by local councils across Canada. Belgium, for example, is also using this for its committee votes.
All of these approaches have benefits and challenges, with email voting being the least secure and posing the greatest risk. In a legislative context, video voting presents probably the best or most usable solution for regular non-anonymous parliamentary votes. There are some benefits to this approach: It poses less risk, although there are still risks that need to be managed; it is the easiest to deploy and requires less technology; and it interfaces more closely with the parliamentary tradition of standing in the House.
Implementing video-based voting would require establishing some procedures. Here are some examples.
One is establishing whose responsibility it is to watch and record a vote. This could include staff members, MPs, party whip offices or perhaps a special segment of staff who support digital House matters. One consideration here is to think about putting a process in place where votes are double verified either by two individuals or across two different areas.
Another example would be mandating neutral backgrounds in video conferences to ensure that there are no images in the background that could send messages or carry a partisan tone that couldn’t be visually signalled in the legislature.
A third example would be allowing the Speaker to call for a revote in the case of technical errors. This was a procedural change introduced in the U.K., for example.
This does not mean video voting is without challenges or would work in all contexts. Anonymous votes, for example, would not replicate well on Zoom.
My third point has to do with making the legislature more flexible and accessible. Enabling a system for remote online voting could have future benefits in keeping legislative business moving in times of crisis, such as with COVID-19, climate change and future viruses, and in the context of accessibility for individual MPs.
The option of remote online voting could provide MPs with improved access to voting under special circumstances, such as in situations of maternity leave or parental leave following the birth of a child; in times when an MP's constituency is faced with a specific crisis, and they are torn between being in their community or advocating for their constituents' interests in Ottawa; or in cases of sickness where a member is not able to physically attend the legislature.
This committee considered proxy voting and electronic voting in 2016 as part of a study on how to make the legislature more family-friendly. However, no recommendations were made at that time. Other legislatures, like the U.K. House of Commons and Australia's House of Representatives allow for proxy voting for new parents, while Canada's House of Commons currently requires a member to be present in the chamber to have their vote recorded.
I understand that witnesses have been unanimous that the committee consider these changes for the pandemic only. However, thinking about how such a system could enhance the participation, representation and inclusion of members in certain circumstances is part of modernizing the legislature.
In closing, while the committee does not have to engage in a typical online voting debate, we see with regard to public elections, it does have to engage in its own debate about maintaining parliamentary tradition versus modernizing to become agile in uncertain times.
Finally, there are two opportunities for thought leadership. The committee's work in this area on policies and procedures for remote voting could not only benefit the House of Commons in the future but also other legislatures across Canada and abroad.
There is currently no regulation of remote online voting in Canada, so as we think about the adoption of voting technologies in the legislature, we might also reflect on how this conversation could later benefit electoral integrity in the context of public elections.
Thank you.
:
Thank you very much, Madam Chair and members of the committee, for inviting me to participate.
I will start with a bit about me. I have worked in cybersecurity, facing the most advanced cyber-attacks in the world for the past 20 years, both within government and as an entrepreneur. I am currently leading Arc4dia, where we are providing services, acting as the last line of defence to detect intrusions by leveraging our proprietary software. We have been operating remotely and decentralized since I founded Arc4dia 10 years ago. I also participate within the Bitcoin community, both publicly and within invitation-only fora, as a think tank in security and game theory in the ecosystem.
I came with a few points to share with this committee from listening to the previous meetings. Although I only listened to a few, I do have some observations.
I observed a resistance to change that is driven by a desire to keep what works well, and that, due to past errors, hurts collegiality. It is true that change is a threat vector that can be exploited by others. However, being static is also a weakness that can be exploited to prevent us from fixing what we have broken in the past or what needs to change in order for us to adapt. With the world changing around us, and very fast, with the rise of artificial intelligence combined with cyber-domain attacks and social engineering driven by artificial intelligence, I believe we need to change and adapt and, even better, be ahead of the curve.
To do so, and to dwarf non-genuine influences, we need to strengthen collegiality. It is by knowing each other more intimately that we will detect and see attacks against us and have the agility and the speed necessary to react before damage is done. For example, limiting or reducing face-to-face interaction has been brought up by many during the hearings as a change that will have negative outcomes for the effectiveness of our democracy. These are the kinds of changes where we need to be agile and be able to bring back collegiality. I heard that some get-together dinners were removed from the tradition of the House of Commons, where opposing parties had held discussions in a more relaxed and convivial atmosphere. I would advise you that such sittings are very important in our defence against cyber-domain attacks.
Understanding the nuances of our interpersonal and professional communications is essential in detecting subtle attacks against us. Our adversaries will look for ways to interfere with all forms of communication, and not just the written kind in email, texts and online postings. For example, during video-based presentations they will or could disrupt images and the tone of voice in an effort to inject or alter messages of body language, facial expressions and the intentions of our elected officials. Without our collective understanding of what right looks like, we will fail to see the subtle attacks that will eventually lead to more brazen and flagrant attacks.
I also observed concern with e-voting. E-voting and the use of technology should complement and reinforce one vote. Make sure your voice can be heard and make sure it is accurate. The way I see technology and software is that they augment our reliability and agility in our voting process, and perhaps even make it antifragile. We need to move away from using a single platform to vote, in favour of adding technological compatibilities to strengthen the reliability and the resiliency of voting. Perhaps we should vote on video, as well as signing our votes with dedicated, secure hardware. We can then audit that our votes are correct. Perhaps we could time-stamp our votes with a Bitcoin blockchain, making them forever verifiable.
In short, diversity—one might say multifactor authentication—in our methods of conducting business face to face, by voice and electronically will make it more difficult for our adversaries to achieve their desired outcomes and improves our opportunities to detect their attacks. These ideas and improvements should come gradually, holistically and in an agile process. If not already in place, I would recommend that the House of Commons put in place such processes, supported with permanently ongoing threat and risk assessment, versus the typical static evaluation that ends up on the shelves collecting dust to check some accreditation marks.
In closing, the three observations I have described are woven together by a common thread; that is to say, defending ourselves is more than simply a technology issue. To protect the integrity of the House of Commons and the parliamentary process so that legislation, policies and directives of the Government of Canada truly represent the intentions of the electorate, we need to provide the electorate with the highest level of confidence that the actions of the House of Commons are truly what they are supposed to be.
Regardless of the method of operation, whether it is in person or virtual, the importance of this cannot be overstated.
We require defensive measures, assessed and developed in a holistic and continuous threat-risk managed manner that address all forms of attacks, such as political attacks on infrastructure and people, attacks that attempt to compromise the integrity and loyalty of our people, attacks that attempt to compromise or disrupt the integrity of our supply chains, attacks aimed at disrupting our ability to determine truth from fiction, and of course, attacks that attempt to disrupt or compromise our IT systems. There is no higher calling than to protect our democratic institutions and our country.
I thank you, and I look forward to your questions.
:
Thank you, Madam Chair, and thanks so much to the members of the committee for this opportunity to address you.
My name is Michael Morden. I'm the research director of the Samara Centre for Democracy. The Samara Centre is an independent, non-partisan charity that is dedicated to strengthening Canadian democracy through research and programming.
We want to thank the committee for undertaking this study. Given the scope of the crisis, the scale of the government's response and the enormous uncertainty that exists, Parliament is not optional at this time. The only question to address ourselves to is how to make it work. Arriving at a solution that commands some measure of cross-partisan support is a solemn responsibility that falls to you.
I understand that our presentation comes perhaps somewhat late in your deliberation. Nevertheless, I think it's useful to consider questions of politics and principle at the same time as technical ones, to remember why we're pursuing this, and not to miss the forest for the trees.
The Samara Centre supports a move in the immediate term to hybrid virtual and in-person sittings of the House of Commons, with remote voting for those who are unable to attend in person. We think the hybrid virtual model is the best among imperfect options.
To be clear, the best of all versions of the House of Commons is the one in which 338 individuals share a room, and there are a lot of reasons for that. We've been a consistent voice in calling for members to spend more time together in Ottawa, to facilitate collegiality and to build informal relationships between members, parties and chambers. However, given the limits imposed through physical distancing, and credible concerns about travel, in our assessment, that option just isn't on the table. We need a full-service Parliament now and, in our view, through the summer.
I hope the option of a full, in-person convening of the Commons will return soon, but we're clearly in a state of deep uncertainty. As the second-largest country on earth, we may find that we're uniquely challenged to get back to full physical national sittings of Parliament. It's a necessary step in the immediate term and a prudent step for the middle term to institute the capacity to resume full parliamentary business with remote participation.
I want to foreground the values that lead us to that conclusion. In times of uncertainty, it's often worthwhile to return to first principles. Parliament exists for scrutiny, to enable the passage of legislation and also for democratic representation. The most desirable pandemic Parliament is one that strikes an appropriate balance between all of those functions. We feel that the current approach, employing a handful of day-long sittings in addition to committee work, is not sufficient to deliver the level of scrutiny, productivity and representation that's required.
We also take issue with any approach that would convene the Commons but exclude most of its members, for example, by operating on the basis of a skeleton crew of 40 or 50 MPs. That approach facilitates some scrutiny and enables the passage of legislation, but in our view, it comes at the expense of democratic representation. Some 18 million Canadians voted last fall to send individual representatives from each of their communities to Ottawa, and it's no small thing to render the vast majority of those communities unrepresented in the Commons while these momentous decisions are being taken.
For that reason, we think the best balance between scrutiny, productivity and representation is struck with a hybrid Parliament permitting remote participation, including remote voting. The technical challenges posed by such an approach are not insurmountable. Many other jurisdictions have walked this road. There are different models available to us, as Dr. Goodman described, and the House of Commons administration deserves particular praise, in our view, for adapting and adding capacity with alacrity.
In our view, there's no question that remote voting is feasible. It's feasible to do it securely, and it only awaits a decision by parliamentarians.
In the early stages of the pandemic, we supported the notion of incremental adaptation. Moving to a hybrid virtual Parliament was never going to be as simple as flipping a switch. We now have proof of concept, both in the experience of other jurisdictions and also in Parliament's own experience of authorizing the virtual conduct of some business activity. At this point, we hope that the committee will provide the Commons with a strong prompt to move as quickly as is feasible to resume full parliamentary business with remote participation.
We believe that legislative business should not be limited to the pandemic response alone. We welcome the granting of committees the opportunity to discuss other issues. We would like to see that reflected in legislative work as well. There are a range of issues that were urgent in January and February of this year that are no less urgent now. Just as doctors warn about the possibility of secondary health crises that are a consequence of delaying treatment for non-COVID-19-related illness, Canada may also become vulnerable to multiple crises during and after the pandemic if we can't attend to the policy needs that existed before it.
We also believe that the hybrid virtual Parliament's business should include opposition days and private members' business. No one has all the answers right now, so this is a really good time for multiple inputs.
In closing, I want to mention briefly that the Samara Centre periodically surveys MPs, and we're doing so now precisely on the question of how the pandemic has affected and should affect parliamentary work. We're always keen to develop an accurate picture of members' views on this issue and develop a body of evidence, and we encourage all members to make use of this anonymous platform to share your expertise.
Thank you very much.
I will start with Dr. Essex and Dr. Goodman.
I listened to some of the comments made by Mr. Morden just now. In your opening remarks, both of you talked about voting. You expressed your concern about voting for electoral events being done electronically, but indicated maybe it could work in the parliamentary context.
I guess I didn't hear from either of you any thought about some of the other things that lead into voting. You talked about the technicalities of it, and that's important too, but a lot of things lead into it.
Mr. Morden was talking about some of those other things that occur in Parliament besides, obviously, just the voting aspect of it. Things like debates go on in the House, and we have the input we get from constituents, consultations we have and discussions we have within our parties and within our caucuses. Committee studies happen, all of these things, and then there's even the stuff that happens in the hallways, the corridors and whatnot. Mr. Morden identified how important some of those things are.
I want to see if either one of you has given any thought to those things and, when we're dealing with online or remote voting, whether there would be an impact on those things and what that might mean for democracy or for Parliament.
Dr. Goodman or Dr. Essex, do either one of you have comments?
:
Good morning, and thank you all so much for your testimony today.
The first question I have is about voting. First of all, just for the record, I agree that if we're going to do some sort of virtual voting, I would much rather see someone's face on the screen voting one way or another. I think it would allow us all to have that high level of accountability.
As a parliamentarian who is farther away from Ottawa, I also really respect the fact that being able to choose the health of yourself, your loved ones and your constituency is also a priority at this time. I agree that the hybrid model is a good step forward.
One of the challenges we've heard about, though, is how many decisions are actually made in the House through voice voting.
Maybe I can start with you, Ms. Goodman, if you have any information or thoughts on how to do a voice vote during this time.
:
Thank you, Madam Chair.
Thank you to all the witnesses.
Dr. Goodman, you talked about the potential of flexibility and accessibility. On the one hand, you said that you agree that during a crisis it's a good mechanism to move to remote voting. The Constitution dictates that Ottawa is the seat of Parliament, so there are some challenges. You mentioned as well circumstances where an MP may have busy constituency schedules, the issue of maternity leave and the other examples you gave.
However, there are circumstances where members, for example, could use that as a reason not to be in Ottawa, and there may be situations where they do have a busy constituency schedule and need to be back in their ridings and not come to Ottawa. It could happen when there's a close election and they don't want to be in Ottawa, and they would use remote voting as a mechanism to not be back in Ottawa. There could be situations where an MP is facing, for example, very serious criminal charges and doesn't want to face the scrutiny of the parliamentary press gallery.
How would you propose to differentiate between what would be, as you said, those convenient situations and the other types of situations I mentioned that have MPs avoiding being in Ottawa?
:
Thank you very much, MP Brassard, for allowing me the opportunity to clarify.
With respect to the birth of a new child, there's precedent there in other legislatures with proxy voting, and there's a good argument to be made there for extending that to electronic voting.
With respect to individual MPs, I wasn't necessarily thinking of busy schedules, I was thinking more of crises. For example, say there were some kind of flood in an MP's community and that MP needed to be there, or there was a big fire or some other kind of crisis. With COVID now we think of ourselves as having a macro-crisis, but I'm thinking of a micro-crisis in a constituency, “micro” being small because it affects a particular area. That could be very well defined so that it wouldn't be taken advantage of.
With respect to sickness, no example comes to mind right now, but I have seen or heard of situations where a member was battling cancer and either wasn't able to attend a vote, to participate, or some members have come while they are very ill to vote just once. In cases of sickness like that, the member could stay in the hospital or at home and rest and be able to participate. I'm thinking of extenuating circumstances, not just busy schedules.
:
Welcome back. We're going to get started. I would just like to ensure that everyone is in the gallery view at the top right-hand corner. You can switch between speaker view and gallery view. We'd prefer if you stayed on gallery view so you can see all of the members in the committee meeting.
I'd like to make a few comments for the benefit of the new witnesses before us.
Before speaking, please wait until I recognize you by name. When you are ready to speak, you can click on the microphone icon to activate your mike. Please let us know if you're not familiar with the Zoom application, and we can walk you through some of the features.
I remind everyone that all comments should be addressed through the chair.
Interpretation works just as it does in a regular meeting, if you have appeared before a committee before. You'll have a choice at the bottom of your screen of floor, English or French. As you are speaking, please select the language you are speaking in.
We have simultaneous interpretation. Please make sure, in order to make the lives of the interpreters a little bit easier, that you're speaking slowly and clearly and that you have the right language selected at the bottom of your screen.
Also, please ensure that your mike is on mute when you are not speaking. For quicker interactions later on, when we get to the question-and-answer portion of the panel, you can use your space bar to unmute your mike. Pressing down on the space bar unmutes the mike temporarily. That would be for quicker interactions. However, for your opening statements, I would suggest that you unmute using the icon.
I think you've all been told about headsets. They do improve the quality of the sound, especially for the interpreters, who have to concentrate quite a bit in order to provide the interpretation, so if you have a headset, please wear it.
I'd like to welcome the witnesses before us today. We have academics, and it's really great. Even in the previous panel we got a lot of valuable information from the professors who came before us.
We have Mr. Ghorbani, professor and director at the Canadian Institute of Cybersecurity, University of New Brunswick. We have Mr. Jourdan, professor of computer science, faculty of engineering, University of Ottawa. We have Chris Vickery, director of cyber risk research at Upguard.
Welcome, everyone. Thank you so much for being here today.
We'll have seven-minute opening statements from each of the witnesses, starting with Dr. Ghorbani.
Go ahead, please.
:
Honourable members of the Standing Committee on Procedure and House Affairs, thank you for inviting the Canadian Institute for Cybersecurity at the University of New Brunswick to speak today about cybersecurity considerations relating to the establishment of a hybrid Parliament.
My name is Ali Ghorbani. I am a professor of computer science, a tier one Canada research chair in cybersecurity, and the founder and director of the Canadian Institute for Cybersecurity.
Cybersecurity and privacy, once issues only for technology experts, have become widespread concerns in business and society. Cybersecurity is no longer just an IT problem; it's a business problem; it's everyone's problem. The weakest link in cybersecurity is now people, not devices. Here at the Canadian Institute for Cybersecurity, we think that the human factor is considered the biggest threat to cybersafety, and we strongly believe that cybersecurity requires multidisciplinary and human-centric solutions.
The Canadian Institute for Cybersecurity is one of the first institutions to bring together researchers from across the academic spectrum to share innovative ideas and carry out groundbreaking research into the most pressing cybersecurity challenges of our time. We have been doing research and development and entrepreneurial activities in this area non-stop for over two decades. We have developed multiple practical network security solutions, and our research has led to the establishment of several companies. Currently, the institute has a team of 60 researchers, technical staff and graduate students, and a state-of-the-art architecture and infrastructure.
The science of cybersecurity is about managing risks and avoiding surprises. There will be security risks with any online communication platform. In the “Virtual Chamber” report of May 7, 2020, it is written:
Members who wish to participate remotely will connect using a videoconferencing platform integrated into existing on-premise technologies.
Let me briefly highlight the security and privacy issues in relation to the proposed platform from two perspectives: users and organizers.
On the user side, the first issue is awareness of cybersecurity. The remote participants who use the platform for virtual sittings must be aware of the security risks associated with the use of online video conferencing platforms or, if not, must be trained for such. The goal is to avoid issues such as installing platform software from an unofficial site, which can be malware; phishing scams asking to join video conferences, which steal credentials; and overprivileged video conferencing application by using the web version, which sits in a sandbox in the browser when possible, instead of installing an application.
The second issue is technical issues for remote access. The remote participants who use the platform for virtual sittings must have satisfactory assets for remote access or, if not, must be provided with such. The goal is to avoid issues such as hardware shutdown during connection due to power outage, which can be considered as an availability issue; slow connection and breaking during meeting, which can be considered as an availability and/or integrity issue; and vulnerable webcams, which can be accessed by unauthorized users and can be considered as confidentiality and privacy issues.
On the organizer side, the first issue is trusted computing based on trusted hardware. With regard to the proposed integration of a multimedia system with video conferencing and a voting system, it is known that a system is as secure as its weakest link.
Furthermore, computing hardware has security issues, such as branch direction prediction attacked by Spectre.variant 1. Therefore, it raises the need to use trusted hardware such as trusted platform module, TPM, also known as ISO/IEC 11889, which is a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
The second issue is verifiable software. The software integrated in the virtual chamber must be verified, or if not, it must be open sourced, such as Helios for online elections system, or openly reviewed such as a Zoom proposal for end-to-end encryption for video conferencing.
The goal is to avoid software vulnerabilities, such as meeting bombing when an unauthorized person joins a meeting; client application chat issues, malicious links and arbitrary file write; and security risks related to operating systems of the video conferencing platform and user management system.
Last but not least, the third issue is secure cloud and networking technologies. The network integrated to the virtual chamber must be private, or if not, it must be secured. The goal is to avoid cloud and network vulnerabilities, such as security risks related to streaming video, such as stream grabbing and uploading; and security risks related to data routing, such as route manipulation and route hijacking, which requires that the integrated platform must offer the ability to choose through which region of the world their data would be routed.
With that, thank you again for inviting me to be with you today. I look forward to your questions.
:
Madam Chair, ladies and gentlemen members of the committee, thank you for inviting me to appear before you.
My name is Guy-Vincent Jourdan. I am a professor of computer science at the University of Ottawa's Faculty of Engineering. My research topics include software security and cybersecurity. Over the past few years, I have worked specifically on cybercrime and cybersecurity, in collaboration with IBM.
Is there a reasonably secure way to implement a hybrid Parliament in Canada, including a remote electronic voting system based on the report produced in May here titled “Virtual Sittings of the House of Commons”? I think so, as long as we are given the means to do so.
Of course, it is difficult to be very specific without an in-depth preliminary study whose conclusions would not fit into seven minutes anyway, but here are a few important points, in my opinion.
Concerning parliamentary discussions and debates, a number of key elements facilitate the process. First, our Parliament has an existing and effective security structure, recognized as such, and competent staff we can count on. Secure communications among members, secure infrastructure, control of devices used remotely and the software installed on those devices have all existed for a long time.
In addition, the situation we are facing is global and the needs are similar everywhere else. For example, I know that Brazil, Spain, the United Kingdom, Wales and the European Parliament have all set up forms of virtual Parliament, some with a remote electronic vote. So it is feasible, and we can, therefore, also benefit from the feedback and lessons learned around the world.
The idea of virtual sittings and remote votes may be relatively new for many parliaments and governments, but we shouldn't forget that those systems have been used for a long time in the private sector to handle daily business, organize confidential meetings and boards of directors or to vote at shareholder meetings.
Video conference software, in particular, has been the subject of security analyses for a long time. For instance, the NSA recently published and has been updating a document containing the important points on selecting and using that software, such as end-to-end encryption, multifactor authentication or the use of certified and controlled devices.
In that report, a number of solutions are positively assessed, such as the solutions provided by Microsoft or Cisco, or the Zoom software, which we are using now.
However, there is more to the issue than choosing a video conferencing software. Parliament certainly needs to be able to debate, but it also needs to be able to call for a vote, vote and have confidence in the result of the vote. It must be possible to respect the rules and adapt them as needed.
The Internet vote is an issue in itself. I think that we can generally say that the IT security community is not favourable to it, as the challenges are too great, the risks too high and the benefits dubious. That said, once again, we have to look at what we are talking about. The parliamentary vote is not the same thing as the Internet vote in general.
One of the fundamental differences, first and foremost, is that it is a public ballot, which, of course, considerably facilitates the problem resolution. The result can be widely disseminated, and everyone can know how the votes were counted.
Moreover, the electorate is very small, and every member is known. The devices used for the vote are controlled and managed by the parliamentary technical staff. Members can also be provided with tailored training and support. Finally, the benefit of such a vote seems clear, at least right now.
We can imagine that the system will be a combination of an accredited video conferencing system, a secure communication system and a voting system, possibly integrated into one of the two systems, but not necessarily.
During normal proceedings, the member will be asked to vote through a secure communications system. During the vote, a biometric authentication will take place, and a number of receipt orders will be published immediately. Procedures will have to be implemented to manage abnormal situations, such as connectivity losses and handling errors.
To maximize the likelihood of success, it must first be ensured that the devices used are managed and controlled by the technical team, as well as verified, certified, updated, secured, and so on. As far as I understand, that is already the case.
Next, it must be ensured that the software used comes from a certified supply chain, that it has been verified by independent teams and continues to be verified regularly, that it has adequate certifications—such as FIPS-140—and that it is kept up to date. Once again, my understanding is that this is also currently the case.
The system will need to be integrated into the existing parliamentary infrastructure: multifactor authentication mechanisms, a virtual private network, cloud architecture, and so on.
What is more, registries will have to be produced and maintained in a secure manner at every possible level to be able to respond to and remedy any real or perceived issues. Clear and effective procedures will have to be implemented to define the steps to follow in case of problems and to ensure that the sitting can continue.
Finally, the proposed solution will have to be reviewed and critiqued regularly by independent specialists from the private and academic sectors. Ideally, the solution will be made public.
None of this seems out of reach to me.
Thank you.
:
Hello, and thank you for inviting me to provide my thoughts and to answer questions on this very important and very interesting time we are in.
The solution that I have worked out, I believe, is minimal on effort required and maximal on trust. I think that with a parliament-style vote where there are only a few hundred people, it is definitely possible to be absolutely confident in the result that is shown, and here is how you do it.
I am not in favour of web-app-based solutions, video voting, or things that require a phone display, primarily because those things can be programmed to lie and display things that are not true to both sides. It's just something that is not going to be overcome any time soon. Even if the implementation is secure and safe, the fact is people who use their phones for other things are going to be continually taken advantage of in the general public, and we're going to see report after report in the general sense about phones being insecure. That will degrade the integrity of these official votes that are being done through phones, even if they're being done in a secure way. That is something that is also not going to be overcome.
What I would suggest as a solution involves a separate physical piece of hardware that is plugged in and requires no training whatsoever. I have an example of one right here. You plug it in with the regular ethernet to any member's home, whatever, and it is set with software that already exists to transmit but not receive.
The benefits of this are that an adversary would have to know the precise window of time that the vote is happening. They would have to compromise the ISP transmission. They would have to have the decryption capability already figured out and the preloaded key known in advance. They would have to be able to change or modify the packet that is sent instantaneously. That can be checked, because there are time stamps on the transmissions. You calculate how long it took for a transmission to go from a member's location to the official place of the vote being received. Through math, logic and physics, we can figure out if it was physically possible that it made it that quickly or if that transmission was unreasonably slow, which would suggest that it had been intercepted and modified, repackaged and sent. You can get an average heartbeat signal going, and as long as it arrives within that specific time frame and reasonability, you can be fairly sure of the result.
The important other factor is a secondary outside band confirmation. I would suggest that you then have the member on their telephone call a specific line to verify, validate or confirm what their vote is, so anybody trying to alter a vote or manipulate things would have to have all that previous knowledge and be able to instantaneously change something in a way that requires calculation and time. They would also have to compromise the phone carrier and impersonate the member at the exact window of voting on that confirmation call.
All of this requires zero training on the part of the voting member. It is maximally and logically verifiable, and it is minimal on cost. The technology already exists to do it.
Thank you.
:
Thank you, Madam Chair.
First of all, thank you to all the panellists today. You've given us very interesting information.
I want to get your opinion on the Zoom platform. Parliament has gone all in, as have a lot of other businesses, with this particular platform. As it relates to not just voting, but overall security of the platform, we're hearing today in a story from the Associated Press about censorship issues with China.
In the previous study we did, we were told that a lot of the data transmits through servers in Vancouver and Toronto, at least for business that's done in Canada, but there's seemingly no guarantee that that can happen. When the company was asked about what happened with respect to Hong Kong, it refused to comment on that.
Mr. Vickery, I'll start with you on the Zoom platform and your confidence. Obviously, a G7 country is a valuable target for state actors and non-state actors as well, so I'm just interested in your comments on the Zoom platform.
:
Okay. I'll be briefer than usual.
Mr. Vickery, it was interesting to hear your discussion of a method that would work for voting that would be secure. Of course, here we're concerned about two possible kinds of vulnerability. One is the issue of foreign interference, of hacking. You explained how that risk is mitigated with the method that you've proposed.
There is another kind of risk, however, and that's MPs effectively giving up what is supposed to be their responsibility for voting. They might hand over the device you've discussed to a member of their staff or a member of the whip's staff. They might say, “I'm going on vacation for the next couple of days. Just vote the party line.” This sort of thing theoretically would involve the active co-operation of the member, but would still be something that would be very inappropriate. We'd want to make sure there was a system to prevent that from happening, because it's the responsibility of members to vote, to be seen to vote, and to vote themselves, whatever influences are taken into consideration.
Does your proposed method of a prescribed piece of technology do anything to address that possible risk of someone giving the device to somebody else to vote for them, forwarding email codes and those kinds of things?
:
All right. We're right at two o'clock, so I'm hoping we can move along really quickly.
I guess my first question to the committee is this. Last time I was sensing.... Well, I wasn't just sensing it. Quite literally, a lot of comments were made by people wanting to have an extension and not feeling that there was enough time in two meetings next week to work on the draft report and review it properly, and also, if there are any supplementary or dissenting opinions, not enough time for that. I know there were also comments saying that there was understanding for that.
I just wanted to know where the committee was at, and whether the whole committee.... Essentially, if that's where we're at and if that is what we're asking for, if we want an extension, I would like to table a report back, hopefully tomorrow, asking for a specific extension date because we would not be able.... Essentially, we need approval for an extension, so the House would have to concur, but because we don't have routine proceedings, the House will not be able to concur. Especially if we leave it until the 23rd, that will not be possible, but there is a procedure in place whereby the four House leaders can agree to give this committee the extension we require.
I want to be able to give them the appropriate time to give that to us so that we know what we're dealing with next week. Is there a date? Is there agreement, first of all, on having an extension past next week? If so, is there a date that you would like to see?
I believe there are some hands up from the previous dialogue. Could you take your hands down and then raise them back up for this?
Mr. Gerretsen.
:
I think there were two different schools of thought on the rushed nature of this. This potentially satisfies one of those schools of thought. I might suggest a bit of a change, and maybe it's just a flexibility thing or whatever it might be. I like the way our clerk has laid out what the effects of this would be.
The idea is that we would get the rest of June essentially to finish with witnesses or whatever else we need to hear. Then, perhaps, rather than prescribing an exact date, we could simply say that following the blackout—I forget the period of time that we're blacked out for—based on the advice of our clerk and our analyst based on where they are at with things, we would pick up to write it in either a report or an interim report, whatever the case might be.
I would assume that's only going to take a couple of meetings, but if it takes three or four meetings or whatever, then so be it. I don't think there's a huge panic over July 10 rather than July 15 or something, or that some major catastrophic occurrence would happen if it was an extra few days.
Maybe rather than extending to a specific date, we could simply say that we will continue to hear from witnesses until June 25 or whatever it was, and then, following the blackout period, the committee would recommence to finalize the report, essentially. That way we wouldn't be.... It would basically have the same effect, other than not putting ourselves under the gun where we end up with a 12-hour-long meeting again or something, if it's required. One would hope not, of course, but....
That's one thing.
The second would be that I still don't think it addresses the concern that was raised by Mr. Duncan. I don't believe he is here now, but I certainly sympathize with that school of thought, which is essentially that what we're doing is making recommendations in June, or, in this case, maybe early July, for something that is then two and a half months off. With the way the situation evolves, we may find that we want to consider an interim report and then come back and revisit it for some discussion late in August or the first week of September to address where we are at that point and potentially make new recommendations, change existing ones, drop some of them or whatever the case may be. It really doesn't address that.
I don't know that we have to have a motion to do that. I don't know how that needs to be done, but those would be my two thoughts. We can do the first part of it in that manner. Then for the second part, I don't know what to suggest in terms of how to address that, but we probably should have a provision. Probably the easiest thing to do is to indicate that this would be an interim report and we would have a chance to revisit it when the time is appropriate, whether that is in late August or early September, whatever it might be.
First of all, thank you for clarifying. That was the question I was going to ask, whether there are any outstanding witnesses whom time has prevented us from seeing. It sounds as though that is not the case.
My one concern.... I agree; I would like to set a date. It's important for the House to know when we're going to have this completed. I do agree with Mr. Richards, if there is a way for us to come back at the end of August or the beginning of September to look at what has happened. I know I'll be watching closely what's happening in British Columbia, because of course they're going to start going back to their legislature and doing it in a hybrid model towards the end of June. It would be good for us to have an opportunity to reflect on anything we've seen. I encourage us to consider that seriously.
Maybe the following week, July 15 or 17.... I say that hoping we can meet the week of July 10 but then give ourselves time at the end to get the final reports done, to have them tabled. I just don't want to see us rushing again, the day after the night. I just think about the last time. We were trying to get our report done and then get it translated and submitted. That was a very short timeline, so I'm especially thinking of that.
That's my sense of the conversation at this point. I look forward to hearing from other people.
:
Madam Chair, I could provide some clarity on that.
Essentially, the House motion of May 26 was a motion of instruction asking the committee to do a study on possible Standing Orders changes, incremental steps towards a hybrid Parliament, including remote voting. They had a reporting deadline of June 23 in that. The committee would be under some sort of obligation to report something back by June 23.
As I've indicated before, the nature of that report could be a recommendation to extend the deadline to some future point, for example. That's why ultimately the committee needs a specific hard deadline to make a determination on that. Whether it's July 10 or some other date down the road, there would be a need to do that. If the committee makes that type of decision, that could be the report that gets sent back to the Clerk of the House.
Of course, before a deadline can be made formal or official, the House needs to concur in it. Because we don't have the sittings in the usual way where a motion can be moved for a concurrence to the committee report during routine proceedings, some other mechanism would need to be in place that would permit the House to essentially give its approval to your recommendation to move the reporting deadline to some other date.
There are different ways of doing that. Special motions have been done in the House before, and we've seen that since the beginning of the pandemic. It could be done that way. There is a special provision from one of those motions, from April 23, where if the four House leaders of the recognized parties agree to a recommendation in a PROC report, such as a recommendation to extend the deadline, that could give effect to it as well. Simply your deciding to move it to another date does not necessarily guarantee that a new deadline will be officially made or officially set.
The first step, obviously, is to make a decision, if that is what you want, to ask for a deadline extension, and then of course determine what that specific date would be. Whether it's soon or whether it's later, that's up to you.