Introduction

In its role as the federal government’s central purchasing agent, Public Services and Procurement Canada (PSPC) handles most procurements on behalf of federal departments and agencies.^[1] On 16 December 2019, PSPC published a request to establish up to two standing offers^[2] for Global Affairs Canada (GAC) and other federal departments for security screening equipment. As explained in documents GAC sent to the House of Commons Standing Committee on Government Operations and Estimates (the Committee), PSPC held the competition on GAC’s behalf since its value was above GAC’s contracting threshold.

The security screening equipment was conveyor-style X-ray machines (or X-rays) and walk-through metal detectors, including the related software, accessories, warranty and training for operation and maintenance. The request for standing offers closed on 3 April 2020 following 14 amendments and six extensions during the bid solicitation period in response to vendors’ requests and delays due to translation and the COVID-19 pandemic. “Seven bids were received for the x-ray machines portion of the request for standing offer”^[3] and three vendors met all mandatory requirements, including Nuctech, a Chinese-based company.

On 15 July 2020, following a competitive bidding process, Nuctech was awarded the standing offer for X-rays since it “had the lowest financial proposal at $6.8 [million],”^[4] which is an estimate based on the projected quantities of X-rays that the federal government would purchase. As discussed in this report, this awarded standing offer raised concerns around the security of the federal government’s assets and market fairness. Rapiscan Systems, a company headquartered in the United States and owned by OSI Systems, which specializes in walk-through metal detectors and X-ray machines for screening airport luggage and cargo, was awarded a standing offer for metal detectors. The standing offers were initially for “three years from date of issuance with the option to extend for two additional one-year periods under the same terms and conditions.”^[5] Thus, the standing offers would have expired no later than 31 March 2025.

On 8 October 2020, the Committee passed the following motion:

That, pursuant to Standing Order 108(2), the committee undertake a study of the Nuctech security equipment contract; that the study start no later than Monday, November 23, 2020; that the committee send for all documents, memorandums, and briefing materials related to the Nuctech security equipment contract; that the documents be provided to the committee, in both official languages, no later than 5 p.m. (Ottawa time) on December 10.

In November and December 2020, the Committee held three meetings as part of this study, heard from 16 witnesses, including departmental representatives, experts on matters related to national security and China, and security suppliers, and received one brief. The Committee invited the Minister of Public Services and Procurement, the Minister of Public Safety and Emergency Preparedness, and the Minister of Foreign Affairs to appear as part of this study. Although the three ministers declined the invitation, senior officials from their departments testified before the Committee on 18 November 2020. The full list of witnesses is available in Appendix A, while the list of briefs is available in Appendix B.

Challenges with Nuctech and China

Nuctech is a Chinese-based enterprise founded in 1997 by the son of former Chinese leader Hu Jiantao and is China’s largest supplier of security screening equipment. According to its website, Nuctech

is an advanced security [and] inspection solution and service supplier … [with customers] from 170 countries and areas.

…

[Nuctech has operations in] Civil Aviation, Customs, Railway, Highway, Urban Railway, Judiciary, Big Events and other security areas.

In a letter sent to the Committee, representatives from Nuctech contradicted testimony from Charles Burton, Senior Fellow, Centre for Advancing Canada’s Interests Abroad, Macdonald-Laurier Institute, who testified as an individual. They told the Committee that China’s Communist Party Secretary, Chen Zongnian, is not the President and Chairman of Nuctech; instead, it is Chen Zhiqiang.

Some witnesses stated that Nuctech operated as a state-owned enterprise, including Dr. Burton. He shared that “Nuctech's connection to the Chinese party/military state is much more than a master-servant relationship; it's really a symbiotic relationship.” In its September 2020 report on GAC’s procurement process, Deloitte LLP (Deloitte), a professional services firm, noted that Nuctech was a state-owned Chinese firm. Furthermore, in a 20 July 2020 threat assessment shared with the Committee, GAC notes that Nuctech is a Chinese state-owned enterprise with direct connections to the People’s Liberation Army and the Chinese Communist Party.

However, representatives from Nuctech wrote to the Committee and stated that Nuctech is

a joint stock company with an open and versatile shareholding mix; it is neither state-owned nor state-controlled. Most shares, indeed approximately 84 percent, are owned directly by Nuctech employees and other privately owned companies, or comprised of private investors from the Shanghai Stock Exchange through Nuctech’s majority parent company Tsinghua Tongfang Co. Ltd. The remaining 16 percent of the shares are owned indirectly by the public sector through China National Nuclear Corporation.

Documents submitted to the Committee by PSPC and GAC show that foreign diplomatic officials were in contact with the Canadian government about the standing offer awarded to Nuctech. On 21 May 2020, following a PSPC official’s request for a reference concerning Nuctech’s bid, an official from the Chinese embassy in Argentina responded that Nuctech’s “provision, installation, warranty… and training” related to its X-rays was handled “with much professionalism and diligence” and that “[a]ll equipment provided is in the best conditions and we have no complaints in this regard.” A 20 July 2020 email from a GAC official indicates that the National Security Council (White House) Director for Canada and the Caribbean was “‘quite concerned’ about recent media reports that GAC has apparently agreed to purchase security equipment for embassies from a Chinese company.”  On 21 July 2020, the Embassy of China in Canada also emailed officials at GAC concerning “media attention” about the standing offer with Nuctech.

Federal Government Contracts with Nuctech

As shown in Table 1, according to the federal government’s datasets on proactive disclosure of government contracts and Buyandsell.gc.ca, the Government of Canada awarded four contracts to Nuctech, all on behalf of the Canada Border Services Agency (CBSA).[6] The contracts were awarded between October 2017 and November 2019, and two had a value exceeding $2 million.

Table 1—Contracts Awarded to Nuctech by the Canada Border Services Agency, as of 22 March 2021

Description	Initial Contract Date	End Date or Delivery Date>	Value ($)	Solicitation Procedure
Laboratory Equipment and Supplies	6 November 2019	31 March 2030	2,378,062	Competitive – Open Bidding
Hazard-Detecting Instruments and Apparatus	2 January 2019	30 March 2029	477,853	Competitive – Open Bidding
Hazard-Detecting Instruments and Apparatus	7 November 2017	7 November 2027	1,036,933	Competitive – Open Bidding
Large Scale Imaging System	30 October 2017	31 March 2023	2,541,400	Competitive – Open Bidding

Source:  Table prepared using data obtained from Government of Canada, “Search Government Contracts,” database and Buyandsell.gc.ca.

Foreign Government Subsidies

Lorenzo Ieraci, Acting Assistant Deputy Minister, Procurement Branch, PSPC, told the Committee that government subsidies are a common point of friction among countries, and Canada has had disputes with several countries, including China, the United States and European countries. He added that PSPC is examining the issue as there are a variety of subsidy definitions and countries use various mechanisms to subsidize companies and national industries.

Some witnesses explained that due to government subsidies, state-owned enterprises like Nuctech can undermine competition by using aggressive pricing strategies. Dr. Burton explained that “[t]he Chinese state heavily subsidizes Nuctech and other Chinese hardware and software development and production to make it highly competitive in global markets.” According to him, this explains why Nuctech’s price was the lowest and “[l]ike all Chinese state enterprises, Nuctech's raison d'être is not primarily economic profitability; it is also to serve other overall [People’s Republic of China] regime purposes.”

Several witnesses believed state-owned businesses using anticompetitive practices should not be permitted to participate in federal government procurement bids.[7] Professor Stephanie Carvin, Associate Professor, Norman Paterson School of International Affairs, Carleton University, who testified as an individual, noted that state-owned enterprises “can normally depend on extremely generous support from the state in terms of money or strategic information often gathered through corporate espionage.” She added that these enterprises:

can bid on contracts at very low prices in order to win, without having to worry about profit or answering to shareholders. In the long term, this can lead to moves that effectively skew the market in certain strategic areas. In this sense, it is clear that some [state-owned enterprises] represent a geo-economic challenge to Canada and western technology firms in their ability to engage in anti-competitive practices. This behaviour should not be rewarded by the federal government.

This view was supported by Rory Olson, Chief Executive Officer, VOTI Detection Inc., which bid on the standing offer for security screening equipment. He argued that all companies participating in government bid processes should have a fair and equal chance to win and that state-sponsored companies with “predatory pricing practice” should not be allowed to participate in government procurement contracts.

Dr. Christian Leuprecht, Professor, Department of Political Science, Royal Military College of Canada, who testified as an individual, said that state-owned enterprises, including partially state-owned enterprises, and companies suspected of receiving undisclosed government subsidies “should be excluded from Canadian public tendering processes because they're not competing on a level playing field. In other words, this matter of Nuctech should be referred to Canadian competition authorities.” He added that “[i]n cases where [excluding a company] would be in breach of Canada’s international trade or legal obligations, the decision should rest with the minister, who should make that decision public.”

China’s National Intelligence Law

According to the Government of Canada, on 28 June 2017, “the National People’s Congress passed the National Intelligence Law and outlined the first official authorisation of intelligence in the People’s Republic of China.” Some witnesses discussed that law, which created working groups on intelligence and national security and clarified that Chinese citizens “have a duty to cooperate with state intelligence and security agencies.”^[8] Dr. Burton informed the Committee that in 2017, China adopted a National Intelligence Law to

compe[l] all Chinese nationals, including those working for Nuctech at home and abroad, to collaborate with agents of the Chinese state on request, to further Chinese state interests by … purloining confidential data and engaging in compromise of infrastructure around the world.

Dr. Burton added that Chinese citizens were “always required to respond to the demands of the Chinese Communist Party[,] … the intelligence law simply made explicit something that was already in effect.”

David Mulroney, former Ambassador of Canada to the People's Republic of China, 2009–2012, who testified as an individual, explained that there has been an evolution in China’s policy since the coming into force of that law, “which basically made every Chinese company an agent in the work of the Chinese Communist Party.”

Canada’s Relations with China

Some witnesses raised concerns related to the awarding of security screening equipment contracts to a Chinese-based company. In response to a question from a Committee member, Mr. Mulroney asserted that “China is far and away the greatest threat” to Canada’s national security. He advocated for stopping the procurement of Chinese equipment or services in many sectors by the federal government. In response to another question, he explained that the federal government would have to weigh its obligations under the World Trade Organization against the country’s national security.

According to Dr. Leuprecht, China “is engaging in predatory market practices in order to undercut other companies.” He commented that the Government of Canada should not do procurement business with China for several reasons. He explained that “Canadian companies are precluded from competing for public procurement tenders in China,” while noting that according to the principle of reciprocity, companies from countries that explicitly exclude foreign tenders or structure their markets in ways preventing foreign companies to compete “should not be able to compete for federal public tenders in Canada.” Dr. Burton explained that “[t]he Chinese government would never … allow any foreign company to install security equipment in their embassies or allow foreign acquisition of mines and other energy resources.”

However, Ward Elcock, who testified as an individual, commented that it would be unrealistic to stop all government procurement with China as it is one of Canada’s largest trading partners.

Mr. Mulroney explained that “[m]anaging the Canadian implications of the rise of China isn't a once in a decade challenge. It's closer to a once in a century challenge, requiring a complete rethinking of foreign and domestic policies.” In his view, the issue with Nuctech was created by the absence of policy to manage anything and everything having to do with China. He added that there is “a failure of leadership, a lack of that sense of priority and high-level accountability required to face up to and intelligently manage what may well be a once in a century challenge.”

Some witnesses suggested rethinking the current government approach to China-related matters. They recommended introducing specific policies for China. To ensure strong leadership and a concerted approach, Mr. Mulroney suggested that the Prime Minister lead a reorganization of the federal government to ensure that it operates differently for all matters related to China. He endorsed a top-down approach within the federal public service and making every senior official aware of the new engagement with China so that proper assessments and consultations take place with relevant stakeholders.

Dr. Leuprecht suggested, on matters concerning China, that federal departments and agencies collaborate instead of working in silos. He and Mr. Elcock suggested developing and implementing a new policy on China. In response to a Committee member’s question, Dr. Leuprecht advocated for a “much more nuanced approach to engagement with China.” He noted that the situation with Nuctech “manifests the extent to which the broad scale and threat risk of this bilateral relationship continually outstrips the [Canadian] government's current tool kit in governance capacity.” He also highlighted that China

engages in hostage diplomacy, bullies Canada and some of its closest allies, spreads blatant false information, engages in large-scale and systematic foreign interference, regularly flouts international laws, including endangering allied warships, and is responsible for large-scale human rights abuses on a scale not seen for decades.

According to Dr. Leuprecht, Nuctech is an accomplice of China’s regime due to its “relations in selling equipment to the Xinjiang Public Security Bureau [that] goes back well over a decade.”

Committee’s Observations and Recommendations

The Committee heard from some witnesses that the federal government should implement a new policy on China that encourages a coordinated approach from all departments and agencies when dealing with matters related to China, including government procurement. The Committee heard that the federal government should continuously evaluate the risks associated with doing business with enterprises in countries that could negatively impact Canada’s national security. The federal government should strengthen its risk-mitigation strategies and procedures for managing government procurement with companies, especially state-owned enterprises, from these countries. It should also ensure that all departments and agencies, especially those in charge of government procurement, such as Public Services and Procurement Canada, follow the established risk-mitigation approach.

Consequently, the Committee recommends:

Recommendation 1

That the Government of Canada prohibit Chinese state-owned enterprises, partial state-owned enterprises, including companies receiving undisclosed government subsidies, and technology companies from obtaining federal contracts related to information technology or security equipment or services.

Recommendation 2

That the Privy Council Office be mandated to develop, implement and oversee a policy to direct all government departments and agencies to review current contracts with China related to information technology or security equipment or services.

The Standing Offer for Security Screening Equipment and Security Concerns

According to documents GAC sent to the Committee, a standing offer was determined to be “the most suitable supply instrument” for GAC’s security screening equipment, due to its non-binding nature and the flexibility it would give the department to issue contracts only when a need is identified.

Mr. Ieraci said that international suppliers were eligible to bid on the standing offer for security screening equipment as the trade agreements to which Canada is a signatory applied. He explained that a standing offer is not a contract, but “an offer from a supplier to provide goods or services at prearranged prices, under set terms and conditions, when and if required.” It only becomes a contract when the federal government issues “a notice to a supplier to provide the goods and services in accordance with their standing offer,” which is known as a call-up against the standing offer. Mr. Ieraci reiterated that the federal government “is under no obligation to purchase until such a time as a call-up has been issued.”

For X-rays, bids were deemed compliant if they met the technical requirements and were evaluated on the single criterion of lowest price. Mr. Ieraci told the Committee that seven suppliers bid on the standing offer for the conveyor-style X-ray machines and three met the 63 mandatory technical requirements. Nuctech was selected and awarded the standing offer since it met all the requirements and had the lowest evaluated price.  According to Dan Danagher, Assistant Deputy Minister, International Platform, GAC, the department “has not availed itself of this arrangement and has no Nuctech equipment in its missions abroad.”

Sime Buric, Vice-President, K'(Prime) Technologies, shared that it is very common to see the price as a determining factor for awarding procurement contracts and standing offers not only from the public sector, but also from the private sector. Benjamin Bergen, Executive Director, Council of Canadian Innovators, argued that bids should not only be evaluated based on their prices, but also based on national security considerations and their impact on the Canadian economy. This was echoed by Neil Desai, Vice-President, Corporate Affairs, Magnet Forensics, and Senior Fellow, Munk School of Global Affairs and Public Policy, Council of Canadian Innovators, as there is a concern that low prices are being prioritized over security considerations in federal standing offers and contracts.

Mr. Buric shared with the Committee that over his 14 years of experience in responding to government tenders, the request to establish standing offers for security screening equipment

was one of the more difficult tenders to respond to, as there were a lot of unrealistic hypotheticals in terms of the number of units required per global region. When [he] would respond to any previous tenders, the specifications were clear and concise. The number of units was specific or a price per unit and a standing offer issued over a specific number of years. The locations where the units were to be installed were specific.

He added that it is difficult to estimate the price of a contract based on hypothetical quantities of equipment and that awarding a contract at a specific dollar value in such conditions is unrealistic and tends to lead to cost overruns. In response to a question from a Committee member, Mr. Ieraci confirmed that, if a call-up had been issued against the standing offer awarded to Nuctech, the company would have obtained a contract from the federal government for the supply of X-rays. However, no call-up was ever issued.

Security Concerns with Nuctech and Security Screening Equipment

In a 20 July 2020 threat assessment shared with the Committee, GAC notes that “[a] standing offer for X-ray machines and their maintenance at Canadian missions abroad could be leveraged for technical and insider spying against GAC.” In another document GAC sent to the Committee, it is indicated that

X-ray machines present two main vectors of vulnerability: 1) supply chain compromise; and, 2) insider threat (during installation and maintenance). Supply chain attacks in particular target organizations by implanting hostile hardware or software into any technology they use during the manufacturing of the product or its components.

Departmental officials from CBSA and GAC told the Committee that supplier employees do not undergo security screening before installing or servicing security screening equipment. Instead, departments mitigate risk by ensuring security personnel accompany and watch them when they access government facilities. Mr. Danagher said that in the future, this practice will be modified to address the risk it poses but he did not explain how it would be modified.

Mr. Danagher informed the Committee that Deloitte recommended that GAC “consider that the technical specifications themselves, even for the detection equipment in the public zone, should only be accessible to companies with higher levels of security clearance” and that “service personnel who had access to the equipment should be security-cleared.”

In response to a question from a Committee member, Claude Kateb, Acting Director General, Industrial Security Sector, PSPC, clarified that “Nuctech does not hold a security clearance with the Government of Canada.” He stressed that such a security clearance was not needed for this procurement since the security assessment did not flag the need for that clearance. However, according to documents GAC sent to the Committee, “[o]n the last contract [CBSA] awarded to Nuctech, [PSPC]’s Canadian Industrial Security Directorate asked that if this company were to win another contract, to clear it through them first.”

Mr. Mulroney asserted that “[s]ome very significant Canadian interests were at risk in the Nuctech affair.” Mr. Buric shared that his company is responsible for the maintenance of X‑ray equipment at many Canadian airports. As opposed to the security screening equipment at the Canadian embassies, to get access to the equipment at airports, his employees must obtain a restricted area identity card through Transport Canada. He suggested that the Canadian Air Transport Security Authority, other transportation safety authorities and CBSA examine hardware before it is deployed to federal government facilities.

Dr. Burton argued that Canada cannot trust Nuctech “[b]ecause China routinely grossly flouts the norms of the international rules-based order in diplomacy and trade.” As a result, Canada’s “country-agnostic approach [to procurement] obscures the realities of Chinese regime enterprises and the threat they pose to Canada’s national security.” He raised concerns that Nuctech technicians could be potential Chinese government agents and have access to Canadian embassy premises. He noted that the Chinese state wants this access “not necessarily because they have the intent to use it immediately, but because there is the potential to make use of this as an opportunity for the Chinese state to realize its geostrategic purposes in the future.” He added that everyone should “be very cautious about any firm that is connected to the Chinese state” since firms may use sophisticated artificial intelligence to monitor activities though security screening equipment. He stated that this type of monitoring was used on the Uyghurs.[9]

Mr. Olson indicated that the security screening equipment at Canadian embassies will record and store highly confidential data. The maintenance of this equipment poses a security threat since technicians would have the opportunity to download and share sensitive equipment data. He encouraged the federal government to ensure that employees fulfilling a procurement contract with the federal government receive security clearances based on reliable and verifiable information.

Dr. Leuprecht raised concerns that through Nuctech’s security screening equipment, the Chinese state could obtain a significant amount of information, including traffic patterns at Canadian embassies.

Although Professor Carvin recognized that the Nuctech security screening equipment installed in Canadian embassies would pose serious security risks, she explained that banning a technology does not eradicate the threat. She also shared that

there are many ways to spy on Canadian embassies abroad: physical surveillance, phishing attacks, insider threats and exploiting vulnerabilities in software. An X-ray machine in a non-classified area seems to me one of the clumsier ways of trying to do it. In that sense, I feel that the technical threat element has been overstated in the public discourse.

She added that

[b]y focusing on this narrow issue of the X-rays themselves and whether or not they're vulnerable, we overlook the broader issues with regard to malicious action, say by China, against [Canadian] embassies abroad and against [the Canadian] government.

In correspondence to the Committee, representatives from Nuctech noted that “Nuctech does not hold any data … In more than 15 years of global business, … [Nuctech] ha[s] never had issues with data security.” Moreover, a 16 July 2020 email GAC sent to the Committee indicates that the Canadian Industrial Security Directorate did not identify any security requirements for this procurement because the X-rays were to be located in non-operation areas and would not store data.

However, according to X-ray requirements PSPC shared with the Committee, the X-ray systems must allow “[a]ll user operating logs, including login and logout time, working time, baggage screening counter, [to] be recorded and queried, and the report [to] be created and output to USB storage devices.” Furthermore, the X-ray software must have specific image recall and archiving characteristics, including photo imaging storage capacity for a minimum of 250 images.

Procurement Inquiry

Mr. Ieraci explained that when companies believe that procurement activities are not aligned with Canada’s legal or trade obligations, they can file a complaint with the federal courts or the Canadian International Trade Tribunal (CITT or Tribunal). The CITT is an independent, quasi-judicial body mandated to act in five areas: economic and tariff inquiries, customs and excise appeals, anti-dumping injury inquiries, procurement inquiries and safeguard inquiries. According to the CITT website,

[f]or Canadian suppliers, complaints about designated federal procurement processes for goods valued over $26,400 or services valued over $105,700 are within the jurisdiction of the CITT. For goods or services valued under these monetary thresholds, Canadian suppliers should file complaints with the Office of the Procurement Ombudsman … instead.

With respect to procurement inquiries, the CITT has the authority to review complaints by potential suppliers relating to certain contracts in excess of prescribed monetary thresholds.^[10] Specifically, the CITT “considers issues such as whether bids were evaluated fairly and according to the stated terms of the procurement process itself.”^[11] In accordance with the Canadian International Trade Tribunal Act, the federal government has an obligation to implement the recommendations of the CITT, to the greatest extent possible, and advise the CITT within 20 days of the extent to which it intends to implement those recommendations. With respect to safeguard inquiries, the CITT has the authority to inquire into safeguard complaints from Canadian producers and from references from the federal government.

In response to a Committee member’s question, Mr. Buric explained that his company, K'(Prime), which was not successful in its bid for the security screening equipment standing offer, filed a complaint with the CITT based on three areas of concern:

• the technology itself and its capabilities to differentiate between different types of threats (e.g., a gun versus a knife);
• the company Nuctech, namely that it is a subsidized, state-owned company against which previous allegations of bribery were made; and
• the logistics of how to deliver security screening equipment around the world, such as using carrier companies.

On 26 October 2020, the CITT issued a determination on the procurement complaint received from K'(Prime) Technologies Inc. related to the standing offer awarded to Nuctech for security equipment. According to the determination, the complaint was valid in part. However, the Tribunal awarded

[PSPC] its reasonable costs incurred in responding to the complaint, which costs are to be paid by K'(Prime) Technologies Inc. … The Tribunal’s preliminary indication of the amount of the cost award is $575.

The Tribunal issued its statement of reasons on 9 November 2020. The Tribunal determined that K'(Prime) did not demonstrate in its bid that it had met all technical requirements. The Tribunal considered K'(Prime)’s complaint that Nuctech was not eligible on the basis that Nuctech had not met the relevant integrity provisions. The Tribunal found “that [PSPC] reasonably concluded at the time of its evaluation that Nuctech was eligible for contract award.”

Mr. Buric shared that he and his colleagues disagree with CITT’s determination but they accepted the outcome.

Mr. Olson commented that “VOTI Detection believes the procurement opportunity that was managed by [PSPC] for the benefit of [GAC] followed all the rules in place at that time.”

Review of the Nuctech Standing Offer

In response to an August 2020 request from the Minister of Foreign Affairs, Mr. Danagher contracted Deloitte Canada to review GAC’s procurement process for security screening equipment. He told the Committee that the value of the contract awarded to Deloitte was slightly over $250,000, while the scope was to give GAC advice on security aspects and examine the way the department approaches and reviews the purchase of security equipment. In September 2020, Deloitte completed a report in which it indicated that it had

identified opportunities for improvement for future procurements of security equipment in the areas of increased integration of security in the materiel management life cycle, broader consultation throughout the procurement process for security equipment and additional guidance with respect to publishing technical requirements.

Deloitte made three recommendations and noted that it “did not observe any instances of non-compliance.” Mr. Danagher told the Committee that he was satisfied with the three recommendations and that GAC had begun implementing them.

Mr. Danagher confirmed that GAC “will not avail itself of the standing offer awarded in July 2020, and … ha[s] already begun the process with PSPC to design a new procurement strategy that will implement Deloitte's recommendations.” A memorandum to the Minister of Foreign Affairs received by the Committee indicates that GAC was developing a revised procurement approach with the following elements:

• A)  defining a ‘security equipment’ category which could include armoured vehicles, personal protective equipment, chancery electronic security systems, personal safety radio network, chancery site plan, CCTV, detection, minor security equipment, lock shop equipment, physical security infrastructure and global positioning systems;
• B)  [a] process for consulting with security experts and integrating information and intelligence from them to create the procurement;
• C)  [c]reating a National Security Exemption for security equipment that will enable [GAC] and other departments to limit solicitations to trusted suppliers;
• D)  [a]pplying the recommendations from the July 2020 threat and risk assessment to create and vet a list of trusted suppliers; and
• E)  [m]anaging the publication of information related to security equipment procurement. This procurement approach will also address the need for ad hoc purchases where security equipment has become obsolete or cannot be repaired.

Committee’s Observations and Recommendations

The Committee heard that the federal government should not always choose a supplier based mostly on the lowest price when evaluating bids for security equipment. Where circumstances warrant, it should put greater emphasis on national security risks.

The Committee is concerned that employees of private suppliers were not required to hold security clearances to install or service security screening equipment located in government facilities. The Committee heard that Global Affairs Canada is changing this practice and sees it as a step in the right direction. The Committee recognizes that access to federal departments and agencies by suppliers should be predicated on a security screening.

Consequently, the Committee recommends:

Recommendation 3

That the Government of Canada demonstrate stronger leadership on the issue of procurement and national security, including at the highest echelons – the Prime Minister, ministers and senior officials.

Recommendation 4

That the Government of Canada implement strategies to encourage procurement officials and suppliers to place greater emphasis on best value for Canadians, by including value propositions that give greater weight to qualifications and value rather than primarily focusing on price.

Recommendation 5

That the Government of Canada ensure that all departments and agencies screen suppliers and their employees through a security clearance before granting them access to the federal government’s assets and facilities.

Recommendation 6

That the Government of Canada enforce a more stringent security clearance of companies bidding on federal contracts by following the example of leading security technology countries.

Addressing Concerns with Federal Contracting

Pursuant to the Policy on Government Security, PSPC must ensure that companies having access to sensitive government information and assets receive the appropriate security clearance through the Canadian Industrial Security Directorate.^[12]

Mr. Ieraci told the Committee that PSPC manages the contract security program, which is responsible for security screening of organizations and their personnel that have contracts with security requirements. As part of this program, PSPC procurement officers ensure that the procurement process “is undertaken in a way that reflects the security profile,” and that the supplier holds the appropriate security clearance before the federal government awards a contract containing security requirements.

Mr. Ieraci explained that “each federal department is responsible for protecting sensitive information and assets under its control, not only in its own operations, but also through any contracts it manages.” In addition, each department and agency must determine if suppliers require access to sensitive information, assets or sites. Each must also establish, in consultation with its chief security officer, the level of security required for the procurement and fill out a security requirement checklist. The checklist is part of the procurement documents that departments and agencies must send to PSPC and, based on the information it contains, PSPC’s contract security program employees provide the necessary clauses to be included in each solicitation and contract to the contracting authority.

Mr. Desai suggested that the federal government use horizontal and holistic approaches to ensure that it does not do business with companies that pose serious security threats. He recommended opting for a risk management approach rather than a risk-avoidance approach.

Some witnesses asserted that the federal government should be cautious when awarding procurement standing offers and contracts involving technologies from certain countries, namely Russia and China. In response to a Committee member’s question, Mr. Desai said that the government of Canada should be careful with Russian technologies. He added that some of Canada’s allies have started “to analyze and create risk matrices for where they will allow Russian-made technologies into their cybersecurity supply chains.”

Supply Chain Integrity

Michele Mullen, Director General, Partnerships and Risk Mitigation, Communications Security Establishment (CSE), explained that, when requested, CSE performs a supply chain integrity assessment to support a department’s or agency’s risk-based decision or to evaluate if a procured item “could compromise or be used to compromise the security of the Government of Canada’s equipment, firmware, software, systems or information.”^[13] She explained that, as part of that assessment, CSE examines the supplier’s ownership, as well as different aspects of the security screening equipment, including the deployment location, the surrounding circumstances and the type of information that will transverse the equipment. However, in response to a question from a Committee member, she clarified that GAC did not request a CSE assessment of Nuctech.

Ms. Mullen recognized that security screening equipment and other types of equipment have evolved “such that [they] could gather information that could be of risk to Canada.” She explained that recent versions of security screening equipment include “embedded hard drives and USB ports that can be used for maintenance purposes, for uploading and downloading data and software updates.” According to Ms. Mullen,

the type of information that this machine itself would carry isn't going to be the problem. Where the problem lies is whether there are any additional capabilities embedded within the machinery that are of concern. That is where a supply chain integrity assessment, such as the one [CSE] do[es], comes into play.

She suggested adding flags to the procurement process for this type of equipment so that departments and agencies are aware of CSE supply chain integrity assessment. She indicated that CSE, in collaboration with other federal departments, is in the process of identifying types of equipment that should be flagged for review by CSE as part of the procurement policy. In response to a Committee member’s question, she clarified that CSE could not assess all technological equipment due to lack of resources, but it could focus on “the right types of equipment in the right deployment scenarios.”

Professor Carvin suggested harnessing CSE expertise for technological reviews and risk-mitigation strategies and re-evaluating the content of security-requirement checklists required for procurement activities. In a response to a Committee member’s question, she also suggested calling upon the expertise of the Canadian Security Intelligence Service regarding the procurement of sensitive equipment and services from China.

National Security Exception

The World Trade Organization’s Revised Agreement on Government Procurement (GPA) is a plurilateral agreement that establishes rules for central or sub-central government procurement of certain goods and services. Canada is among the GPA’s 47 signatories, and they have agreed to rules concerning open competition and transparency in relation to government procurement. China is in negotiations to become a signatory.

The GPA only applies to contracts over  pre-set thresholds, which in Canada is C$238,000 for each good or service. Also, Article III of the GPA allows signatories to exclude some sectors from the GPA’s non-discrimination provisions. The sectors include procurement relating to “arms, ammunition or war materials, or to procurement indispensable for national security or for national defence purposes.” Article III also exempts signatories from holding international competitions when they consider such an exemption “necessary to protect public morals, order or safety” or “necessary to protect human, animal or plant life or health,” among other considerations.

The exemption of a procurement from the obligations of the GPA (or Canada’s other trade agreements) is called the national security exception (NSE). PSPC did not invoke the NSE for its security screening equipment tender. Invoking the NSE would have exempted this procurement from the non-discrimination provisions of Canada’s trade agreements, but the procurement would still have been subject to domestic procurement laws (e.g., the Government Contracts Regulations).

However, according to documents GAC sent to the Committee,

[t]he [NSE] was not applicable in this procurement as x-ray machines are not covered.

…

Should [GAC] determine that security requirements are necessary in procuring x-ray machines, the Department could decide to not use the standing offer issued on July 15, 2020 and run a new procurement process that would include security requirements.

Mr. Danagher noted that GAC has a “global security framework that is constantly assessing the threats and the risks abroad.” He explained that the security screening equipment was assessed according to the Policy on Government Security and considered low-risk because it would be used in a public access zone to screen deliveries and visitors’ belongings and would neither handle sensitive information nor be connected to GAC’s information networks. As a result, “the procurement proceeded through normal processing without the application of a[n] [NSE] or higher levels of security.” However, Mr. Danagher commented that GAC has an NSE in place for the acquisition of equipment to be used in the chanceries’ more secure zones.

Mr. Buric articulated that goods and services for embassies should be treated like other high-risk areas such as airports and be viewed as potential security threats even if the risk is low.

Scott Harris, Vice-President, Intelligence and Enforcement Branch, CBSA, said that his department purchased X-ray machines from Nuctech without invoking the NSE since the equipment does not handle sensitive or technical information and is not connected to the Government of Canada networks.

Mr. Harris noted that CBSA, in collaboration with CSE, reviewed the existing Nuctech equipment in operation, including risk-mitigation strategies. The department found no security breaches or concern with the equipment. The department is nevertheless working on strengthening the contracting security regime and enhancing the contracting security guidelines. The enhancements could include invoking the NSE for security screening equipment in Canada’s ports of entry through collaboration with Public Safety Canada. He added that CBSA is considering accelerating the lifecycle of its Nuctech equipment to ensure that the equipment in operation meets the new security guidelines.

Integrity Regime

In 2015, the federal government put in place the Integrity Regime to “ensure the government does business only with ethical suppliers in Canada and abroad.” The Integrity Regime has three components:

• the Ineligibility and Suspension Policy, which lays out the circumstances in which PSPC would suspend or render a supplier ineligible from doing business with the federal government;
• formal instructions to departments and agencies through integrity directives; and
• clauses that incorporate the policy into solicitations and the resulting contracts and real property agreements through integrity provisions.

Pursuant to PSPC’s Ineligibility and Suspension Policy, PSPC may – and sometimes must – deem a company ineligible or suspend it from entering into contracts if the company has engaged in specified offences within specified timeframes, depending on the offence. Offences include certain types of fraud, bribery, laundering, bid-rigging and lobbying, as defined by various statutes in Canada. The policy may also apply to a company (or in some cases, its subsidiary) that was convicted of an offence in the past three years “in a jurisdiction other than Canada that, in [PSPC’s] opinion, is similar to any of the offences identified.”

Mr. Buric explained that “Canadian companies need to abide by ethical and legal standards to compete for business.” He argued that all foreign companies doing business with the federal government should be subject to the same standards used for Canadian companies. He added that all companies submitting tender responses should be evaluated against these standards to ensure equal footing when it comes to competing for federal government contracts. This view was supported by Mr. Olson, who advocated for changing procurement rules so that bidding companies are evaluated “to ensure that they have the ability to deliver all the commitments in their bid while respecting the high ethical standards of business governance.” He added that companies who are ineligible for security reasons to compete for government contracts among Canada’s allied countries should be similarly excluded from Canadian government procurement opportunities.

Mr. Ieraci explained that the PSPC used the Integrity Regime to verify that Nuctech was not part of the inadmissibility list before awarding the standing offer. Catherine Poulin, Director General, Integrity and Forensic Accounting Services, PSPC, asserted that although PSPC was aware of allegations made against Nuctech, the department did not find charges or convictions under the offences listed in the Ineligibility and Suspension Policy. Mr. Ieraci also recognized that PSPC was aware of issues raised with the company, but he said that PSPC “had limited options to award the standing offer, since the company has shown that it met all the requirements.” He explained that PSPC is working with other departments to find ways to reduce risk while noting that “one of the ways used to reduce risk is to properly determine the security level at the outset of the process.”

According to Professor Carvin,

Canada is increasingly developing processes around foreign investment by [state-owned enterprises] generally and has recently tightened restrictions around certain sectors such as health care during the COVID-19 pandemic. However, for some reason, it appears that protective measures around foreign investment do not extend to the federal procurement process.

She suggested that the federal government implement a policy “where the procurement of goods and services provided by [state-owned enterprises] by any department are given additional formalized and consistent scrutiny to make sure such investments align with Canadian priorities and values.” She also suggested that the federal government develop a “defence in depth” policy for the procurement and use of technology, particularly when this technology comes from China.

Federal Procurement in the Security Sector

Some witnesses observed that the federal government does not apply a strategic approach in its procurement of security products and services. Mr. Bergen said that

Canada’s current approach to procurement lacks a strategic economic development lens, which has a direct impact on the economic opportunities for domestic innovators who wish to help their governments defend physical and digital borders. This all has a negative impact on both [Canada’s] prosperity, and more importantly, national sovereignty.

Mr. Desai explained that modern software is highly iterative and becomes outdated quickly. Thus, he argued that the government should purchase software with proper foresight and a focus on value. He pointed to measures taken by other countries, including:

• allowing front-line experts to work with innovators early in the development cycle;
• monitoring the potential for modern software solutions to be exported;
• using national security and small business exemptions in their trade agreements;
• using non-tariff barriers such as security clearances and government expectations to ensure products they purchase are trustworthy and generate economic spillovers; and
• shortening procurement activities to align with imperative development cycles to avoid failures.

He suggested shortening the length of time before the federal government posts requests for proposals and reducing the procurement value for technological products. He also said that the federal government should allow contractors to include roadmaps of technologies in the language used by the end-users of their products in their submissions. Lastly, he proposed that the federal government provide security clearances to companies that have current or future capabilities of producing technologies that the federal government needs.

Helping Canadian Businesses Secure Federal Contracts

In response to a question from a Committee member about efforts made by the federal government to ensure Canadian companies are given opportunities to bid on federal contracts, Mr. Ieraci noted that the Office of Small and Medium Enterprises “help[s] Canadian companies to understand the federal procurement process, to be able to find opportunities that exist on [Buyandsell.gc.ca], and to be able to get assistance in terms of understanding the federal procurement process.”

Mr. Olson underscored the importance of securing government contracts for Canadian businesses, especially during recessions. He added that small- and medium-sized enterprises are the core of the Canadian economy and employ many Canadians and that supporting these businesses helps stimulate sustainable economic growth. He suggested promoting, when possible, a “Canada-first” or a “buy-Canadian” procurement strategy.

Mr. Desai commented that procurement activities for technology-related products often lead to a “winner-takes-all game,” meaning that unsuccessful businesses cannot secure contracts for several years after losing a bid. He suggested that the federal government be careful when evaluating bids that include Canadian companies.

Committee’s Observations and Recommendations

Throughout its study, the Committee became concerned that federal departments and agencies did not collaborate to assess potential threats to Canada’s national security when the government was procuring a replacement of security screening equipment in Canadian embassies. The Committee recognizes that closer collaboration among federal departments and agencies is required.

The Committee strongly maintains that departments and agencies responsible for the protection of Canada’s assets, such as the Communications Security Establishment, should be involved from the very beginning of the procurement process when the goods and services being procured could directly impact the security of Canada’s assets. It agrees with departmental officials that a more cautious evaluation of the security threat should be done from the outset of the procurement process. All departments and agencies should be informed that the Communications Security Establishment is able to perform supply chain integrity assessments and learn about the value of conducting these assessments before selecting suppliers.

The Committee is of the opinion that the security requirement checklists that departments and agencies complete at the beginning of a procurement process must be enhanced to ensure risk is properly assessed and national security exceptions or higher levels of security are applied when required. It also recognizes that the procurement process for key goods and services, including those with a direct impact on the protection of Canada’s assets, must include a supply chain integrity assessment conducted by the Communications Security Establishment.

The Committee recognizes that the federal government is the largest buyer of goods and services in Canada, with purchases summing to several billion dollars annually. It also recognizes that for many businesses, in particular for small- and medium-sized enterprises, securing federal contracts could significantly help them succeed. The federal government can spur Canadian innovation and economic growth by buying Canadian-made products and services while delivering value to Canadians.

Consequently, the Committee recommends:

Recommendation 7

That the Government of Canada establish mechanisms to ensure that departments and agencies collaborate to assess the risk to Canada’s national security at the beginning of the procurement process for certain security-related goods and services, such as security screening equipment in Canada’s embassies.

Recommendation 8

That the Government of Canada ensure that a rigorous risk assessment is conducted at the outset of any procurement process by strengthening the security requirement checklists used by departments and agencies.

Recommendation 9

That the Government of Canada require a supply chain integrity assessment conducted by the Communications Security Establishment at the beginning of the procurement process and strengthen considerations for the national security exception for goods and services that have a potential security impact on Canada’s assets.

Conclusion

The Committee recognizes that national security is paramount and must be of primary concern to ministers, senior officials and federal procurement specialists throughout the procurement process for security-related goods and services. To ensure robust security for its assets, the federal government must continuously conduct rigorous risk assessments of contractors, suppliers and their personnel before doing business with them. To optimize these risk assessments, departments and agencies must collaborate and seek out the expertise of security and intelligence agencies, such as by the Communications Security Establishment.

The Committee is confident that, if implemented, the nine recommendations presented in this report would strengthen the security of the federal government’s assets. The federal procurement process for security-related goods and services must be improved by:

• implementing strategies to encourage procurement officials and suppliers to place greater emphasis on best value for Canadians, by including value-propositions that give greater weight to qualifications and quality rather than primarily focusing on price;
• establishing mechanisms to ensure that departments and agencies collaborate to assess the risk to Canada’s national security at the beginning of the procurement process for certain security-related goods and services, such as security screening equipment in Canada’s embassies; and
• requiring a supply chain integrity assessment conducted by the Communications Security Establishment at the beginning of the procurement process and strengthening considerations for the national security exception for goods and services that have a potential security impact on Canada’s assets.