Internet Access, Privacy & Cybersecurity in Canada

Why are Canadians concerned about cybersecurity, regulation, access, and data privacy?

We always knew the internet was very important but the pandemic has brought into stark relief just how critical the future of the internet is to literally every facet of our lives, for individuals and society writ large. Over the past year and a half, we learned an awful lot of lessons about how society functions online when it really has to, and I hope that we can bring some of these lessons to whatever the new normal ends up being. It is really critical that we do not lose those lessons and that they really help enable the digital future that we are all rushing headlong into. These lessons should encourage us to figure out how to make the digital future inclusive, safe, secure, and accessible to every single Canadian. 

The other thing that is important is that prior to the pandemic, there were already growing frustrations with how the internet is operated, with concerns about the concentration of power among some of the biggest actors on the internet. There is also a lack of guardrails for how things are done on the internet, how companies act on the internet, and how individuals behave towards each other on the internet. Most Canadians agree that we need a set of regulations on the internet for how it is operated.

What should we be concerned about regarding the future of the internet in Canada? 

The first one is access. How do we ensure that every Canadian who wants to be on the internet can be on the internet? Every business, including small businesses in Canada, that need to be on the internet should be able to do so. One of the factors of internet accessibility is whether we have enough competition to allow for fair and reasonable pricing. Access to the internet is going to be a major factor in Canada’s economic growth as we exit the pandemic.

“Canadians do not feel like their privacy is respected online in any way, shape, or form.”

Another key issue surrounding the future of the internet is online privacy in Canada. This is really critical one, as survey after survey shows that Canadians do not feel like their privacy is respected online in any way, shape, or form. It is pretty disappointing that the recent modernization of Canada’s privacy laws did not get anywhere during this government’s last term. It is essential that privacy regulation online be addressed before we start regulating other digital issues. We should make it so that none of the big actors have their strength and power entrenched and ensure that regulation adequately delivers to small and new companies as well as individuals. To me, privacy is a core foundational element that has to be addressed before we can build other sensible rules, guardrails, guidelines, and regulations with regard to the internet.

“We cannot do anything effectively on the internet if we do not have trust.”

The third and final issue is cybersecurity. We cannot do anything effectively on the internet if we do not have trust. Trust is absolutely critical. How do we have trust? There are a number of ways to do it, but one is to ensure overall security online. The openness and transparency on the internet in its early days, which was what made the internet so successful, is essentially now being weaponized.

We need to think about how to maintain this wonderful global resource, this free and open space for all to connect, while ensuring trust. Part of that is through cybersecurity. We need to think about internet infrastructure similarly to how we think about other critical physical infrastructure such as utilities, bridges, and pipelines: are they safe and resilient? How are they being protected by the owners of private infrastructure or by governments in communal infrastructure? There is a bigger role for government to play to ensure Canadians are safe, businesses can prosper, and internet infrastructure remains secure and resilient.

Do we need a national strategy for cybersecurity? If so, what should that look like? 

We do not have an overall strategy for cybersecurity in Canada. It is piecemeal, organization-by-organization, and vendor-by-vendor. What nets out to is that people hope for the best. Hope is not in fact a strategy. We need a coordinated national strategy on cybersecurity. It does not have to be a heavyweight model or monolithic but it has to be an overall strategy for cybersecurity across Canada. A national cybersecurity strategy must be jointly developed by the private sector, technical community, law enforcement, intelligence community, governments, and SMEs. Certainly, small and medium-sized businesses are the ones being targeted to a great degree by bad actors. We read about this every day on the front page. This is not an aberration now; this is a consistent story and it is a story that cries out for a consistent and understood strategy.

“We have seen increased sophistication in hacks whether on pipelines or other major infrastructure, let alone all the individual companies.”

That being said, there are actors in the space doing good work. The Canadian Centre for Cyber Security is doing some great work and a lot of heavy lifting in this space. To be transparent, we do some work with them and have had the benefit of watching what they are doing. They are doing some great stuff but they are one organization in Canada up against bad actors and hackers. Hackers are not kids in basements anymore; they are professionally organized and run like a well-oiled machine. There are also state-based bad actors and they are all upping their game. We have seen increased sophistication in hacks whether on pipelines or other major infrastructure, let alone all the individual companies. Quite frankly, there is a myriad of international cyberattacks you never see or hear about because the businesses quietly make them go away by paying the ransom, which is not great because everybody is operating as an independent actor. There is no overall strategy and layer of protection writ large. Canada needs to be able to provide basic protections, including cybersecurity awareness training to help end-users. These end-users are often unsophisticated users who need help in practicing the very basics of good cyber hygiene.

What has to be done and by who to improve rural access to the internet in Canada?

That is a really important question for all Canadians, not just folks who live in rural and remote communities. All Canadians can benefit from rural communities being online. We never know where the next best idea or invention is going to come from. 

“Different kinds of models for internet provision can be used in sparsely populated areas, whether they are from governments, co-ops, or not-for-profits.”

The first thing that is really critical to ensuring internet accessibility is competition. Having good competition for fast, high quality, and robust internet access is foundational to ensuring broad access in as many places as possible. Regulators doing work in that space must do more to encourage competition. They have a responsibility to do that. However, there are cases in spaces where there is no strong market incentive. Canada is huge and incredibly sparsely populated. There are places where we likely need other kinds of provision of internet services instead of relying on traditional private sector competition-based delivery of services. Different kinds of models for internet provision can be used in sparsely populated areas, whether they are from governments, co-ops, or not-for-profits.

This is a global competitiveness issue for Canada and we need to treat it as such. It is something of a race and we need to get on the starting line and get going as fast as we can.

This is not really just about business anymore. Many people think about the internet from a commercial standpoint but it is so much broader than that. Because of the pandemic, children spent the past year being educated online. Everybody’s healthcare delivery has also changed as a result of the pandemic. We have seen how important it is to have connectivity just to get basic access to healthcare in Canada, let alone anything more sophisticated. There is also the need for access to government services. We have all had to figure out new ways to do everything online, whether for businesses, organizations, or individuals, because government effectively went online. No one could go to an office and get something done—we all had to do it online. You have to have connectivity no matter where you are if you are a citizen of our country. Furthermore, our leisure and communications demand access to the internet. The internet is truly critical infrastructure and it has to be treated as such.

Who and what would you pitch to strengthen and improve the internet in Canada?

The internet is growing. I mean in terms of the lifecycle of the internet. In the early days, it was very private sector-oriented. That private sector orientation created this incredible resource for the whole world. The internet right now is a little bit like the unruly, late-stage teenager, and it needs some guardrails and direction. There is an opportunity for increased government intervention to help re-level the playing field for all. It is a private sector-oriented environment and should remain that way for innovation and creativity, but we are probably going to see an inflection moment where government must play a role in level setting for everybody and help create a common set of fair rules to mitigate the chance to weaponize digital tools and services. Government has to lead this charge, but with the input of the multi-stakeholder community. This should not be a top-down initiative but a coordination of all of the relevant actors in a truly multi-stakeholder environment. It is this multi-stakeholder environment that has made the internet this incredible global resource used by potentially all.