Canada Aiming at Improving Cybersecurity of Federally Regulated Industries Through Bill C-26

Canada recently started looking at a new piece of legislation that seeks to strengthen cybersecurity of businesses and organizations the activities of which fall within ambit of activities that the Federal government can directly regulate.

Interestingly, contrary to most Canadian legislation so far and that touch upon cybersecurity, the focus this time is not on whether an organization collects, uses or discloses personal information. Rather, the bill at issue would seek to cover whole swats of certain industries, whether the organizations operating therein do or do not deal with personal information. This is a new approach in Canada which may signify that the government is finally realizing we collectively need to take cybersecurity more seriously, and that it is more than an issue of personal information.

Bill C-26 proposes to impose on telecommunication providers a new regime that would force them to adopt better cybersecurity practices, with a view to better protecting Canadians who rely on their services for things like cell phone and Internet services.

More generally, the bill would also empower the Canadian government to force federally regulated businesses to clean-up their act (so to speak), cybersecurity-wise, especially when it may jeopardize national security or public safety. As you may know, in Canada, federally regulated businesses include, for example, those who deal with:

  • radio, television and telecommunications, such as Internet providers;
  • air transportation, including airlines, airports, ports, shipping, boats, as well as railways and road transportation services that cross borders;
  • banks;
  • certain energies and their transport, like pipelines, etc.

Bill C-26 would allow the Federal government to require organizations operating in those areas to take cybersecurity more seriously, in particular when public safety may be involved. For example, this may allow the government to dictate that operators of pipelines better protect and monitor their computer systems, with a view to avoiding major catastrophes that may eventually result from cyber-attacks.

In addition to eventually requiring organizations in those industries to adopt and apply cybersecurity programs and to better protect their systems, C-26 would also require the organizations at issue to report eventual cybersecurity breaches, something they currently are not generally required to do.

Bill C-26 is currently at the First Reading stage.

Major Update of the Canadian Government Login Process for Businesses

The Canadian government finally seems to have realized allowing individual agencies to create and manage credentials individually, for each business that may want to interact with governmental online services, simply does not make sense, including from a cybersecurity standpoint. Starting soon, users who want to login will have to go through a whole new system.

CIPO (the Canadian Intellectual Property Office) recently started offering information and training on the upcoming changes, so as to allow businesses to make the transition, including those that may need to interact with I.P.-related services, for example as to patents, trademarks or industrial designs.

The new system being deployed by the Canadian government will do away with ISED, the former system whereby businesses could create user IDs to login and interact with governmental online services.

The new identification process will involve each business creating an ID (called the GCKey) to which authorized individual users will have to be linked. The system will also require individuals to go through identification and authentication, to make sure they are the actual individual they purport to be and that they are indeed authorized by the organization at issue. Though you may think this was already the case, it was not.

One offshoot of this new method of allowing access by users on behalf of their organization is that it will do away with the sharing of credentials. Once implemented, it will no longer be possible for all users of an organization to “share” a single user ID (account), as was so frequently until now, for purposes of accessing governmental online services.

The new system will also force all user to use 2-step verification to login into their online account, also something most large organizations have been requiring for a while now. The actual implementation of the changes start March 28.

Christian Varin of the Fédération des inventeurs du Québec Found Guilty of Fraud

After years of hearing and reading about complaints against the (supposed) Fédération des inventeurs du Québec, a Québec court recently found the principal behind the entity at issue, Christian Varin, guilty of fraud. Finally.

The La Presse newspaper published an article about the judgement at issue this morning. The judge was not kind in his judgment, using expressions and words like charlatan, fraudster, lies, flagrant incompetence, scam, etc. In short, Varin and the entity he created (and alone controls) defrauded hundred of small time inventors who were often attracted to Varin by advertising on Google and who believed Varin when he told them he could protect their inventions for a fraction of what regular patent agents (something is not) charged. Lo and behold, this was all a lie, Varin charging for supposed international searches and filing legally insignificant provisional applications that inventors were given the impressions would actually protect their inventions.

At the risk of repeating myself, the protection of inventions by patent registration implies a long process that is both complex and costly, for a reason. Given how strong patent protection is, the government does not grant it lightly, nor to anyone who simply asks. A (valid) patent applicable is something that requires great care, including to determine exactly what the invention is, and then to describe it adequately. Anyone interested in attempting to patent an invention should also be aware that protection must be sought in each country where one hopes to obtain rights, something that will require substantial means to achieve.

Believe it or not, there really is a reason why patent agents are so few and why they can charge fees that are this high: dealing with inventions and patents really is quite complex. This is NOT something Joe Average can do willy-nilly on the corner of your kitchen table.

If anyone who is neither an attorney or a patent agent tells you they can protect your invention for a fraction of what others charge, walk away, or better yet, run.