加拿大C-22法案强制对加拿大公民进行大规模元数据监控。

加拿大C-22法案强制对加拿大公民进行大规模元数据监控。
Canada's Bill C-22 Mandates Mass Metadata Surveillance of Canadians

原始链接: https://www.parl.ca/DocumentViewer/en/45-1/bill/C-22/first-reading

## 支持授权访问信息法案 - 摘要支持授权访问信息法案（SAIA）建立了一个框架，旨在促进授权人员（执法部门和国家安全部门）依法访问电子服务提供商（ESP）持有的信息。该法案并未创造*新的*访问权限，而是确保ESP能够有效遵守现有的法律授权。该法案侧重于“核心提供商”——通过法规定义的ESP类别——并可能对其开发提取和提供信息访问能力施加义务。法规将考虑可行性、成本、隐私和网络安全影响。重要的是，提供商不被要求为了合规而创建“系统性漏洞”。公共安全部长可以发布命令给ESP（需情报专员批准），概述具体要求。这些命令以及相关信息受保密保护。 SAIA包含内部审计、合规命令和对不合规行为的行政货币处罚条款。它还建立了一个司法审查程序，并要求对该法案的实施进行年度报告。该法案优先考虑在国家安全需求与隐私和网络安全问题之间的平衡，并包含审查和公众透明度的条款。

An Act respecting the obligations of electronic service providers in relation to authorized access to information

Short Title

Short title

1 This Act may be cited as the Supporting Authorized Access to Information Act.

Interpretation

Definitions

2 (1) The following definitions apply in this Act.

access, in relation to information, includes obtaining a document containing information and, with respect to information related to a communication, intercepting the communication within the meaning of section 183 of the Criminal Code.‍ (accès)

authorized person means a person having authority under the Criminal Code or the Canadian Security Intelligence Service Act to access information.‍ (personne autorisée)

core provider means an electronic service provider belonging to a class of electronic service providers set out in the schedule.‍ (fournisseur principal)

electronic protection means authentication, encryption and any other prescribed type of data protection.‍ (protection électronique)

electronic service means a service, or a feature of a service, that involves the creation, recording, storage, processing, transmission, reception, emission or making available of information in electronic, digital or any other intangible form by an electronic, digital, magnetic, optical, biometric, acoustic or other technological means, or a combination of any such means.‍ (service électronique)

electronic service provider means a person that, individually or as part of a group, provides an electronic service, including for the purpose of enabling communications, and that

(a) provides the service to persons in Canada; or
(b) carries on all or part of its business activities in Canada.‍ (fournisseur de services électroniques)

information includes any information, intelligence or data to which access may be authorized under the Criminal Code or the Canadian Security Intelligence Service Act.‍ (information)

Minister means the Minister of Public Safety and Emergency Preparedness.‍ (ministre)

person includes a corporation, a trust, a partnership, a fund, a joint venture, a government, a government agency, an unincorporated association or organization and any other legal entity.‍ (personne)

prescribed means prescribed by the regulations.‍ (Version anglaise seulement)

systemic vulnerability means a vulnerability in the electronic protections of an electronic service that creates a substantial risk that secure information could be accessed by a person who does not have any right or authority to do so.‍ (vulnérabilité systémique)

Preservation of existing authorities

(2) Nothing in this Act derogates from any authority to access information conferred under the Criminal Code or the Canadian Security Intelligence Service Act — or from any similar authority conferred under another Act of Parliament — or from any corresponding obligation imposed on an electronic service provider to assist in a person’s exercise of such an authority.

Preservation of agreements and arrangements

(3) Nothing in this Act derogates from any agreement or arrangement between an electronic service provider and a national security or law enforcement agency with respect to assistance to be provided to an authorized person in the exercise of the person’s authority to access information, nor prevents entry into such an agreement or arrangement.

Purpose

3 The purpose of this Act is to ensure that electronic service providers can facilitate the exercise of authorities to access information that are conferred on authorized persons.

His Majesty

Binding on His Majesty

4 This Act is binding on His Majesty in right of Canada or of a province.

Core Providers

Core providers — classes

5 (1) The Governor in Council may, by regulation, amend the schedule by adding, amending or deleting a class of electronic service providers.

Core providers — obligations

(2) The Governor in Council may make regulations respecting the obligations of core providers, including regulations respecting

(a) the development, implementation, assessment, testing and maintenance of operational and technical capabilities, including capabilities related to extracting and organizing information that is authorized to be accessed and to providing access to such information to authorized persons;
(b) the installation, use, operation, management, assessment, testing and maintenance of any device, equipment or other thing that may enable an authorized person to access information;
(c) notices to be given to the Minister or other persons, including with respect to any capability referred to in paragraph (a) and any device, equipment or other thing referred to in paragraph (b); and
(d) the retention of categories of metadata — including transmission data, as defined in section 487.‍011 of the Criminal Code — for reasonable periods of time not exceeding one year.

Factors

(3) In making a regulation under subsection (2), the Governor in Council must take into account the following factors:

(a) the benefits of the regulation to the administration of justice, in particular to investigations under the Criminal Code, and to the exercise of powers and the performance of duties and functions under the Canadian Security Intelligence Service Act;
(b) the feasibility of compliance with the regulation for the core providers;
(c) the costs to be incurred by the core providers to ensure compliance with the regulation;
(d) the potential impact of the regulation on the persons to whom the core providers provide services;
(e) the potential impact of the regulation on privacy protection and cybersecurity; and
(f) any other factor that the Governor in Council considers relevant.

Restrictions

(4) Paragraph (2)‍(d) does not authorize the making of regulations that require core providers to retain information that would reveal

(a) the content — that is to say the substance, meaning or purpose — of information transmitted in the course of an electronic service;
(b) a person’s web browsing history; or
(c) a person’s social media activities.

Systemic vulnerability

(5) A core provider is not required to comply with a provision of a regulation made under subsection (2), with respect to an electronic service, if compliance with that provision would require the provider to introduce a systemic vulnerability related to that service or prevent the provider from rectifying such a vulnerability.

Temporary exemption

6 (1) On application by a core provider, the Minister may, by order and on any terms that the Minister considers necessary, exempt the core provider, for a specified period, from the application of any provision of a regulation made under subsection 5(2).

Application

(2) The application must be submitted in the form and manner specified by the Minister and must contain

(a) the provision with respect to which the exemption is sought;
(b) a proposed period for the exemption;
(c) a rationale explaining why the core provider requires the exemption;
(d) a plan setting out the measures that the core provider intends to take to comply with the provision within the period referred to in paragraph (b); and
(e) any other information specified by the Minister.

Pending application

(3) The provision with respect to which the exemption is sought does not apply to the core provider pending the determination of the application.

Decision

(4) As soon as feasible after the application is submitted, the Minister must make a decision in respect of it and give written notice of the decision to the core provider.

Denial of application

(5) In a decision to deny the application, the Minister may specify the day by which the core provider must comply with the provision with respect to which the application was denied.

Statutory Instruments Act

(6) The Statutory Instruments Act does not apply to an order made under subsection (1).

Ministerial Orders

Order

7 (1) Subject to section 8, the Minister may make an order with respect to an electronic service provider and the order may contain any provision that may be contained in a regulation made under subsection 5(2), whether or not the provider is a core provider. The order must specify the period during which it has effect.

Approval of Intelligence Commissioner

(2) The order is valid when — if it is approved by the Intelligence Commissioner under paragraph 20(1)‍(a) of the Intelligence Commissioner Act — the Intelligence Commissioner provides the Minister with the written decision approving the order.

Factors

(3) In making the order, the Minister must take into account the following factors:

(a) the benefits of the order to the administration of justice, in particular to investigations under the Criminal Code, and to the exercise of powers and the performance of duties and functions under the Canadian Security Intelligence Service Act;
(b) the feasibility of compliance with the order for the electronic service provider;
(c) the costs to be incurred by the electronic service provider to ensure compliance with the order;
(d) the potential impact of the order on the persons to whom the electronic service provider provides services;
(e) the potential impact of the order on privacy protection and cybersecurity; and
(f) any other factor that the Minister considers relevant.

Discretionary compensation

(4) For the purpose of offsetting all or part of the costs referred to in paragraph (3)‍(c), in the order, the Minister may provide for compensation to be paid to the electronic service provider in an amount that the Minister considers appropriate and may include provisions with respect to the time and manner of payment.

Systemic vulnerability

(5) The electronic service provider is not required to comply with a provision of the order, with respect to an electronic service, if compliance with that provision would require the provider to introduce a systemic vulnerability related to that service or prevent the provider from rectifying such a vulnerability.

Statutory Instruments Act

(6) The Statutory Instruments Act does not apply to an order made under subsection (1).

Representations

8 Before making an order under subsection 7(1), the Minister must provide the electronic service provider with an opportunity to make representations.

Intelligence Commissioner

9 (1) The Minister must provide a copy of any order made under subsection 7(1) to the Intelligence Commissioner for the purposes of the Intelligence Commissioner’s review and approval under the Intelligence Commissioner Act.

Notice

(2) The copy of the order constitutes notice of the order for the purposes of calculating the time limit referred to in paragraph 20(3)‍(b) of the Intelligence Commissioner Act.

Duration

10 (1) Unless revoked, an order made under subsection 7(1) has effect for the period specified in the order.

Non-application

(2) Subsection 7(2) and sections 8 and 9 do not apply in respect of an order that only revokes another order made under subsection 7(1) or only extends the period specified in another order made under subsection 7(1).

Review

11 (1) Before the order expires, the Minister must review the order to determine whether, taking into account the factors referred to in subsection 7(3), the period specified in it should be extended.

New information

(2) Before the order expires, an electronic service provider subject to it may submit to the Minister any information that is relevant to the review.

Compliance with order

12 An electronic service provider that is subject to an order made under subsection 7(1) must comply with it.

Order prevails

13 An order made under subsection 7(1) prevails over any regulation made under subsection 5(2) to the extent of any inconsistency.

Obligation to Assist

Obligation to assist

14 (1) On request made by the Minister, an electronic service provider must provide all reasonable assistance to a person or class of persons specified in the request to permit the assessment or testing of any device, equipment or other thing that may enable an authorized person to access information.

Persons to be assisted

(2) Only the following persons or classes of persons may receive assistance:

(b) an employee of the Canadian Security Intelligence Service;
(c) a person appointed or employed under Part I of the Royal Canadian Mounted Police Act or a civilian employee referred to in section 10 of that Act;
(d) a civilian employee of another police force;
(e) a peace officer, as defined in section 2 of the Criminal Code.

Request

(3) The request must be in writing and set out the purpose of the assessment or testing and any limits and conditions that the Minister considers appropriate.

For greater certainty

(4) For greater certainty, the assessment or testing must not have the effect of granting access to personal information.

Confidentiality

Prohibition on disclosure

15 An electronic service provider and any person acting on its behalf must not disclose any of the following information except as permitted under this Act or the Canada Evidence Act:

(a) information contained in an order made under subsection 6(1) or 7(1);
(b) information on which the Minister relied in making the order;
(c) the fact that the electronic service provider is subject to the order;
(d) information provided in the course of representations made under section 8 or in any response given by the Minister and the fact that the Minister has invited the representations;
(e) information contained in an application referred to in subsection 6(1) or in a decision made under subsection 6(4);
(f) information submitted under subsection 11(2) and any information received from the Minister in response;
(g) any prescribed information.

Confidential information

16 The following information is confidential and must, subject to the regulations, be treated accordingly by a person designated under subsection 19(1):

(a) information obtained by the designated person in the course of exercising their powers or performing their duties and functions under sections 20 and 21; and
(b) information contained in an audit report referred to in section 23.

Judicial review — notice to Minister

17 (1) An electronic service provider is not to make an application for judicial review in respect of an order or decision made under this Act unless, at least 15 days before making the application, it provides written notice to the Minister, including a copy of the notice of application.

For greater certainty

(2) For greater certainty, the Federal Court has exclusive jurisdiction to hear applications for judicial review in respect of any order or decision made under this Act.

Regulations — confidentiality and security

18 The Governor in Council may make regulations respecting confidentiality and security requirements with which electronic service providers and persons acting on their behalf must comply, including regulations

(a) respecting the disclosure of information referred to in section 15 or 16;
(b) establishing rules of procedure for the protection of information referred to in section 15 or 16 in administrative or judicial proceedings;
(c) respecting requirements related to employees of electronic service providers and other persons whose services may be engaged by electronic service providers — who participate in activities in relation to requests for access to information that is authorized under the Criminal Code or the Canadian Security Intelligence Service Act or in relation to compliance with this Act — including with respect to their security clearance and location; and
(d) respecting security requirements with respect to the facilities and premises of electronic service providers that are used for storing, processing or transmitting information that is related to — or that may be the subject of — requests for access to information that is authorized under the Criminal Code or the Canadian Security Intelligence Service Act.

Administration and Enforcement

Designation

19 (1) The Minister may, subject to any restrictions or conditions that the Minister may specify, designate persons or classes of persons for the purposes of the administration and enforcement of this Act.

Certificate

(2) The Minister must provide every designated person with a certificate attesting to their designation.

Inspections

Authority to enter place

20 (1) Subject to subsection 21(1), a designated person may, for the purpose of verifying compliance or preventing non-compliance with this Act, at any reasonable time enter any place if they have reasonable grounds to believe that anything relevant to that purpose, including any document or electronic data, is located in that place or that an activity regulated by this Act is conducted in that place.

Production of certificate

(2) On entering a place referred to in subsection (1), the designated person must, on request, produce the certificate attesting to their designation to the person in charge of the place.

Powers on entry

(3) The designated person may, for a purpose referred to in subsection (1),

(a) examine anything found in the place, including any document or electronic data;
(b) make copies of any document or electronic data that is found in the place or take extracts from the document or electronic data;
(c) remove any document found in the place for examination or copying;
(d) use or cause to be used any computer or data processing system at the place to examine or copy electronic data; and
(e) use or cause to be used any copying equipment at the place to make copies of any document.

Return of items

(4) If the designated person removes a document under paragraph (3)‍(c), they must return it to its owner or the person in charge of it on completion of the examination or copying.

Duty to assist

(5) Every owner or person in charge of a place that is entered by the designated person and every person found in the place must give all assistance that is reasonably required to enable the designated person to exercise their powers or perform their duties and functions under this section and provide the designated person with any document or electronic data that they may reasonably require.

Persons accompanying

(6) The designated person may be accompanied by any other person that the designated person believes is necessary to help them exercise their powers or perform their duties and functions under this section.

Entering private property

(7) The designated person and any person accompanying them may enter and pass through private property, other than a dwelling-house on that property, to gain entry to a place referred to in subsection (1). For greater certainty, they are not liable for doing so.

Dwelling-house

21 (1) In the case of a dwelling-house, a designated person is not authorized to enter it without the occupant’s consent except under the authority of a warrant issued under subsection (2).

Authority to issue warrant

(2) A justice of the peace may, on ex parte application, issue a warrant authorizing the designated person named in it to enter a dwelling-house, subject to any conditions specified in the warrant, if the justice of the peace is satisfied by information on oath that

(a) the dwelling-house is a place referred to in subsection 20(1);
(b) entry to the dwelling-house is necessary for a purpose referred to in subsection 20(1); and
(c) entry was refused by the occupant or there are reasonable grounds to believe that entry will be refused by, or that consent to entry cannot be obtained from, the occupant.

Use of force

(3) In executing the warrant, the designated person is not entitled to use force unless the use of force is specifically authorized in the warrant and they are accompanied by a peace officer.

Internal Audit

Audit order

22 (1) Subject to the regulations, a designated person may, for a purpose related to verifying compliance or preventing non-compliance with this Act, make an order in writing requiring an electronic service provider to conduct, within the time and in the manner specified in the order, an internal audit of its practices, documents and electronic data to determine whether it is in compliance with any provision of this Act or the regulations.

Statutory Instruments Act

(2) The Statutory Instruments Act does not apply to an order made under subsection (1).

Compliance with order

23 The electronic service provider must comply with the order and provide to the designated person, within the period specified in the order, a report of the results of the audit, including, if the electronic service provider determines that there is non-compliance with a provision of this Act or the regulations, the nature of the non-compliance and any measures that it has taken or will take to comply with the provision or the order.

Compliance Order

Power to order termination of contravention

24 (1) If a designated person believes on reasonable grounds that there is or is likely to be a contravention of any provision of this Act or the regulations, they may make an order in writing requiring an electronic service provider to

(a) stop doing something that is or is likely to be in contravention of that provision or cause it to be stopped; or
(b) take any measure that is necessary to comply with the requirements of that provision or mitigate the effects of non-compliance.

Time and manner for review

(2) The order must specify the time within which and the manner in which the electronic service provider may request a review of the order by the Minister.

Statutory Instruments Act

(3) The Statutory Instruments Act does not apply to an order made under subsection (1).

Compliance with order

25 (1) An electronic service provider that is subject to an order made under subsection 24(1) must comply with it.

Notification of compliance

(2) Once the electronic service provider complies with the order, it must notify the designated person of its compliance without delay.

Request for review

26 (1) An order that is made under subsection 24(1) must be reviewed by the Minister at the written request of the electronic service provider that is subject to the order.

Time and manner of request

(2) The request must be made within the time and in the manner specified in the order and must state the grounds for review and set out the evidence that supports those grounds.

Order in effect

(3) The order continues to apply during a review unless the Minister decides otherwise.

Decision on completion of review

27 (1) On completion of a review, the Minister must confirm, amend, revoke or cancel the order and provide notice of the decision and the reasons for the decision to the electronic service provider.

Deemed confirmation

(2) If the Minister does not make a decision in respect of the request within 90 days after the day on which the request is received, or within any further period that is agreed on by the Minister and the electronic service provider, the Minister is deemed to have confirmed the order.

Administrative Monetary Penalties

Violations

Purpose of penalty

28 The purpose of an administrative monetary penalty is to promote compliance with this Act and not to punish.

Commission of violations

29 (1) A person who contravenes any of the following provisions commits a violation and is liable to a penalty of an amount that is to be established by a designated person in accordance with the regulations:

(a) section 12, subsection 14(1), section 15, subsection 20(5), section 23 or subsection 25(1) or (2);
(b) a provision of the regulations designated by a regulation made under paragraph 47(1)‍(e).

Maximum penalty

(2) The maximum penalty for a violation is $50,000 in the case of an individual and $250,000 in the case of any other person.

Continuing violation

(3) A violation that is committed or continued on more than one day constitutes a separate violation in respect of each day on which it is committed or continued.

Due diligence defence

(4) A person is not to be found liable for a violation if they establish that they exercised due diligence to prevent its commission.

Common law principles

(5) Every rule and principle of the common law that renders any circumstance a justification or excuse in relation to a charge for an offence under this Act applies in respect of a violation to the extent that it is not inconsistent with this Act.

Proof of violation

30 In any proceedings under this Act against a person in relation to a violation, it is sufficient proof of the violation to establish that the act or omission that constitutes the violation was committed by an employee or an agent or mandatary of the person, whether or not the employee or agent or mandatary is identified.

Violation by corporate officers, etc.

31 If a person other than an individual commits a violation under this Act, any of the person’s directors, officers or agents or mandataries who directed, authorized, assented to, acquiesced in or participated in the commission of the violation is a party to and liable for the violation, whether or not the person who actually committed the violation is proceeded against under this Act.

Proceedings

Issuance of notice of violation

32 If a designated person believes on reasonable grounds that a person has committed a violation, the designated person may issue, and must serve the person with, a notice of violation.

Limitation or prescription period

33 (1) A notice of violation is not to be issued in respect of a violation more than two years after the day on which the Minister becomes aware of the acts or omissions that constitute the alleged violation.

Certification by Minister

(2) A document appearing to have been issued by the Minister, certifying the day on which the acts or omissions that constitute the alleged violation became known to the Minister, is admissible in evidence without proof of the signature or official character of the person appearing to have signed the document and, in the absence of evidence to the contrary, is proof that the Minister became aware of the acts or omissions on that day.

How act or omission may be proceeded with

34 If an act or omission may be proceeded with either as a violation or as an offence, proceeding in one manner precludes proceeding in the other.

Payment of Penalties and Alternatives to Payment

Effect of payment

35 (1) If a person named in a notice of violation pays, in the prescribed time and manner, the penalty set out in the notice of violation,

(a) they are deemed to have committed the violation in respect of which the amount is paid;
(b) the Minister must accept that amount as complete satisfaction of the penalty; and
(c) the proceedings commenced in respect of the violation are ended.

Alternatives to payment

(2) Instead of paying the penalty, the person may, in the prescribed time and manner,

(a) request to enter into a compliance agreement with the Minister that ensures the person’s compliance with the provision to which the violation relates; or
(b) request a review by the Minister of the acts or omissions that constitute the alleged violation or the amount of the penalty.

Failure to act

(3) If the person does not pay the penalty in the prescribed time and manner and does not make one of the requests referred to in subsection (2) in the prescribed time and manner, they are deemed to have committed the violation identified in the notice.

Compliance Agreements

Compliance agreements

36 (1) The Minister may, on request, enter into a compliance agreement with a person named in a notice of violation on any conditions that are satisfactory to the Minister. The compliance agreement may provide for the reduction, in whole or in part, of the amount of the penalty for the violation.

Effect of entering into agreement

(2) A person who enters into a compliance agreement with the Minister is, on doing so, deemed to have committed the violation in respect of which the compliance agreement was entered into.

Notice of compliance

(3) If the Minister is satisfied that a person who has entered into a compliance agreement has complied with it, the Minister must cause a notice to that effect to be provided to the person, at which time the proceedings commenced in respect of the violation are ended.

Notice of default

(4) If the Minister is of the opinion that a person who has entered into a compliance agreement has not complied with it, the Minister must cause a notice of default to be provided to the person to the effect that, instead of the penalty set out in the notice of violation in respect of which the compliance agreement was entered into, the person is liable to pay, in the prescribed time and manner, twice the amount of that penalty, and, for greater certainty, subsection 29(2) does not apply in respect of that amount.

Effect of notice of default

(5) Once provided with the notice of default, the person is not to deduct from the amount set out in the notice any amount that they spent under the compliance agreement and the person is liable to pay the amount set out in the notice.

Effect of payment

(6) If the person pays the amount set out in the notice of default, the Minister must accept the amount as complete satisfaction of the amount owing and the proceedings commenced in respect of the violation are ended.

Refusal to enter into compliance agreement

37 (1) If the Minister refuses to enter into a compliance agreement with a person named in a notice of violation, the person is liable to pay, in the prescribed time and manner, the penalty set out in the notice of violation.

Effect of payment

(2) If the person pays the penalty,

(a) they are deemed to have committed the violation in respect of which the payment is made;
(b) the Minister must accept the amount as complete satisfaction of the penalty; and
(c) the proceedings commenced in respect of the violation are ended.

Effect of non-payment

(3) If the person does not pay the penalty in the prescribed time and manner, they are deemed to have committed the violation identified in the notice of violation.

Review by the Minister

Review — facts

38 (1) On completion of a review requested under paragraph 35(2)‍(b) with respect to the acts or omissions that constitute the alleged violation, the Minister must determine, on a balance of probabilities, whether the person named in the notice of violation committed the violation. If the Minister determines that the person committed the violation but that the amount of the penalty was not established by the designated person in accordance with the regulations, the Minister must correct the amount.

Violation not committed — effect

(2) If the Minister determines that the person named in the notice of violation did not commit the violation, the proceedings commenced in respect of the violation are ended.

Review — with respect to penalty

(3) On completion of a review requested under paragraph 35(2)‍(b) with respect to the amount of the penalty, the Minister must determine whether the amount of the penalty was established in accordance with the regulations and, if not, the Minister must correct the amount.

Notice of decision

(4) The Minister must cause a notice of any decision made under subsection (1) or (3) to be provided to the person named in the notice of violation.

Liability for penalty

(5) The person named in the notice of violation is liable to pay, in the time and manner specified in a decision made under subsection (1) or (3), the amount of the penalty that is confirmed or corrected in the decision.

Effect of payment

(6) If the person named in the notice of violation pays the amount referred to in subsection (5), the Minister must accept the amount as complete satisfaction of the penalty and the proceedings commenced in respect of the violation are ended.

Recovery of Debts

Debt to His Majesty

39 (1) The following amounts constitute debts due to His Majesty in right of Canada that may be recovered in the Federal Court:

(a) the amount of a penalty, beginning on the day on which the notice of violation setting out the amount of the penalty is served;
(b) the amount set out in a compliance agreement entered into under subsection 36(1), beginning on the day on which the compliance agreement is entered into;
(c) the amount set out in a notice of default referred to in subsection 36(4), beginning on the day on which the time the notice is provided; and
(d) the amount of a penalty as set out in a decision made by the Minister under subsection 38(1) or (3), beginning on the day on which the time the notice of that decision is provided.

Limitation or prescription period

(2) No proceedings to recover such a debt may be commenced later than five years after the debt became payable.

Debt final

(3) The debt is final and not subject to review or to be restrained, prohibited, removed, set aside or otherwise dealt with except to the extent and in the manner provided by sections 35 to 38.

Certificate

40 (1) Any debt referred to in subsection 39(1) in respect of which there is a default of payment, or the part of any such debt that has not been paid, may be certified by the Minister.

Registration

(2) Registration in the Federal Court of the certificate has the same force and effect as a judgment of that court for a debt of the amount specified in the certificate and all related registration costs.

Offences

Offences — general

41 (1) A person who contravenes any of the following provisions commits an offence:

(a) section 12, subsection 14(1), section 15, subsection 20(5), section 23 or subsection 25(1) or (2);
(b) a provision of the regulations designated by a regulation made under paragraph 47(1)‍(f).

Punishment

(2) A person who commits an offence under subsection (1) is liable on summary conviction to a fine of not more than $100,000 in the case of an individual and not more than $500,000 in the case of any other person.

Continuing offence

(3) If an offence under subsection (1) is committed or continued on more than one day, it constitutes a separate offence for each day on which it is committed or continued.

Due diligence defence

(4) A person is not to be found guilty of an offence under subsection (1) if they establish that they exercised due diligence to prevent its commission.

Proof of offence

42 In a prosecution of a person for an offence under subsection 41(1), it is sufficient proof of the offence to establish that the act or omission that constitutes the offence was committed by an employee or an agent or mandatary of the person, whether or not the employee or agent or mandatary is identified.

Offence by corporate officers, etc.

43 If a person other than an individual commits an offence under subsection 41(1), any of the person’s directors, officers or agents or mandataries who directed, authorized, assented to, acquiesced in or participated in the commission of the offence is a party to the offence and is liable on conviction to the punishment provided for by this Act, whether or not the person who actually committed the offence is prosecuted.

Obstruction

44 A person commits an offence if they knowingly obstruct or hinder any of the following persons who are exercising powers or performing duties or functions under this Act:

(a) a person to whom assistance must be provided under subsection 14(1);
(b) a person designated under subsection 19(1).

False or misleading statements

45 A person commits an offence if they knowingly make a false or misleading statement, verbally or in writing, to any of the following persons who are exercising powers or performing duties or functions under this Act:

(a) a person to whom assistance must be provided under subsection 14(1);
(b) a person designated under subsection 19(1).

Punishment

46 A person who commits an offence under section 44 or 45 is liable on summary conviction

(a) in the case of an individual, to a fine of not more than $25,000 for a first offence and of not more than $50,000 for each subsequent offence; and
(b) in the case of any other person, to a fine of not more than $100,000 for a first offence and of not more than $250,000 for each subsequent offence.

Regulations

47 (1) The Governor in Council may make regulations

(a) respecting any fees payable to electronic service providers for different types of assistance that they provide to persons exercising an authority referred to in subsection 2(2);
(b) respecting record-keeping and reporting by electronic service providers;
(c) respecting the meaning of any term or expression for the purposes of this Act;
(d) respecting orders referred to in section 22 and reports referred to in section 23;
(e) respecting the administrative monetary penalties scheme, including regulations
- (i) designating provisions of the regulations for the purposes of paragraph 29(1)‍(b),
- (ii) respecting the establishment of penalty amounts,
- (iii) respecting the content of notices of violation,
- (iv) respecting reviews by the Minister, and
- (v) respecting the service or provision of documents;
(f) designating provisions of the regulations for the purposes of paragraph 41(1)‍(b);
(g) prescribing anything that is required or authorized by this Act to be prescribed;
(h) prescribing the way in which anything that is required or authorized by this Act to be prescribed is to be determined; and
(i) generally, for carrying out the purposes and provisions of this Act.

Periodic review

(2) Every five years after the day on which the first regulation is made under paragraph (1)‍(a), the Minister must review all regulations made under that paragraph.

Notice

(3) Before the first regulation under paragraph (1)‍(a) is made and during every review referred to in subsection (2), the Minister must publish a notice inviting the following persons to make representations within the time and in the form and manner specified in the notice:

(a) the Attorney General of Canada;
(b) the attorney general of each province;
(c) core providers; and
(d) electronic service providers that are subject to orders made under subsection 7(1).

Distinguishing

48 For greater certainty, regulations made under this Act may establish classes of electronic service providers and distinguish among them, including on the basis of the electronic service provided and on the basis of the number of persons in Canada to whom the electronic service provider provides services.

Report

Annual report

49 (1) Within 90 days after the end of each calendar year, the Minister must prepare a report on the Minister’s activities under this Act during that year.

Contents

(2) The report must include

(a) the number of orders made under subsection 7(1), as well as information relating to the classes of electronic service providers in respect of which the orders were made and the obligations imposed by the orders in respect of operational and technical capabilities;
(b) the number of orders that were not approved by the Intelligence Commissioner, as well as information relating to the electronic service providers in respect of which the orders were made and the obligations that were to be imposed by the orders in respect of operational and technical capabilities;
(c) information relating to the compliance orders made and enforcement actions taken under this Act;
(d) the number of requests for assistance made under subsection 14(1) and the classes of persons to whom assistance was provided; and
(e) any other prescribed information.

Publication

(3) The Minister must make the report available to the public, with any redactions that the Minister considers necessary, within 60 days after the day on which it has been prepared.

Unredacted report

(4) If the report contains any redactions, the Minister must cause the unredacted report to be provided to the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency on any of the first 15 days on which either House of Parliament is sitting after the day on which the report is prepared.