Article content continued

Nathaniel Erskine-Smith, the vice-chair of the committee and Liberal MP, asked the representatives from CSE if there should be regulations governing political parties that are holding sensitive personal information to help avoid hacks.

Boucher gave no definitive recommendation either way, but warned that creating these kinds of rules isn’t a silver bullet.

When there’s a standard like that, there’s a race to the bottom, said Boucher. With a regulation, people will try to reach the lowest minimum standard and no more.

CSE has briefed the political parties on how to secure their systems and has released general guidelines for strong passwords, mobile security and social media tips on its website.

I’m fully confident Canadians can trust their electoral systems

In an interview after the committee, Erskine-Smith argued that, at the very least, two-factor verification should be mandatory — that’s a system where users are required to provide an extra piece of information along with their password, for example, a security code sent via text message.

“I take the point that it might be a race to the bottom. But if no one’s at the so-called bottom yet, that’s a greater concern,” said Erskine-Smith. “We need to make sure people are meeting a minimum threshold to prevent against malicious activity.”

Erskine-Smith said he has confidence that all the parties are seized with the issue and working to prevent any breaches.

Part of the trouble with these kinds of breaches is that they are quickly weaponized in an election campaign, leaving little time to separate fact from fiction. Conservative MP Jacques Gourde said he was worried about the limited amount of time CSE, and other agencies, will have to respond to threats during a campaign.