The Rogers shutdown was a shocking surprise, from so many angles. Millions of people woke up to find themselves cut off from cell and internet service; the outage affected their work, commerce, and leisure. Essential services were cut off, too, revealing a worrying lack of resilience.
How could a mere maintenance upgrade bring down a system for hours? Obviously, Rogers bears much responsibility for the failure. But there are larger policy and regulatory issues at play. Simply put, we do not have the right governance in place to deal with the interconnected issues this fiasco has painfully raised.
Why was there no agreement in place for telcos to work together in case of outages? (One is being cobbled together now, after the fact.) Even if such an agreement would not have mitigated the impact of this particular failure, it seems a common-sense arrangement to have had in place, as is the case in the United States. And what about Interac, a payments system designated as systemically important, which seems to have relied heavily on Rogers with no backup in place? How was this missed?
It appears that the Canadian Radio-television and Telecommunications Commission (CRTC) was not aware of either the broader systemic issues or their implications. And perhaps that is because some of these issues don’t necessarily fall under its mandate.
In fact, this episode has forcefully revealed the number of interconnected regulatory and policy areas where coordination and collaboration are needed but not now in place. These include financial systems, telecommunications infrastructure, competition and consumer protection, public safety — and, likely, even national security.
Presumably, millions of Canadians are now re-examining the resilience of their own personal digital infrastructure and subscriptions and considering whether having all their eggs in one basket, notwithstanding the poor range of available options, is appropriate.
Our regulators and policy makers need to do their own re-evaluation — and on a much broader scale than seems currently envisaged. The CRTC has a critical role to play. In its recent statement, it acknowledges that it is “responsible for ensuring that Canadians have access at all times to a reliable and efficient communications system.” But does this imply that the CRTC is in contact with other regulators? While we don’t know the answer with certainty, the greater question, as I suggested at the outset, is whether we have the governance in place to deal with these interconnected issues.
The answer is a clear and resounding no.
Our digital infrastructure is deeply interconnected and has created a set of linked governance issues, yet our governance is unconnected. This must change.
Countries such as Australia and the United Kingdom have created mechanisms to bring privacy, competition and broadcast regulators together. As I noted in my submission to the Wetston consultation on competition, Canada needs a similar mechanism.
But the Rogers fiasco has shown that even that wouldn’t be enough.
The proposed Artificial Intelligence and Data Act in Canada contemplates “measures to identify, assess and mitigate harms to the health, safety, security of Canadians” and the establishment of an AI and Data Commissioner.
But putting in place this new commissioner also wouldn’t suffice.
Canada needs a true digital cooperation forum that brings together appropriate regulatory and oversight bodies, recognizing the interconnections that go beyond traditional vertical structures. More generally, CIGI has proposed a Digital Stability Board to deal with interconnected digital issues at the global level. It is now abundantly clear that we also need something similar in Canada.
The Rogers outage provides us with an important opportunity — an obligation, in fact — to reimagine our digital governance. Now is the time do it, before Canada’s vulnerability, now painfully apparent, is exploited in a way that seriously impinges on public safety or national security.
Minister of Innovation, Science and Industry François-Philippe Champagne told reporters following the outage that the measures he announced are a “first step to tackle the resiliency and reliability of the sector.” It’s not only the resilience and reliability of Canada’s telecom sector that are at stake, but also our broader digital stability and security. Policy makers need to take the next large step and act now to fill these gaps.
This piece first appeared on TVO.org.