SoVote

May/8/24 8:19:33 p.m.
Watch

I am ready to rule on the question of privilege raised on April 29, 2024, by the member for Sherwood Park—Fort Saskatchewan concerning cyber-attacks targeting members of Parliament by a foreign state-backed group known as Advanced Persistent Threat 31. In his intervention, the member alleged that he, along with several other parliamentarians, were the targets of progressive cyber-attacks on their emails in 2021 by a group with ties to the Chinese government. He argued that members were targeted because of their association with the Inter-Parliamentary Alliance on China, or IPAC. He and other affected members of the House learned of the attacks through a recent news story. The member noted that, contrary to a ministerial directive issued last year, members were not notified of this by the government. He stated that this situation was akin to the prima facie question of privilege raised by the member for Wellington—Halton Hills, where a foreign state had also sought to interfere with the duties of a member. He also indicated that he could not assess the extent to which, as parliamentarians, they were impacted, through the disruption of communications or through the monitoring of their activities, but that their parliamentary work was under attack. The member for Sherwood Park—Fort Saskatchewan further intervened on the matter on May 1, 2024. He added that the cyber attack in question was aimed at his personal email account rather than his parliamentary account. He further posited, following media reports which stated that House of Commons IT thwarted the attack, that the House Administration is not a security agency and therefore not responsible for informing members of threats made against them. The parliamentary secretary to the government House leader mentioned that the Communications Security Establishment, or CSE, was advised by the FBI on June 29, 2022, of cyber threats targeting Canadian parliamentarians who are members of the IPAC. Citing the separation between the executive and legislative branches of government, he noted that the CSE believed it appropriate to share all relevant technical information with security officials of the House of Commons and Senate administrations for their action. This was done on June 30, 2022. The parliamentary secretary also pointed out that, given the evolution of security procedures and in consideration of the concerns of members, a ministerial directive was issued in May of 2023 requiring the Canadian Security Intelligence Service, or CSIS, to inform parliamentarians of threats to their security where possible. He concluded by stating that, had the threat occurred following the imposition of the ministerial directive, security agencies would have proactively informed the affected members of the situation. Finally, the member for Scarborough—Guildwood and the member for Humber River—Black Creek, also presumed targets of the attack, rose in support of the question of privilege from the member for Sherwood Park—Fort Saskatchewan and expressed their concerns on the matter. In raising his question of privilege, the member for Sherwood Park—Fort Saskatchewan brought forward two specific concerns. First is the attempt by the People's Republic of China to interfere in the work of parliamentarians, and second is the lack of notification provided to members of this attempt. The Chair will deal with these two issues separately, starting with the latter. In accordance with the processes in place at the time, the House administration was advised by relevant Canadian security agencies of the risk associated with potential attacks and appropriate measures were taken to ensure that they would not impact our systems, more specifically our parliamentary network. Members will appreciate that the processes and the protocols to manage the cybersecurity of the House, by its administration and by the government, have evolved considerably since then. The Chair has no reason to doubt the commitment of the government, through its ministerial directive of May 2023, that members will be advised of threats by CSIS as much as is reasonably possible to do so, bearing in mind various security considerations. It should be noted that the attempt in question and the sharing of the relevant technical information occurred well before the directive was in place, and that the matter was dealt with in accordance with the processes and protocols in effect at that time. It is important to reiterate that the House of Commons cybersecurity systems in place were successful in preventing a breach and negatively impacting the members' ability to conduct their day-to-day business with their parliamentary email accounts. However, the member noted in his submission that his personal email was the target of the attempted cyberattack, and the Chair appreciates the concerns of members with regard to being made aware about matters concerning their cybersecurity. In its 63rd report, presented to the House on April 10, 2024, the Standing Committee on Procedure and House Affairs echoed the ministerial directive in recommending that CSIS directly inform members about specific foreign interference threats, including providing a briefing on the mitigation measures taken to ensure members' safety. It also recommended the Speaker oversee the creation of a protocol within the House administration establishing a threshold for informing the whips of the recognized parties of foreign interference threats. The report has yet to be concurred in. The Chair will now turn to the matter of the attempted interference by the PRC. As the member for Sherwood Park—Fort Saskatchewan noted in his submission, the matter bears similarities with the question of privilege raised by the member for Wellington—Halton Hills on May 2, 2023. That case involved various alleged acts of intimidation, linked to the PRC, towards the member and his family. Those acts came in retaliation for political positions taken by the member in the course of parliamentary proceedings. The matter was found to be prima facie. Indeed, as my predecessor stated in his ruling on May 8, 2023, at page 14105 of the Debates: The Chair agrees that the matter raised by the member, that is that a foreign entity tried to intervene in the conduct of our proceedings through a retaliatory scheme targeting him and his family, squarely touches upon the privileges and immunities that underpin our collective ability to carry out our parliamentary duties unimpeded. At the time, the matter was referred to the Standing Committee on Procedure and House Affairs. Had the question of privilege by the member of Sherwood Park—Fort Saskatchewan been raised while the study was under way, the Chair would have been inclined to suggest the committee consider it as part of that study. This is exactly what occurred when the former member for Durham raised a question of privilege alleging intimidation. At the time, my predecessor stated, on May 31, 2023, at page 15066 of the Debates: Given that the Standing Committee on Procedure and House Affairs has already been instructed to investigate the matter of foreign interference, the Chair believes that it is the appropriate forum for further discussion of this issue. In the case currently before us, it is clear to the Chair that an attempt to hack parliamentary emails of several members by a group with ties to the PRC occurred. This is of great concern to the Chair and, indeed, should be to all members. While the attempt was thwarted, it is understandable that a lingering effect on impacted members remains. Indeed, as my predecessor noted in his ruling on May 8, 2023, a threat, whether successful or not, may still be seen as interfering with a member in the discharge of their duties. As stated in House of Commons Procedure and Practice, third edition, at page 109, I quote: In order to find a prima facie breach of privilege, the Speaker must be satisfied that there is evidence to support the Member's claim that he or she has been impeded in the performance of his or her parliamentary functions and that the matter is directly related to a proceeding in Parliament....Speaker Jerome observed in a 1978 ruling that society demands much of Members but not all demands strictly impose a parliamentary duty. While every Member has duties as a representative of the electorate, a Member may claim the protection of privilege relating only to his or her parliamentary functions, though the line distinguishing these duties might blur. While the work of IPAC is not, strictly speaking, part of our parliamentary proceedings, it does seem clear to the Chair that the members were targeted due to their parliamentary work. Even if the attack was directed against the member for Sherwood Park—Fort Saskatchewan's personal email account, it seems that this was an attempt to interfere in his and in other members’ parliamentary duties and that such interference could have the effect of impeding members. As the procedural boundaries of parliamentary functions can evolve over time, the Chair, and all members, might appreciate guidance respecting these matters. While the Chair is bound to consider this question of privilege based on its own merits, it must also bear in mind broader considerations. Protecting the security of members, whether physical or cyber, is of course essential to the functioning of the House. Cybersecurity attacks to our systems have multiplied over the recent past and there are no indications they will stop or even diminish. Not every attempt to interfere with or hack into our systems will necessarily be the subject of a question of privilege, as this is unfortunately a recurring problem. However, there might be a benefit for the House to decide how to tackle this issue more generally in order to clear the air and establish a way forward. On this basis, the Chair finds there to be a prima facie question of privilege. Accordingly, I invite the member for Sherwood Park—Fort Saskatchewan to move his motion.

1644 words

Context: House Hansard - 311 - May/8/24

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

May/8/24 8:53:24 p.m.
Watch

Madam Speaker, I think it is important for us to note that we have some incredible civil servants that perform amazing work in protecting our interests. I am thinking of the Communications Security Establishment, which, from what I understand, shared the information with House of Commons officials shortly after receiving the information back in June 2022. I think it is important that we do not try to give the impression that no one knew about this, that the issue was, in fact, being addressed, at least in good part, with true and good intentions. The member was on the committee, the Inter-Parliamentary Alliance on China. I do not know how often the committee meets or anything of this nature. Did the committee ever discuss the issue that the member raised as a privilege? Maybe one can just give us some background on the feedback he has had from other committee members because I believe it is a certain number of countries. I am not too sure about the association. Maybe one can tell us a little bit more about the association and what discussions they have had on this issue.

191 words

Context: House Hansard - 311 - May/8/24

Mr. Garnett Genuis

May/8/24 8:54:36 p.m.
Watch

Madam Speaker, there are two parts to what the member said. On the government's assertion that House of Commons officials were informed, what I can say is that there were 18 members of Parliament who were targeted by a foreign hacking attempt, which the Government of Canada knew about, and at no point, until the last few weeks, did the members of Parliament who were targeted find out about it. The government's defence is to say that it told some other people. That is great, but it did not tell the people who were affected. We had a right to know that we were being targeted by a foreign state, and it is not the responsibility of the House of Commons' IT department to be informing us about these security threats. It is the responsibility, I believe, of the government. What I can say for certain is that the government did not inform us, did not insist that we were informed and provided no assurance that we would get the information. That is fundamentally unacceptable. If I become aware of something that is very significant to the life of the member for Winnipeg North, and I do not tell him about it, but I go tell the member for Northumberland—Peterborough South about it, and then later it comes out that I did not provide this vital information, so I say, okay, I did not tell the person affected, but I told somebody else about it, I think we would all understand that this would be ridiculous. What was crucial here is that the 18 members of Parliament who were targeted by a foreign state did not receive information that the government had about threats to us. We could have used that information to protect ourselves and to challenge our system on further steps that needed to be taken to protect our—

316 words

Context: House Hansard - 311 - May/8/24

Mr. Garnett Genuis

May/8/24 9:01:46 p.m.
Watch

Madam Speaker, what message does it send? These events suggest, yet again, that when people are victims of foreign interference, the government does not have their backs. Sadly, this is something that I have heard time and again from talking to Canadians who are impacted by foreign interference outside of this place. We had a vote today on listing the IRGC as a terrorist organization. I can recall a press conference we hosted on Parliament Hill with a young man whose wife was murdered when flight PS752 was shot down. He faced threats from the IRGC when he started to speak out about these events. I have spoken to many others who have been affected by foreign interference who have been frustrated by trying to report what they have experienced and being passed back and forth between different agencies, given the runaround and not given the information they need. This is a case where people who have the privilege of being members of Parliament were not told about threats to themselves, so I think they should be informed about threats. I also think we should be, whenever possible, unless there is some compelling security reason not to, seeking to inform anybody about foreign interference threats against them or the institutions they are involved in so they can take appropriate steps to protect themselves. We need to have their backs, whether they are members of Parliament, student leaders or everyday citizens who are afraid of going to a protest. We need to have the backs of our citizens who are worried about foreign interference so that they know they can speak and advocate based on their own convictions, regardless of what a foreign state thinks about it.

286 words

Context: House Hansard - 311 - May/8/24

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

May/8/24 9:03:29 p.m.
Watch

Madam Speaker, first, to be very clear, the Prime Minister and the government, from day one, have taken the issue of foreign interference very seriously. The responsibility of governing and doing whatever we can in a co-operative way is something we have been doing now for years. Let me give some very clear facts in terms of the incident that is being referenced today. With regard to the Canadian Centre for Cyber Security, allow me to provide some really clear lines. The Canadian Centre for Cyber Security, part of the Communications Security Establishment in Canada, generally does not comment on specific cyber-incidents or affected organizations. However, CSE can confirm that it shared actionable technical information on a cyber-threat with the House of Commons and Senate IT officials in 2022. This included sharing information that included the names of targeted parliamentarians. The House of Commons and the Senate are independent and its officials are responsible for determining when and how to directly engage with MPs and senators in situations like this. CSE takes its mandate and its legal obligations very seriously. Pursuant to the Communications Security Establishment Act, intelligence and information are shared with government clients, including appropriate authorities in Parliament and any appropriate partners. To support parliamentarians, the Centre for Cyber Security, part of CSE, provides a 24-7 hotline service offering direct support in the event of a cyber-incident. The cyber centre has provided cyber-threat briefings to political parties, as well as a dedicated point of contact at the centre for assistance with cybersecurity matters. The Communications Security Establishment's 2023-24 national cyber-threat assessment highlights “how online foreign influence activities have become a new normal, with adversaries seeking to influence elections and impact international discourse related to current events.” CSE has published four unclassified reports on cyber-threats to Canada's democratic process, highlighting that cyber-threat activity targeting elections is on the rise worldwide, and cyber-threat activity is more likely to happen during Canada's next federal election than it was in the past; Canada remains a lower-priority target for cyber-threat activity than some of its allies, like the United States or the United Kingdom; cyber-threat actors are increasingly using AI to create, spread and amplify disinformation, and it is very likely that foreign adversaries or activists will use and generate AI to influence voters ahead of Canada's next federal election. There is a lot more I could say with respect to that, but the primary concern I have after listening to the presentation by the member from Sherwood Park—Fort Saskatchewan on the issue is that I question the member's and the Conservative Party's motivation on the issue. All one needs to do is reflect on his comments and how he tried to blame. Mr. Corey Tochor: You're a traitor. Mr. Kevin Lamoureux: The person who is the traitor is looking at me, as opposed to accusing me of being a traitor.

503 words

Context: House Hansard - 311 - May/8/24

Mr. Garnett Genuis (Sherwood Park—Fort Saskatchewan, CPC)

May/8/24 9:24:55 p.m.
Watch

Madam Speaker, the member opposite does seem to be inherently uncomfortable with the idea of members of the opposition's criticizing the government. If we are going to talk about preserving our democracy and our democratic values, maybe a good place to start is to say that it is legitimate, normal and right for the opposition to challenge the government over its failures. I do not really care what the member thinks of my motives, but I am going to continue to do my job in the House, the job of standing up for our country, for our freedoms and for our sovereignty. The fundamental point here is that the hon. member is not willing to admit that something wrong happened. That is a big problem. The government had information that was crucial to our national security and to the personal security of individual members of Parliament. The government chose to sit on that information. It would show a lot more humility and maturity for the member to simply acknowledge that this was a mistake. The information should have been shared, and it was not. Will the hon. member acknowledge that the government erred in not sharing information with members of Parliament that was extremely important to our national security, to their personal security and to their ability to do the job as members of Parliament? Would he not expect to be informed if the shoe were—

238 words

Context: House Hansard - 311 - May/8/24

Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)

May/8/24 9:27:31 p.m.
Watch

Mr. Speaker, I am rather surprised at what my colleague is saying. I just want to give a little reminder. Two years ago, his Prime Minister and the entire cabinet were saying that there was no problem with interference. In the end, because of pressure from all sides, the government appointed a special rapporteur, David Johnston, who tabled a report that nobody was happy with. Now, we have Marie-Josée Hogue, who seems to be doing a great job. Could I remind him that what is being said right now is that interference is one of the biggest strategic threats to national security?

105 words

Context: House Hansard - 311 - May/8/24

Mr. Kevin Lamoureux

May/8/24 9:31:05 p.m.
Watch

Mr. Speaker, as you would be aware, the government has put in some new protocols and ministerial directives to ensure that members will find out when something of this nature occurs. I am going to refer all members to what you said, as the Speaker, in regard to the issue at hand: “In accordance with the processes in place at the time, the House administration was advised by relevant Canadian security agencies of the risk associated with potential attacks and appropriate measures were taken to ensure that they would not impact our system, more specifically our parliamentary network.” You went on to say, “It is important to reiterate that the House of Commons cybersecurity systems in place were successful in preventing a breach and negatively impacting the members’ ability to conduct their day-to-day business with their parliamentary email accounts.” I see that as a positive thing. We have to put it in the perspective of time, in 2022. The directives that we are talking about, where we made the changes, were after that. At the time, the process was in place and it was administered.

192 words

Context: House Hansard - 311 - May/8/24

Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)

May/8/24 10:20:12 p.m.
Watch

Mr. Speaker, just to respond to the previous question, let us be very clear: The Communications Security Establishment published four unclassified reports of cyber-threats to Canada's democracy process. It highlighted this: “Cyber threat activity targeting elections has increased worldwide.” It is not just Canada, and I think it is important to recognize that. It also says that Canada remains a “lower priority target for cyber threat activity than some of its allies, such as the US and UK.” I think it is important. The government, from the get-go, has been very proactive in dealing with the issue of international foreign interference. That is the reality, and our actions show that. I am surprised the member would bring up human rights, given their position on the notwithstanding clause.

134 words

Context: House Hansard - 311 - May/8/24

Mr. James Bezan (Selkirk—Interlake—Eastman, CPC)

May/8/24 10:23:56 p.m.
Watch

Mr. Speaker, I appreciate the ruling that we need to look into this, and it needs to go to the Standing Committee on Procedure and House Affairs for a fulsome investigation. The privileges of members of Parliament here are really sacrosanct, and we need to make sure that we are protecting them. I am concerned that privilege has been violated. I am one of the 18 Canadian parliamentarians targeted by APT31, a hacking group from the People's Republic of China working under the Ministry of State Security. The role of APT31 includes transnational repression, economic espionage and foreign interference operations on behalf of the People's Republic of China. That Communist regime, of course, has been interfering in our operations and elections here in Canada. It has been trying to quash members of Parliament who are speaking out against the Communist regime, the way that it has been violating human rights and interfering in geopolitics around the world. The reason we know that Canadian parliamentarians were targeted is because the U.S. Department of Justice unsealed an indictment from the FBI on seven individuals from APT31 on March 25. It charged seven PRC nationals with espionage and foreign interference. The U.S. Department of Justice put sanctions on these individuals. The U.S. State Department is also offering rewards for more information about them. When reading through the indictment and some of the activities of APT31, we realize that they had conducted over 10,000 different cyber-hacks around the world, predominantly targeting legislators. It specifies that the Inter-Parliamentary Alliance on China, IPAC, was targeted in 2021. I am a member of IPAC, and all 18 members in Canada who were targeted are also members of IPAC. IPAC was quite shocked to see that this had happened when it realized this in April; it quickly notified all its members in Europe, Canada, the United States and Australia. Of course, the Americans already knew about it. The FBI had alerted their congressmen and senators. They were very concerned. Let us go through the timeline. APT31 targeted me and my colleagues, the 18 of us, in a phishing cyber-hack into our emails. The FBI discovered this in 2021-22. It let U.S. legislators know and then followed the proper Five Eyes protocol and let CSE in Canada know. CSE then contacted House of Commons services through its IT branch, but nothing happened. There were crickets. None of the Canadian parliamentarians were notified by CSE, by the government of Canada or by the House of Commons protective services. It was all mute. IPAC found out in 2024 that its membership around the world, including 18 members in Canada, were targeted; this was two years after the hacking event happened, two years after CSE and the House of Commons were notified that it happened. Nobody thought it important enough to contact the parliamentarians to tell us that our emails and online services were potentially compromised. At that time, in 2019 and 2021, we were already witnessing foreign interference taking place in our federal elections. The PRC was using operatives to intimidate members of Parliament and their families, as we saw with the member for Wellington—Halton Hills with his family back in Hong Kong. They were trying to intimidate him and all the people here in Canada. We know that PRC police stations were set up across this country to interfere with and intimidate the Chinese nationals who call Canada home. We know the PRC was using foreign students to flood nomination meetings. Throughout all that time, the Liberal government turned a blind eye. The Liberals have no problem with the PRC interfering in our election processes when it undermines people like the Conservative member for Wellington—Halton Hills or Kenny Chiu, our former Conservative member of Parliament from Vancouver who lost his riding. As long as the Liberals think they are benefiting, they are prepared not to do anything about it. We know, through Justice Hogue and her commission on foreign interference, that there is sound evidence to show that foreign interference is undermining our democratic institutions. I have been very active, of course, on standing up for Ukraine and holding Russian oligarchs and corrupt foreign officials around the world to account. I am trolled all the time on social media by Russian trolls. I was even asked to appear as a witness at the Hogue commission because of the ongoing attacks that happened on my social media platforms. I am also a patron of Hong Kong Watch Canada, again standing up for democracy and civil liberties in Hong Kong because of the Communist regime's activities there, quashing any individual rights and liberties, especially free and fair elections in Hong Kong. Also, I am the shadow minister for national defence for the official opposition. Therefore, if one thinks about my email potentially getting hacked by operatives for the People's Liberation Army in China, one would think somebody would have called to let me know that I was being targeted. In 2021-22, somebody should have made that call. I am also the vice-chair of the Standing Committee on National Defence. We often deal with information on national security, our Canadian Armed Forces and our operations in Europe under NATO. I am always advocating for supplying more weapons to Ukraine. Members would think that would be enough of a red flag to see the Liberal Government of Canada contact us and say that we need to take precautionary measures to protect the information that I have and I am sharing with my colleagues, including other members on the Standing Committee on National Defence. However, I was never notified by the CSE. I was never notified by the Parliamentary Protective Service. I was not notified by CSIS or the RCMP. Nobody from the Government of Canada has ever reached out to me to inform me that I was at risk or my colleagues were at risk and that we were potentially being undermined. Surprisingly, I am going to get a briefing this week, tomorrow actually, from the FBI. The FBI is going to inform us, as parliamentarians, those of us who were targeted by APT31, to get the information out. One would think that the RCMP, CSIS or the CSE would be stepping up, or at the very least somebody from the Liberal government, but, no, it is mute. That comes down to the fact that we have a Liberal government that has not taken foreign interference seriously. We have a Prime Minister who has never made national security a priority. National security should always be a priority for the Prime Minister, but it is something that is an afterthought for him. He has always downplayed the seriousness of the threats from Beijing, Moscow and Tehran. He has never stood up for us as parliamentarians to protect our democratic institutions. He has never stood up to say that we are going to protect the diaspora communities here, whether Chinese, Ukrainian or Persian, who have run away from oppression, dictatorships and totalitarian regimes. I can tell members this. Our leader of the official opposition, the leader of Canada's Conservatives, will always defend our freedom, our democracy and our national security. We will always put Canada first. We will always stand up for the democratic rights and privileges of those of us who serve in this elected chamber, this hallowed chamber. I know that things will be better under a prime minister who represents the Conservative Party of Canada.

1262 words

Context: House Hansard - 311 - May/8/24

Mr. Tom Kmiec (Calgary Shepard, CPC)

May/8/24 11:34:52 p.m.
Watch

Mr. Speaker, the member for Winnipeg North talked about your ruling, so I did want to read a bit from it. I did quickly read it over one more time, and you actually did not praise anything the Liberal government has done over the past nine years to try to offset the amount of foreign interference in our country or said that the government has succeeded in somehow protecting parliamentarians, because it has not. In your ruling, Mr. Speaker, you said: Protecting the security of members, whether physical or cyber, is of course essential to the functioning of the House. Cybersecurity attacks to our systems have multiplied over the recent past and there are no indications they will stop or even diminish. In the comments made by the member for Winnipeg North, he implied that other foreign governments do this all the time, that it is like a common occurrence that could be happening. The implication is that there are other parliamentarians who could have been attacked by different foreign governments, but those attacks were unsuccessful so they were not told before the new regulations came into force in 2023. Can the member comment on that?

196 words