44th Parl. 1st Sess.
May 8, 2024 02:00PM
- May/8/24 8:19:33 p.m.
- Watch
I am ready to rule on the question of privilege raised on April 29, 2024, by the member for Sherwood Park—Fort Saskatchewan concerning cyber-attacks targeting members of Parliament by a foreign state-backed group known as Advanced Persistent Threat 31.
In his intervention, the member alleged that he, along with several other parliamentarians, were the targets of progressive cyber-attacks on their emails in 2021 by a group with ties to the Chinese government. He argued that members were targeted because of their association with the Inter-Parliamentary Alliance on China, or IPAC. He and other affected members of the House learned of the attacks through a recent news story.
The member noted that, contrary to a ministerial directive issued last year, members were not notified of this by the government. He stated that this situation was akin to the prima facie question of privilege raised by the member for Wellington—Halton Hills, where a foreign state had also sought to interfere with the duties of a member. He also indicated that he could not assess the extent to which, as parliamentarians, they were impacted, through the disruption of communications or through the monitoring of their activities, but that their parliamentary work was under attack.
The member for Sherwood Park—Fort Saskatchewan further intervened on the matter on May 1, 2024. He added that the cyber attack in question was aimed at his personal email account rather than his parliamentary account. He further posited, following media reports which stated that House of Commons IT thwarted the attack, that the House Administration is not a security agency and therefore not responsible for informing members of threats made against them.
The parliamentary secretary to the government House leader mentioned that the Communications Security Establishment, or CSE, was advised by the FBI on June 29, 2022, of cyber threats targeting Canadian parliamentarians who are members of the IPAC. Citing the separation between the executive and legislative branches of government, he noted that the CSE believed it appropriate to share all relevant technical information with security officials of the House of Commons and Senate administrations for their action. This was done on June 30, 2022. The parliamentary secretary also pointed out that, given the evolution of security procedures and in consideration of the concerns of members, a ministerial directive was issued in May of 2023 requiring the Canadian Security Intelligence Service, or CSIS, to inform parliamentarians of threats to their security where possible. He concluded by stating that, had the threat occurred following the imposition of the ministerial directive, security agencies would have proactively informed the affected members of the situation.
Finally, the member for Scarborough—Guildwood and the member for Humber River—Black Creek, also presumed targets of the attack, rose in support of the question of privilege from the member for Sherwood Park—Fort Saskatchewan and expressed their concerns on the matter.
In raising his question of privilege, the member for Sherwood Park—Fort Saskatchewan brought forward two specific concerns. First is the attempt by the People's Republic of China to interfere in the work of parliamentarians, and second is the lack of notification provided to members of this attempt. The Chair will deal with these two issues separately, starting with the latter.
In accordance with the processes in place at the time, the House administration was advised by relevant Canadian security agencies of the risk associated with potential attacks and appropriate measures were taken to ensure that they would not impact our systems, more specifically our parliamentary network.
Members will appreciate that the processes and the protocols to manage the cybersecurity of the House, by its administration and by the government, have evolved considerably since then. The Chair has no reason to doubt the commitment of the government, through its ministerial directive of May 2023, that members will be advised of threats by CSIS as much as is reasonably possible to do so, bearing in mind various security considerations. It should be noted that the attempt in question and the sharing of the relevant technical information occurred well before the directive was in place, and that the matter was dealt with in accordance with the processes and protocols in effect at that time.
It is important to reiterate that the House of Commons cybersecurity systems in place were successful in preventing a breach and negatively impacting the members' ability to conduct their day-to-day business with their parliamentary email accounts.
However, the member noted in his submission that his personal email was the target of the attempted cyberattack, and the Chair appreciates the concerns of members with regard to being made aware about matters concerning their cybersecurity.
In its 63rd report, presented to the House on April 10, 2024, the Standing Committee on Procedure and House Affairs echoed the ministerial directive in recommending that CSIS directly inform members about specific foreign interference threats, including providing a briefing on the mitigation measures taken to ensure members' safety. It also recommended the Speaker oversee the creation of a protocol within the House administration establishing a threshold for informing the whips of the recognized parties of foreign interference threats. The report has yet to be concurred in.
The Chair will now turn to the matter of the attempted interference by the PRC. As the member for Sherwood Park—Fort Saskatchewan noted in his submission, the matter bears similarities with the question of privilege raised by the member for Wellington—Halton Hills on May 2, 2023. That case involved various alleged acts of intimidation, linked to the PRC, towards the member and his family. Those acts came in retaliation for political positions taken by the member in the course of parliamentary proceedings. The matter was found to be prima facie. Indeed, as my predecessor stated in his ruling on May 8, 2023, at page 14105 of the Debates:
The Chair agrees that the matter raised by the member, that is that a foreign entity tried to intervene in the conduct of our proceedings through a retaliatory scheme targeting him and his family, squarely touches upon the privileges and immunities that underpin our collective ability to carry out our parliamentary duties unimpeded.
At the time, the matter was referred to the Standing Committee on Procedure and House Affairs. Had the question of privilege by the member of Sherwood Park—Fort Saskatchewan been raised while the study was under way, the Chair would have been inclined to suggest the committee consider it as part of that study. This is exactly what occurred when the former member for Durham raised a question of privilege alleging intimidation. At the time, my predecessor stated, on May 31, 2023, at page 15066 of the Debates:
Given that the Standing Committee on Procedure and House Affairs has already been instructed to investigate the matter of foreign interference, the Chair believes that it is the appropriate forum for further discussion of this issue.
In the case currently before us, it is clear to the Chair that an attempt to hack parliamentary emails of several members by a group with ties to the PRC occurred. This is of great concern to the Chair and, indeed, should be to all members. While the attempt was thwarted, it is understandable that a lingering effect on impacted members remains.
Indeed, as my predecessor noted in his ruling on May 8, 2023, a threat, whether successful or not, may still be seen as interfering with a member in the discharge of their duties.
As stated in House of Commons Procedure and Practice, third edition, at page 109, I quote:
In order to find a prima facie breach of privilege, the Speaker must be satisfied that there is evidence to support the Member's claim that he or she has been impeded in the performance of his or her parliamentary functions and that the matter is directly related to a proceeding in Parliament....Speaker Jerome observed in a 1978 ruling that society demands much of Members but not all demands strictly impose a parliamentary duty. While every Member has duties as a representative of the electorate, a Member may claim the protection of privilege relating only to his or her parliamentary functions, though the line distinguishing these duties might blur.
While the work of IPAC is not, strictly speaking, part of our parliamentary proceedings, it does seem clear to the Chair that the members were targeted due to their parliamentary work. Even if the attack was directed against the member for Sherwood Park—Fort Saskatchewan's personal email account, it seems that this was an attempt to interfere in his and in other members’ parliamentary duties and that such interference could have the effect of impeding members.
As the procedural boundaries of parliamentary functions can evolve over time, the Chair, and all members, might appreciate guidance respecting these matters.
While the Chair is bound to consider this question of privilege based on its own merits, it must also bear in mind broader considerations.
Protecting the security of members, whether physical or cyber, is of course essential to the functioning of the House. Cybersecurity attacks to our systems have multiplied over the recent past and there are no indications they will stop or even diminish. Not every attempt to interfere with or hack into our systems will necessarily be the subject of a question of privilege, as this is unfortunately a recurring problem. However, there might be a benefit for the House to decide how to tackle this issue more generally in order to clear the air and establish a way forward.
On this basis, the Chair finds there to be a prima facie question of privilege.
Accordingly, I invite the member for Sherwood Park—Fort Saskatchewan to move his motion.
1644 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 8:54:36 p.m.
- Watch
Madam Speaker, there are two parts to what the member said. On the government's assertion that House of Commons officials were informed, what I can say is that there were 18 members of Parliament who were targeted by a foreign hacking attempt, which the Government of Canada knew about, and at no point, until the last few weeks, did the members of Parliament who were targeted find out about it.
The government's defence is to say that it told some other people. That is great, but it did not tell the people who were affected. We had a right to know that we were being targeted by a foreign state, and it is not the responsibility of the House of Commons' IT department to be informing us about these security threats. It is the responsibility, I believe, of the government. What I can say for certain is that the government did not inform us, did not insist that we were informed and provided no assurance that we would get the information. That is fundamentally unacceptable.
If I become aware of something that is very significant to the life of the member for Winnipeg North, and I do not tell him about it, but I go tell the member for Northumberland—Peterborough South about it, and then later it comes out that I did not provide this vital information, so I say, okay, I did not tell the person affected, but I told somebody else about it, I think we would all understand that this would be ridiculous.
What was crucial here is that the 18 members of Parliament who were targeted by a foreign state did not receive information that the government had about threats to us. We could have used that information to protect ourselves and to challenge our system on further steps that needed to be taken to protect our—
316 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 8:58:09 p.m.
- Watch
Madam Speaker, I will pick up where my colleague ended, which was recognizing the fragility of democracy and freedom.
Many of us have lived in this country our whole lives. I have as well. We have never known anything other than the kinds of freedoms we have in this country. That struck me especially when I visited Ukraine in 2016 for its 25th anniversary. Of course, it is more acute now, the sense of the fragility of freedom, but even then, many people over a certain age remembered a time when they did not have their freedom.
We have to always keep in focus that the liberty and sovereignty we have as a country is not automatic and not inevitable. The biggest threat to our freedom, sovereignty and security is not the possibility of direct invasion, but what Sun Tzu describes as the attempt to swallow us whole and the loss of meaningful freedom through escalating foreign interference. We have seen in other countries how the gradual process of foreign interference has eroded the ability of free people to make decisions about their own futures.
The member is right. Our freedoms are fragile and are under direct threat by foreign interference. We see those threats as members of Parliament, but we also hear about and know about those threats targeting everyday citizens and other institutions. We are already seeing certain institutions that have modified their behaviour in response to the preferences of foreign stakeholders. This is a demonstration of a loss of sovereignty.
I hope we all hear this clarion call, especially coming from the diaspora communities, to stand up for Canada, to stand up for our institutions, to stand up for our freedom and to stop this foreign interference.
290 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 9:01:46 p.m.
- Watch
Madam Speaker, what message does it send? These events suggest, yet again, that when people are victims of foreign interference, the government does not have their backs. Sadly, this is something that I have heard time and again from talking to Canadians who are impacted by foreign interference outside of this place.
We had a vote today on listing the IRGC as a terrorist organization. I can recall a press conference we hosted on Parliament Hill with a young man whose wife was murdered when flight PS752 was shot down. He faced threats from the IRGC when he started to speak out about these events. I have spoken to many others who have been affected by foreign interference who have been frustrated by trying to report what they have experienced and being passed back and forth between different agencies, given the runaround and not given the information they need. This is a case where people who have the privilege of being members of Parliament were not told about threats to themselves, so I think they should be informed about threats.
I also think we should be, whenever possible, unless there is some compelling security reason not to, seeking to inform anybody about foreign interference threats against them or the institutions they are involved in so they can take appropriate steps to protect themselves. We need to have their backs, whether they are members of Parliament, student leaders or everyday citizens who are afraid of going to a protest. We need to have the backs of our citizens who are worried about foreign interference so that they know they can speak and advocate based on their own convictions, regardless of what a foreign state thinks about it.
286 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 9:03:29 p.m.
- Watch
Madam Speaker, first, to be very clear, the Prime Minister and the government, from day one, have taken the issue of foreign interference very seriously. The responsibility of governing and doing whatever we can in a co-operative way is something we have been doing now for years. Let me give some very clear facts in terms of the incident that is being referenced today.
With regard to the Canadian Centre for Cyber Security, allow me to provide some really clear lines. The Canadian Centre for Cyber Security, part of the Communications Security Establishment in Canada, generally does not comment on specific cyber-incidents or affected organizations. However, CSE can confirm that it shared actionable technical information on a cyber-threat with the House of Commons and Senate IT officials in 2022. This included sharing information that included the names of targeted parliamentarians.
The House of Commons and the Senate are independent and its officials are responsible for determining when and how to directly engage with MPs and senators in situations like this. CSE takes its mandate and its legal obligations very seriously. Pursuant to the Communications Security Establishment Act, intelligence and information are shared with government clients, including appropriate authorities in Parliament and any appropriate partners.
To support parliamentarians, the Centre for Cyber Security, part of CSE, provides a 24-7 hotline service offering direct support in the event of a cyber-incident. The cyber centre has provided cyber-threat briefings to political parties, as well as a dedicated point of contact at the centre for assistance with cybersecurity matters.
The Communications Security Establishment's 2023-24 national cyber-threat assessment highlights “how online foreign influence activities have become a new normal, with adversaries seeking to influence elections and impact international discourse related to current events.” CSE has published four unclassified reports on cyber-threats to Canada's democratic process, highlighting that cyber-threat activity targeting elections is on the rise worldwide, and cyber-threat activity is more likely to happen during Canada's next federal election than it was in the past; Canada remains a lower-priority target for cyber-threat activity than some of its allies, like the United States or the United Kingdom; cyber-threat actors are increasingly using AI to create, spread and amplify disinformation, and it is very likely that foreign adversaries or activists will use and generate AI to influence voters ahead of Canada's next federal election.
There is a lot more I could say with respect to that, but the primary concern I have after listening to the presentation by the member from Sherwood Park—Fort Saskatchewan on the issue is that I question the member's and the Conservative Party's motivation on the issue. All one needs to do is reflect on his comments and how he tried to blame.
Mr. Corey Tochor: You're a traitor.
Mr. Kevin Lamoureux: The person who is the traitor is looking at me, as opposed to accusing me of being a traitor.
503 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 9:27:31 p.m.
- Watch
Mr. Speaker, I am rather surprised at what my colleague is saying. I just want to give a little reminder. Two years ago, his Prime Minister and the entire cabinet were saying that there was no problem with interference. In the end, because of pressure from all sides, the government appointed a special rapporteur, David Johnston, who tabled a report that nobody was happy with. Now, we have Marie-Josée Hogue, who seems to be doing a great job.
Could I remind him that what is being said right now is that interference is one of the biggest strategic threats to national security?
105 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 9:58:20 p.m.
- Watch
Mr. Speaker, earlier in this debate, I posed a question to the parliamentary secretary, and I was quite disturbed by the response. We all know governments make mistakes. Every government makes mistakes. I asked if he acknowledged that it was a mistake for the government to not inform members of Parliament that they had faced a cyber-attack from a foreign state. He said no, he did not think it was a mistake. He said that protocols and processes can change, but when I asked if it had been a mistake to not tell me and 17 other parliamentarians that we had been targeted by a foreign government, he said no, it was not. I find that very disturbing.
I hope we can work toward a consensus on how to move forward, but it should be acknowledged at a basic level that failure to inform parliamentarians about these threats to themselves, their cyber-presence and their offices is wrong and unacceptable. The government should be willing, at this point, now that it has been caught not sharing that information, to acknowledge that.
I would like to ask the NDP for its perspective. Does it think the government erred in not sharing this information?
203 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 10:20:12 p.m.
- Watch
Mr. Speaker, just to respond to the previous question, let us be very clear: The Communications Security Establishment published four unclassified reports of cyber-threats to Canada's democracy process. It highlighted this: “Cyber threat activity targeting elections has increased worldwide.” It is not just Canada, and I think it is important to recognize that. It also says that Canada remains a “lower priority target for cyber threat activity than some of its allies, such as the US and UK.”
I think it is important. The government, from the get-go, has been very proactive in dealing with the issue of international foreign interference. That is the reality, and our actions show that.
I am surprised the member would bring up human rights, given their position on the notwithstanding clause.
134 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 10:37:34 p.m.
- Watch
Mr. Speaker, I agree with my colleague from Manitoba that we do need to get the issue to PROC. We need a fulsome investigation on who dropped the ball, why the government has not taken it seriously and why parliamentarians are being threatened by the People's Republic of China.
We need to make sure the Communist regime in Beijing does not try to continue to get secrets from parliamentarians. I think it comes down to the fact that we are dealing with issues surrounding national security. It is not just about political operations or partisan issues. For those of us who were targeted, it is because we belong to the Inter-Parliamentary Alliance on China. We are always there trying to counter the threats, as well as the human rights abuses and gross violations, that are happening through the corrupt officials who are part of the Communist regime in Beijing.
151 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 11:00:42 p.m.
- Watch
Mr. Speaker, I thank my colleague for a wonderful speech about a very important issue. When the government gave all these excuses, I do not know how Canadians felt, but we definitely know how we felt as parliamentarians sitting in the House. We got those threats from around the world, and the government did not move on it or take the issue seriously.
What message is the government sending to parliamentarians, to politicians and to Canadians?
76 words
- Hear!
- Rabble!
- add
- star_border
- share
- May/8/24 11:38:35 p.m.
- Watch
Mr. Speaker, I would submit that it is an instance that is a part of the pattern of a government that has not taken these threats seriously. The Liberals have turned a blind eye, they have downplayed it and they have been reluctant to take measures to counter foreign interference.
It was only after Madam Justice Hogue's first report was issued, for example, that they finally introduced legislation to introduce, among other things, a foreign influence registry. To be charitable to them, it is ambivalence and it is a lack of seriousness, but it could be much worse than that. It could be that this is, frankly, a government that has, at times, sort of welcomed Beijing's interference and at the very least, for political and other reasons, has been unwilling to stand up to Beijing.
138 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
