SoVote

Decentralized Democracy

House Hansard - 311

44th Parl. 1st Sess.
May 8, 2024 02:00PM
Context: House Hansard - 311 - May/8/24
Mr. James Bezan (Selkirk—Interlake—Eastman, CPC)
  • May/8/24 10:23:56 p.m.
  • Watch
Mr. Speaker, I appreciate the ruling that we need to look into this, and it needs to go to the Standing Committee on Procedure and House Affairs for a fulsome investigation. The privileges of members of Parliament here are really sacrosanct, and we need to make sure that we are protecting them. I am concerned that privilege has been violated. I am one of the 18 Canadian parliamentarians targeted by APT31, a hacking group from the People's Republic of China working under the Ministry of State Security. The role of APT31 includes transnational repression, economic espionage and foreign interference operations on behalf of the People's Republic of China. That Communist regime, of course, has been interfering in our operations and elections here in Canada. It has been trying to quash members of Parliament who are speaking out against the Communist regime, the way that it has been violating human rights and interfering in geopolitics around the world. The reason we know that Canadian parliamentarians were targeted is because the U.S. Department of Justice unsealed an indictment from the FBI on seven individuals from APT31 on March 25. It charged seven PRC nationals with espionage and foreign interference. The U.S. Department of Justice put sanctions on these individuals. The U.S. State Department is also offering rewards for more information about them. When reading through the indictment and some of the activities of APT31, we realize that they had conducted over 10,000 different cyber-hacks around the world, predominantly targeting legislators. It specifies that the Inter-Parliamentary Alliance on China, IPAC, was targeted in 2021. I am a member of IPAC, and all 18 members in Canada who were targeted are also members of IPAC. IPAC was quite shocked to see that this had happened when it realized this in April; it quickly notified all its members in Europe, Canada, the United States and Australia. Of course, the Americans already knew about it. The FBI had alerted their congressmen and senators. They were very concerned. Let us go through the timeline. APT31 targeted me and my colleagues, the 18 of us, in a phishing cyber-hack into our emails. The FBI discovered this in 2021-22. It let U.S. legislators know and then followed the proper Five Eyes protocol and let CSE in Canada know. CSE then contacted House of Commons services through its IT branch, but nothing happened. There were crickets. None of the Canadian parliamentarians were notified by CSE, by the government of Canada or by the House of Commons protective services. It was all mute. IPAC found out in 2024 that its membership around the world, including 18 members in Canada, were targeted; this was two years after the hacking event happened, two years after CSE and the House of Commons were notified that it happened. Nobody thought it important enough to contact the parliamentarians to tell us that our emails and online services were potentially compromised. At that time, in 2019 and 2021, we were already witnessing foreign interference taking place in our federal elections. The PRC was using operatives to intimidate members of Parliament and their families, as we saw with the member for Wellington—Halton Hills with his family back in Hong Kong. They were trying to intimidate him and all the people here in Canada. We know that PRC police stations were set up across this country to interfere with and intimidate the Chinese nationals who call Canada home. We know the PRC was using foreign students to flood nomination meetings. Throughout all that time, the Liberal government turned a blind eye. The Liberals have no problem with the PRC interfering in our election processes when it undermines people like the Conservative member for Wellington—Halton Hills or Kenny Chiu, our former Conservative member of Parliament from Vancouver who lost his riding. As long as the Liberals think they are benefiting, they are prepared not to do anything about it. We know, through Justice Hogue and her commission on foreign interference, that there is sound evidence to show that foreign interference is undermining our democratic institutions. I have been very active, of course, on standing up for Ukraine and holding Russian oligarchs and corrupt foreign officials around the world to account. I am trolled all the time on social media by Russian trolls. I was even asked to appear as a witness at the Hogue commission because of the ongoing attacks that happened on my social media platforms. I am also a patron of Hong Kong Watch Canada, again standing up for democracy and civil liberties in Hong Kong because of the Communist regime's activities there, quashing any individual rights and liberties, especially free and fair elections in Hong Kong. Also, I am the shadow minister for national defence for the official opposition. Therefore, if one thinks about my email potentially getting hacked by operatives for the People's Liberation Army in China, one would think somebody would have called to let me know that I was being targeted. In 2021-22, somebody should have made that call. I am also the vice-chair of the Standing Committee on National Defence. We often deal with information on national security, our Canadian Armed Forces and our operations in Europe under NATO. I am always advocating for supplying more weapons to Ukraine. Members would think that would be enough of a red flag to see the Liberal Government of Canada contact us and say that we need to take precautionary measures to protect the information that I have and I am sharing with my colleagues, including other members on the Standing Committee on National Defence. However, I was never notified by the CSE. I was never notified by the Parliamentary Protective Service. I was not notified by CSIS or the RCMP. Nobody from the Government of Canada has ever reached out to me to inform me that I was at risk or my colleagues were at risk and that we were potentially being undermined. Surprisingly, I am going to get a briefing this week, tomorrow actually, from the FBI. The FBI is going to inform us, as parliamentarians, those of us who were targeted by APT31, to get the information out. One would think that the RCMP, CSIS or the CSE would be stepping up, or at the very least somebody from the Liberal government, but, no, it is mute. That comes down to the fact that we have a Liberal government that has not taken foreign interference seriously. We have a Prime Minister who has never made national security a priority. National security should always be a priority for the Prime Minister, but it is something that is an afterthought for him. He has always downplayed the seriousness of the threats from Beijing, Moscow and Tehran. He has never stood up for us as parliamentarians to protect our democratic institutions. He has never stood up to say that we are going to protect the diaspora communities here, whether Chinese, Ukrainian or Persian, who have run away from oppression, dictatorships and totalitarian regimes. I can tell members this. Our leader of the official opposition, the leader of Canada's Conservatives, will always defend our freedom, our democracy and our national security. We will always put Canada first. We will always stand up for the democratic rights and privileges of those of us who serve in this elected chamber, this hallowed chamber. I know that things will be better under a prime minister who represents the Conservative Party of Canada.
1262 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 311 - May/8/24
Mr. Tom Kmiec (Calgary Shepard, CPC)
  • May/8/24 10:39:20 p.m.
  • Watch
Mr. Speaker, I wish I were pleased to join the debate, but I am not. I am one of those 18 parliamentarians who had their email targeted by APT31. To be perfectly honest, I did not know what APT31 was. I think many of my colleagues know that I spend a lot of time in diaspora communities, so I do know quite a bit about random, obscure groups that many of us do not pay attention to, but this is a new one even to me. I had to have staff actually look up what exactly this particular group was involved in. The attack was back in January 2021. By “attack”, I do not mean a physical attack. This was a digital hacking attempt, pixel reconnaissance. Again, that is another term I did not know, so I had to look it up. It was, I think, a sophisticated attempt. I would not have thought about it. My colleagues and members of other political parties know that I am quite paranoid. I think a little bit of paranoia is healthy in this line of work. I used to work for the department of defence as an exempt staffer for the Minister of National Defence during the Afghan war. I worked at the Alberta finance department as a policy adviser, where the security of budget documents was important, so just as a regular practice, I would do things like stopping my emails from automatically opening images. Little did I know that, in this situation, that would have helped me out, because those images are the ones that contain one pixel that would upload code onto whatever device would open it. In the case of my email account, I did ask my staff on their computers to verify whether those emails were opened and were still there in my email account, and they were. This is one of the problems I have with what the government's position has been, along with the Communications Security Establishment and the House of Commons cybersecurity. As soon as I found out about this, just a few weeks ago, I contacted them immediately to find out whether they knew or whether there was something that I should do. At first, I got kind of mixed messages from them, saying they kind of knew about the investigation but they did not know. It was not really clear. There were two different emails saying almost identical things, using synonyms to avoid actually committing to anything, which I guess is typical. I do not fault them for it. However, when it came to the fact that my email had been targeted, I would like to have been told of that fact back in January 2021. I would like to have known, because I could have deleted those emails. I may have gone back to those emails several times and opened them all over again. I will even read the headlines for colleagues, because I have them. The first one was on January 28, 2021, and it reads, “More than 50 passengers killed”. It looks like a random story about a traffic accident in western Cameroon. We get lots of different emails. There is not necessarily a reason for us to open those. It is signed by a David Aaro, and “nropnews” is a domain name. The next email is from Brooke Singman, on China's GDP. I might have opened that email out of sheer curiosity about what an analyst might be saying. The third email has the headline of “Canada parliament labels US far-right Proud Boys group 'a terrorist entity'”, by David Aaro again. These emails were over several days. They were not all on the same day. They are just three emails that I still have in my email inbox that I could have reopened for whatever reason while searching for another email, because nobody told me anything. Nobody did. I think it is both immoral and unethical, what happened through the House of Commons, CSE, and especially the Liberal government. For all the talk of wanting to protect Canadians, doing right by them and ensuring there is no foreign interference, it is only when the government is called out that it starts pretending it is going to do something. I deal with political prisoners. I deal with people who have fled their country of origin, who were political activists. They were in jail. They were on death row, some of them. They were democracy activists. They were journalists, perhaps, in their country. I have one working for me who was a journalist in a country that has an authoritarian regime that shut down her newspaper. I have met journalists who used to work in Turkey who are on the Turkish “grey list”, which is their terrorist list. This particular individual has not done any crime of terrorism. I call her the Robert Fife of Turkey. She reported on the fact that the Turkish government, during the Syrian civil war, had given weapons and arms and other means to ISIS and ISIS-affiliated jihadi groups. These are the people I meet with. They all saw the news that I had been targeted. They all worry. It directly affects the type of work that I can do, the type of work I am interested in doing, the type of work I have been asked to do by the leader of my political party as the shadow minister for immigration, refugees and citizenship. Refugees are quite core to that. Many of these people have applied for and obtained protected person status in Canada. I read your ruling, Mr. Speaker, and this is, like you said, material to the type of work that I do. When the government claims it is doing enough, no, it is not doing enough. The fact is that nobody on the Liberal benches in the front cabinet, especially those responsible for administrating CSIS and CSE, thought they should warn the 18 parliamentarians, including me, my colleague from Selkirk—Interlake—Eastman, the member for Sherwood Park—Fort Saskatchewan and the member for Calgary Midnapore. There are several of us, and there are members of the Liberal Party. The member for Scarborough—Guildwood is one of the co-chairs of the IPAC group that was specifically targeted for that work. It is immoral. It is unethical. When I then turn around to the diaspora groups, the chatter I am hearing is, “If the government will not protect you, if it will not protect a member of Parliament or a senator, what chance do we have?” No wonder they are self-censoring and so scared to speak out about things that are going on in their country of origin, but also about foreign agents in Canada who are interfering with their rights to free speech as free Canadian citizens in our own country. Now they are afraid, because they look at us. Many of us are human rights advocates. We do pro-democracy work. We help groups organize and we give them ideas on how to lobby and advocate for things on important issues that they care about. However, they then ask, “Well, if I send you the email, is it actually protected? Will you protect my identity?” I have had meetings where members of the public have asked me to turn off my phones and put them away. I mean shut them down and put them away. I know why they are doing this; it is because they are concerned that people can easily tap into these devices, which are generally unsecured, and then they can turn on the microphones on devices. There is a reason why, in our caucus rooms, we do not bring our devices into the room. They are left in little metal cabinets, and we roll them in and roll them out all the time. I remember, as caucus chair, trying to convince my colleagues to leave their devices behind, which is very difficult. I see some members nodding and admitting how difficult it is for them to be kept away from the devices. Especially in the case of APT31, I started to look, and the member for Selkirk—Interlake—Eastman before me kind of started to go into who this group was, because I was interested in this. There is a $10-million reward for seven of them on the U.S. Department of State's Bureau of Diplomatic Security's rewards for justice program. It has seven persons listed. It says that the hackers have helped China's Ministry of State Security conduct malicious cyber operations against U.S. critical infrastructure through their front company, Wuhan Xiaoruizhi Science & Technology Company. It is part of a group of China state-sponsored intelligence officers and contract hackers known in the cybersecurity community as APT31. Again, this was news to me. I would like to have known about APT31. However, they are not just contract hackers; they are China state-sponsored intelligence officers. The rewards for justice website says that if anyone has information on these China hackers, Wuhan APT31, also known as Zirconium, Violet, Typhoon, Judgement Panda and Altaire, or associated individuals or entities, they should contact the rewards for justice program via the Tor-based tip line, and they may be eligible for a reward or relocation. Again, this organization is not just a random group of hackers in mom's basement. Therefore CSE, House of Commons security, the cybersecurity people, CSIS, the government, the public safety minister, the Prime Minister and everybody else seems to claim, “Well, we told somebody; that should be good enough”, but they have a moral and ethical responsibility to inform parliamentarians directly, beyond what the law says, both for our personal protection and for the protection of people that we deal with. What they are essentially saying is that we are on our own but that if someone finds out later, they will tell us. Then they will say, “Oh yeah, whoopsie doodle. True, there was an attempted hack.” It is not enough to say that the hack was not successful. We are being targeted; that is the problem. I am sure that our digital infrastructure, the cybersecurity infrastructure for the House of Commons, is strong and that it is good enough. I remember trying to get Zoom right after the pandemic shutdowns had begun, and our caucus was the first one to go on Zoom. I remember the cybersecurity people telling us, “No, you must send your signals through a House of Commons server based in Canada.” We waited patiently for the three days that they asked us to so we could actually host a meeting of the Conservative caucus right when the shutdowns began across the country. Therefore I trust them in that security infrastructure, but what I have a problem with is the fact that we were targeted and not told, in 2021. I had to be told by a foreign government, the Americans. Oftentimes, because they are our cousins, they are almost part of the North American security infrastructure. I studied in America. I know that few of my colleagues look up my bio because, why would one do that? I have a concentration in counterterrorism and the Department of Homeland Security. It is just a personal interest area, but it is not focused on digital cybersecurity, to be honest. This is why I did not know. These particular individuals, again, are not just a random group of hackers doing it for fun or doing it for money. These are intelligence officers. That is what the U.S. Department of State says. I had to find out from a foreign government, the FBI telling a parliamentary group that I belong to. I had to sign off on letters, listen to what the analysts had to say, get information from them and share information with them. I had to find out from a foreign government that I was being targeted, openly targeted. I have been criticized by foreign governments before. Famously, about two years ago, I was criticized in Pakistan's national assembly for raising very simple questions in the House here about a $50,000 taxpayer-paid trip by a certain chief of defence staff in the Pakistani military. I was highly unpopular. I was very popular in my riding, though, because I have a lot of constituents who are Mohajirs and Sindhis, who are highly persecuted. I did it on their behalf and they deserve to know. However, they are going to come to me and ask me if what they tell me is protected. Am I protected? Can I guarantee to them that what they pass on to me, my email, digital files and the personal security in my offices, is protected? I worry because I worry for them. There is a great Yiddish proverb. I never miss an opportunity to share them. I know members wait for them. If we take the Prime Minister's words and the public safety minister's words and CSE's and CSIS's words, and if their words were a stick, I could not even lean on it. It is a great Yiddish proverb. It is so true in this situation. The claim has been in the newspapers that, because it was not successful, we did not need to know. I have it in the complete reverse. Because we were targeted, we did not just deserve to know; they were morally obliged to tell us and ethically obliged to tell us. Whoever found out should have told us because, for three years, we could have adjusted our behaviour. We could have changed the way we did things. We could have turned around and told the diaspora community leaders, the groups we were working with on petitions, on letters and on starting campaigns to rescue political prisoners in other countries, that maybe we should do it a different way. Some of us travel to regions of the world that are dangerous, like Ukraine. Some of us travelled to Iraq just a few years ago, which is not exactly the safest region to travel to generally. I found, on the ground, that it was very safe. I would have liked to know if I was targeted by, say, an Iranian-based hacker group that works for the Islamic regime, if I had been in the region. I now have to work under the assumption that, even if I were targeted, if the target was not successful in hacking into my emails or hacking into my personal digital files or any of my social media accounts, because it was not successful, I could be the target of one of these espionage or hacker attempts. There are many of us who work with these types of individuals. Because we know that it was APT31, thanks to the FBI, thanks to IPAC, thanks to the U.S. Department of State, not thanks to our government, we have to now wonder if we are individually, because of the work that we do, targeted by another foreign regime. The member for Selkirk—Interlake—Eastman talked about the work he does on behalf of the Canadian Ukrainian community. He has spoken out repeatedly against the Kremlin. If there was a Russian hacker group, of which they have many, and they are renowned in the Kremlin for both operating state-sponsored groups and also paying contract hackers, and if he were to be targeted, nobody would tell him unless it was successful. If it was successful, then he would likely know about it. One can see where this is going now. This does not make any sense. The government's position makes no sense. In the Speaker's ruling, he said that this matter was in fact a prima facie violation of our privilege. I knew that from the moment it happened that this would be the case. I am very glad that he ruled that way. I am glad that the member for Sherwood Park—Fort Saskatchewan brought it to the Speaker's attention and made a very cogent case on why we should be protected. I want to bring up another fact, which is that this actually happened in Belgium as well. This is not APT31's first attempt. APT31 is renowned. APT40 is another group that has also done it repeatedly against others. It is not just IPAC members. I am going to draw one's attention to one particular group that was targeted in Belgium. It was a series of politicians, including the former prime minister of that country, who were targeted. One foreign affairs minister and several parliamentarians were also targeted by APT31, around the same timeline that we were. In that particular country, those targeted were also not told. In Belgium, they all had to go public and shame their government in that situation. As far as I know, in this particular attack, I think only Finland and one other, I believe, Baltic state informed their legislators that they were victims of such an attack. Then again, they are also much more used to it. They are right next door to the Kremlin and the Russian Federation, which makes it their business to be in all of our business. They want to know what emails we are exchanging. They want to know the people we are meeting with. They want to know what devices we are using as well. This is the problem I have with how this has been handled by the government, with its claim that it is doing enough and that it has introduced this new process. Those five members, like I said, were a former prime minister, the chair of the foreign affairs committee, the vice-chair of the foreign affairs committee, the Belgium-Taiwan Friendship Group and a member of the EU foreign affairs committee. I have the declaration in French and am going to read it into the record. Statement of Belgian elected officials targeted by APT31 It has now been confirmed that all five of us were the target of a Chinese state-sponsored cyber-attack in early 2021. This was not an attack on any single political party or any particular country. It was an attack on any elected official who dares to challenge Beijing. We stand united in condemning these actions, which strike at the heart of the democratic values that unite us and that transcend party lines. Over the past decade, China has shown a growing desire to interfere in the political systems of other countries, including our own. All too often, its malicious actions have gone unanswered. We cannot allow this campaign of cyber-attacks against elected representatives of the Belgian people to remain without a robust and proportionate response. We are calling on the government to do the following: Then they list five items. The statements ends with these two sentences: Chinese intelligence services tried to intimidate us, but they will never silence us. We will continue to actively defend democratic values and human rights in Belgium and around the world. This goes on. There was a case in New Zealand where APT40 as well hacked into legislators' and Parliament's devices. There was a cybersecurity attack committed in Australia, again by another state-sponsored affiliated group also out of Beijing. It is not like this is unique. This is another problem with the line the government has taken, which is to behave as if this is brand new and as if this has never happened before. That is the claim. That is the top-line talking point being printed out of the Prime Minister's Office and sent to all of us. That is simply not true. Since 2012, since Xi Jinping took over the Communist Party in Beijing, there has been a steady increase of attacks, both in rhetoric and in actual actions, by various hacking groups and by various military organizations. Like I said, intelligence officers of Beijing are now targeting 18 Canadian parliamentarians. For three years, we were told absolutely nothing. I only found out a few weeks ago. The moment I found out, on a Tuesday, I immediately began contacting the House of Commons' cybersecurity. I want to get to the bottom of this. Every single member who was targeted should have a chance to speak in the House and to explain exactly how this impacts their work, so it can become a permanent, official part of Hansard, and the next time this happens, the Liberals cannot claim that they did not see anything, that they did not hear anything or cannot say that it did not work, so we should not be bothered by it. We were targeted by a foreign government because of our parliamentary work. That should be enough. It was immoral not to tell us. It was unethical not to tell us.
3517 words
  • Hear!
  • Rabble!
  • star_border