Thank you very much, Mr. Chair. It's a pleasure to be back before the committee, this time on a different topic than last week's and with a slightly different cast of characters before you.
We are appearing today regarding the prima facie contempt arising from the cyber-attacks by a foreign-backed entity called Advanced Persistent Threat 31, allegedly supported by the People's Republic of China and targeting members of Parliament. We trust that our testimony today will assist the committee in its consideration of this important question.
In his May 8, 2024, ruling, the Speaker broke down the question of privilege into two distinctive parts. The first was the issue of the lack of notification of members regarding the cyber-attack, and the second was the attack itself.
In his ruling, the Speaker noted that, since the attack, processes and protocols regarding the notification of members had evolved. The Speaker, notably, referred to the May 2023 direction from the former minister of public safety respecting threats to the security of Canada directed at Parliament and parliamentarians. He also mentioned this committee's recommendation, contained in its 63rd report, that members of Parliament be notified by CSIS of the foreign interference threats targeting them.
In the second part of his ruling—that is, the cyber-attack itself—the Speaker found the matter to be an attempt to interfere with the work of parliamentarians, and he ruled that the matter was a prima facie question of privilege.
In reaching his conclusion, the Speaker referred to the prima facie question of privilege raised by the member for Wellington—Halton Hills, which was the subject of a ruling from the Speaker’s predecessor on May 8, 2023. In that case, the member was the subject of threats of reprisal by foreign actors for positions he had taken during debates.
In his ruling finding a prima facie case of privilege, the Speaker stated that the matter raised by the member squarely touches upon the privileges and immunities that underpin the collective ability to carry out parliamentary duties unimpeded.
At the culmination of its study on this prima facie question of privilege, this committee presented its 63rd report to the House on April 10, 2024. While the report is not yet concurred in, it contains many recommendations. As the committee considers this latest question of privilege, it may seek to build upon the conclusions of that report and provide further recommendations to the House.
Three of the recommendations in the 63rd report were directed at the House administration.
The first suggested that training on foreign interference be developed and offered as part of the members' orientation program and on a continual basis. This had been in development for some time, and I am pleased to say it is currently being offered to caucuses and will be part of the next orientation program.
The second sought a contact person to be assigned by the House administration to liaise with members on all matters related to foreign interference threats. The third, related recommendation suggested that a protocol be developed to inform the whips about foreign interference threats.
I note that agreements with our security partners relevant to these recommendations are already in place. We will be happy to provide further information about these later on during the meeting.
This new question of privilege provides the committee with the opportunity to consider some additional elements that were brought to light regarding cyber-attacks toward members individually and to the House as a whole.
Cyber-attacks have several objectives, one of the most obvious being to disturb our technical systems, and as such impacting the ability of members to do their work. They can attempt to steal confidential information, impacting members’ ability to work on sensitive files. These attacks might also be seen as attempts to intimidate members, therefore also interfering with the business of the House. When individual members are the subject of various forms of obstruction, the House as a whole can be impeded.
As indicated by the Speaker in his ruling, these types of attacks are more and more common. The issue raised by the member for Sherwood Park—Fort Saskatchewan related to cyber-attacks by a foreign entity targeting emails, but other modern technology may be used to disturb parliamentary proceedings. In some cases, the entities behind the attacks can be identified, and in other cases they cannot.
Another element to consider is the difficulty for the House to assert its rights when a foreign entity is the sponsor of reprehensible actions. Furthermore, if the House can, to a certain extent, mitigate the impact and risks when attacks target its own systems, when other systems, such as personal emails, are used by members to fulfill their duties, the House's ability is limited. Members can currently use various tools to fulfill their parliamentary functions, some supported by the House's IT services and others not.
When examining a question of privilege, the committee typically avails itself of the usual powers as it would when conducting any study. In terms of privilege, it will seek to establish the facts. It can propose remedies and proposals by way of recommendations in a report presented to the House.
I will now ask my colleague, Benoit Dicaire, acting chief information officer, to provide further information on cybersecurity at the House of Commons.
