Procedure and House Affairs Committee on June 13th, 2024

I think it's a coordinated naïveté amongst all authorities. Historically, we've moved into another era, I'd say, even more recently—I'd even say on a weekly or monthly basis. However, I fundamentally feel—and I'm sure I'll be challenged on this—that it's because of an indifference in the current administration, and this leads to incompetence in the rank and file of those who are in charge of our safety. I fundamentally believe this.

I think for many years we have all been naive, whether we're parliamentarians or we are people who work in a whole lot of different areas. Canada is just waking up to issues of foreign interference and all the rest of it. This is a new era, and I think everybody's been naive and not realizing. I don't think anybody intentionally held anything back that they thought would hurt us. The firewall held—hallelujah. We're supposed to be really happy. The firewall held when we had this APT31 attack. That's what I was told. We should be glad.

Well, I am glad that it held, and I am glad that we're here, because we're going to find a way to better protect parliamentarians and Canadians as we move forward as a result of this.

Where I'll go with that, the culture of secrecy and I think disrespect of parliamentarians, is that since other questions of privilege and other issues started to come to light, multiple directives were issued to actually improve the process and say that parliamentarians must be informed. Even after those directives were issued, parliamentarians still weren't informed.

My point about the culture is that the protocol, that directive, was given to improve the process, and it was literally ignored with every excuse in the book as to why.

I'll just talk about the culture, Ms. Sgro. It's new and maybe we've been naive, but to me, it's the culture of taking any protocol or directive seriously and improving that. We've seen examples of that said, but not followed through on.

I'd appreciate hearing from anyone who has comments on that.

We'll have one witness very quickly, please.

I would just add that when we had our discussion with the FBI and with IPAC and we challenged why were we not told, we were told that the way the system is the FBI had to report to one particular person within the Government of Canada. They could not come directly to us. Several weeks after that, the FBI actually had a briefing with all of us. They said there was a system in place that the FBI could not directly inform us. It had to go through a bit of protocol that was in place that nobody seemed to follow.

Thanks very much, Mr. Duncan.

Mrs. Romanado, you have six minutes.

Thank you very much, Mr. Chair. Through you, I'd like to thank my colleagues for being here.

I'll premise this the way I did with the last panel. I firmly believe that all of you should have been told. It's very unfortunate that you weren't.

Just to pick up on that, Mr. Kmiec, you mentioned that you had a meeting with the FBI, I think on May 9, but you mentioned that you have not met with CSIS or CSE. Have you met with anyone since this has come out? Has anyone, whether they be from CSE, House of Commons IT or CSIS, sat down with you?

No.

Mrs. Kusie, in your case, has anyone met with you?

No. I'll just leave it there, Mrs. Romanado.

Ms. Sgro?

CSIS...at my request.

You actually had to request the meeting.

Yes.

Obviously, the protocol is not working. The fact that you had to proactively reach out yourself is an issue.

When CSIS and CSE were here, I think there was a fundamental misunderstanding about what MPs actually do. I'm not an intelligence officer. I would not know what they do, but there really is a disconnect, I think. They don't realize, as Ms. Sgro said, that the work we do puts us more at risk in terms of interest from others, whether they be state actors or non-state actors. We never want MPs to change what they're doing. We want them to continue to do what they're doing, because it is important work, whether it be here in Canada or abroad or standing up for human rights.

What would you recommend that this committee put forward in terms of making sure that intelligence agencies and those who are asked to protect us, whether physically or in the virtual world, understand what we do and how we do it? What would you recommend that we recommend to them?

That's for any of the witnesses.

Chair, I'll go ahead and give that a shot.

The first thing is that these agencies need to have a positive requirement on them to inform parliamentarians. What I don't want to see is what I've now experienced, where the Sergeant-at-Arms office says that HoC cybersecurity knew but the Sergeant-at-Arms office didn't know. Then they come here and everybody says someone else was told to tell someone. It's unclear to me. Again, you have the in camera discussions that were had. I note that CSE kept saying that they could answer some of those questions in camera.

I need to know. I need to know whether I'm a target. It will change the way I do my work, because it's already had an impact on my work. When I have people reach out to me who want to meet with me, if you Google my name, this is one of the things that will come up, so some people, some dissidents and journalists in exile, will self-censor. They will not reach out to us. If I email him, if I contact him on his social media, that might be tapped. That might already be compromised by a foreign agency.

There is public information showing that these foreign agencies have an interest in me for the work that we all do here. Because of that, it's already had an impact on the work I can do.

Thank you, Chair.

Absolutely, if that's what's necessary. You would think it wouldn't have to be necessary, but it appears that it needs to be a ministerial directive, so start with that. They have to have that directive. They have to share the information with parliamentarians.

I think it's hard to believe that all of the folks involved in protecting us don't know, to Mr. Kmiec's issue, what we're really doing and that we are dealing with a lot of foreign issues and all these other things. Is it possible that they don't know the extent to which many of us are venturing into areas that seem to be areas that upset China, Iran and so on and so forth?

I can't believe that they're not aware of it. Maybe they should spend some time with parliamentarians or watch what goes on in the House of Commons a little bit. Maybe it would change things.

I have only 15 seconds. Again, I want to thank you for coming forward today and giving us the feedback you have, because we do have to fix this.

Thank you.

Ms. Gaudreau, you have the floor for six minutes.

Mr. Chair, I can honestly see that this is a very relevant meeting today. I don't sense much of the usual partisanship. We're really talking about the problem.

I would like to go back over what happened. I heard what you said about the need to take charge of this and get ahead of it.

I asked this question. One day, there will be another government. Is it normal that trust is no longer there? When we met with the representatives of the Communications Security Establishment, I raised my hand and said that, since I'm not currently their client and they do business with the government, I want to be their client.

I would like to hear your comments on that. What do you think about getting this out? It's part of our lives, being an MP, it's 24 hours a day, seven days a week. What do you think about that?

I think it's necessary to assess the system as a whole. We have to think about the threats. In my opinion, it's important to better inform parliamentarians and members of Parliament, because right now, it seems that there's a lack of a system for analyzing threats. You have to look at the whole system, but you also have to look at the threats against individual members. I think threats against members are different, depending on the activities of the member.

As I also said, it's really important to have transparency and training. I think training is really important for members of Parliament. Personally, I want to see a complete review of the system so that there are more threat assessments, more transparency and more training.

I just want to make sure, because I may have missed the beginning of your opening remarks. Were the attacks on your personal accounts? Yes or no.

I was going to say that, in my case, it was on my public account that I use. I have the three emails with me today. I printed them off, because they're still in my account. I can open those emails at any time.

However, in the cybersecurity system, no one told me whether or not I could open emails. So I opened them and printed them off, all three of them. They're still in my account. No one told me I couldn't do it. As far as I know, the digital surveillance technique for these attacks works with pixel spies. Since this is a new topic for me, I did a Google search to find out, with the help of my staff. It's all described perfectly.

In my case, it affected my public email account. My staff in my constituency office and my staff in my Hill office have access to these accounts to assist me in my work. Every single one of those computers could have been affected by these attacks because of a lack of training, which should have been given to me.