An Alberta opposition legislature member under RCMP investigation after admittedly hacking into a government health website using some of Premier Jason Kenney’s personal information says he felt a professional responsibility to do it.
Thomas Dang, asked by reporters Tuesday if he acknowledges doing anything wrong, replied, “No.”
“I believe that this type of testing is commonplace in the field of information and cybersecurity,” Dang said. “My intent was always, and continues to be, to protect the private information of Albertans.
“I believe that this was an obligation I had as an MLA.”
Dang, the member for Edmonton-South, declined to say whether he would commit the same cyber-breach again if he felt the public interest required it.
He made the comments after releasing a report titled “How I Did It,” which details his role last fall in committing the cyber breach on the government’s COVID-19 vaccination passport verification website. His report urges the United Conservative government to do more to protect sensitive online information.
Dang said he conducted the probe after a constituent warned him of possible loopholes allowing for bad actors to access private health information through the vaccine website.
He said when he ran into roadblocks trying to breach the site, he used Kenney’s birth date and date of vaccination – both publicly available – allowing him eventually to breach the site’s privacy safeguards.
At that point, Dang said, he immediately stopped the search, advised his NDP caucus team, which in turn advised the government of the security breach, and the breach was remedied soon after.
Dang said using Kenney’s details was a reasonable decision to make under the circumstances, given the premier has a high profile and could be a target of hacking. He rejected suggestions he was engaging in a form of identity theft.
“I did not use someone else’s identity,” said Dang. “I used two pieces of information that are publicly available.”
Dang said he has a certificate in cybersecurity but did not say if he had any special authority or permission to breach the vaccination passport website.
In December, the RCMP launched an investigation and executed a search warrant into Dang’s cyber search. As per NDP policies, Dang stepped away from caucus due to the ongoing investigation and now sits as an Independent.
Government house leader Jason Nixon said he wants answers on who knew what and when after Dang’s security breach, and whether NDP leader Rachel Notley or other senior party officials withheld or delayed delivering sensitive information.
“What has been admitted to by MLA Dang today was that an everyday Albertan’s record was violated by the then-NDP-ethics critic through hacking, which is unacceptable,” said Nixon.
Notley said she asked Dang to step aside as soon as she heard about the investigation and that future decisions on Dang’s role in the caucus will wait until after the RCMP probe.
“Mr. Dang is going to have to answer for himself in terms of the choices he has made,” Notley said.
“But I can say that the fact that it’s attracted police attention, that it’s under investigation, is deeply disappointing to me. That’s why we asked him to leave and under no circumstances will he be coming back as long as this is an active matter.”
Dang, a two-term legislature member, would not confirm whether he will run again in the spring 2023 election under the NDP banner or as an Independent.
NDP nominations are being contested and filled right now, and Notley was asked what will be done about Dang as a potential NDP candidate for Edmonton-South.
“We’ll be meeting with the executive of the party to make that decision pretty soon,” she said.
Later Tuesday, Dang’s predicament became fodder for partisan attacks during question period in the legislature.
Kenney, answering Notley’s questions on relief for Albertans facing high inflation prices, urged his opponents to check into government policies. But he added, “I know the NDP’s favourite research technique is to hack into people’s private information.”
—Dean Bennett, The Canadian Press
RELATED: British Columbia government lax on cybersecurity practices, auditor reports
RELATED: Canada Revenue Agency website remains down for 3rd day due to cybersecurity issues