Thomas Dang, MLA for Edmonton-South, has been cleared by police and will face no charges for testing and reporting security vulnerabilities in Alberta’s embarrassingly hackable COVID-19 vaccination records website.
Dang, who has been sitting in the Alberta Legislature as an Independent MLA since late last year, said in a statement this afternoon that as a result of the decision by the RCMP and Crown Prosecutors to drop the criminal investigation and lay no charges in what was in effect a whistleblowing case he has sent a letter to NDP Caucus Chair Joe Ceci seeking to immediately rejoin the Official Opposition in the Legislature.
“There is a lot of work to do,” he said in a statement sent to media this afternoon. “I am looking forward to applying my full attention and focus to the priorities of the people of Edmonton South.”
Dang informed the NDP Caucus and immediately resigned in December 2021 when he became aware of the RCMP investigation after he had informed the provincial Health Department, confusingly known as Alberta Health, of the vulnerability in its vaccination records website.
“In September a concern was raised with me as a Member of the Legislative Assembly about the security of the vaccination record system,” he said at the time. “I tested these concerns and found that a security flaw did exist.”
“I immediately notified Alberta Health with the relevant information so that the vulnerability could be corrected. It was resolved shortly thereafter,” he said.
Well, he should have known: In Alberta, no good deed goes unpunished!
RCMP raided Dang’s home when he was out of town on a daytime skiing excursion. Opposition Leader Rachel Notley called a news conference after she was informed of the investigation and asked Dang to resign from caucus.
“Our caucus has a longstanding policy that members under active police investigation will not sit in the caucus, and Thomas understands this,” she said.
Dang said he still expects to face a fine for contravening Section 107(2) of the Health Information Act, which has not yet been set or issued.
Under the circumstances, the well-publicized investigation into what appeared to be an honest if misguided attempt to inform Alberta Health of a real problem, seemed peculiar, to say the least.
Whatever the intention of the investigators was, the raid and its attendant publicity sends the message that it is unwise to report security breaches that might embarrass the government.
Regardless of what happens next, Conservatives who encounter similar situations with constituents will doubtless follow the advice of their late leader Ralph Klein, Alberta’s premier, to, metaphorically speaking, “shoot, shovel and shut up.”
Dang vowed in today’s statement to continue to advocate for changes to Alberta’s information security and cyber defence systems.
“We’re extremely vulnerable and the government does not have proper systems in place to identify, report, and manage these threats,” he said. “I will continue to advance solutions as an MLA so that all our personal and private information is made safe from malicious online actors.”
Meanwhile, the RCMP fraud investigation into the 2017 “Kamikaze campaign” to bring down United Conservative Party leadership candidate Brian Jean and elect Jason Kenney as leader of the then-new party is said to be continuing. Jean is now once again a candidate to lead the UCP.
Dang, who was 20 when he was first elected to the Alberta Legislature in 2015, can be grateful he didn’t have to wait years for a decision to be made in this case.