Former NDP (currently independent) MLA Thomas Dang has been formally charged by the RCMP for hacking into Alberta’s COVID-19 vaccine record system.
This news comes only one week after Dang proclaimed an end to investigations into criminal wrongdoings on Twitter — which, technically, he’s been cleared of — and said he’s “ready to get back to fighting for Albertans.”
According to RCMP spokesperson Fraser Logan, Dang faces a non-criminal charge “for illegally attempting to access private information contained in the Alberta Health vaccine portal,” which, if found guilty, would constitute a breach of the Health Information Act.
As for potential penalties, Logan says, “If convicted, an individual who contravenes this section can be fined up to a maximum of $200,000 under the act.”
In response, Thomas Dang’s spokesperson, Leah Ward, said, “[Dang] has been notified through his lawyer that no criminal charges will be laid and is looking forward to a final resolution to this matter. Until the scheduled hearing, he has no further comment.”
Back in March, Dang became much more forthright with his conduct, publishing a whitepaper entitled “HOW I DID IT, “which details his hacking of Alberta’s COVID Vaccination Record website using Jason Kenney’s personal information.
The hack occurred in September 2021, when Dang successfully managed to bypass whatever security measures were in place for the website and access the private medical information of Albertans.
In his whitepaper, Dang detailed his motivation for hacking a government website and wrote the following:
“When the COVID Vaccination Record website was first released to the public, numerous concerns about the security of the PDF document were reported. The document appeared editable by the average computer user and easy to alter and falsify. While this appeared to compromise the integrity of the record itself, it was not until I was contacted by a member of the public—who reached out to me as a Member of the Legislative Assembly owing to my information security background—with a concern related to the security of the website that I began to investigate these concerns. Specifically, the website appeared to lack security features that would prevent a malicious attacker from scraping the website for the personal health information of Albertans.”
“As an MLA, I believed I had an obligation to verify if such a negligent vulnerability could exist.”
Dang did not ask for permission from the government to conduct a monitored ethical hack to reveal and subsequently address any weak points on the website.
Moreover, when Dang was verifying whether he successfully hacked into the website, he inputted the personal information of a political opponent, in this case, Premier Jason Kenney’s.
According to Dang, “Basically, to reasonably continue the testing I needed to do two things: narrow the scope —or reduce the set of possible inputs—and limit the possibility that I would gain access to the private health information of a private citizen. The Premier had publicly disclosed both his birthday and date of vaccination on social media, which made that information available for two inputs in a modified script. Using publicly available information about the Premier also had the added benefit of providing the Government of Alberta information that would be easily verifiable.”
Regardless of the outcome of his trial, UCP chief government whip Brad Rutherford said, “These RCMP charges should mark the end of Thomas Dang’s career in Alberta politics.”
Dang is scheduled for his first court appearance in Edmonton on July 27.
