A confidential federal report alleges bribes were paid in the $54 million ArriveCAN program, while a recent information request shows the app stopped being mandatory when a special privacy exemption expired.Conservative MP Larry Brock (Brantford-Brant, Ont.) read portions of the confidential document into the record of the Commons government operations committee on February 5, according to Blacklock's Reporter.“I have the information right before me,” said Brock. “It is very clear.” The report Preliminary Statement Of Facts alleged “serious employee misconduct, so serious that you required the RCMP to investigate at least two criminal charges, fraud and bribery,” he said.“I can read it,” said Brock. Page 10 of the report alleged an ArriveCAN contractor “solicited a bribe,” he said.Committee members expressed astonishment that Brock obtained the report compiled by Canada Border Services Agency management. “Are they supposed to be talking about this?” asked Liberal MP Parm Bains (Steveston-Richmond, B.C.)“I don’t believe any of us have actually seen this Statement Of Facts,” said Liberal MP Charles Sousa (Mississauga-Lakeshore, Ont.). “Do you have copies you can share with us? We are looking for it.”New Democrat MP Taylor Bachrach (Skeena-Bulkley Valley, BC) said the allegations suggest “serious wrongdoing amongst civil servants working on the ArriveCan procurement.” The report was cited in the suspension of two former agency managers and an ongoing RCMP investigation, the committee was told. “That is something all Canadians should be worried about,” said Bachrach.Brock said confidential records he obtained also suggested “four years’ worth of highly relevant, sensitive emails between the years of 2018 and 2022" related to ArriveCan were deleted by an agency manager.“The approximate amount of those emails is roughly seven gigabytes or 1,700 emails," he added.Brock read out the Statement Of Facts during testimony of Michel Lafleur, the Border Services Agency’s executive director of professional integrity who investigated ArriveCan contractors. “I have seen no indication of widespread corruption,” testified Lafleur.“You would agree with me, sir, that deleting emails is an extremely serious offence?” asked Brock. “It would be a breach of the code of conduct to wilfully delete emails,” replied Lafleur.“Did you notify the Auditor General of four years’ worth of deleted emails?” asked Brock. “I notified the Auditor General that I had received allegations,” replied Lafleur.“Was the Treasury Board Secretariat informed?” asked Brock. “No,” replied Lafleur.“Did you inform the RCMP of potentially four years’ worth of highly confidential relevant emails?” asked Brock. “We are required to report potential criminality,” replied Lafleur. “I have no evidence of that at this time.”“Wow,” said Brock. “‘No evidence’ of potentially deliberately deleting emails, and that is not criminality to you? Wow.”The exchange came the same day as the results of an information request were posted to Twitter ("X") revealing correspondence the Acting Chief Information Officer of Canada Marc Brouillard had with Treasury Board Secretary Peter Wallace and that Wallace subsequently had with Ian Wallace, President of the Public Health Agency of Canada.On April 30 2021, Brouillard informed Wallace that regarding the Public Health Agency of Canada, looser privacy rules under an interim order had expired March 31 2021."The Interim Policy and Directives provided institutions with the discretion to complete a streamlined privacy risk analysis, known as a privacy compliance evaluation (PCE) in lieu of a Privacy Impact Assessment (PIA) and to defer the registration of a Personal Information Bank (PIB)," Brouillard explained."PHAC has also requested the deadline for submitting PIAs and requesting the registration of PIBs be tied to the duration of the pandemic."Brouillard said having indefinite exemptions to normal procedures around privacy was a bad look."Maintaining policy flexibility is important in the government’s response to the COVID-19 pandemic; however, there are reputational risks to deferring PIAs and PIB registration to an unspecified date as the public and the Privacy Commissioner could interpret this as a lack of transparency in how personal information is being used.""To reduce this risk, the Secretary could require the submission of PIAs and PIB registration requests within six months of the pandemic being declared over or by September 30 2022, whichever comes first. At that time, another extension could be considered should there be a continued need for streamlined privacy risk assessments."Wallace subsequently wrote Iain Stewart, president of PHAC, to say the PIAs would be required by September 30 2022, and otherwise "we can discuss a further extension of the exception at that time."Stewart wrote Wallace back to say the agency was working on the assessments that had been requested, but pushed back on the calendar date, writing, "we will commit to completing and updating PIAs and PIBs within six months of the pandemic being declared over."Instead, September 30 2022 was the last day the ArriveCAN app and other COVID-19 safety measures were required for airline travellers entering Canada.An Auditor General’s report into ArriveCAN is due February 12. A separate January 29 report by the Procurement Ombudsman identified widespread irregularities in the awarding of millions’ worth of ArriveCAN contracts.
A confidential federal report alleges bribes were paid in the $54 million ArriveCAN program, while a recent information request shows the app stopped being mandatory when a special privacy exemption expired.Conservative MP Larry Brock (Brantford-Brant, Ont.) read portions of the confidential document into the record of the Commons government operations committee on February 5, according to Blacklock's Reporter.“I have the information right before me,” said Brock. “It is very clear.” The report Preliminary Statement Of Facts alleged “serious employee misconduct, so serious that you required the RCMP to investigate at least two criminal charges, fraud and bribery,” he said.“I can read it,” said Brock. Page 10 of the report alleged an ArriveCAN contractor “solicited a bribe,” he said.Committee members expressed astonishment that Brock obtained the report compiled by Canada Border Services Agency management. “Are they supposed to be talking about this?” asked Liberal MP Parm Bains (Steveston-Richmond, B.C.)“I don’t believe any of us have actually seen this Statement Of Facts,” said Liberal MP Charles Sousa (Mississauga-Lakeshore, Ont.). “Do you have copies you can share with us? We are looking for it.”New Democrat MP Taylor Bachrach (Skeena-Bulkley Valley, BC) said the allegations suggest “serious wrongdoing amongst civil servants working on the ArriveCan procurement.” The report was cited in the suspension of two former agency managers and an ongoing RCMP investigation, the committee was told. “That is something all Canadians should be worried about,” said Bachrach.Brock said confidential records he obtained also suggested “four years’ worth of highly relevant, sensitive emails between the years of 2018 and 2022" related to ArriveCan were deleted by an agency manager.“The approximate amount of those emails is roughly seven gigabytes or 1,700 emails," he added.Brock read out the Statement Of Facts during testimony of Michel Lafleur, the Border Services Agency’s executive director of professional integrity who investigated ArriveCan contractors. “I have seen no indication of widespread corruption,” testified Lafleur.“You would agree with me, sir, that deleting emails is an extremely serious offence?” asked Brock. “It would be a breach of the code of conduct to wilfully delete emails,” replied Lafleur.“Did you notify the Auditor General of four years’ worth of deleted emails?” asked Brock. “I notified the Auditor General that I had received allegations,” replied Lafleur.“Was the Treasury Board Secretariat informed?” asked Brock. “No,” replied Lafleur.“Did you inform the RCMP of potentially four years’ worth of highly confidential relevant emails?” asked Brock. “We are required to report potential criminality,” replied Lafleur. “I have no evidence of that at this time.”“Wow,” said Brock. “‘No evidence’ of potentially deliberately deleting emails, and that is not criminality to you? Wow.”The exchange came the same day as the results of an information request were posted to Twitter ("X") revealing correspondence the Acting Chief Information Officer of Canada Marc Brouillard had with Treasury Board Secretary Peter Wallace and that Wallace subsequently had with Ian Wallace, President of the Public Health Agency of Canada.On April 30 2021, Brouillard informed Wallace that regarding the Public Health Agency of Canada, looser privacy rules under an interim order had expired March 31 2021."The Interim Policy and Directives provided institutions with the discretion to complete a streamlined privacy risk analysis, known as a privacy compliance evaluation (PCE) in lieu of a Privacy Impact Assessment (PIA) and to defer the registration of a Personal Information Bank (PIB)," Brouillard explained."PHAC has also requested the deadline for submitting PIAs and requesting the registration of PIBs be tied to the duration of the pandemic."Brouillard said having indefinite exemptions to normal procedures around privacy was a bad look."Maintaining policy flexibility is important in the government’s response to the COVID-19 pandemic; however, there are reputational risks to deferring PIAs and PIB registration to an unspecified date as the public and the Privacy Commissioner could interpret this as a lack of transparency in how personal information is being used.""To reduce this risk, the Secretary could require the submission of PIAs and PIB registration requests within six months of the pandemic being declared over or by September 30 2022, whichever comes first. At that time, another extension could be considered should there be a continued need for streamlined privacy risk assessments."Wallace subsequently wrote Iain Stewart, president of PHAC, to say the PIAs would be required by September 30 2022, and otherwise "we can discuss a further extension of the exception at that time."Stewart wrote Wallace back to say the agency was working on the assessments that had been requested, but pushed back on the calendar date, writing, "we will commit to completing and updating PIAs and PIBs within six months of the pandemic being declared over."Instead, September 30 2022 was the last day the ArriveCAN app and other COVID-19 safety measures were required for airline travellers entering Canada.An Auditor General’s report into ArriveCAN is due February 12. A separate January 29 report by the Procurement Ombudsman identified widespread irregularities in the awarding of millions’ worth of ArriveCAN contracts.
