Threats to the Liberal Party of Canada 2025 leadership campaign – March 2025

Executive summary

On January 13, 2025, Nathalie Drouin, the Deputy Clerk of the Privy Council and National Security and Intelligence Advisor to the Prime Minister (DCNSIA), issued a statement announcing that the Security and Intelligence Threats to Elections Task Force (SITE) was to monitor the upcoming Liberal Party of Canada (LPC) leadership campaign for possible foreign interference (FI).

This report covers SITE’s activities and observations of foreign actors’ intentions and FI activities directed at the LPC leadership campaign from January 27 to March 16, 2025, a week after the designation of a new leader on March 9, 2025.

During the LPC leadership campaign, SITE observed some activity that was consistent with known FI methodologies, and that pertained to SITE members’ mandates.

Background

Created in 2019, the SITE TF is a whole-of-government working group that coordinates the Government of Canada’s collection and analysis efforts concerning threats to Canada’s federal election processes. It is made up of experts from the Canadian Security Intelligence Service (CSIS) (current Chair), the Communications Security Establishment (CSE), Global Affairs Canada (GAC) and the Royal Canadian Mounted Police (RCMP), where each member agency works within their own mandate. The SITE TF provides a clear point of engagement with the security and intelligence community. Its members coordinate intelligence review and analysis, provide situational awareness through threat assessments, reports and briefings and, where members’ mandates permit, coordinate action to mitigate threats.

Up to the Canadian General Election 45 (GE45), the Critical Election Incident Public Protocol¹ (CEIPP) directed the Panel to communicate with Canadians only if it is determined “that an incident or an accumulation of incidents has occurred that would threaten Canada’s ability to have a free and fair election.” However, in recent years, Canada and its allies have recognized the value of publicly disclosing incidents of foreign information manipulation and interference, to raise citizen awareness, build citizen resilience, and maintain trust in electoral outcomes. As a result, SITE issued its first public statement during the LPC leadership campaign on a potential threat-related incident involving an information operation targeting Chrystia Freeland, which is discussed in further detail below.

SITE's monitoring and reporting during the LPC leadership campaign

SITE met weekly between January 27 and March 16, 2025 to review and discuss intelligence collection, assessment, and open-source analysis of possible FI activities during the LPC leadership campaign.

Baseline threat assessment

At the outset of the leadership campaign, SITE’s assessment was that there were no significant indicators of FI targeting the six approved LPC leadership candidates (Jaime Battiste, Frank Baylis, Mark Carney, Ruby Dhalla, Chrystia Freeland, and Karina Gould). Members of SITE highlighted that Chrystia Freeland and Mark Carney were the most likely potential targets of FI and pre-race, the subjects of most of the hostile engagement on existing social media.

Monitoring and reporting

During the LPC leadership campaign, potential threat-related incidents were reported to SITE by its members, but also by candidates and political parties. The SITE Assistant Deputy Minister-level Elections Security Coordination Committee (ESCC) was responsible for the governance of incidents. Instances brought forward to SITE were submitted to the ESCC, where the members determined whether they constituted a formal incident that warranted being reported to the Deputy Minister Committee on Intelligence Action (DMIA). As per the CEIPP, incidents are usually reported to the Panel for their determination as to whether or not they threaten Canada’s ability to have a free and fair election, and if a public announcement is warranted. The CEIPP; however, has a limited mandate: it is only initiated to respond to incidents that occur during the caretaker period. Incidents that occur outside the caretaker period are addressed through regular Government of Canada operations. During the LPC leadership campaign, such incidents were reported to the DMIA.

On January 29, 2025, SITE produced its inaugural weekly situation report (SITREP) for DMIA. This initial report served as a substitute for a baseline threat assessment, compiling current and recent historical information from member agencies and partners on FI and violent extremist threats targeting or involving Liberal LPC leadership candidates.

While monitoring the leadership campaign, SITE has considered tactical information collected under each member’s respective mandate. During the time period, SITE provided regular updates on potential FI, violent extremism and cyber threats directed at LPC leadership campaign to DMIA and the ESCC. These updates were based on weekly SITREPs, which included input from each SITE member agency.

In early February, SITE gave briefings on FI and best practices for protection against FI threats to members of the candidates’ campaign teams and to LPC representatives.

Foreign interference

SITE defines FI as an “activity conducted or supported by a foreign state/actor that is detrimental to Canadian national interests and is clandestine, deceptive or involves a threat to a person.” In the context of Canadian electoral processes, the objective of FI is to affect electoral outcomes and/or undermine public confidence in Canadian democratic institutions.

SITE underlines that sophisticated, pervasive and persistent FI activities constitute a serious threat to Canada's national security and to the integrity of Canada's democratic institutions at all times, and not just during electoral processes. Foreign states that engage in FI target all levels of government in Canada—federal, provincial, municipal and Indigenous—and various facets of Canadian civil society (e.g., religious, ethnic and cultural communities, the general public, media entities, and academia). FI activities transcend party lines, ideologies and ethnic backgrounds. For certain foreign states, FI activities are part of their normal pattern of behaviour in Canada and often peak during electoral processes.

Observations on foreign interference during the LPC leadership campaign

SITE has observed online disinformation² about candidates; however, as of the end of the leadership campaign and for most disinformation instances, SITE members have been unable to confirm if the instances were emanating from a foreign state actor.

In early February 2025, GAC Rapid Response Mechanism Canada (RRM) detected coordinated and malicious activity regarding Chrystia Freeland. The launch of this information operation was traced to WeChat's most popular news account, Youli-Youmian, an anonymous blog that intelligence reporting has linked to the People's Republic of China Chinese Communist Party’s Central Political and Legal Affairs Commission³ (PRC CCP’s CPLAC). RRM Canada identified over 30 WeChat news accounts taking part in the campaign. The campaign received very high levels of engagement and views, with WeChat news articles disparaging Ms. Freeland netting over 140,000 interactions between January 29 and February 3, 2025. RRM Canada estimates that 2 to 3 million WeChat users saw the campaign globally. On February 7, 2025, SITE issued a public statement on a potential threat-related incident involving the information operation targeting Ms. Freeland.

On February 7, 2025, SITE briefed the executive of the LPC and members of Ms. Freeland's leadership campaign in advance of issuing the public statement.

Observations on cyber incidents during the LPC leadership campaign

SITE defines cyber threats as: malign activity in cyberspace undertaken by actors (state or non-state) that aim to exploit information communication technology in order to gain unauthorized access to systems and networks and/or manipulate individuals, in pursuit of various objectives. These actors’ objectives can be financial (i.e. cybercriminal activity) or constitute national security threats (i.e. cyber-enabled espionage, sabotage, or foreign influence activity).

No cyber incidents were detected that suggested any foreign state actors were specifically targeting LPC leadership campaign infrastructure during the time period.

Violent extremism

SITE defines violent extremism as “threats or use of acts of serious violence against persons or property for the purpose of achieving a political, religious, or ideological objective in Canada.”

While SITE is focussed on FI, the RCMP and CSIS have mandates and authorities to investigate threats of violent extremism. SITE committed to reporting any threats of violent extremism directed at the LPC leadership campaign.

Observations on violent extremism during the LPC leadership campaign

In February, the RCMP discovered a post on Facebook where a Freedom Convoy sympathiser who learned of a Mark Carney’s event in Regina noted that he wanted to give the “traitor” a “good warm welcome.” His plan was to disrupt the event. The individual was prevented from attending when he showed up at the event.

Otherwise, during the specified time period, SITE did not identify any direct threats to the leadership campaign in social media, message boards, chatrooms, online forums or news media. SITE did not identify any direct threats to the candidates, nor to the administration of the campaign.

Conclusion

To sum up, during the LPC leadership campaign, SITE observed some activity that was consistent with known FI methodologies and pertained to members’ mandates, such as online information operations. Further to an online information campaign targeting Freeland, a first public statement was issued to alert and inform the public.

Most FI activity could not be attributed; however, one information operation targeting Chrystia Freeland was traced back to a WeChat account linked to the PRC CCP’s CPLAC.

No cyber incidents were reported to SITE during the LPC leadership campaign.

As it relates to potential online threats against LPC candidates, SITE did become aware of one instance where an individual was prevented from attending a campaign event following such a threat.

Endnotes

Endnote 1

The CEIPP was first established in 2019 during the 43rd General Election to establish a mechanism to communicate clearly, transparently and impartially with Canadians during an election in the event of an incident or a series of incidents that threatened the election's integrity. The CEIPP is administered by a group of experienced senior Canadian public servants (the Panel) who, working with the national security agencies, are responsible for jointly determining whether the threshold for informing Canadians of an incident has been met, either through a single incident or an accumulation of incidents. The Panel is comprised of the following five members:

the Clerk of the Privy Council;
the National Security and Intelligence Advisor to the Prime Minister;
the Deputy Minister of Justice and Deputy Attorney General;
the Deputy Minister of Public Safety; and
the Deputy Minister of Foreign Affairs.

Return to endnote number 1

Endnote 2

SITE defines disinformation as “deliberately false information that is disseminated to deceive or cause harm.”

Return to endnote number 2

Endnote 3

The link between the WeChat account Youli-Youmian and this CCP’s Commission was made public after the conclusion of the LPC leadership race, during the GE45-related media technical briefing of April 7, 2025.

Return to endnote number 3

Page details

2025-10-01

Language selection

Search