Call to protect Canadian data in the U.S.
Worth reading (Lisa M. Austin, Heather Black, Michael Geist, Avner Levin & Ian Kerr, "Our data, our laws," National Post, 12 December 2013):
[Bill C-551] is a welcome move towards providing greater transparency and accountability for Canadian intelligence agencies, yet attention to oversight is not enough. We also need to address the legal framework under which these agencies operate, and the privacy protections granted to Canadians under the law.
This is true not only for Canada — our law’s 20th-century privacy protections are no match for 21st-century surveillance technologies — but also for U.S. law. The need for U.S. reforms may represent an enormous challenge, but Canadians find themselves between a proverbial rock and a hard place, as our communications data is increasingly stored on the servers of U.S. companies subject to U.S. law.
U.S. cloud computing services and apps such as Gmail, Dropbox and Evernote are very popular with both individual users and large organizations. Indeed, several Canadian universities have already, or are currently considering, outsourcing their email to cloud-based services offered by U.S. giants such as Google and Microsoft. This means that hundreds of thousands of Canadian teachers and students will find their personal data hosted in the United States, with little or no say in the matter.
The move to the cloud certainly offers some convenience and cost savings, yet it also makes our data vulnerable to state surveillance through NSA programs such as PRISM and MUSCULAR. As renowned security expert Bruce Schneier recently wrote, the NSA did not build an Internet surveillance system alone; it noticed that Internet companies had already done this “and simply got copies for itself.”
We are not opposed to cloud computing in principle. Some of us have been enthusiastic users of U.S.-based cloud computing such that we cannot remember what it was like to work without Dropbox and other services. Some of us have been supporters of outsourcing and have even made, or helped to make, key legal decisions in this area.
Global communications presents so many opportunities and we need to embrace it rather than lock down our borders. But just as we would not shop online without legal assurances that our financial information is kept secure, we should not be willing to place our data in the U.S. cloud without stronger privacy protection. This is not about placing barricades around our communications, but about insisting on the basic conditions for freedom of speech and association.
When we decided to open our border to trade with the United States, we did so with a free trade agreement. That agreement put in place various legal obligations and a dispute-resolution process. This is how we deal with our interconnected world. If we can do it with goods and services, we can do it with data. Our government and our privacy commissioners need to lead the charge by demanding that information about Canadians in the U.S. receive the level of protection afforded to it by our own constitution.