Slashdot Mirror
Canada Quietly Offering Sanctuary To Data From the US
davecb writes "The Toronto Star's lead article today is Canada courting U.S. web giants in wake of NSA spy scandal, an effort to convince them their customer data is safer here. This follows related moves like Cisco moving R&D to Toronto. Industry Canada will neither confirm nor deny that European and U.S. companies are negotiating to move confidential data away from the U.S. This critically depends on recent blocking legislation to get around cases like U.S. v. Bank of Nova Scotia, where U.S. courts 'extradited' Canadian bank records to the U.S. Contrary to Canadian law, you understand ..."
You know the Canadians will roll over on you, eh?
Trust nobody and you won't have to worry.
They've been doing intelligence cooperation with the US for ages, why would they be any more trustworthy?
Worked in Argo.
This is completely meaningless as long as any data has to traverse any network in the US. For that matter, I highly doubt that Canada or any other US ally won't actually cooperate with the NSA. This is nothing but a marketing move on Canada's part.
Our banks will release all personal information to US law enforcement, even though this directly contravenes our Constitution.
http://www.cbc.ca/news/politics/canadian-banks-to-be-compelled-to-share-clients-info-with-u-s-1.2437975
.there is enough of everything for everyone.
Destroy that data or forever be my enemy.
The NSA et al are (legally) *more* restricted in the US than abroad. While there might be congressional hearings & other hand wringing about what the NSA does in the US, foreign countries are a cyber free fire zone. Information superiority is the goal, and the NSA has huge fire power ATM.
Security is an illusion people will pay for, so why not make a profit?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
It seems we Canadians were playing lapdog to all this nonsense; so why would anyone send their data here. It also seems that the Canadian government is perfectly happy to send Canadian data and its citizens to face US justice. I was proud of Canada's history of protecting draft dodgers; but then we sent an Iraq dodger back and my pride died that day. Then Mark Emery thrown to the wolves by the Canadian government, and recently the Canadian government has begun sending all sorts of bank records south.
So if you put your data into a Canadian server then I suspect that the US will have full access to it a dozen different ways.
Personally if I were the head of IT for a large non North American company there are few countries that I would truly trust. For instance I might look into a Swiss IT company, but only if it were wholly Swiss owned, and only staffed by natural born Swiss citizens. But Canada, heck no.
Didn't Canadian inteligence agencies (along with the English and others) work WITH the NSA to get around the constitutional impediments to spying on Americans?
YES, when your personal data was stored here in America, the NSA reserved the right to look through it... but once the America public found about it (Thankyou Mr. Snowden), many people identified that right to be illegal and the debate started. While it might be illegal in Canada for the Canadian authorities to spy on Canadian citizens, does that necessarily make it illegal in Canada for Canadian authorities under direction from the NSA to spy on the data of non-Canadian citizens (i.e.: Americans) stored within their borders?
The more I read, the more I am convinced that in the end... Strong Cryptography for which the NSA (or anyone else) does _not_ have a backdoor may be the only way to protect privacy. I trust the math more than I trust governments.
Canada has internet cables and backbone switches right? They also have undersea cables and satellites. All of that can be tapped. There is no such thing as data being safe if you are connected to the internet. We have already learned of back doors in switches, routers, firewalls, tapping of cables, backdoors in chips themselves and also intercepting hardware shipments and installing custom code as well as direct cooperation with vendors to build in backdoors.
This is completely meaningless as long as any data has to traverse any network in the US.
If I am exchanging data between Canada and any other place but the US, why would it traverse the US? If these companies want to do business with the rest of the world without being spied on by US agencies, being outside the US is a good place to start.
Whether that alone is enough is questionable, but it's a start and certainly not meaningless.
I thought most Canadian traffic is routed through Chicago or New York...
Shoes for Industry. Shoes for the Dead.
US companies shouldn't be able to shirk tax laws just by going to an overseas bank. This posits a false dichotomoy, where either you're in favor of the NSA, or you think multi-national companies should be able to avoid laws and regulations they don't like by doing all their extra-legal business in Canada or the Cayman islands or where tax laws/regulations are most convenient.
Slashdot: providing anti-social weirdos a soapbox, since 1997.
That court case did nothing of the sort - it was a court case against a local US bank subsidiary asking for records of other subsidiaries in the Bahamas and Cayman Islands.
The real problem is the coming US FATCA law: http://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance_Act
This US law requires foreign banks to provide information about accounts held by Americans, or ELSE.
Canada is not generally regarded as a tax haven - there is no bank secrecy here, no secret corporate ownership and Canada isn't a low-tax jurisdiction. Our taxes are higher than most of the USA.
There is a Canada-US tax treaty, and generally speaking US citizens living in Canada don't have to pay tax to the USA since they get an IRS deduction for the taxes they pay to Canada (they don't get taxed twice on the same income).
Under US law, all US citizens have to file with the IRS every year, even if they live in a foreign country and owe nothing in taxes.
However, for a Canadian bank to provide information about US customers to the IRS (absent a crime or court order) violates Canadian privacy law. So Canadian banks are in a very difficult position:
- comply with FATCA and break Canadian law
- get permission from their US customers to hand over info to the IRS
- don't do business with US citizens living in Canada (of which there are about a million)
ever walk down the street, and stumble, but mid-way turn it into a move that some part of you thinks will convince on-lookers that you did it on purpose? like you were just testing out a new dance move for the clubs? what - you mean those thousands of broken spent fuel rod assemblies? yeah - it's cool.. oh - and if you ask questions in japan on this, off to jail you go!
Don't large corporations control congress? Don't congress members want to stay in the good graces of corporations so they continue to get campaign donations and board positions upon retirement from public service?
Why aren't large corporations pressuring congress to reign in the NSA?
Who's holding the puppet strings?
American citizens, come and host your data on canadian soil !
Therefore, it will technically be foreign data.
Therefore, the NSA will be able to spy on it without trespassing any law regulating spying on its own citizens.
Thanks for your cooperation.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
CSEC Admits It 'Incidentally' Spies On Canadians
So, go to Europe then. Oh, that's right.
The German Prism: Berlin Wants to Spy Too
France - Alarm over massive spying provisions in new military programming law
Why is this going on? Is there some sort of pattern that could explain it?
Iran’s fingerprints in Fallujah
Report: Canadian Terrorists Planned Truck Bomb Attack
At Least 4,000 Suspected of Terrorism-Related Activity in Britain, MI5 Director Says
Dutch Arrest 12 Somalis on Terror Suspicions
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
The one detailing the case of U.S. vs Bank of Nova Scotia.
http://scholar.google.com/scholar_case?case=15359095430199898378&q=%E2%80%9Csimply+cannot+acquiesce+in+the+proposition+that+United+States+criminal+investigations+must+be+thwarted+whenever+there+is+conflict+with+the+interest+of+other+states.%E2%80%9D&hl=en&as_sdt=2006
The argument is premised on the idea that Americas largest multinational corporations are somehow so divorced from the legislative and governance process of the United States as to need to seek asylum in a foreign country.
companies only care about customer data if consumer market research data indicates negative shifts in earnings as a result of their inability to assauage customers of the validity, sanctity and security of their data. A prime example is the Target scandal recently. the cost to shore up security was probably much greater than the cost to issue apologies in the media. Target further mitigated the impact by using weasel words like "may have" or "possibly" when describing the outcome of their data breech. This in turn led the financial companies beholden to the cardholders to issue, of course, similar statements with a key advisory to "watch" your credit card, not to replace it which while effective would have been vastly more expensive for the financial company.
when companies face any real backlash from their customers, they legislate their way around it through the appropriate channels. AT&T demanded immunity from Bush wiretapping and received it. had they cared about your data, they would have fought the government to eliminate warrantless surveillance of this kind. But the law is ever on their side as they are the ones who craft it. Verizon lobbied extensively for stricter laws protecting arbitration clauses. They did it in response to a string of class action lawsuits related to overbilling customers. had they cared about the letter of the law, they would have made major changes and improvements to their billing system that prevented the plaintiffs from suffering the ridiculous mischarges in the first place.
Good people go to bed earlier.
No secret that the NSA works with Canada, New Zealand, UK and Australia on ECHELON so anything in those jurisdictions is easily subject to acquisition. Equally easy would be any jurisdiction in Commonwealth countries or countries that are desiring entry into the Commonwealth who would allow this on their soil just to curry favor with the UK.
What makes you think a hacked Cisco border router plugged into the Internet is any more secure in Canada? It's just a couple more hops, that is all.
Join the Slashcott! Feb 10 thru Feb 17!
If you really care about keeping that data confidential, keep it in your own computers! If a government agency wants it, at least then you'll probably find out.
- comply with FATCA and break Canadian law
- get permission from their US customers to hand over info to the IRS
- don't do business with US citizens living in Canada (of which there are about a million)
I fail to see how that puts the banks in a difficult situation. Canadian banks have no obligation to comply with US law; they do, however, have an obligation to comply with Canadian law.
The burden of compliance here rests entirely on those US citizens storing money in Canada. The Canadian banks simply need to join the EEA in telling the US to go fuck itself as regards the wholesale presumption of US hegemony over global AML regulations.
Anything crossing the border can be seized and inspected without a warrant. It wouldn't surprise me if this system was set up by the NSA or RCMP to get stupid bad guys to fall for it.
No matter where you move it, if you're sharing it on the internet there's a good chance it will touch some fiber or cable that is US jurisdiction. If that happens it can be seen, stored, and spied on at the NSA's leisure. Nothing is fixed, it's all PR smoke and mirrors.
To be precise, the case was one in which the US required the Bank of Nova Scotia's subsidiary in the US to duplicate records from the Cayman Islands, contrary to the laws of the Caymans and also of Canada, where the Bank is chartered. That's why I put quotes around the "extradited" (;-))
If the records were already in the 'States, there wouldn't have been reason for the Bank to object to a subpoena from a US grand jury.
Returning to your post, FATCA is indeed a problem, and IMHO is a US response to tightened blocking legislation in Canada. US business would be well pleased if it caused ScotiaBank to go away.
--dave
davecb@spamcop.net
What you meant to say was that Canadian banks (not "your" banks - they don't work for you) will release personal information to the US government (not "America" -- the government obviously doesn't work for me if they are doing it against my will). The citizens on either side are the victims, not the aggressors. The aggressors are the governments on either side.
https://en.wikipedia.org/wiki/UKUSA
Spoiler alert: Canada is one of them.
Its an interesting catch22; moving the data out of the US theorectically elevates the legitimacy of any NSA attack on it, since its now a legitimate attack on 'foreign signals'.
On the other hand thanks to the rampant domestic abuse, and undermining of local legal protection, at least moving it outside the country requires the NSA actually attack it rather than just help themselves.
All that is assuming the Canadian's won't be complict sharing the data; but to my knowledge at least, that would still require somebody attack it as Canada doesn't seem to have quite the same degree of "give us your all data, don't tell anyone you are doing it, because: national security".
Is it a marketing move? Absolutely.
But it does still have some real impact; and really if you want the US to change its habits, an economic angle is really the best way to get their attention.
If a company has rights, it also has the obligation to fight for it's rights, not run to Canada. Those companies shouldn't be allowed to operate in the USA.
The companies don't just transfer money from one bank account to another...it's way more complicated. One way is to pay an offshore subsidiary huge amounts of money for relatively little actual work. They can then call that a "cost" in the USA and reduce taxes owing, then show the profits in another country with lower taxes.
The banks do business in the USA. If the Canadian side didn't cooperate, then the American side would presumably be targeted by the government.
I fail to see how that puts the banks in a difficult situation. Canadian banks have no obligation to comply with US law; they do, however, have an obligation to comply with Canadian law.
You are correct.
However, there is the OR ELSE clause of FATCA: http://www.cbc.ca/news/politics/canadian-banks-to-be-compelled-to-share-clients-info-with-u-s-1.2437975
If a Canadian bank (or any other foreign bank, investment dealer, etc) doesn't comply with FATCA, then the US government will apply a withholding tax of 30 per cent levied on every transaction a non-compliant bank has coming from, or even passing through, the U.S.
That is a death penalty, since most foreign banks have some operations in New York or Chicago - they trade there, they sell securities there, they have customers who buy US stocks, etc.
Most major financial institutions (at present) aren't able to not do business in the US, so they could lose 30% of every transaction passing through the US.
Will this lead to increased financial transactions in London, Hong Kong, et al and the decline of Wall Street? Maybe.
The burden of compliance here rests entirely on those US citizens storing money in Canada.
False. There is an obligation on US citizens, but there is ALSO a new requirement on the foreign banks under FATCA.
The Canadian banks simply need to join the EEA in telling the US to go fuck itself as regards the wholesale presumption of US hegemony over global AML regulations.
Actually, the EEA hasn't said that at all. Many foreign banks are choosing to not do business with US citizens since that is an easier solution.
Canada is most likely in violation of US law by providing "sanctuary" to US data. It will be interesting to see where this goes, especially if other countries start doing the same thing. I can see the OFAC list getting a lot longer.
Somebody didn't bother reading his own link. There, information was requested from the American branch of a Canadian bank, seeking information about American customers where the files resided in the Caymans.
False. There is an obligation on US citizens, but there is ALSO a new requirement on the foreign banks under FATCA.
That only applies to banks choosing to do business in the US, whether or not the US says otherwise. Though as you point out, most banks do choose to do some of their business in the US.
Actually, the EEA hasn't said that at all. Many foreign banks are choosing to not do business with US citizens since that is an easier solution.
Nonbinding at this point, but yes, they have said exactly that.
That court case did nothing of the sort - it was a court case against a local US bank subsidiary asking for records of other subsidiaries in the Bahamas and Cayman Islands.
I came in here to address this issue.
An interesting quote (emphasis mine) from the linked-to case:
Over all I do hope that more data is moved to Canada (hence more jobs here), and the Canadian governments, federal and provincial, strengthen their determination (and regulations) to keep sensitive citizens' data out of the USA.
How about a nice, fat trans-Canada fibre optic cable, all within our borders? I imagine the spending on the advertisements for the "Canada Action Plan" would've paid for a good deal of it...
So unless Google, Facebook, and the like are no longer going to be US-based companies (which I doubt will happen, especially given that they are publicly traded), and decide to shut down all operations in the US, things like the Patriot Act & wiretapping laws would still compel these companies to hand over data, despite the data center sitting on Canadian soil--or anywhere else in the world... Remember that Microsoft refused to answer questions about whether law enforcement had backdoors into Skype calls, after M$ picked up Skype. Pre-takeover, when Skype was an Estonian company, US-required backdoors didn't exist & couldn't be compelled, so the NSA had to hack to get the data...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Canadian banks have no obligation to comply with US law
They do if they operate in the USA. I know RBC does.
upon the advice of my lawyer, i have no sig at this time
Our rights are slowly being eroded thanks to Harper. The actual government won't be happy until we are a police state.
I've got better things to do tonight than die.
Yeah, that won't work for example: Hushmail folded like a house of cards.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
They'll just let the NSA know that the national password is 'bacon' and it's back to spying as usual.
If American citizens and businesses need to protect themselves from the NSA, who is the NSA protecting?
Unfortunately, Canada is just as bad. This would be especially true if you were a US citizen. They claim to go through "great pains to anonymize domestic communications" (which is likely not true) making all foreign (ie. US) communications fair game.
Canada will also never refuse an extradition request to the US, or any of it's allies. A special circumstance is made for "political refugees" but I'd be completely surprised if some bullshit trumped up terrorism charges couldn't override that.
So, US companies need to look elsewhere to harbor their data. And I say this as a somewhat less-proud Canadian citizen than I was a decade ago.
If it ain't broke, don't fix it.
Actually, the EEA hasn't said that at all. Many foreign banks are choosing to not do business with US citizens since that is an easier solution.
Nonbinding at this point, but yes, they have said exactly that.
That is different - it's a program to track terrorist financing, the TFTP: http://en.wikipedia.org/wiki/Terrorist_Finance_Tracking_Program
FATCA is a program to track tax avoidance & tax evasion by ordinary US citizens. FATCA also puts a big burden on US citizens and foreign banks, even if they have been fully complying with US law and paying all applicable US taxes.
Megavideo was partially hosted in Toronto. Sanctuary my ass.
An interesting quote (emphasis mine) from the linked-to case:
The nationality of the Bank is Canadian, but its presence is pervasive in the United States.[18] The Bank has voluntarily elected to do business in numerous foreign host countries and has accepted the incidental risk of occasional inconsistent governmental actions. It cannot expect to avail itself of the benefits of doing business here without accepting the concomitant obligations. As the Second Circuit noted years ago, "If the Bank cannot, as it were, serve two masters and comply with the lawful requirements both of the United States and Panama, perhaps it should surrender to one sovereign or the other the privileges received therefrom."
That isn't quite correct or applicable.
There is the main bank, Scotiabank, incorporated in Canada in 1832. Like many banks, they have subsidiaries in Canada and in other countries. They have a Canadian life insurance subsidiary, a Canadian brokerage firm subsidiary, etc.
The main bank, Scotiabank has a subsidiary bank in Florida. Lets call this company Scotiabank-F for short.
The main bank, Scotiabank has a subsidiary bank in the Bahamas. Lets call this company Scotiabank-B for short.
The main bank, Scotiabank has a subsidiary bank in the Cayman Islands. Lets call this company Scotiabank-C for short.
While Scotiabank-B is subject to Bahamas law, and Scotiabank-C is subject to Cayman Islands law, Scotiabank-F is only subject to Florida law. Scotiabank-F does NOT do business in the Bahamas or the Cayman Islands.
Scotiabank-F has no power or control over Scotiabank-C or Scotiabank-B. Seizing all the assets of Scotiabank-F or throwing the US employees of Scotiabank-F in jail cannot compel Scotiabank-C or Scotiabank-B to comply with a US court order contrary to Bahamas or Cayman Islands law. The US govt should get a court order in the Bahamas or Cayman Islands.
This is equivalent to a french court in France trying to compel the local France subsidiary of IBM to produce internal records of the local Australian subsidiary of IBM.
If Scotiabank (the main company) did business in Florida and did business in Panama, then the 2nd circuit's reasoning is correct.
That is the issue.
The US Constitution - as you no doubt have figured out by now - doesn't.
-- Tigger warning: This post may contain tiggers! --
The Canadian government is trying to out-US the US government in everything else.
Really, who is dumb enough to trust a country that's right in there with the US and is part of the 5 eyes group. Typical Canada, it pretends it's the nice guy but it's just as bad as anyone else.
Silly. Every major country has multiple agencies that conduct Internet espionage. Canada, for example.
1) Canadian privacy laws are MUCH stronger here.
2) Canada does not have laws like the Patriot Act, and others that facilitate government getting at your data legally.
Our current PM seems to want to bend over backwards to do anything the US wants, but is still constrained by law (he isn't King of Canada just yet).
Our intelligence agency, has had a couple of incidents where they "shared" information with the US. In at least one of these cases they are getting sued in a pretty big way, and will probably lose.
Years ago I looked into hosting data on the cloud, but it was pretty much impossible considering concern for privacy law, and the fact that most of the companies hosting cloud services have their servers in the US, and the US had just passed the Patriot Act, which allowed them potentially too much access at a whim. Since then that act has been amended to give more powers, and new acts have been introduced (and passed?) that further erode privacy.
The big difference is that in the US, much of your data is legally obtainable by the US government. In Canada it is not. Were they to share it (government or otherwise), it would be at the very least a privacy breach and illegal. There are ways to legally get at data within Canada, but usually involve a more rigorous process to obtain it.
LOL!
Actually read the article. Which basically says that the NSA stuff with Snowden has made the perception of the US and privacy bad for cloud hosted services.
Canada better privacy laws and...
skilled workforce,
COLD CLIMATE
relatively cheap sources of electricity,
make it ideal for companies to relocate data centers dedicated to cloud services to Canada.
Heh, I suppose with the Cold Climate it would make cooling the data center less of an issue... :) Anyway made me laugh a bit. Though executives might not want to ever come visit facilities if last week -35 degree weather is the norm.
the NSA will be able to spy on it without trespassing any law regulating spying on its own citizens
How do we figure this? Supposedly spying on foreigners INSIDE America is OK, so why would spying on citizens OUTSIDE be legally acceptable? I thought it was about who is being spied on, not where the information is...
It doesn't have to be true, just marketable. This is about winning customers. Ruin the marketability of that statement and you ruin their stupid attempt at a false sense of security and then maybe we can move on to an actual solution. If people have faith in this, it derails true security.
Twinstiq, game news