Slashdot Mirror
Canada Quietly Offering Sanctuary To Data From the US
davecb writes "The Toronto Star's lead article today is Canada courting U.S. web giants in wake of NSA spy scandal, an effort to convince them their customer data is safer here. This follows related moves like Cisco moving R&D to Toronto. Industry Canada will neither confirm nor deny that European and U.S. companies are negotiating to move confidential data away from the U.S. This critically depends on recent blocking legislation to get around cases like U.S. v. Bank of Nova Scotia, where U.S. courts 'extradited' Canadian bank records to the U.S. Contrary to Canadian law, you understand ..."
They've been doing intelligence cooperation with the US for ages, why would they be any more trustworthy?
This is completely meaningless as long as any data has to traverse any network in the US. For that matter, I highly doubt that Canada or any other US ally won't actually cooperate with the NSA. This is nothing but a marketing move on Canada's part.
Our banks will release all personal information to US law enforcement, even though this directly contravenes our Constitution.
http://www.cbc.ca/news/politics/canadian-banks-to-be-compelled-to-share-clients-info-with-u-s-1.2437975
.there is enough of everything for everyone.
Blame Canada!
Mod me down, my New Earth Global Warmingist friends!
The NSA et al are (legally) *more* restricted in the US than abroad. While there might be congressional hearings & other hand wringing about what the NSA does in the US, foreign countries are a cyber free fire zone. Information superiority is the goal, and the NSA has huge fire power ATM.
Security is an illusion people will pay for, so why not make a profit?
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
This is completely meaningless as long as any data has to traverse any network in the US.
If I am exchanging data between Canada and any other place but the US, why would it traverse the US? If these companies want to do business with the rest of the world without being spied on by US agencies, being outside the US is a good place to start.
Whether that alone is enough is questionable, but it's a start and certainly not meaningless.
That court case did nothing of the sort - it was a court case against a local US bank subsidiary asking for records of other subsidiaries in the Bahamas and Cayman Islands.
The real problem is the coming US FATCA law: http://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance_Act
This US law requires foreign banks to provide information about accounts held by Americans, or ELSE.
Canada is not generally regarded as a tax haven - there is no bank secrecy here, no secret corporate ownership and Canada isn't a low-tax jurisdiction. Our taxes are higher than most of the USA.
There is a Canada-US tax treaty, and generally speaking US citizens living in Canada don't have to pay tax to the USA since they get an IRS deduction for the taxes they pay to Canada (they don't get taxed twice on the same income).
Under US law, all US citizens have to file with the IRS every year, even if they live in a foreign country and owe nothing in taxes.
However, for a Canadian bank to provide information about US customers to the IRS (absent a crime or court order) violates Canadian privacy law. So Canadian banks are in a very difficult position:
- comply with FATCA and break Canadian law
- get permission from their US customers to hand over info to the IRS
- don't do business with US citizens living in Canada (of which there are about a million)
Yeah, I'm Canadian. Canada has a pretty good "sharing" relationship with the US. It's a safe bet that if data is stored here we're pretty much just going to hand it to any US government org. that asks for it. I'd be willing to bet this is a scheme cooked up by the NSA because they know Canada will just roll over and hand the info back to them so they can just continue on business as usual. We're not really the confrontational types up here.
American citizens, come and host your data on canadian soil !
Therefore, it will technically be foreign data.
Therefore, the NSA will be able to spy on it without trespassing any law regulating spying on its own citizens.
Thanks for your cooperation.
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
I think it would be worse for US to store their data in Canada because at that point, NSA is just spying on another country rather than in their own turf. Something that is in high scrutiny at the moment.
It's actually worse than just them rolling over.
See, Canadian operations are firmly within the jurisdiction of the NSA. So moving out of country makes you more hackable, not less.
You know the Canadians will roll over on you, eh?
Please, sir (I say "sir", and I apologise if you are a "ma'am", ma'am), but on behalf of all Canadians, I urge you to consider that it is "politeness, pleasantries, civility, and common courtesy" that you misinterpret as "rolling over".
We simply rush to the front and open the door for you, sir/ma'am.
I hope I haven't offended you in any way, and I apologise for taking your time.
Thank you, and all the best, Godspeed.
The argument is premised on the idea that Americas largest multinational corporations are somehow so divorced from the legislative and governance process of the United States as to need to seek asylum in a foreign country.
companies only care about customer data if consumer market research data indicates negative shifts in earnings as a result of their inability to assauage customers of the validity, sanctity and security of their data. A prime example is the Target scandal recently. the cost to shore up security was probably much greater than the cost to issue apologies in the media. Target further mitigated the impact by using weasel words like "may have" or "possibly" when describing the outcome of their data breech. This in turn led the financial companies beholden to the cardholders to issue, of course, similar statements with a key advisory to "watch" your credit card, not to replace it which while effective would have been vastly more expensive for the financial company.
when companies face any real backlash from their customers, they legislate their way around it through the appropriate channels. AT&T demanded immunity from Bush wiretapping and received it. had they cared about your data, they would have fought the government to eliminate warrantless surveillance of this kind. But the law is ever on their side as they are the ones who craft it. Verizon lobbied extensively for stricter laws protecting arbitration clauses. They did it in response to a string of class action lawsuits related to overbilling customers. had they cared about the letter of the law, they would have made major changes and improvements to their billing system that prevented the plaintiffs from suffering the ridiculous mischarges in the first place.
Good people go to bed earlier.
There was the whole "stop loss" program, where enlistees were prevented from leaving the military after their enlistment term ended. That sounds pretty close to conscription to me. Only a lawyer would argue otherwise.
What makes you think a hacked Cisco border router plugged into the Internet is any more secure in Canada? It's just a couple more hops, that is all.
Join the Slashcott! Feb 10 thru Feb 17!
Thank you
Thank you kindly.
systemd is Roko's Basilisk.
- comply with FATCA and break Canadian law
- get permission from their US customers to hand over info to the IRS
- don't do business with US citizens living in Canada (of which there are about a million)
I fail to see how that puts the banks in a difficult situation. Canadian banks have no obligation to comply with US law; they do, however, have an obligation to comply with Canadian law.
The burden of compliance here rests entirely on those US citizens storing money in Canada. The Canadian banks simply need to join the EEA in telling the US to go fuck itself as regards the wholesale presumption of US hegemony over global AML regulations.
https://en.wikipedia.org/wiki/UKUSA
Spoiler alert: Canada is one of them.
Its an interesting catch22; moving the data out of the US theorectically elevates the legitimacy of any NSA attack on it, since its now a legitimate attack on 'foreign signals'.
On the other hand thanks to the rampant domestic abuse, and undermining of local legal protection, at least moving it outside the country requires the NSA actually attack it rather than just help themselves.
All that is assuming the Canadian's won't be complict sharing the data; but to my knowledge at least, that would still require somebody attack it as Canada doesn't seem to have quite the same degree of "give us your all data, don't tell anyone you are doing it, because: national security".
Is it a marketing move? Absolutely.
But it does still have some real impact; and really if you want the US to change its habits, an economic angle is really the best way to get their attention.
And that is what we call a Canadian burn, Eh!? ;)
That didn't apply to Jean Cretien (;-)) which is probably what that comment was alluding to ...
davecb@spamcop.net
To spy in the US, though, they need a FISA rubber stamp. So there's a record of it, somewhere, supposedly.
To spy in Canada, they just need to push the button.
If it were my company, I would have all the realms under my own authority as much as possible. Nobody could be served a warrant without my knowing about it. So no data centers, vendors, or other third parties with access to my systems, and they'd need to be in the US.
This way were any of my data seized there's just cause to go looking for a copy of the warrant.
Moving it to Canada just means you've removed the necessity to get a warrant at all.
I think it would be worse for US to store their data in Canada because at that point, NSA is just spying on another country rather than in their own turf. Something that is in high scrutiny at the moment.
Excellant point. Data stored abroad would not necessarily be afforded the same legal protections as data stored in the US. Even given the recent revelations companies should take that into consideration as well.
I'm a consultant - I convert gibberish into cash-flow.
I don't trust the tin foil makers. What can I do?
So unless Google, Facebook, and the like are no longer going to be US-based companies (which I doubt will happen, especially given that they are publicly traded), and decide to shut down all operations in the US, things like the Patriot Act & wiretapping laws would still compel these companies to hand over data, despite the data center sitting on Canadian soil--or anywhere else in the world... Remember that Microsoft refused to answer questions about whether law enforcement had backdoors into Skype calls, after M$ picked up Skype. Pre-takeover, when Skype was an Estonian company, US-required backdoors didn't exist & couldn't be compelled, so the NSA had to hack to get the data...
Windows 3.1x calc: 3.11 - 3.10 = 0.00
Yeah, that won't work for example: Hushmail folded like a house of cards.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
I think it would be worse for US to store their data in Canada because at that point, NSA is just spying on another country rather than in their own turf. Something that is in high scrutiny at the moment.
The seems to be spying on their own turf as well, so I don't see that there's much of a difference. :/
Also, given that both countries are part of the Five Eyes collective, I think they're less likely to go into Canadian territory (at least not without asking). They'd probably just get CSEC to do the work instead.
It WOULD technically be legal for the NSA to hack their way into these out-of-country systems, even if they know they are targeting data on American's, but they don't have to. We are America's lap dogs, and we are happy to just hand over the data on request. We have even weaker laws regarding this than the US, and even worse press coverage about what CSIS is doing [basically a combination of CIA and NSA].
There is a reason why the President uses a BlackBerry and that the US NEVER complained about not being able to access BB messages like India and Saudi Arabia did. We bent over and spread 'em wide.
Sleep your way to a whiter smile...date a dentist!
The difference is, when your data is stored in the US, the US can pass laws saying that the data has to be handed over, and the companies holding it for you can't tell you. If it's in Canada, there are two options.
First, Canada rolls over and requires the data be sent to the US. Of course, we don't currently have laws to require that, or for us to be silent about it if it does happen. Granted, we have the notwithstanding clause, which allows plenty of leeway, but not so much that they can emplace gag orders or warrantless searches.
Second, the Canadian company holding your data knowingly and actively does all it can to stop the unlawful access of your data, and responds if there are attempted breaches. Note that this will not and can not happen in the US as things currently stand.
At worst, it will be no different from having your data in the US. At best, you may have actual corporate security.
Sure I'm paranoid, but am I paranoid enough?
The US Constitution - as you no doubt have figured out by now - doesn't.
-- Tigger warning: This post may contain tiggers! --
I was about to write an angry reply, but it's too cold outside to care.
Signed, a fellow Canadian.
Get free satoshi (Bitcoin) and Dogecoins