Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canada Wants To Keep Federal Data Within National Borders (thestack.com)

Posted by BeauHD on from the firewall dept.

An anonymous reader quotes a report from The Stack: Canada has released its latest federal cloud adoption strategy, now available for public comment, which includes policy concerning the storing of sensitive government information on Canadian citizens within national borders. The newly-published [Government of Canada Cloud Adoption Strategy] requires that only data which the government has categorized as "unclassified," or harmless to national and personal security, will be allowed outside of the country. This information will still be subject to strict encryption rules. The new strategy, which has been in development over the last year, stipulates that all personal data stored by the government on Canadian citizens, such as social insurance numbers and critical federal information, must be stored in Canada-based data centers in order to retain "sovereign control."

73 of 104 comments (clear)

  1. canada/china by turkeydance · · Score: 1

    sovereign control served here

  2. Seems logical by fustakrakich · · Score: 1

    Is somebody trying to make an argument against the idea?

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Seems logical by Noah+Haders · · Score: 5, Insightful

      I think it is a good start, but you also need to be careful that your data doesn't pass through outside networks before getting to your home. For example, when I get a page from slashdot, it may travel around the world and back again to get into my computer. we need ways to keep control of which paths the datas take.

    2. Re:Seems logical by fustakrakich · · Score: 3, Funny

      That might be a bit more difficult, but maybe using traceroute can keep it on a domestic path.

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Seems logical by Anonymous Coward · · Score: 2, Informative

      Don't most countries have this policy? Why are we making news for following the same standard everyone else does

    4. Re:Seems logical by fustakrakich · · Score: 1

      I don't know the intention behind the cheap shot, but *He who shall not be named* has no place in this thread :-)

      --
      “He’s not deformed, he’s just drunk!”
    5. Re:Seems logical by StillAnonymous · · Score: 1

      If TTP passes, you can rest assured that some foreign company will be crying foul and suing in private court because they weren't given a chance at the business due to unfair "protectionist" laws.

    6. Re:Seems logical by ramriot · · Score: 1

      Specifically for Canada this may well be impossible, reason being is that much of the Canadian population lives within 100Km of the US border and much of the fat pipes that take data between Canadian cities go via carriers in the US.

      BTW we talking US here as being the key aggressor of sovereign cybercrime.

    7. Re:Seems logical by NotQuiteReal · · Score: 1

      They said nothing about "transport", just "storage".

      Nobody would store bytes passing through inter-web pipes for free, right?

      --
      This issue is a bit more complicated than you think.
    8. Re:Seems logical by davester666 · · Score: 1

      yes. literally EVERY cloud service that hosts data outside of Canada want in on the action, but without having to have a datacenter in Canada to store the data.

      This policy has basically given in on the subject, now it will be some bureaucrat with no understanding of how information pieces together deciding whether a given bit of data is "unclassified" or not.

      Is it really so hard to just say "Fuck you. You need to store all the data within Canada or you can't be a provider for the Canadian gov't."

      --
      Sleep your way to a whiter smile...date a dentist!
    9. Re:Seems logical by Lennie · · Score: 2

      Employing the correct encryption helps a lot.

      --
      New things are always on the horizon
    10. Re:Seems logical by AchilleTalon · · Score: 1

      The real problem is storing government and federal data outside the government and federal infrastructure. Why is that? All data should be stored encrypted, even if in a canadian cloud. But I still don't understand why the government need to store it in the cloud and not build its own cloud for this purpose. What are the advantages for the government to store it in the cloud instead of in-house?

      --
      Achille Talon
      Hop!
    11. Re:Seems logical by GNU(slash)Nickname · · Score: 2

      The real problem is storing government and federal data outside the government and federal infrastructure. Why is that? All data should be stored encrypted, even if in a canadian cloud. But I still don't understand why the government need to store it in the cloud and not build its own cloud for this purpose. What are the advantages for the government to store it in the cloud instead of in-house?

      In a word, cost. The government can't compete with the likes of AWS.

    12. Re:Seems logical by geekmux · · Score: 1

      Is somebody trying to make an argument against the idea?

      Only every cloud provider in the known universe that likes to replicate your data across at least three continents.

      I have to control my data under similar restrictions, so I've had quite a lot of experience hearing "Oh, wow. No, I'm afraid we can't do that."

    13. Re: Seems logical by Midnight+Thunder · · Score: 1

      In many ways what the government is doing here is no different from financial organisations. Due to the regulated nature of these organisations, any cloud service provider must be able to limit where the data is being stored or they won't being selected a vendor.

      For example, e-mails exchanged between employees in Switzerland may not be stored outside of the country, even if the company is a multinational and has other e-mail archives.

      --
      Jumpstart the tartan drive.
    14. Re:Seems logical by cdrudge · · Score: 2

      Nobody would store bytes passing through inter-web pipes for free, right?

      It cost $1.5b when built, but this place will store your data for no additional costs.

    15. Re:Seems logical by luis_a_espinal · · Score: 1

      I think it is a good start, but you also need to be careful that your data doesn't pass through outside networks before getting to your home. For example, when I get a page from slashdot, it may travel around the world and back again to get into my computer. we need ways to keep control of which paths the datas take.

      Without guaranteed air gaps, the required levels confidentiality or access control cannot be achieved by anything present in the OSI/IP model unless we start using VPNs, WS-Security or some other complex mechanism.

      That might be the way to go (the only way to go) for the Canadian government if it wants to implement such requirements. Talking about them and making the requirements available to the public is a good start. Better than trying to concoct the requirement in secret and come up with a shitty implementation that leaks like a colander.

    16. Re:Seems logical by luis_a_espinal · · Score: 1

      They said nothing about "transport", just "storage". Nobody would store bytes passing through inter-web pipes for free, right?

      If you can "transport" it, you can "store" it. To prevent storage, the Canadian government would have to employ some sort layer 7 end-to-end security.

    17. Re:Seems logical by Yvan256 · · Score: 1

      How about creating a new TCP/IP "do not copy" security bit, similar to the evil bit in RFC 3514?

    18. Re:Seems logical by Noah+Haders · · Score: 1

      Will bad actors respect the do not copy bit? Drats! Foiled again!

    19. Re:Seems logical by dmt0 · · Score: 1

      I think it is a good start, but you also need to be careful that your data doesn't pass through outside networks before getting to your home. For example, when I get a page from slashdot, it may travel around the world and back again to get into my computer. we need ways to keep control of which paths the datas take.

      There is a tool that allows you to explore the travel paths. And from the stats that the tool has gathered so far it appears that most of the local/domestic Canadian traffic gets routed through a few very specific points in US. See here:
      https://www.ixmaps.ca/faq.php

      IX maps has been sending request recently through openmedia.ca asking people to download the tool and submit their stats. The tool is here:
      https://www.ixmaps.ca/contribu...

    20. Re:Seems logical by Noah+Haders · · Score: 1

      If I were Canada, I would build a huge beautiful data wall to keep this info out of america's prying hands.

    21. Re: Seems logical by david_thornley · · Score: 1

      The person most likely to be the next President is against it in its final form. Nor am I at all sure it would pass a two-thirds vote in the Senate.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    22. Re:Seems logical by luis_a_espinal · · Score: 1

      How about creating a new TCP/IP "do not copy" security bit, similar to the evil bit in RFC 3514?

      That's one hell of an Achilles' heel in that it assumes every single hop (intended or otherwise) will obey it. Without dedicated VPNs or air gaps, you cannot prevent copying. So the only alternative is end-to-end Layer 6/7 confidentiality, integrity and non-repudiation (and availability but only if the first three are met.)

  3. yay patriot act by Anonymous Coward · · Score: 1

    this is actually a requirement in several Provincial Privacy acts. Nova Scotia for example is not allowed to store any personally identifiable information outside of Canada. The feds arnt bound to follow Provincial acts, but its not surprising they would follow what others are doing already.

    Its specifically the Patriot act that led to the NS Clause.

    1. Re:yay patriot act by MightyMartian · · Score: 4, Informative

      I work for a contractor for a Provincial government, with a significant amount of the money for that contract actually flowing from the Federal government, and the contract language is explicit; no confidential or personal data is to be stored, or even accessed, outside of Canada.

      I actually talked to Google about three years ago and asked if they could guarantee the Google Docs (now Google Drive) cloud could be located on Canadian servers, and they said that couldn't and that they had no plans to. It's my understanding that Microsoft, on the other hand, has conceded to this for OneDrive, so I expect that if Google hasn't already moved in that direction, they will soon.

      As it is, we're getting requests from a lot of staff for some sort of Cloud solution, as usage scenarios grow beyond VPNs and RDP.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:yay patriot act by swb · · Score: 1

      "Couldn't" probably means "don't want to". It seems hard to fathom that Google doesn't have some kind of regional controls in their system that can pin or exclude data or processes to specific geographic regions (transnational) or national regions. It seems like a basic management function for such a large clustered compute environment.

      Amazon *sells* regional availability zones as a feature, although I don't know to what extent this creates guarantees of regional isolation or anchoring of data.

      My guess is the doesn't want to part comes from not wanting to be limited by national laws or get hamstrung by lots of demands for regional isolation or exclusion and having those demands warp infrastructure or analytics. Without allowing regional constraints by customers, they can focus on performance and reliability.

    3. Re:yay patriot act by waterford0069 · · Score: 1

      Just try explaining that to a U.S. company. Anonymized conversation:

      Me - "How do I do [X] with our data?"
      U.S. - "I can do that for you, just send me a copy of the database."
      Me - "No, I can't ship our data to you. It's full of citizen's personal information."
      U.S. - "Oh, well we can sign an N.D.A."
      Me - "No, that won't work. The USA PATRIOT act allows the US government to compel you to give them that information. Our own privacy legislation prevents me from sharing that personal information with persons who can't or won't keep it private. When you combine the two, the only way for us both to comply with our respective laws if for me not to give it to you."
      U.S. - "Oh, we've never had them come to us looking for that kind of information. And our lawyers..."
      Me - "Doesn't matter, I still can't ship you the data"
      U.S. - "Boy, you Canadian's sure have some funny laws"
      Me - "Ummm.. yah - so anyways, how do I do [X]?"

      I'm not evaluating whether the USA PATRIOT act is in general a good thing or a bad thing. But it is a hindrance on cross border commerce involving processing of personal data.

  4. Good to see they've learned their lesson by BarbaraHudson · · Score: 3, Informative
    Before the census was cancelled, the contract was given to Lockheed.

    During the 2011 census, for instance, 89-year-old Ontario resident Audrey Tobias said she would not fill out the questionnaire because an information technology contract linked to it had been awarded to an American company, Lockheed Martin. Tobias was charged with violating the Statistics Act, but eventually acquitted.

    Now that it's back, time to make sure that your data stays your data.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    1. Re:Good to see they've learned their lesson by MightyMartian · · Score: 1

      Not filling in your census has always come with penalties. It's nothing new.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Good to see they've learned their lesson by BarbaraHudson · · Score: 2

      There's no reason not to have a statistics act, same as there's no reason not to have a central registry for births and deaths, or one for drivers and automobiles.

      Canadians are the freest people in the Americas, so bite me. :-) And we're not to shabby compared to the rest of the world either. Try not to be so obviously jealous next time.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    3. Re:Good to see they've learned their lesson by BarbaraHudson · · Score: 1

      No more than you're free to publish any other hate literature. We like our ban on hate literature - we're free to get rid of it, but we don't.

      Now, you can deny the holocaust in private all you want, just as you can possess drawings you made of child pornography all you want - you just can't show them to anyone without violating the law (yes, a BC court has held on appeal that kiddie porn drawings made by an individual solely for their own gratification are allowed under those restrictions).

      As long as it doesn't impinge on anyone else and isn't inflicting harm, we really don't give a shit. Hate speech inflicts harm. So does kiddie porn when distributed.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  5. Does this mean... by 110010001000 · · Score: 3, Funny

    ...Canada is buying another computer to go with the one they already have?

    1. Re:Does this mean... by mykepredko · · Score: 1

      Yes, it's 'way too busy.

      The squirrels in the current one need some to periodically rest.

      --
      Mimetics Inc. Twitter
    2. Re:Does this mean... by GNU(slash)Nickname · · Score: 1

      The beavers in the current one need some to periodically rest.

      FTFY

    3. Re:Does this mean... by AchilleTalon · · Score: 1

      It ain't squirrels, it's beavers. You insensitive clod!

      --
      Achille Talon
      Hop!
  6. BC FIPPA by Rob+Bos · · Score: 2

    British Columbia already has this rule; government data (including university data for researchers) must be kept on Canadian servers. There's some wiggle room for opting in to US storage, though.

    I think it's important legislation, and it motivates some good duplication of infrastructure within Canada. It makes it harder to abdicate our responsibility to data and makes it just a bit harder for US subpoenas to get a hold of it.

  7. Re:Start with the census by BarbaraHudson · · Score: 1

    The government was also able to jail you for refusing to fill in previous long-form census. I refused in writing in both 2006 and 2011, on the grounds that in 2006 some of the questions were inappropriate, and in 2011 because some of the questions required information on your parent's ethnicity, which if they want it, they can ask them directly. Long distance charges will definitely apply since they were long dead.

    Threats disappeared after I told them that the census taker had violated the census act by having one of her children along when trying to con me into filling it in. And keeping info stored on an insecure laptop. I also told them that I could prove that the "92 year non-disclosure policy" was a total lie, that researchers are given access to the raw data after a mere 7 years, so please take me to court.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  8. Normal and sensible. by Kernel+Kurtz · · Score: 4, Insightful

    Nobody sane the world over wants their data exposed to the USA.

    Hard to protect against for sure, but still a worthwhile goal to shoot for.

    1. Re:Normal and sensible. by ceoyoyo · · Score: 2

      If you're "the world over" and you're not the USA (i.e. Canada), the USA snooping on your data is "another government."

    2. Re:Normal and sensible. by Dr.+Evil · · Score: 1

      And as a non-US Person, you have no right to privacy.

    3. Re:Normal and sensible. by luis_a_espinal · · Score: 1

      Actually, the US does a decent job of keeping its data relatively secure, when compared to some other countries...granted, you have to allow that the government will snoop on it all, but that might not be as bad as having another government snoop on all your data.

      Of course, there are notable exceptions. I'd trust Google with my data, but not Microsoft.

      Hillary's e-mail server (no, I'm not a Trump fan.) Security matters shit if processes aren't followed. God knows what other snafus exists that we do not know of.

    4. Re:Normal and sensible. by dmt0 · · Score: 1

      Not sure if anyone is trying to protect from that at all. Somehow most of local Canadian traffic (including the one between your PC and government sites) goes through US:
      https://www.ixmaps.ca/faq.php

    5. Re:Normal and sensible. by AHuxley · · Score: 1

      AC you do recall PRISM https://en.wikipedia.org/wiki/... ?
      Thats a lot of US brands, a lot of data flowing to the US gov and mil.

      --
      Domestic spying is now "Benign Information Gathering"
  9. Re: From the summary... by Zanth_ · · Score: 1

    Yes :(

  10. Re:translation by Anonymous Coward · · Score: 1

    in order to retain "sovereign control."

    Translation: the Canadian government wants to be able to spy on its citizens easily.

    Domestically storing the *government* curated data that the *government* already controls doesn't provide much of a spying advantage.

    Anyways, Canada doesn't have to spy on its citizens. We let the NSA and the MI5 etc spy on our citizens, just like CSEC and the MI5 etc spy on US citizens in a giant circle jerk including Australia and New Zealand.

  11. Re:From the summary... by theshowmecanuck · · Score: 1

    Yes, but they aren't allowed to contribute to election campaigns or political parties; only people are. Trade unions are also not allowed to contribute to election campaigns or political parties.

    --
    -- I ignore anonymous replies to my comments and postings.
  12. It just makes sense by chromaexcursion · · Score: 1

    This is data that should be nationally controlled and protected. Keeping it with borders makes sense.
    The US doesn't have a law. It has regulations the amount to the same. So do other countries.
    All the big brother conspiracists, please give the rest of us a break.

  13. Re:From the summary... by theshowmecanuck · · Score: 2

    Ugh... let me clarify. The are legal entities/persons separate from the people who run them and/or the shareholders. But in terms of something like the Citizens United case, no they are not people.

    --
    -- I ignore anonymous replies to my comments and postings.
  14. Re: Start with the census by MightyMartian · · Score: 1

    There are treatments for your condition.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  15. Not privacy... by SeattleLawGuy · · Score: 1

    This is most likely a question of protectionism (giving contracts to your own data centers) with a privacy smokscreen. It has a coincidental privacy benefit.

    --
    Real lawyers write in C++
    1. Re:Not privacy... by Mashiki · · Score: 1

      No, it's more likely a point on the state of Canada's privacy laws which are incredibly stringent compared to the US and some parts of Europe. See here in Canada, there's sections in the privacy laws(both federal and provincial) that require storage of personally identifiable information to remain within the government agency. It's so stringent that unless there is written permission from you, one government agency can't transfer it to another.

      --
      Om, nomnomnom...
    2. Re: Not privacy... by Midnight+Thunder · · Score: 1

      Not at all, it is about jurisdiction and laws. A server outside of your country is essentially in the jurisdiction of the country it is hosted in and subjected to the laws of the hosting country. If said hosting country decides to confiscate said servers or make a copy of that data, then there is not much the owner of the data can do. Is it really spying when the data was stored outside the originating country?

      By having the data limited to being stored in the territory of the country it belongs to, you are avoiding potential diplomatic issues around. it.

      --
      Jumpstart the tartan drive.
  16. Re: Haha by corychristison · · Score: 1

    You realize we have a population roughly 1/10th of the US, right? That's a fair number of people to datamine.

  17. Re:Start with the census by tlhIngan · · Score: 5, Informative

    The government was also able to jail you for refusing to fill in previous long-form census. I refused in writing in both 2006 and 2011, on the grounds that in 2006 some of the questions were inappropriate, and in 2011 because some of the questions required information on your parent's ethnicity, which if they want it, they can ask them directly. Long distance charges will definitely apply since they were long dead.

    Threats disappeared after I told them that the census taker had violated the census act by having one of her children along when trying to con me into filling it in. And keeping info stored on an insecure laptop. I also told them that I could prove that the "92 year non-disclosure policy" was a total lie, that researchers are given access to the raw data after a mere 7 years, so please take me to court.

    Yes, they are able to jail you. But - over the entire history of the law, there were about 11 people actually charged, and they were just fined - $1000 or so.

    The census is important. In fact, there was no long form in 2011 because the Conservative government changed it from mandatory to voluntary. This had the unfortunate side effect that there is no usable data to be mined from the 2011 census.

    As for the release of raw data - it's collective data, not individual forms. The 92 year rule is for individual forms - so in 92 years, the complete form is released how you filled it in. But the census data is of importance to many people, groups and organizations, and that's aggregated. After 7 years, the aggregated data is available to researchers who want a snapshot of the Canadian population to study what they need to study. But they don't have access to the individual forms you fill out, only the aggregated data. And only subsets of it - what they need for their research. No one other than Statistics Canada can see the full data set, and once the forms are tallied, no one can see the raw forms or individual data either (until 92 years later).

    Before it was gutted by the Harper Conservatives, Statistics Canada is/was one of the most premier data collecting and analysis organizations. It's why the chief statistician resigned after elimination of the long form - he knew that the law would render the 2011 data completely worthless. It's partly why we're in the situation we're in with school closures in one city, school overcrowding in others, etc. Because the only usable data dates back to 2006.

  18. Re:I'd be more worried about outsourcing of helpde by GNU(slash)Nickname · · Score: 1

    Doesn't really help if the servers are in Canada but the people accessing them are in Mumbai does it ?

    The people in Mumbai won't have the security clearance to access the data in the first place.

  19. Re:Start with the census by AchilleTalon · · Score: 1

    You have it right. The OP is just smoke and drama.

    --
    Achille Talon
    Hop!
  20. Re:Start with the census by hodet · · Score: 1

    It's good to see a well written and thoughtful response on the requirement for the long form census. The data is instrumental for so many organizations and for governments of all levels (local, provincial, federal) to develop policies and programs to meet the needs of Canadian citizens.

  21. Re:I'd be more worried about outsourcing of helpde by Lieutenant_Dan · · Score: 1

    The people in Mumbai won't have the security clearance to access the data in the first place.

    They do tend to have the ability to manage the credentials to grant you access to the applications that consume the data. I've seen this approach leave massive holes in healthcare and outsourcing; where there are stipulations about keeping data in the country.

    The GP's point is that physical storage/location is only one piece of the puzzle. Separation of duty as you describe is another, regular audits and monitoring, management of encryption keys, securing the network paths (there a lot of hops that bounce back and forth between the US and Canada), etc

    --
    Wearing pants should always be optional.
  22. Re: Start with the census by BarbaraHudson · · Score: 1

    It is illegal in some provinces (including Quebec) to ask your neighbors for personal information about you. Even a licensed private investigator can't. Of course, too many people don't know that, so they acquiesce, rather than calling the cops.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  23. Re:Start with the census by BarbaraHudson · · Score: 1

    I saw no reason whatsoever to ask about ANYONE'S ethnicity. Why? Are we going to deprive people of services because of their ethnic background? No? Then why are you asking?

    They came up with all sorts of reasons, and I told them flat out it was racist, not needed, and years from now people will be shocked that we ever asked this sort of divisive question.

    So the next census, instead of asking for mine, they asked for my parents, which is invasion of their privacy, even if they're dead.

    40 years ago the city came around with their census, asking what language I and my then wife spoke at home. "English." So we'll put your children down as english too. "No, you shouldn't be separating people by language, so put them down as french, just to fuck you up." I had enough even back then of separatists trying to classify people based on language. It's neither needed nor right.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  24. Re:Start with the census by BarbaraHudson · · Score: 1

    They would have lost in court. had several legal defenses prepared, one being that it was statistically possible to identify individuals in randomized data by making repeated queries and varying the area covered. Would make it very easy to identify the income of individuals, whether they were adopted, etc. Making the data available for research within 7 years (and sometimes immediately) should be a no-no.

    That the census taker violated the census act is just gravy on top. No judge is going to throw someone in jail for refusing to cooperate with a census taker who has demonstrated that they can't take even the most basic precautions.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  25. Re:Start with the census by BarbaraHudson · · Score: 1

    The raw, anonymized data can be de-anonymized, Plenty of ways to do it. And no, not all data was anonymized for research purposes. Just like it wasn't being held in confidence for 92 years. They admitted it.

    As for school closures, etc., that needs data at the local level on an annual basis. Not something every 5 years that takes another couple of years to compile and release. Schools can easily figure this out by applications for enrollment the next year. Linger-term trends, they already have year-over-year data, far more granular than what the census could ever provide. They tried to make that argument, it was bogus then, and it's bogus now.

    Blame incompetent administrators, people not willing to be flexible with school boundaries, language, etc. The 5-year census is irrelevant.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  26. Re: Haha by LeadSongDog · · Score: 1

    Naive question: how many of those people (in each country) are human, rather than corporate persons?

    --
    Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
  27. Utopia? by dstyle5 · · Score: 1

    It actually sounds rather Trumpish.

    Of course people will make excuses for them because they are a socialist utopia.

    Whoa,whoa, lets not get carried away now. Sure, our dear Lords do provide us with subsidized Tim Horton's coffee "drink" and provide us with "health care", but they also force us to watch pugilistic hockey matches, won't let us purchase assault rifles all willy-nilly and force us to watch Celine Dion and Justin Bieber specials on CBC. I would hardly call it a utopia.

  28. prohibited by TPP by davecb · · Score: 1

    Some governments think this kind of security is a bad thing, and and wrote in a clause of the Trans-Pacific Partnership treaty to prohibit it.

    TPP “prevents governments in TPP countries from requiring the use of local servers for data storage,” the Canadian government states on its website. This creates a privacy issue, suggested Guy Caron, NDP MP for Rimouski-Neigette-Témiscouata-Les Basques, in the House of Commons May 12.

    See also http://www.canadianunderwriter...

    --
    davecb@spamcop.net
  29. And rightfully so by whitroth · · Score: 2

    This is the GOVERNMENT's data. For that reason, for you who's attention span is 15 minutes, a year or two ago, the UK government decided against the cloud, because they could not be assured that UK government data would remain on UK government soil.

    You disagree? Really? So it's ok if all of the personal and economic data, including your tax returns, winds up in a data center in China, or Russia, or, for those outside the US, in the US? And you're going to tell me that EVERY SINGLE PERSON who has login or physical access to *all* the servers and their storage has at least some minimal security clearance from your country?

    Give me a break.

                          mark

  30. Re:Start with the census by Strider- · · Score: 2

    They would have lost in court. had several legal defenses prepared, one being that it was statistically possible to identify individuals in randomized data by making repeated queries and varying the area covered

    Clearly you've never actually worked with the census data. As part of one of my university courses, I queried the data set for information related to national origin and religion for a particular neighbourhood. You can not define the area arbitrarily, it's broken up into minimum sized zones to prevent the kinds of attacks that you are talking about.

    The folks at Stats Canada are smart. You, clearly, aren't as smart as you think you are.

    --
    ...si hoc legere nimium eruditionis habes...
  31. Re:Start with the census by BarbaraHudson · · Score: 1

    And others have access to the raw data after 7 years. You're not the only person in the world, you know (oops, apparently you didn't).

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  32. Re:I'd be more worried about outsourcing of helpde by AHuxley · · Score: 1

    Its often smaller sub sets of open or worked on data that gets pooled.
    e.g. a cold call pretending to be a gov official with a limited list of personal information.
    http://www.smh.com.au/business...

    --
    Domestic spying is now "Benign Information Gathering"
  33. sovereign control? by DarthVain · · Score: 1

    First I've heard of "sovereign control" which sounds like BS to me.

    Anyway this issue has been around for a very long time now and isn't really all that complicated. I've looked into a number of cloud based systems as possible solutions for government projects, but they all run into the same problem.

    Bottom line is that Canada has quite good Privacy Laws. The Government as custodian of a lot of personal information has a responsibility to ensure that that information is protected.

    The issue first came about really as soon as the US passed the Patriot Act. It effectively gives the US government access to information stored on US soil (for a variety of reasons and methods), as it it subject to US law. So I guess you could call that "sovereign control"... but really all that means is that due to US law essentially not being compatible with Canadian law, it is required to keep things on Canadian soil.

    There has been various attempts by US companies to get around this, such as providing technology and the means to host it yourself in your own cloud, but really that sort of defeats one of the big reasons for using cloud technology in the first place (i.e. you don't have to bother hosting it yourself or have to have the infrastructure to do it).

    Anyway this issue has been around for a long time. The Feds probably just got around to adopting a "strategy" to guide consistent application of existing policy. I suspect probably because you had some rogue project managers using US based cloud services because it was easier and cheaper than going though the proper processes...

  34. Excellent by antdah · · Score: 1

    Should be the policy of all nations, countries, states and unions.

  35. Re:Start with the census by CanadianMacFan · · Score: 1

    Stats Canada isn't allowed to ask CRA for any information. However if on your tax return you check the appropriate box then you give the CRA permission to share some basic information with Stats Canada. Government departments aren't allowed to share information between themselves. That's why there was a big deal made a few years ago when the government was trying to build a big database with all of our information from as many sources as available.