Slashdot Mirror
Canada Wants To Keep Federal Data Within National Borders (thestack.com)
An anonymous reader quotes a report from The Stack: Canada has released its latest federal cloud adoption strategy, now available for public comment, which includes policy concerning the storing of sensitive government information on Canadian citizens within national borders. The newly-published [Government of Canada Cloud Adoption Strategy] requires that only data which the government has categorized as "unclassified," or harmless to national and personal security, will be allowed outside of the country. This information will still be subject to strict encryption rules. The new strategy, which has been in development over the last year, stipulates that all personal data stored by the government on Canadian citizens, such as social insurance numbers and critical federal information, must be stored in Canada-based data centers in order to retain "sovereign control."
During the 2011 census, for instance, 89-year-old Ontario resident Audrey Tobias said she would not fill out the questionnaire because an information technology contract linked to it had been awarded to an American company, Lockheed Martin. Tobias was charged with violating the Statistics Act, but eventually acquitted.
Now that it's back, time to make sure that your data stays your data.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
I think it is a good start, but you also need to be careful that your data doesn't pass through outside networks before getting to your home. For example, when I get a page from slashdot, it may travel around the world and back again to get into my computer. we need ways to keep control of which paths the datas take.
...Canada is buying another computer to go with the one they already have?
British Columbia already has this rule; government data (including university data for researchers) must be kept on Canadian servers. There's some wiggle room for opting in to US storage, though.
I think it's important legislation, and it motivates some good duplication of infrastructure within Canada. It makes it harder to abdicate our responsibility to data and makes it just a bit harder for US subpoenas to get a hold of it.
That might be a bit more difficult, but maybe using traceroute can keep it on a domestic path.
“He’s not deformed, he’s just drunk!”
Don't most countries have this policy? Why are we making news for following the same standard everyone else does
Nobody sane the world over wants their data exposed to the USA.
Hard to protect against for sure, but still a worthwhile goal to shoot for.
I work for a contractor for a Provincial government, with a significant amount of the money for that contract actually flowing from the Federal government, and the contract language is explicit; no confidential or personal data is to be stored, or even accessed, outside of Canada.
I actually talked to Google about three years ago and asked if they could guarantee the Google Docs (now Google Drive) cloud could be located on Canadian servers, and they said that couldn't and that they had no plans to. It's my understanding that Microsoft, on the other hand, has conceded to this for OneDrive, so I expect that if Google hasn't already moved in that direction, they will soon.
As it is, we're getting requests from a lot of staff for some sort of Cloud solution, as usage scenarios grow beyond VPNs and RDP.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Ugh... let me clarify. The are legal entities/persons separate from the people who run them and/or the shareholders. But in terms of something like the Citizens United case, no they are not people.
-- I ignore anonymous replies to my comments and postings.
Yes, they are able to jail you. But - over the entire history of the law, there were about 11 people actually charged, and they were just fined - $1000 or so.
The census is important. In fact, there was no long form in 2011 because the Conservative government changed it from mandatory to voluntary. This had the unfortunate side effect that there is no usable data to be mined from the 2011 census.
As for the release of raw data - it's collective data, not individual forms. The 92 year rule is for individual forms - so in 92 years, the complete form is released how you filled it in. But the census data is of importance to many people, groups and organizations, and that's aggregated. After 7 years, the aggregated data is available to researchers who want a snapshot of the Canadian population to study what they need to study. But they don't have access to the individual forms you fill out, only the aggregated data. And only subsets of it - what they need for their research. No one other than Statistics Canada can see the full data set, and once the forms are tallied, no one can see the raw forms or individual data either (until 92 years later).
Before it was gutted by the Harper Conservatives, Statistics Canada is/was one of the most premier data collecting and analysis organizations. It's why the chief statistician resigned after elimination of the long form - he knew that the law would render the 2011 data completely worthless. It's partly why we're in the situation we're in with school closures in one city, school overcrowding in others, etc. Because the only usable data dates back to 2006.
Employing the correct encryption helps a lot.
New things are always on the horizon
The real problem is storing government and federal data outside the government and federal infrastructure. Why is that? All data should be stored encrypted, even if in a canadian cloud. But I still don't understand why the government need to store it in the cloud and not build its own cloud for this purpose. What are the advantages for the government to store it in the cloud instead of in-house?
In a word, cost. The government can't compete with the likes of AWS.
It cost $1.5b when built, but this place will store your data for no additional costs.
This is the GOVERNMENT's data. For that reason, for you who's attention span is 15 minutes, a year or two ago, the UK government decided against the cloud, because they could not be assured that UK government data would remain on UK government soil.
You disagree? Really? So it's ok if all of the personal and economic data, including your tax returns, winds up in a data center in China, or Russia, or, for those outside the US, in the US? And you're going to tell me that EVERY SINGLE PERSON who has login or physical access to *all* the servers and their storage has at least some minimal security clearance from your country?
Give me a break.
mark
They would have lost in court. had several legal defenses prepared, one being that it was statistically possible to identify individuals in randomized data by making repeated queries and varying the area covered
Clearly you've never actually worked with the census data. As part of one of my university courses, I queried the data set for information related to national origin and religion for a particular neighbourhood. You can not define the area arbitrarily, it's broken up into minimum sized zones to prevent the kinds of attacks that you are talking about.
The folks at Stats Canada are smart. You, clearly, aren't as smart as you think you are.
...si hoc legere nimium eruditionis habes...