How Are Canadians Affected By The USA Patriot Act And Cloud Computing?

How Are Canadians Affected By The USA Patriot Act And Cloud Computing?

Whether Canadians like it or not, they are affected by the US Patriot Act. While some of the previous issues have been settled already, some new issues are already popping up – issues with cloud computing. The US Patriot Act, otherwise known as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, was passed after the World Trade Center attack in September 2011. The law provided a way for US law enforcement agencies to seize business records and block electronic communications. Under this law, any law enforcement official can ask an electronic communication service provider to provide them with information without first letting the affected organizations or individuals know. By issuing a National Security Letter, the service provider can easily hand over any information.

In section 215 of the Act, the Federal Bureau of Investigation (FBI) can ask a federal judge to issue an order which requires parties to produce any tangible items so that the FBI can investigate any clandestine intelligence or international terrorism activities. Said provision is also believed to cover electronic business records. Because of cloud computing, any data from Canada can be mixed with other data from across the globe and housed in a datacenter which is located in the United States of America. As a result, Canadian data can be accessed by the US because it is under the jurisdiction of the USA and, as such, subject to US law. This can pose a Canadian privacy dilemma because under the privacy laws of the Canadian federal and provincial states, any organization which collects data is primarily responsible for data security. Such responsibility is even included in the privacy policy of the organization, as well as in the terms of service or contract.

Canadian organizations themselves are not precluded from tapping cloud services based in the USA if they are only servicing the private sector. The privacy laws of Canada do not prohibit any personal information transfer for storage and processing as long as the said transfer doesn’t make use of the personal information in any manner which wasn’t agreed upon by the organization and its clients; the organization maintains accountability for the personal information protection; the organization will provide the same level of data security as is required by Canadian law; and the said arrangement is disclosed to the client.

In 2009, the Office of the Privacy Commissioner of Canada conducted a survey, which compared Canadian surveillance laws with those of France, the UK, and the US. From 1990 up to the present, the US and Canada have had a Treaty on Mutual Legal Assistance in Criminal Matters wherein both countries have committed to helping each other with criminal investigations – even the Canadian Security and Intelligence Service Act issues secret warrants for the seizure and interception of electronic data. Communications relating to foreign parties can be intercepted by the Canadian Communications Security Establishment upon the order of the Minister of Defense, acting on the powers provided to the minister by the National Defense Act. The Criminal Code of Canada also allows electronic data seizures.

However, when an organization is servicing the public sector in Nova Scotia or British Columbia, it must seek legal advice. There are laws in Alberta, Nova Scotia, and British Columbia which prohibit data storage outside Canada.

By Florence de Borja

Sorry, comments are closed for this post.

Comics
How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Cyber Security: McAfee on IoT Threats and Autonomous Cars

Cyber Security: McAfee on IoT Threats and Autonomous Cars

IoT Threats and Autonomous Cars Autonomous cars are just around the corner, there have been controversies surrounding their safety, and a few doubts still hang in the minds of people who don’t like the idea of a computer driving their car. However, the biggest news stories surrounding this topic have been to do with how…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

The Security Gap: What Is Your Core Strength?

The Security Gap: What Is Your Core Strength?

The Security Gap You’re out of your mind if you think blocking access to file sharing services is filling a security gap. You’re out of your mind if you think making people jump through hoops like Citrix and VPNs to get at content is secure. You’re out of your mind if you think putting your…

Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the opportunity to see Rogue One: A Star Wars Story. While I won’t give any spoilers away for the few who haven’t seen the movie yet, I do want to mention a couple of trends from…

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…