Cloud Data and the NSA: Know Your Exposure

  • 0
  • July 30, 2015


Lisa Hillyard, Marketing Coordinator

As Canadians, it can be easy to feel as though U.S. laws and regulations don’t apply. This is, of course, true in most cases, but the nature of cloud computing raises some interesting jurisdictional questions. Did you know that any data, regardless of its country of origin is subject to the Patriot Act and investigation by the NSA if it ever enters the United States?

In its simplest terms, this means that if you send an email using Gmail to your friend who lives in the same city as you but the email bounces to a Google server that is located in the U.S., the contents of that email fall under the jurisdiction of the NSA and can be searched under the Patriot Act.

It is true that the NSA probably isn’t interested in the email you sent to your friend, but there can be serious implications if your company’s sensitive data is unintentionally making its way, however briefly to U.S.-located servers.

Since the Edward Snowden scandal, internet users at large have become increasingly sensitive to the loss of control and security of their data. Many countries have started to explore the option of mandating local cloud providers to ensure domestic data stays within the country. As a result, the U.S. has lobbied for the inclusion of a provision in the Trans Pacific Partnership, the trade agreement currently being negotiated by 16 countries including Canada which would limit the abilities for countries to restrict data transfers and mandate local computer storage.

The Canadian government has said little about its position on the issue despite the fact that Canadians are already particularly vulnerable to potential disclosures to law enforcement or intelligence agencies. According to data from the Organisation for Economic Cooperation, the majority of Canadian .ca domain name websites are hosted outside the country, with Canada ranking among the lowest countries in the developed world for domestic website hosting. Additionally, Canadian Internet providers such as Bell exchange their Internet traffic in the U.S., ensuring that even simple domestic emails frequently enter the U.S. network before returning to Canada.

Many of our clients in the Legal, Financial and Mining industries require as a matter of policy that all data must be stored domestically. If it is important to your business that all data remain in Canada, it is essential that you ensure your cloud providers are aware of this and that there are measures in place to keep your data in the Country.

If you would like to learn more about cloud data, hosting and network security services, give us a call at (416) 367-2500.

Ready to get started? Call us at 416-367-2500 or Request a Quote