A former Microsoft Executive was recently quoted in the Ottawa Citizen stating that American spies can snoop through Canadian computer information, including that of political organizations, and without any warrants. If the data resides in U.S. cloud computing services, your data can be at risk.
In a European Parliament report commissioned with former Microsoft Chief Privacy Advisor Casper Bowden he revealed “It is lawful in the United States to conduct purely political surveillance on foreigners data accessible in U.S clouds operated by firms such as Microsoft, Google, Apple, IBM and others.”
The Foreign Intelligence Surveillance Act (FISA) authorizes the targeting of foreign-based political organizations or foreign territories that relates to conduct of the foreign affairs of the United States.
What does this mean to the average Canadian business? Other contentious post 9/11 laws such as the US Patriot Act significantly lifted any restrictions on government surveillance. However FISA has created a power of mass surveillance specifically targeted at the data of non-US persons located outside the US, which applies to cloud computing.
In 2008, the FISA changed the wording to include remote computing services and cloud computing. Experts say that US owned corporations must comply with requests to allow US agencies access to data even if it is hosted outside of the United States.
Bowden stated that data is at “grave risk”. The biggest risk appears to be FISA snooping on Canadian business and non-government organizations that use the cloud.
Canada’s Personal Information Protection and Electronics Documents Act (PIPEDA) has no jurisdiction over FISA-driven operations of the CIA, NSA, FBI or US Intelligence agencies. PIPEDA protects the personal information of Canadians by establishing rules for the collection, use and disclosure of personal information by private sector organizations in their day-to-day business operations.
FISA also overrides any non-disclosure, privacy or data protection offered by cloud vendors, international agreements on data transfer and Canadian legal protections.
Google has publicly announced in an article in the Independent “We think this kind of access to data merits serious discussion and more transparency.”
Does this change your mind about where you host your business data? Knowing that US corporations such as Microsoft or Google must allow US government agencies access to your information even if the server where your data is hosted on resides in Canada or any other country outside the United States is causing some questions to be asked.
Have questions about cloud computing and where your data resides? Give us a call today and our cloud experts can help you determine the right cloud solution for your business.