The US already has warrantless access to any data in USA cloud services. Most of our government/businesses run in USA cloud services. Bill C-22 doesn’t change this.
Not saying you’re wrong, but do you have a source for this? From everything I’ve seen, companies are pretty adamant on using Canadian based cloud servers, for the reason that the data won’t be accessible by the US.
They are adamant about using “Canadian resident” cloud services, that are provided by US controlled cloud service providers. In these cases, data sits in “Canadian” data centers, at least partially, but is effectively controlled, and accessible by, US companies. Data residency doesn’t prevent the data from being processed, accessed or used by foreign countries, it just means you need to save a copy on a Canadian server. But even data on foreign servers (to the USA), if/when accessible by US companies, the USA government, through the patriot act and cloud act, has established such data is very much within their scope.
Consider a company like Telus. Telus offers email, but it’s actually just gmail or O365. Gmail and O365 are both US controlled companies. The servers are generally within US-based cloud service providers. Telus offers Business Connect for VOIP services. That service is actually just Ring Central. They even route all your traffic through US-based Ring Central servers. That data is exposed to US companies. That’s one of Canada’s major telcos, shoveling everyone’s data over to the USA.
Even the Canadian government has stated that having your data in a US-company controlled tech stack means you have no data sovereignty. The most likely reason the Canadian govt is trying to build a bunch of data centers, is because they want to make sure they have the infrastructure for a ‘sovereign’ public cloud service provider, as an alternative to USA’s AWS/Azure – similar to setups you see in the EU. In the white paper linked above, they effectively admit that the data residency requirements in Privacy legislation is insufficient for protecting Canada’s data / systems – but they can’t realistically think about pushing privacy legislation to change from ‘residency’ to ‘sovereignty’ until they have the infrastructure to support most critical industries in a sovereign space.
Having access to this data, to use however they want, is also something that Rubio explicitly ordered the US Govt wings to fight to maintain access to in foreign nations. They’re actively integrating any data they can touch into their AI surveillance programs, and view other nations taking back control of their data as a “national security threat” to the USA. And they explicitly want to challenge any legislation, such as bill c-22, as part of that initiative.
That’s a great response. Thank you. I now worry that far too many people are lulled into a false sense of security because they run a VM on GCP based in Montreal.
Well, if it makes you feel better, a smaller business doing that is a big nothin-burger in some ways. I mean, our financial regulators have all of their data in US cloud service providers – the same regulators that demand industry submit copious amounts of private data to them for “risk management” reasons. Like in BC, if you have a mortgage with a credit union, that credit union submits your job title, employer, income, strata fees, address, loan amounts, etc etc in plain text to a Microsoft portal – so it’s all up for grabs by the USA, through the regulators that are claiming they ‘reduce’ risk.
So even if you have a bank/CU that’s largely sovereign in its own stack, they’ll STILL have exposure to this crap because our govt is so janked.
Going for sovereign-minded providers helps a bit, at least in terms of resiliency against US pressures, and for (HOPEFUL) future proofing once the govt gets its shit together.
Like I’m pissed off that BC is losing its last semi-sovereign open bond credit union. If you can find a financial institution that takes data sovereignty seriously, they’ll be in a ‘better’ position to protect your data if/when the govt shifts its policies, and they’ll be in a better position in general in terms of withstanding any US pressure on existing services (even if they wont be perfect). But you really gotta treat it as a “this is the best we can do, for now” type thing, and try to keep up the pressure to remove those ties.
I’d say the same goes for other industries as well, but I’d focus most on trying to get sovereign minded setups for any critical industry that you find yourself using regularly. I’d also try to make sure to explicitly add more sovereign-oriented news sources to feeds where possible – cbc, local news rags, etc. To effect change, for any coop/AGM type thing that you can attend/ask questions, prod about the data sovereignty issue. Like if Credit Union AGMs all had members asking these questions, regulators would take notice, and it’d get a LOT more traction.
For luxuries, I’d still personally try to avoid the USA – but luxuries are luxuries. Whatever makes you happy, gotta have some joy in this dumpster fire we’re all wading through.
It’s not deceptive, it’s just trying to reach the people who won’t care otherwise. This is Lemmy, we’re self selected for giving a shit about privacy online. The average person doesn’t. But the average person in Canada right now is screaming “elbows up” from the rooftops, so if you frame the C-22 debate around that, suddenly you have their attention.
Except that’s exactly why it’s deceptive. They’re trying to tap into people’s hatred towards Trump by connecting him to this bill, when in reality there’s no actual connection there.
The US already has the ability to spy on us. This bill is not about Trump at all…it’s about the Canadian government being able to do the same thing. Falsely connecting it to him, is just rage bait to make more Canadian upset about it.
Giving the US more ability to spy on us is still a bad thing, regardless of what capabilities they already have. That’s like saying that you should just give burglars all your stuff because they could break in and steal it if you don’t.
And it’s a completely valid reason for people to be mad about this. Is it the main reason to be mad about Bill C-22? No, of course not. We all know that. But if focusing on this minor, tangential issue is what gets the average person to give a shit then I’ll take it.
I don’t think you understand how this works right now…which is also another reason this article is misrepresenting the situation. Currently, Canada relies heavily on US intelligence for our own domestic law enforcement. Meaning, we get our information from them. Not the other way around.
The problem with this arrangement is it makes Canada dependent on the US for a lot of the intelligence we need, in order to track and apprehend criminals in our own country. Bill C-22 is supposed to be our home-grown solution to that problem. They want Canada to have the same spying capabilities that the US already has.
See, they don’t need us. We need them. This bill doesn’t help them. It helps Canada be less reliant on them. The entire way this situation is being framed by this article is completely disingenuous. They are misinforming you about the facts by flipping the script here.
I’m just also not in favor of media misrepresenting the facts in order to manipulate public opinion. This bill is already bad. There’s no need to lie about it, in order to convince people of that.
Idk, the negativity directed towards the bill is overblown imo, and its getting amplified by US interests that don’t want the bill passed. It’s got multiple clauses explicitly saying “providers are not to introduce systemic vulnerabilities as part of complying with this bill”, and “no user content is part of this”. So of course people have interpreted that as “Backdoor to all your content!” and blasted that out continuously on social media, tied to petitions that auto-spam your MP against the bill. Adding in some additional alarmism of “Trump wants the bill!” to the scene fits.
If a particular service is being used disproportionately to facilitate crimes, such as fraud phishing calls, piracy, kiddie porn, coordinating terrorist attacks, white supremacist/racist groups, etc, then its reasonable for that service to be regulated / beholden to government dictates/rules. We’ve taken that approach to things like Firearms, where we recognise that most owners of firearms are likely regular law abiding people, but the risk/negative elements of it are such that they warrant regulations. We don’t allow gun makers to avoid those regulations just because they don’t want to keep track of who they sell guns to, or how their guns get used once sold. Even if logless VPNs have some legitimate purpose, and a good number of their users aren’t breaking any laws, the criminal elements that take advantage of those services are such that they warrant regulation. Canada’s charter doesn’t enshrine a right to privacy, but rather a right to be free from unreasonable search and seizure – and in the case of online communications, there are clearly times when it would be ‘reasonable’ for law enforcement to demand more information about a user and how they’ve used a service. Just because a company “can” provide some sort of service, does not mean it necessarily “should” be allowed to, nor does it mean that the service offered is in the best interests of the broader community.
It’s also funny how on the one hand, you have people complaining about the access involved with C-22 in regards to logless VPNs, on the other you have people complaining about OpenAI not taking more action in relation to the Tumbler Ridge shooting – ie. that the company should’ve been directly monitoring the conversation and reporting it out to the govt. Now try to write some sane legislation for those two situations. It’s like the US lobbyists just want Canada paralyzed on any tech regulation, as a lack of any stronger regulations translates to easier tech-oligarch control/manipulation of Canada, and a wild wild west type freedom to the propaganda they sling. Makes destabilizing the country with tools like faceless influencers promoting alberta separatism that much easier.
The US already has warrantless access to any data in USA cloud services. Most of our government/businesses run in USA cloud services. Bill C-22 doesn’t change this.
Not saying you’re wrong, but do you have a source for this? From everything I’ve seen, companies are pretty adamant on using Canadian based cloud servers, for the reason that the data won’t be accessible by the US.
They are adamant about using “Canadian resident” cloud services, that are provided by US controlled cloud service providers. In these cases, data sits in “Canadian” data centers, at least partially, but is effectively controlled, and accessible by, US companies. Data residency doesn’t prevent the data from being processed, accessed or used by foreign countries, it just means you need to save a copy on a Canadian server. But even data on foreign servers (to the USA), if/when accessible by US companies, the USA government, through the patriot act and cloud act, has established such data is very much within their scope.
Consider a company like Telus. Telus offers email, but it’s actually just gmail or O365. Gmail and O365 are both US controlled companies. The servers are generally within US-based cloud service providers. Telus offers Business Connect for VOIP services. That service is actually just Ring Central. They even route all your traffic through US-based Ring Central servers. That data is exposed to US companies. That’s one of Canada’s major telcos, shoveling everyone’s data over to the USA.
Even the Canadian government has stated that having your data in a US-company controlled tech stack means you have no data sovereignty. The most likely reason the Canadian govt is trying to build a bunch of data centers, is because they want to make sure they have the infrastructure for a ‘sovereign’ public cloud service provider, as an alternative to USA’s AWS/Azure – similar to setups you see in the EU. In the white paper linked above, they effectively admit that the data residency requirements in Privacy legislation is insufficient for protecting Canada’s data / systems – but they can’t realistically think about pushing privacy legislation to change from ‘residency’ to ‘sovereignty’ until they have the infrastructure to support most critical industries in a sovereign space.
Having access to this data, to use however they want, is also something that Rubio explicitly ordered the US Govt wings to fight to maintain access to in foreign nations. They’re actively integrating any data they can touch into their AI surveillance programs, and view other nations taking back control of their data as a “national security threat” to the USA. And they explicitly want to challenge any legislation, such as bill c-22, as part of that initiative.
*made some edits to clarify some bits a little.
That’s a great response. Thank you. I now worry that far too many people are lulled into a false sense of security because they run a VM on GCP based in Montreal.
Well, if it makes you feel better, a smaller business doing that is a big nothin-burger in some ways. I mean, our financial regulators have all of their data in US cloud service providers – the same regulators that demand industry submit copious amounts of private data to them for “risk management” reasons. Like in BC, if you have a mortgage with a credit union, that credit union submits your job title, employer, income, strata fees, address, loan amounts, etc etc in plain text to a Microsoft portal – so it’s all up for grabs by the USA, through the regulators that are claiming they ‘reduce’ risk.
So even if you have a bank/CU that’s largely sovereign in its own stack, they’ll STILL have exposure to this crap because our govt is so janked.
So basically we are all just fucked no matter what we do?
Going for sovereign-minded providers helps a bit, at least in terms of resiliency against US pressures, and for (HOPEFUL) future proofing once the govt gets its shit together.
Like I’m pissed off that BC is losing its last semi-sovereign open bond credit union. If you can find a financial institution that takes data sovereignty seriously, they’ll be in a ‘better’ position to protect your data if/when the govt shifts its policies, and they’ll be in a better position in general in terms of withstanding any US pressure on existing services (even if they wont be perfect). But you really gotta treat it as a “this is the best we can do, for now” type thing, and try to keep up the pressure to remove those ties.
I’d say the same goes for other industries as well, but I’d focus most on trying to get sovereign minded setups for any critical industry that you find yourself using regularly. I’d also try to make sure to explicitly add more sovereign-oriented news sources to feeds where possible – cbc, local news rags, etc. To effect change, for any coop/AGM type thing that you can attend/ask questions, prod about the data sovereignty issue. Like if Credit Union AGMs all had members asking these questions, regulators would take notice, and it’d get a LOT more traction.
For luxuries, I’d still personally try to avoid the USA – but luxuries are luxuries. Whatever makes you happy, gotta have some joy in this dumpster fire we’re all wading through.
Yeah, it’s weird that this is the framing they’re choosing to use. C-22 is bad enough. This just seems like deceptive rage bait.
It’s not deceptive, it’s just trying to reach the people who won’t care otherwise. This is Lemmy, we’re self selected for giving a shit about privacy online. The average person doesn’t. But the average person in Canada right now is screaming “elbows up” from the rooftops, so if you frame the C-22 debate around that, suddenly you have their attention.
Except that’s exactly why it’s deceptive. They’re trying to tap into people’s hatred towards Trump by connecting him to this bill, when in reality there’s no actual connection there.
The US already has the ability to spy on us. This bill is not about Trump at all…it’s about the Canadian government being able to do the same thing. Falsely connecting it to him, is just rage bait to make more Canadian upset about it.
Giving the US more ability to spy on us is still a bad thing, regardless of what capabilities they already have. That’s like saying that you should just give burglars all your stuff because they could break in and steal it if you don’t.
And it’s a completely valid reason for people to be mad about this. Is it the main reason to be mad about Bill C-22? No, of course not. We all know that. But if focusing on this minor, tangential issue is what gets the average person to give a shit then I’ll take it.
I don’t think you understand how this works right now…which is also another reason this article is misrepresenting the situation. Currently, Canada relies heavily on US intelligence for our own domestic law enforcement. Meaning, we get our information from them. Not the other way around.
The problem with this arrangement is it makes Canada dependent on the US for a lot of the intelligence we need, in order to track and apprehend criminals in our own country. Bill C-22 is supposed to be our home-grown solution to that problem. They want Canada to have the same spying capabilities that the US already has.
See, they don’t need us. We need them. This bill doesn’t help them. It helps Canada be less reliant on them. The entire way this situation is being framed by this article is completely disingenuous. They are misinforming you about the facts by flipping the script here.
deleted by creator
No. I’m not “in favor of mass surveillance”.
I’m just also not in favor of media misrepresenting the facts in order to manipulate public opinion. This bill is already bad. There’s no need to lie about it, in order to convince people of that.
Idk, the negativity directed towards the bill is overblown imo, and its getting amplified by US interests that don’t want the bill passed. It’s got multiple clauses explicitly saying “providers are not to introduce systemic vulnerabilities as part of complying with this bill”, and “no user content is part of this”. So of course people have interpreted that as “Backdoor to all your content!” and blasted that out continuously on social media, tied to petitions that auto-spam your MP against the bill. Adding in some additional alarmism of “Trump wants the bill!” to the scene fits.
If a particular service is being used disproportionately to facilitate crimes, such as fraud phishing calls, piracy, kiddie porn, coordinating terrorist attacks, white supremacist/racist groups, etc, then its reasonable for that service to be regulated / beholden to government dictates/rules. We’ve taken that approach to things like Firearms, where we recognise that most owners of firearms are likely regular law abiding people, but the risk/negative elements of it are such that they warrant regulations. We don’t allow gun makers to avoid those regulations just because they don’t want to keep track of who they sell guns to, or how their guns get used once sold. Even if logless VPNs have some legitimate purpose, and a good number of their users aren’t breaking any laws, the criminal elements that take advantage of those services are such that they warrant regulation. Canada’s charter doesn’t enshrine a right to privacy, but rather a right to be free from unreasonable search and seizure – and in the case of online communications, there are clearly times when it would be ‘reasonable’ for law enforcement to demand more information about a user and how they’ve used a service. Just because a company “can” provide some sort of service, does not mean it necessarily “should” be allowed to, nor does it mean that the service offered is in the best interests of the broader community.
It’s also funny how on the one hand, you have people complaining about the access involved with C-22 in regards to logless VPNs, on the other you have people complaining about OpenAI not taking more action in relation to the Tumbler Ridge shooting – ie. that the company should’ve been directly monitoring the conversation and reporting it out to the govt. Now try to write some sane legislation for those two situations. It’s like the US lobbyists just want Canada paralyzed on any tech regulation, as a lack of any stronger regulations translates to easier tech-oligarch control/manipulation of Canada, and a wild wild west type freedom to the propaganda they sling. Makes destabilizing the country with tools like faceless influencers promoting alberta separatism that much easier.