Tag Archives: Toronto Star

Canadian government expects another Snowden-level leak, documents say - Toronto Star 20160709

Canadian government expects another Snowden-level leak, documents say - Toronto Star 20160709

Revelations about Five Eyes mass surveillance has “changed the tone” on Internet issues, but Canada wants free and open cyberspace.

It’s not a matter of if there will be another Edward Snowden, it’s a matter of when, according to internal government documents obtained by the Star.

Global Affairs officials warned minister Stéphane Dion in November an event on the scale of Snowden’s disclosures about Internet surveillance is inevitable.

“Incidents similar to the Snowden disclosures and the Sony hack will happen again and we can expect that sudden events will affect international debates on cyberspace,” the document reads.

The briefing note, prepared for Dion in November and obtained under access to information law, suggests that Snowden’s disclosures about Western mass surveillance “altered the tone” of the international discussion on cyberspace.

In 2013 Snowden, a former employee of the U.S. National Security Agency (NSA), pulled back the curtain on mass surveillance online, detailing the capabilities of the “Five Eyes” countries — Canada, the United States, the U.K., Australia and New Zealand — to monitor activity online. His release of classified NSA documents triggered outrage among those who said he put lives at risk, and praise from others who argued he shed light on questionable practices and has forced needed change. He was forced to flee the U.S. and was granted asylum in Russia.

Then in 2014, hackers broke into Sony company computers and released thousands of emails, documents and sensitive personal information. U.S. federal investigators blamed North Korea.

While Canada has long advocated for an open and free Internet, suggestions that the nation’s spy agency the Communications Security Establishment (CSE) has engaged in mass online surveillance have complicated that narrative.

But the documents state Ottawa remains committed to a free Internet — not only from a democratic point of view, but for the potential for Canadian businesses and consumers to access ever-broadening online markets.
“The Internet owes its success to its open design, its global and interconnected nature, and its flexible and inclusive governance structure,” the documents read.

“All states are grappling with how to harness the potential of networked technologies while managing their far-ranging impacts … The goal (for Canada) is to protect human rights and democratic space, recognize legitimate public safety needs, and preserve the openness and dynamism that has brought about such enormous benefit.”

In a statement Saturday, a spokesperson for Global Affairs said the federal government believes that protecting online privacy and supporting human rights go hand in hand.

“Canada is concerned about rising threats emanating from cyberspace, including from repressive governments and their proxies, as well as the growing threats posed by cybercrime and terrorists’ use of the Internet,” wrote spokesperson John Babcock in an email to the Star.

“While addressing cyber threats, we must not legitimize Internet controls that will be used to restrict human rights and freedoms and hinder the free flow of information.”

The Star reported in 2015 that CSE has stepped up their efforts to guard against “insider threats” since Snowden shared an unprecedented trove of intelligence documents with journalist Glenn Greenwald in 2013. The move was also prompted by a Halifax-based Royal Canadian Navy officer, Jeffrey Delisle, who sold secrets to Russia in 2012.

“Following the unauthorized disclosures of Canadian Navy Sub-Lieutenant Jeffrey Delisle and NSA contractor Edward Snowden, CSE has intensified its efforts to tighten already stringent security,” read CSE’s 2013-14 report to the minister of national defence.

The documents note that Canadian media coverage about Internet security has tended to focus on large-scale hacks, such as the 2014 breach at the National Research Council, or the Heartbleed exploit used on the Canada Revenue Agency that same year.

But officials make clear Canada’s interest in the file goes beyond playing defence against malicious actors. The documents note that a number of “authoritarian regimes” are hoping to impose greater control over their citizens’ access to cyberspace.

“Domestically, they employ repression and censorship. Internationally, they lobby for greater state regulation of cyberspace, including calls to bring it under UN control,” the documents read.

“They also seek to rewrite current understandings of international law to shape the international cyber environment to reflect their values and interests. The same states also exploit cyberspace through espionage and theft of sensitive information from government and private sector networks, including those of Canada.”

Officials censored the names of individual countries they accused of such actions, although Ottawa has previously called out China as the hand behind the NRC hack. At the same time, other countries have accused Five Eyes partners of conducting economic espionage of the own.

The documents note that Global Affairs has been involved in a range of activities promoting an open and free internet, including advocating for human rights and freedoms online and committing $8 million over the last decade to promote cyber security in the Americas and Southeast Asia.

Encryption actually protects law-abiding Canadian citizens - Toronto Star 20160710

When it comes to policing and national security, far too often Canadians are asked to let fear trump their rights.

Recently, the front page of the Toronto Star featured the headline, “Encryption creating a barrier for police ...,” potentially convincing some readers that the technology’s only purpose is to aid criminals. Rarely do we see headlines such as, “Encryption protects thousands of Canadians’ credit card information,” or “Encryption enables secure communications for every Canadian.” or even the aspirational, “Canada leads the way in cybersecurity for its citizens.”

Increasingly, when we hear about encryption in the media, or from public safety officials, it’s presented as a danger — something that prevents those whose job it is to keep us safe from fulfilling their role. However, in the vast majority of transactions online by ordinary, law-abiding citizens, encryption is a good thing that makes personal, sensitive data harder to capture and decipher. Indeed, if more data were stored in encrypted form, sensational breaches of privacy — like the one that drove some Ashley Madison users to suicide — could be avoided.

Acknowledging that encryption can be a good thing for society doesn’t erase police concerns about data access; it contextualizes them. We at the Canadian Civil Liberties Association (CCLA) have long been supporters of warrants, the process by which police can go before a judge to demonstrate that their need to intercept a suspect’s private communications is reasonable and proportionate.

While we understand that warrants aren’t helpful if data can’t be decrypted, reports indicate police now have the tools, and are working with technology companies, to gain access to even the most complex of encrypted data. For example, as we learned from the Project Clemenza investigation, police can now decrypt BlackBerry communications and are making extensive use of Stingray technology, which allows for the mass interception of cellphone data.

We also know the FBI has developed a hack to intercept messages on Tor networks, which are designed for secure, private communications. Even the infamous Apple v. FBI case ended with the FBI getting what it wanted.

An increasing lack of public trust, that invasive technologies will be used proportionately by security and law enforcement agencies, is attributed to an excessive attention to privacy rights, encouraged by privacy advocates. What we hear from concerned citizens, however, is not that they prioritize privacy over all else, not that they don’t value security, and not that they don’t appreciate the need for police to use new technologies to deal with new threats.

Rather, they tell us, there is way too much secrecy and way too little accountability surrounding the ways these technologies are used. This is not an invention concocted by privacy advocates, such as CCLA; it’s the result of an increasing disjunction between the stories people hear and their expectations of appropriate conduct in the name of public safety.

For example, when the Communications Security Establishment used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal, many Canadians felt intuitively it was intrusive and wondered if it was illegal. But it wasn’t. That’s the kind of situation that erodes the trust that is fundamentally necessary for the social license law enforcement needs to function effectively.

Another example is the aforementioned Stingray technology, which apparently has been quietly used in Canada for a number of years. Police maintain that secrecy gives them the edge they need against increasingly sophisticated criminals. However, Canadians have legitimate concerns that when a powerful technology is used in secret, it’s impossible to ascertain whether it’s being used wisely and proportionately, and if necessary safeguards are in place.

While it would clearly be more convenient for police to have instant access to all the information they want it wouldn’t ensure crimes are investigated justly, or with respect for the innocent bystanders whose data gets swept up, and that matters too.

A recent survey on Canadian identity, published in October by the national statistics agency found that the Charter of Rights and Freedoms was chosen as Canada’s most important national symbol, with 93 per cent support.

In other words, Canadians consider rights protection to be core to their sense of who we are as a people. Thus, it’s time to stop looking at rights, the technologies that protect them, and people who argue for them, as barriers.

Indeed, it’s time we talked about public safety, new technologies, and reasonable expectations in a way that rebuilds trust and provides a solid foundation for a Canada in which our persons, property and rights all have strong and effective protection.

Dr. Brenda McPhail is the director of the privacy, technology and surveillance project at the Canadian Civil Liberties Association.

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

Privacy watchdog to investigate RCMP over alleged ‘stingray’ cellphone surveillance - Toronto Star 20160412

The commissioner has opened an investigation into the use of International Mobile Subscriber Identity (IMSI) catchers, otherwise known as stingrays, by law enforcement.

Canada’s privacy watchdog says it will investigate a privacy complaint about the alleged use of “stingrays” by the RCMP.
Office of the Privacy Commissioner spokesperson Valerie Lawton said the organization has opened an investigation into the RCMP’s refusal to admit whether or not it usesthe surveillance technology known as stingrays, formally called International Mobile Subscriber Identity (IMSI) catchers.

During the course of an investigation, the privacy commissioner typically determines if any privacy laws have been broken and makes recommendations on future policy.
The complaint was filed by Laura Tribe, a digital rights specialist for free speech advocate OpenMedia, after she read a story in the Star about the RCMP’s refusal to answer questions about the devices.

“If these invasive technologies are not in use, then these agencies should have no problem confirming that their surveillance activities remain within the confines of the law. If these StingRay technologies are being used in Canada however, the public has a right to know,” said her complaint, filed in December.

The RCMP did not immediately return the Star’s request for comment.

The Mounties have remained tight-lipped about the tech, which mimics a cellphone tower and collects information such as identifying data, text messages and phone calls from people’s cellphones. The device casts a wide net that doesn't distinguish between suspects in criminal cases and ordinary citizens.

In December, when the Star used the Access to Information Act to request policies related to the RCMP’s use of the technology, the RCMP wrote back that those records were exempt from disclosure. The OPP also wouldn’t comment on whether they used the devices.

Meanwhile in the U.S., the FBI has admitted to employing them and drafted a guidance document restricting how law enforcement should use the surveillance technology.

Documents obtained by the Star using the Access to Information Act reveal the privacy commissioner had planned to sit down with RCMP in January to discuss stingrays. But Lawton said the meeting was cancelled once the commissioner decided to launch the investigation.
“That meeting was delayed and before it could be re-scheduled we opened an investigation into a related complaint. Therefore, the issue is now being handled via our investigations process. Due to confidentiality provisions in the Privacy Act, we are not able to offer further information at this time,” Lawton said in an email.
The commissioner has been following media reports about the device for some time and had hoped to get clarity from the RCMP, documents show.

“We have not been made aware by the RCMP of their use of the technology,” OPC spokesperson Tobi Cohen wrote in an email to another media outlet, obtained by the Star using the Access to Information Act.

“If they are using this technology, we expect to be consulted.”

The privacy commissioner is already conducting an investigation into Correctional Service Canada for the alleged use of stingray technology at Warkworth Institution in Campbellford, Ont.

Tribe told the Star she got word last week that the privacy commissioner would investigate her complaint. OpenMedia is also involved in the B.C. access and privacy watchdog’s probe of the Vancouver Police Department’s failure to respond to requests on the subject.
“These are really dangerous tools that can be used to invade the privacy of tens of thousands of Canadians at a time,” Tribe said. “I’m not saying there’s never a time or place for them, but we can’t even begin to have that conversation until we know that they’re being used, or what those circumstances are.”

Federal privacy watchdog wants info on agency tracking peaceful protests - Toronto Star 20160206

Federal privacy watchdog wants info on agency tracking peaceful protests - Toronto Star 20160206

Government Operations Centre comes under privacy office scrutiny over monitoring of peaceful protests, academic panels.

Privacy commissioner Daniel Therrien’s office refused to release the letter detailing the concerns with Government Operations Centre operations, telling the Star to go through the access to information process.
Privacy commissioner Daniel Therrien’s office refused to release the letter detailing the concerns with Government Operations Centre operations, telling the Star to go through the access to information process.

Canada’s privacy watchdog wants more information on a central government agency keeping tabs on peaceful protests.

Documents obtained by the Star show privacy commissioner Daniel Therrien’s office has asked the Government Operations Centre (GOC) to review its tracking of lawful protest and dissent.

“In (the letter), we asked that a more detailed analysis of the privacy risks relating to monitoring of public protests and demonstrations be undertaken and given to us to review,” Tobi Cohen, a spokesperson for Therrien, wrote in a statement.

“We are actively consulting with Public Safety on this file to make sure that we, and the Canadian public, have a full understanding of how personal information is being collected and shared under this program.”

The GOC provides 24/7 “situational awareness” for the federal government, and is supposed to help co-ordinate Ottawa’s response to natural disasters or threats to infrastructure.

But in late 2014, it was revealed the GOC has collected information on more than 800 peaceful protests, demonstrations and academic panels since 2006.

Therrien’s office refused to release the letter detailing the concerns with GOC operations, telling the Star to go through the access to information process.

The GOC does not conduct surveillance on protests, but serves as an intelligence clearing house for the federal government. That information can be as innocuous as Facebook event posts, to as detailed as RCMP and CSIS reports on incidents. The agency said no personal information is collected or shared.

According to its privacy impact assessment, the agency takes an “all-hazard” approach, including “civic disturbances.”

Documents tabled in Parliament in 2014 showed the GOC had information on events like a rally for veterans on Parliament Hill, a public panel discussion in Toronto on the oilsands, and a number of vigils and marches for missing and murdered indigenous women.

In June 2014, the Ottawa Citizen reported that the GOC asked government departments for help in compiling a “comprehensive listing of all known demonstrations” across the country.

The revelations drew the ire of the Liberals while in opposition.

“The government has frozen out and refused to meet with indigenous peoples and environmental groups, yet devotes disproportionate resources to spying on them,” Scott Brison, now a senior cabinet minister, said in September 2014.

“It would be much better to engage these groups meaningfully than to skulk around their meetings to hear what they’re thinking.”

But the GOC’s operations do not appear to have changed in the early days of the new Liberal government. The Star repeatedly reached out last week to the office of Public Safety and Emergency Preparedness Minister Ralph Goodale, but he was unavailable to comment.

“We remain committed to protecting the safety and security of Canadians while also protecting their rights and freedoms,” Public Safety spokesperson Jean Paul Duval wrote in an email.

“We have worked with the Office of the Privacy Commissioner to seek their advice and to ensure that GOC activities are in accordance with the personal information-handling practices of the federal government outlined in (Canadian privacy law).”

Duval noted the GOC completed its first “privacy impact assessment” — a routine government check on the risk to Canadians’ privacy for various programs — in May 2013.

“Subsequently, in August 2013 and October 2014, the privacy commissioner provided the GOC with various recommendations,” Duval wrote. “More specifically, some of the recommendations were around managing the potential for accidental or unintentional receipt of personal or private information outside of the GOC’s mandate, and to ensure correct disposal of that information.”

Examples of protests and demonstrations tracked by the Government Operations Centre:

  • A January 2006 protest on the war in Afghanistan and Bay Street’s “involvement” in Toronto, reported on by the Department of Justice.
  • A January 2007 demonstration by Amnesty International in Vancouver, tracked through media reports.
  • A May 2007 announcement by the Assembly of First Nations on a co-ordinator for a national day of action, tracked by Indigenous Affairs. Subsequent AFN demonstrations were tracked by various agencies, including the Integrated Terrorism Assessment Centre.
  • A series of Pro-Tamil rallies in Toronto, Ottawa and Montreal in April 2009.
  • A June 2010 rally for the University of Winnipeg Aboriginal Student Association, monitored by Indigenous Affairs.
  • As Occupy camps were set up across the United States and Canada in late 2011, the Government Operations Centre collected media reports on various locations.
  • Public service union rallies in Ottawa during February 2012 were monitored by “PS” — which could stand for the general “public service,” or Public Safety Canada.
  • A rally involving Ben Powless, a “Mohawk environmental activist,” in Toronto in August 2013, monitored by the RCMP.
  • The May 2014 edition of the annual anti-abortion “March for Life” on Parliament Hill, monitored by the Privy Council Office Crisis Management Centre.

Canada’s electronic spy agency broke privacy laws, watchdog says - Toronto Star 20160129

Canada’s electronic spy agency broke privacy laws, watchdog says - Toronto Star 20160129

Federal watchdog says the Communications Security Establishment passed along metadata of Canadians to counterparts in the U.S., among others.

Communications Security Establishment commissioner Jean-Pierre Plouffe called the data release “inadvertent.”
Communications Security Establishment commissioner Jean-Pierre Plouffe called the data release “inadvertent.”

Canada’s secretive electronic spying agency realized in 2013 it was breaking domestic privacy rules by transferring Canadians’ data to allied countries, but the government kept the mistake under wraps for two years.

The transfers were discovered by the spy agency, the Communications Security Establishment, at a time when the questionable practices of national security agencies were being revealed by U.S. whistleblower Edward Snowden in 2013.

The agency said it quickly informed the defence minister at the time, as well as the watchdog that reviews its operations. Rob Nicholson, who was Conservative defence minister when the transfers were discovered, could not be reached for comment Thursday.

But in April 2014, at a parliamentary committee on defence issues, Nicholson said all CSE activities are conducted within the parameters of Canadian law.

“Were the commissioner ever to conclude that the agency is acting outside the law, he would be required to report this immediately to the attorney general and to me as the minister responsible for CSE,” Nicholson told the committee at the time.

“Both the chief of CSE and I take the findings of the commissioner in his reviews very seriously.”

But the findings only came to light on Thursday, after the office CSE commissioner Jean-Pierre Plouffe — an independent review body — delivered a report to Parliament. Plouffe called the data release “inadvertent.”

A high-ranking CSE official, who Thursday gave a technical briefing on the condition they not be named, described the issue as a technical glitch discovered in late 2013.

CSE suspended the program, which was sharing information with the Five Eyes alliance — a closely knit group including the U.S., U.K., Australia and New Zealand that emerged after the Second World War. The information transferred is known as metadata — commonly described as data about data, such as the origin, destination and duration of phone calls, emails, and text messages.

“We are prohibited from targeting any of our activities at Canadians or anyone in Canada for that matter, but as you can appreciate we do have a legal mandate to collect information from the global information infrastructure, for purposes of foreign signals intelligence,” the official said.

“That global information infrastructure doesn’t have a place that says ‘here’s somewhere that Canadians don’t go’ . . . incidentally, you’re going to be collecting metadata related to Canadians.”

But metadata may not be as innocuous as it sounds. The former head of the National Security Agency, CSE’s American counterpart, famously pointed out that the U.S. kills people based on metadata. CSE describes metadata as the “context” of Internet and telephone data, not the “content.”

The CSE official said the Canadian information that was transferred could not be used to identify any individual Canadian, but that it broke the rules governing the agency’s information sharing regime nonetheless. While CSE downplayed the severity of the breach — saying the privacy impact was “low” — it was significant enough to prompt the first press briefing in the agency’s 70-year history.

While Internet freedom advocacy group OpenMedia lauded CSE’s suspension of the program, they said in a statement that Canadians’ privacy rights should come before the needs of foreign spy agencies.

“Today’s halt to metadata sharing should not be just a temporary pause, but the first step in a wider review of the needs and priorities of information sharing and collection among Canadian and foreign intelligence,” Laura Tribe, OpenMedia’s digital rights specialist, wrote in a statement.

“No Canadian should need to fear that their private information is being handed to foreign agencies by their own government.

CSE would not say if the data was obtained through “backbone” Internet surveillance, a practice used by electronic spy agencies to gather mass amounts of information travelling along the Internet’s physical infrastructure.

Defence Minister Harjit Sajjan, a former military intelligence officer, did not say if the new Liberal government supports this type of interception, instead saying officials could field questions on the “technical lingo.”

“The collection is done in accordance with the National Defence Act. And it’s also, one of the important aspects for Canadians to know is that this, the actual deficiency was actually identified by CSE officials themselves,” Sajjan, the minister responsible for CSE, told reporters in the House of Commons.

Sajjan said CSE would not drill down to find out exactly how many Canadians had their information transferred to Five Eyes nations because doing so would actually violate privacy laws a second time.

When asked why the breach was not disclosed earlier, Sajjan said he could not speak for the previous Conservative government.

“But I can assure you when this was brought to my attention after being sworn in as minister of national defence . . . we have taken appropriate action,” Sajjan said. “I’ve accepted all the recommendations that the (CSE) commissioner has laid out.”

NDP public safety critic Randall Garrison said Canadians do not have to choose between their security and their rights. “We need concrete measures that keep Canadians safe without eroding away our freedoms and civil liberties.”

The Star attempted to contact Nicholson, who was defence minister from July 2013 until February 2015, for this article. Emails and a telephone request for comment were not returned Thursday. Nicholson could not be found outside the House of Commons after question period, where neither the Conservatives nor the NDP raised the issue of CSE surveillance.

Plouffe, the CSE commissioner, delivered his 2014-15 report into CSE’s activities to former defence minister Jason Kenney last June. But according to Plouffe’s office, the former Conservative government declined to table the report with Parliament during the summer. The federal election further delayed the report’s release to the House of Commons.

Plouffe, whose office declined interview requests Thursday, reviewed a variety of CSE’s signals interception activities, and found they largely complied with the law. The offending metadata transfer was the only outlier, and Plouffe was satisfied with CSE’s response.

“I found that CSE took corrective actions and proactively suspended the sharing of certain types of metadata in order to protect the privacy of Canadians while developing a solution to the problems it encountered in this area,” Plouffe wrote.

“In summary, based on my review, although I do not believe these actions were conducted intentionally, they do raise legal questions that I continue to examine and address.”

Liberals aim to balance national security with rights and freedoms in Bill C-51 revamp - Toronto Star 20160110

Liberals aim to balance national security with rights and freedoms in Bill C-51 revamp - Toronto Star 20160110

Public Safety Minister Ralph Goodale says Canadians will be consulted on changes to controversial bill drafted by Conservatives after 2014 terror attacks.

Public Safety Minister Ralph Goodale says his Liberal governnment will repeal the "problematic elements" of Bill C-51, along with any other changes needed to protect our collective charter rights.

Public Safety Minister Ralph Goodale says his Liberal governnment will repeal the "problematic elements" of Bill C-51, along with any other changes needed to protect our collective charter rights.

OTTAWA—The Liberal government is open to an expansive revamp of national security legislation, not just a handful of promised changes to the controversial anti-terror bill known as C-51, says Public Safety Minister Ralph Goodale.

The government will give Canadians a chance to have their say before deciding what changes to make, Goodale said in an interview with The Canadian Press.

“If the consultation leads to a broader set of action items, obviously we would be guided by what that consultation tells us,” he said. “The subject matter is large, it’s complex, the solutions aren’t particularly easy to achieve. But our whole point in having consultations is to listen to what we hear. And if the messages indicate that something more needs to be done, obviously we would try to pursue that.”

Prime Minister Justin Trudeau has asked Goodale to work with Justice Minister Jody Wilson-Raybould to repeal the “problematic elements” of Bill C-51 and introduce new legislation that strengthens accountability with respect to national security while better balancing collective security with rights and freedoms.

The government has pledged to ensure all Canadian Security Intelligence Service warrants respect the Charter of Rights and Freedoms. That would roll back new provisions allowing CSIS to disrupt terror plots through tactics that breach the charter as long as a judge approves.

It has also committed to creating a special committee of parliamentarians to keep an eye on national security operations.

Organizations including Amnesty International Canada and the Ottawa-based International Civil Liberties Monitoring Group have urged the Liberals to go further, by implementing neglected 2006 recommendations on comprehensive security review from the inquiry into the overseas torture of Maher Arar.

Others have called for a fundamental rethinking of the tools needed to counter jihadi-inspired extremism, as well as stronger measures to protect privacy.

Goodale says the Conservative government failed to consult the public properly when it ushered in C-51 after attacks that killed Canadian soldiers in St-Jean-sur-Richelieu, Que., and Ottawa just days apart in October 2014.

“I think there was a moment there when collaboration of a rare and extraordinary kind was possible. The government chose to go a different way,” Goodale said. “They chose to proceed unilaterally without that kind of consultation or engagement. And the end result produced a flawed piece of legislation in C-51.”

The government hasn’t yet decided whether to have a standing committee of Parliament carry out the review or to create a special committee to do the job, he said.

The government may also engage in public consultations through “tools and techniques that take us beyond the parliamentary precinct.”

“The point here is that we genuinely want to hear from Canadians,” Goodale said.

“They didn’t have the opportunity before, we want to give them the opportunity now, to make sure that, in the resetting of the national security framework, we get it right.”

Boutilier, Alex - Canadians’ Internet traffic at risk - Toronto Star 20151230

Canadians’ Internet traffic at risk

Canadian researchers find that a large amount of Canadians’ internet traffic is routed through the United States, making it vulnerable to interception.

Done any online shopping this holiday season? Paid any bills online? Maybe sent an email to your local MP about road salt?

If you answered yes to any of the above, there’s a good chance your data made its way through the United States. And that puts your personal information at risk of interception, new research by two Canadian academics shows.

Researchers Andrew Clement and Jonathan A. Obar call it the “boomerang effect.” Because most of the Internet’s infrastructure runs through the United States, even communications beginning and ending in Canada are often routed through America.

“When (data) passes through the United States . . . Canadians have no legal rights at all. We lose our constitutional rights, and under U.S. law Canadians are foreigners, so there’s no protection for our communications,” Clement said in an interview.

But before getting into the issues associated with the boomerang effect, we need to know a little bit more about that marvelous series of tubes called the Internet.

How the Internet actually works

Former U.S. senator Ted Stevens probably didn’t know it, but his description of the Internet as a “series of tubes” wasn’t all that far off. At least it’s a more accurate description than the current conception of the Internet as an amorphous “cloud” of data.

In the recently released book Law, Privacy and Surveillance in Canada in the Post-Snowden Era, Clement and Obar explain that all interactions on the Internet are data packets being transmitted between routers. (The book was edited by Michael Geist, a University of Ottawa professor who writes a weekly column for the Star.)

“They’re literally tubes of light, fiber optics,” Clement said. “And then in addition to the tubes, there’s the switching centres where packets get switched from one tube to another. And those are critically important.”

The Internet doesn’t work like an old landline, where a connection is established between two ends of the conversation. Instead, data can jump through multiple routers between its origin and destination.

For instance, an email sent from the University of Toronto to Queen’s Park doesn’t simply go across the street. In Clement and Obar’s experiment, that email began in Toronto, made its way to New York, then on to Chicago, finally arriving back in Toronto.

In fact, they found that 22 per cent of Canadian Internet traffic they monitored in their experiment was routed through at least one major city in the United States — even as far away as Miami, Fla.

Email traffic to Queen’s Park?

Yeah. So the policy implications should be pretty clear already.

These days, most government business is conducted online. Emails containing sensitive information is routinely bounced back and forth between politicians, their staffers, and bureaucrats over email.

The National Security Agency (NSA), the U.S.’s massive electronic spying agency, has reportedly installed “splitter” sites in major cities that would give them the ability to intercept data as it is transmitted through major cities. Clement and Obar write that Canadian data running through the U.S. has no protection, constitutionally or otherwise, regarding its interception and use by American intelligence services.

And before you chalk this up to the tinfoil hat crowd, the U.S. and Canada have conducted economic espionage on each other in the past. Canada’s signals intelligence agency, the Communications Security Establishment, reportedly spied on the U.S. to help secure a lucrative wheat deal with China in the 1980s — to name but one example we know about.

Sovereignty, network and otherwise

Clement and Obar argue the federal government should begin moving to a concept of “network sovereignty” — in other words, Canada should make sure that Canadian Internet traffic is routed domestically, rather than through the U.S.

While a new term, Clement and Obar argue, network sovereignty is quite an old concept.

Clement said that with relatively little investment, Canada could ensure that its citizens’ Internet communications could remain in Canada — and be subject to Canada’s privacy and data laws.

“These (investments) include, most notably, public Internet exchange points, where all carriers can freely hand traffic off to each other, as well as the high-capacity fibre optic trunk lines that connect them,” they write.

“The former are vital, as they enable the various local networks to reach communicants on other networks without having to depend on buying transit services from foreign carriers.”

If that sounds pricey, well, it probably is. But Clement and Obar note that the federal government has spent hundreds of millions — rightly, they say — on expanding Internet services to rural communities. The federal government has spent nowhere near that in building Canada’s Internet “backbone” capacity.

What’s the hold-up?

A few things. First, the issue of U.S. mass Internet surveillance wasn’t widely known until whistleblower Edward Snowden exposed some of the NSA’s largest programs. So the scope of the problem with routing Canadians’ communications through the U.S. wasn’t clear.

Second, Clement notes that the issue of “network sovereignty” has not really been widely discussed. If policy makers don’t know about the issue, it’s not likely it will see significant public investment or work its way onto the government’s priority list.

“Partly, it’s ignorance,” Clement said.

Finally, large telecommunications companies obviously have an incentive to control as much infrastructure as possible, forcing smaller companies to purchase transmission capacity from them.

“These big telecom companies don’t have an interest to make it easy for their smaller competitors to trade within Canada,” Clement said.

Avoiding the boomerang

Clement and Obar argue that investing in network sovereignty would increase Canada’s information security, but that’s not enough — Canada has its own electronic spying agency, after all.

But network sovereignty, Clement and Obar conclude, as well as promoting a free and open Internet, would go a long way to ensuring Canadians rights are respected.

And if Canada takes a leadership role on the issue, the effects could be felt beyond the country’s borders in this ever-increasingly connected world.

“Asserting national network sovereignty transparently and accountably in the pursuit of democratic ideals arguably provides one of the best bases for achieving similar ideals at a global scale,” they write.