If you’re a Canadian based enterprise looking into cloud services, you need to understand that Canada has it’s own domestic security policies that, essentially, mirror those of the United States. You’ve likely heard of the United States’ Patriot Act. Canada has it’s own version of the Patriot Act called the Anti-Terrorism Act (Bill C-36), which amended the Canadian Security Intelligence Service Act (CSIS Act) as well as the National Defense Act.
The Anti-Terrorism Act is legislation created in response to the September 11, 2001 attacks in the US. This act amends existing legislation to give Canadian security agencies additional powers to respond to terrorism threats. In effect, the act offers more security and surveillance powers to agencies, when required. Some of the provisions of act expired in March of 2007, which were not renewed as a result of a House of Commons vote a month earlier.
In 2012, Bill S-7 was introduced in the Senate. Bill S-7, also known as the “Combating Terrorism Act” sought to restore the expired C-36 provisions, as well as amend new crimes to the bill. The recent bombings in Boston escalated the agenda of S-7, which resulted in a vote in April which saw the bill passed into legislation.
The Anti-Terrorism Act is similar in context to the Patriot Act in the US. What is somewhat different is that Bill C-36 also considers other concerns. Consider the United States Foreign Intelligence Service Court (FISC), which is responsible for issuing surveillance warrants to the likes of the FBI and NSA – basically allowing foreign spies to be spied on. Bill C-36 provides amendments to the CSIS Act that essentially offers the same powers to Canada’s own domestic security and intelligence communities. Considering that Canada is known as a world leader in communications research and technology…
Understanding that these laws are created in the spirit of preventing terrorism, and not meant to be an over arching mechanism to keep tabs on everyone and everything. The immediate thought of a Hollywood type spy movie plot is an unfortunate, and a sensational, scenario that many in the real world immediately think about when first we talk about security and privacy in the cloud. We have the oversight, and general understanding of what the difference is between right and wrong, to mitigate the risks that the legislation is not being used for what it is intended to be used for.
What to know more about Canadian privacy legislation, and then some? Check out this massive list of resources compiled by David T.S. Fraser here…
What are your thoughts on domestic cloud security and privacy concerns?