A Canada-U.S. CLOUD agreement would extend the reach of U.S. law enforcement into Canada’s digital terrain to an unprecedented extent. This agreement, if signed, would effectively allow U.S. police to demand personal data directly from any provider of an “electronic communication service” or “remote computing service” in Canada, so long as it had some ties to the U.S. (such as serving U.S. users). No judicial oversight whatsoever would be involved north of the border. The new system would expose personal data stored in Canada directly to U.S. police surveillance, bypassing Canadian court oversight, and in so doing, could violate our own constitutional privacy laws, among other alarming consequences.

This needs to be on the front of every news and media company in Canada.

It’s time to drop Google and Microsoft immediately.

Oh hell no. Wouldn’t something like this run against the Charter anyways? I assume the Canadian government would have to pass a law to comply. If such a law allows for contravening Charter rights, it would likely be struck down by the courts. Unless it uses the notwithstanding clause of course. But slapping that on such a law would be very politically tenuous, especially today.

Many/most of Canada’s government agencies are entrenched in Microsoft products. Our financial regulators in many provinces have their data portals, to which Financial Institutions submit significant ‘customer specific’/private information, hosted in Microsoft365 sites. Payments Canada, a government org, requires that our ATMs run on Windows.

Many/most Financial Institutions also run their online banking on non-Canadian company products, hosted or managed by foreign actors. Central1, the primary trade association that previously hosted about 80% of Canada’s Credit Union websites, recently exited the hosting business – and transferred those sites over to a company from India. This company also provides the sites for a few of Canada’s Big Banks. The CEO of Central1, having failed to deliver on one of her 3 primary functions as the industry’s Trade association, was given a business award for it – in part, because Central1 has become largely x-banker run, as required by Canada’s regulators recently, and as a result C1 lost sight of what it means to be a cooperative. As part of their exit from hosting online banking, Central1 also indicated that they’ll support two other recommended options if people don’t want to use the default – one that’s in Microsoft365 (US controlled), and another from Portugal. No Canadian owned/accountable org was part of the short list that the majority of “small local” credit unions could go with. So even if you’re banking with a tiny credit union, you’re likely exposed to the risk of foreign manipulation / privacy issues, and your banking services are beholden to a foreign country’s whims. Some CU’s even run on Microsoft365 extensively internally on their back end, meaning their services are all totally down whenever Microsoft has an outage – which, given that Microsoft is beholden to the whims of the orange man as a US company, could mean that Donald and crew could effectively “turn off” your ‘small local’ CU.

When raising questions about the US’s access to Microsoft’s cloud data through their “National Security Letter” approach previously, I’ve heard lawyers comment that it’s not an issue, because realistically we’d hand the data over anyway if it was requested – so it just cuts out some bureaucracy. Admittedly, this was at a time when trade relations were more amicable – but it implies heavily that, frankly, yes, most of the data that’s held in US cloud products is already accessible to US interests/government agencies. And yes, that continues to apply even if the physical servers are located in Canada, as per government regulations – the Control centre is still foreign. Extending the cloud act just makes it more official, in my view.

The solution, if we Canadians want ‘real’ autonomy on this front, is that you need companies that will be wholly accountable to Canadian laws and regulations, and not interests owned by foreign adversaries. Any “Critical” service, such as our Banking Infrastructure and Government Agencies, should be required to use Canadian made products / host assets within Canada, with control of those assets also being within Canada. The EU’s GDPR blocks them from using US cloud services on security/privacy reasons, for certain areas of the economy/government. Countries like China use Linux as their official govt operating system. There’s no specific reason we couldn’t do the same, we just need the govt to recognize the risk and take some action on it.

We should not be making ANY deals with the US at this time. WE. CAN’T. TRUST. THEM. Any other negotiations should be put on hold until after this trade war. A deal like this one will NOT be in the interest or Canada or Canadians