In Kamloops, B.C., cool overnight temperatures in summer mean Telus (TU) needs to run its air conditioning for only about 40 hours a year to keep its computer servers from overheating. Lower cooling costs are part of the Canadian telecommunications company’s sales pitch to businesses looking to store troves of digital information cheaply. Telus also promotes Canada’s inexpensive hydroelectric power, low seismic activity—and, now, lower risk of government snooping. “There is a structural advantage in Canada in that the data is here and the privacy protection is more stringent,” says Lloyd Switzer, who runs Telus’s 10 data centers.
With revelations about surveillance by the U.S. National Security Agency stoking public outrage, companies such as Vancouver-based Telus and Rogers Communications (RCI) in Toronto see opportunity in telling customers about Canada’s privacy protections. Its Privacy Act, which took effect in July 1983, limits the amount of personal information the government can collect, use, and disclose. Canada’s Communications Security Establishment (CSE)—the agency responsible for gathering foreign intelligence—is forbidden by law from monitoring domestic communications. Surveillance of e-mail exchanges or phone calls may be authorized if one of the parties is outside the country.
Telus and Rogers expect data storage sales in Canada to increase 20 percent this year. U.S. cloud computing businesses may lose as much as $35 billion through 2016, according to the Information Technology & Innovation Foundation, a policy research group in Washington whose board includes representatives of IBM (IBM) and Intel (INTC).
In the past year, Rogers has fielded more inquiries about its data storage services from companies outside North America than in the previous 10 years combined, says AJ Byers, president of Rogers Data Centres. Canada provides international businesses with the North American access they want, Byers says. “We see a lot of European and Asian companies talking to us,” he says. Mike Broadfoot, chief executive officer of Solium Capital (SIUMF) in Calgary, calls Canada’s privacy laws the “gold standard.” His company, which develops software to help global clients manage stock options programs, stores its data in Telus’s Calgary center.
Canada is hardly a surveillance-free zone, says Ron Deibert, director of Citizen Lab, an Internet security research center at the University of Toronto’s Munk School of Global Affairs. He says companies making such claims are glossing over a history of intelligence sharing with the U.S. “Anyone who would look to Canada as a safe haven would be fooling themselves,” he says. “We have a long-standing relationship with the NSA” dating back decades. In 1948, Canada signed on to an intelligence-sharing agreement first struck by the U.S. and the U.K. in 1946.
The alliance still governs information sharing between the U.S. and Canada, allowing its partners to exchange data gathered from surveillance, says Christopher Parsons, a postdoctoral fellow at the Citizen Lab. On its home page, the CSE says it engages in “incidental collection” of data on Canadians as part of its foreign intelligence gathering. “We always work with the appropriate authorities to ensure we follow all regulations regarding access to information and customer privacy,” Rogers’s Byers says of the privacy risks posed by intelligence sharing.
The notion that Canada offers greater privacy protections than the U.S. is overly simplistic, Parsons says. “The difference doesn’t necessarily mean it’s more powerful or less powerful, it’s just different,” he says. “It can actually become a bit of a tricky question, and one that is probably used more often for rhetoric than anything else.”