NSA Spying Sends Data Clients North of the BorderHugo Miller
In the British Columbia town of Kamloops, arid as a desert with cool summer nights, Telus Corp. only has to turn on the air conditioning about 40 hours a year to keep its computer servers from overheating.
The chilly temperatures are part of Canadian companies’ sales pitch to businesses looking for places to store their growing troves of digital information as cheaply as possible. They also boast of inexpensive hydroelectric power and low seismic activity. And now they’re touting what they say is a new advantage: less snooping.
Revelations that the U.S. National Security Agency has spied on data networks run by American companies have given Canadian data-center operators an opportunity. They’re telling customers from Europe and Asia that laws north of the border are more protective of privacy. Sales of storage services in Canada are growing 20 percent a year at Telus and Rogers Communications Inc. U.S.-based technology companies, meanwhile, complain that the NSA scandal has hurt their business.
“There is a structural advantage in Canada in that the data is here and the privacy protection is more stringent,” said Lloyd Switzer, who runs Telus’s network of data centers.
The company has 10 data centers in Quebec, Ontario, Alberta and British Columbia, where it opened a C$75 million, 215,000-square-foot (20,000-square-meter) facility in Kamloops last year. That site has room for six more modules of expansion, which would increase the investment into the hundreds of millions of dollars.
Data privacy came under scrutiny in the U.S. in June after former NSA contractor Edward Snowden revealed that his employer was monitoring phone and e-mail traffic emanating from the U.S.
International outrage over NSA surveillance may cost U.S. companies as much as $35 billion in lost revenue through 2016, according to the Information Technology & Innovation Foundation, a policy research group in Washington whose board includes representatives of companies such as International Business Machines Corp. and Intel Corp.
Rogers, which competes with Telus for phone and Internet customers, gets about C$70 million ($66 million) in annual revenue from data storage -- still tiny at less than 1 percent of total sales. The unit has had more inquiries in the past 12 months from companies outside North America than in the entire previous decade, A.J. Byers, who heads up the business, said in an interview.
“A lot of international companies trying to gain access to the U.S. used to go directly to the U.S.,” Byers said. “Now we see a lot of European and Asian companies talking to us.”
Rogers and Telus are looking to capitalize on the surge in demand for data storage to make up for the slowing growth of smartphones, which more than half of Canadians already have. Stock gains for the companies also have slowed. Shares of Rogers climbed 6 percent last year after gaining 15 percent in 2012. Telus rose 12 percent last year, its smallest annual increase in four years.
Last month, a U.S. federal judge ruled that the NSA probably acted illegally in collecting telephone-call data, allowing a lawsuit to go forward claiming the practice violates the U.S. Constitution.
U.S. District Judge William H. Pauley III in Manhattan late last month ruled the NSA’s bulk collection of phone records is legal, challenging the earlier ruling. The NSA has said it’s pleased with Pauley’s decision.
Snowden has been charged with theft and espionage by the U.S. government and has avoided arrest by remaining in Russia. While editorials in newspapers such as the New York Times have recommended that he get clemency, Janet Napolitano, the former head of the Department of Homeland Security, has said he doesn’t deserve a reprieve.
Canada’s Privacy Act, enacted in 1983, imposes obligations on 250 federal-government departments and agencies to limit collection and use of personal information, and gives citizens the right to access that data and correct mistakes.
Still, the data-center sales pitch glosses over the long history of intelligence-sharing between Canada and the U.S. The governments have collaborated as far back as the 1940s, said Ron Deibert, an Internet-security expert who runs the University of Toronto’s Citizen Lab.
“Anyone who would look to Canada as a safe haven would be fooling themselves,” Deibert said in a phone interview. “Canada would be one of the poorest choices as we have a long-standing relationship with the NSA.”
Communications Security Establishment, the country’s intelligence agency for communications and electronics, is forbidden from monitoring purely domestic traffic. Surveillance of foreign communications that involve someone in Canada may be authorized, as long as one of the parties is outside the country -- a rule established after the Sept. 11 terrorist attacks.
CSE works with its Five Eyes information-gathering partners -- the U.S., U.K., Australia and New Zealand -- and must comply with Canadian law in its interactions with them, Andrew McLaughlin, a spokesman for the agency, said by e-mail.
A CSE commissioner, typically a retired judge, submits an annual report to Canada’s Parliament through the defense ministry. Justice Robert Decary, who did the last such report in June, wrote that he was “deeply disappointed” that legislative amendments to Canada’s National Defense Act proposed by his predecessors that “would improve the provisions that were hastily enacted in the aftermath of September 2001” haven’t yet been adopted.
“CSE collects foreign signals intelligence to support government decision-making for national security, defense and international affairs,” Adrian Simpson, another spokesman for the Ottawa-based agency, said by e-mail. “We do so in accordance with Government of Canada intelligence priorities, respecting the privacy of Canadians and Canadian laws in all activities.”
Canada’s data-protection rules still go well beyond U.S. regulations and make Canada a natural place for companies to store clients’ data, said Solium Capital Inc. Chief Executive Officer Michael Broadfoot. His company, which helps firms such as Barclays Plc manage their employee stock-options programs, stores data in Telus’s center in Calgary, the city at the foot of the Rockies where Solium is based.
“We’re able to generally host so far anybody in the world from Canadian locations,” said Broadfoot. “We would not be able to do that from U.S. locations. Canada’s privacy laws are a gold standard.”