Skip to main content
  • State of the Internet

Data sovereignty: What you need to know and why you should care

When you use the internet, do you think about the information you are sharing? Do you think about what you are sending outside Canada's jurisdiction into the prying eyes of foreign surveillance? That's where data sovereignty comes in – and why you should care about it.
By Jacques Latour
Chief technology officer

When you use the internet, do you think about the information you are sharing? Do you think about what you are sending outside Canada’s jurisdiction into the prying eyes of foreign surveillance? That’s where data sovereignty comes in – and why you should care about it.

The average Canadian’s daily routine likely includes getting online. We check our email, visit our favourite social media sites, do some online shopping or check our local weather. Many of us also use the internet most days for work or educational purposes.

What many Canadians may not know is that when they get online, save something in a cloud or send an email, they are putting their privacy at risk.

Most Canadians spend 3-4 hours online every day. It’s a big part of our lives and with more and more internet-connected devices available, everything from connected thermostats to voice-controlled connected home devices like Google Home or Amazon’s Echo, this reality is only growing.

When you use the internet, do you think about the information you are sharing? Do you think about what you are sending outside Canada’s jurisdiction into the prying eyes of foreign surveillance?

That’s where data sovereignty comes in – and why you should care about it.

Before I explain more about data sovereignty, let’s go over what’s at risk for you through a short lesson on metadata.

A bit about metadata

Metadata includes both data in motion (that which travels on the net) and data at rest (that which is stored on a hard drive or cloud). It gives part of the picture, not the full picture, when it comes to your data.

Metadata includes information such as your name, the date of your communication, the file size, any modifications you made to the data, the receiver of the data, etc. While someone who looks at the metadata from an email, for example, cannot read the content, they will get your name, who you sent it to, its size, the delivery date and possibly other information such as the subject line.

Now imagine what that metadata looks like when combined with other metadata. It can show how often you’ve emailed a particular person, whether you are sending large files and the timing of your correspondence. Couple that even further with metadata related to where you’ve visited on the web or where the receiver has visited. A story will begin to form and that story can be pretty telling, depending on your activity.

For data at rest, the implications are even greater. It’s stored and waiting to be viewed, read and interpreted. A sitting duck.

How data sovereignty can help

Data sovereignty means that digital data is subject to the laws of the country in which it is located. Data stored in Canada falls within Canadian privacy laws, as well as data that flows only within our borders. Once your data travels outside of Canada’s borders it is open to the laws of the land.

In the U.S., for example, Canadians have no right to privacy. We know that a portion of Canadian data travels south based on the nature of our internet’s infrastructure and how we navigate the web.

In some cases this makes sense (if your receiver is based in the U.S.), but it makes much less sense when we’re talking about data intended to stay within our borders. That email you sent to your next-door neighbour in Montreal or Halifax may very well flow through Chicago or New York. Talk about taking the scenic route.

With regards to stored data, many cloud services are based in the U.S. and if you use them your data is open to those prying American eyes.

The more data sovereignty we have in Canada, the better protected Canadians are by Canadian privacy laws and the less reliance we have on American internet infrastructure.

Imagine for a moment that there is a major cyberattack in the U.S. – one so large they shut down the borders (online and in real life). All that data you have stored in an American cloud is now inaccessible to you.

In Canada, we are slowly building up our data sovereignty and this is a good thing. We currently have 11 internet exchange points that ensure all those who are “plugged” into one, including internet service providers, content providers and businesses, can exchange data directly, keeping it in Canada.

More cloud services are becoming available in Canada and I hope to see this grow more rapidly, offering this critical data storage option for all Canadians.

I don’t expect all data to stay in Canada. We use internet infrastructure south of the border because it works well – it helps data flow quickly and technology giants like Apple, Microsoft and Google are based in the U.S. Also, not all of our data is meant to stay in Canada.

But where it makes sense, businesses, internet service providers, governments and content providers should invest in enhancing Canada’s data sovereignty. If we want a better and more resilient online Canada, one where Canadians can enjoy the economic, social and cultural benefits the internet offers, this is an important investment.

About the author
Jacques Latour

As an expert in developing innovative, leading-edge IT solutions, Jacques has established CIRA as a global leader among ccTLD registries. He has 25+ years of experience in the private and not-for-profit sectors and as CIRA’s CTO,is currently leading CIRA Labs, CIRA’s innovation hub and providing leadership and direction for the management and security of the .CA registry and its underlying DNS.

A visionary in the Internet community, Jacques led the development of CIRA’s Internet Performance Test, is an outspoken advocate for the adoption of IPv6 and represents the .CA registry internationally as a member of a variety of working groups and advisory groups. He is committed to the development of a new Canadian Internet architecture. He has served as the catalyst for the creation of a national Canadian IXP association, CA-IX, and is a member of the Manitoba Internet Exchange’s (MBIX) and the DNS-OARC Board of Directors.  Jacques is also a member of ICANN’s Security and Stability Advisory Committee (SSAC).

Jacques holds an Electronics Engineering Technologist diploma from Algonquin College, is ITIL v3 Foundation certified and is a certified Agile ScrumMaster.

Loading…