The Verizon Privacy Risk: Are Canadian Carriers A More Privacy-Friendly Choice?

As part of the campaign against Verizon, opponents have begun to focus on the privacy implications of allowing the U.S. giant into Canada. In a blog post on the company site, Telus points to its privacy work (including fighting a key case to the Supreme Court of Canada) and then raises the spectre of a loss of privacy should Verizon enter the market:

The Canadian government needs to take a hard look at this important issue and ensure that Canadians’ privacy expectations continue to be met; especially if a U.S. communications company sets up shop here. Some U.S. laws, such as Patriot Act, can be quite invasive and could have detrimental impacts on the level of privacy experienced by Canadian wireless users.

The Communications, Energy and Paperworkers Union raised similar concerns in an article over the weekend that warned about the danger of NSA spying on Canadians should Verizon enter Canada.

This is an important issue and it is good that Telus and the CEP have raised it. Start with the obvious: given the recent revelations about ubiquitous U.S.-based surveillance, Verizon in Canada would raise legitimate privacy concerns. At first blush, that would appear to be a competitive advantage for the Canadian carriers, who might persuasively argue that potential savings from Verizon come at a significant privacy cost.

Yet on closer inspection, it is worth asking whether the Canadian carriers can provide assurances that Canadian phone and Internet activity is any less prone to surveillance. On the Patriot Act fears, the Privacy Commissioner of Canada has found that Canadian law has many of the same provisions. While it is cold comfort to those concerned with their privacy, the Commissioner stated:

The risk of personal information being disclosed to government authorities is not a risk unique to U.S. organizations. In the national security and anti-terrorism context, Canadian organizations are subject to similar types of orders to disclose personal information held in Canada to Canadian authorities.

The surveillance activities are even more troubling. The U.S. programs appear to capture just about all communications: everything that enters or exits the U.S., anything involving a non-U.S. participant, and anything that travels through undersea cables. This would seem to leave Canadian cellphone and Internet users at a similar risk of surveillance regardless of the nationality of the carrier.

Given the extensive reach of U.S. surveillance, there is little doubt much the same monitoring occurs on traffic that involves Canadian carriers. In fact, a recent interim report by Andrew Clement and Jonathan Obar of the University of Toronto found that all the major Canadian carriers fare miserably with respect to transparency and privacy. The report measured Canadian ISP and carrier activity on ten criteria that includes public statements on the location of data storage and routing as well as taking visible steps to avoid U.S. routing of Canadian data. Telus – along with the other major carriers – scarcely rank on any of the criteria. Telus does not issue transparency reports, does not inform users about data requests, does not state where its data is routed and stored, and does not avoid U.S. routing.

The issue of avoiding U.S. routing is particularly important since even Canadian domestic communications that travel from one Canadian location to another may still transit through the U.S. and thus be captured by U.S. surveillance. The privacy implications were foreshadowed in a report commissioned last year by the Canadian Internet Registration Authority on Internet traffic exchange points. Highlighting the risk of relatively few Canadian exchange points, the report argues:

By allowing Canadian data to remain in Canada as much as possible and as often as possible, additional IXPs reduce the risk of Canadian data and personal information becoming subject to U.S. and other foreign laws and practices. Once data is routed outside Canada, foreign companies may track, analyze, and even store the data pursuant to their respective privacy policies. Foreign governments also track, analyze, and store the data. These concerns are more than speculative; in 2006, a whistleblower revealed large-scale U.S. government inspection of data at an AT&T network switching center in San Francisco, and subsequent investigation confirmed that such inspection was occurring elsewhere. More recently, it was revealed that the U.S. National Security Agency is building a vast datacenter to permanently archive and analyze such data. If Canadian data is kept in Canada, it need not be subject to this tracking or analysis.

Despite these risks, the report indicates that Bell requires other Canadian ISPs to exchange traffic outside the country at U.S. exchange points. This would ensure that the exchange of data would be subject to U.S. surveillance.

The privacy issues associated with Verizon are significant and deserve a full airing. Yet in an effort to score points with the public, opponents of their entry to Canada should come clean on their own practices and acknowledge that seemingly none are able to provide assurances that Canadians are not currently subject to extensive surveillance activities.


  1. First of all, it could be argued that American citizens, because of their individualistic centered constitution, should have privacy rights rivaling anyone in the world. Edward Snowden has shown us just how false an assumption that was. If American’s data streams are being picked clean then we have no guarantee that we are not being subjected to the same or worse.

    Second, the internet is distributed system that does flow within borders. it was designed that way. The main control points though are predominantly in the USA. Recently the UN made noise about this level of oversight to the world’s data control lying too much in the hands of the USA. Ironically, many rallied to the side of the USA seeing it as the better choice than the UN cabal of nations. Snowden was about 6 months tardy for that debate.

    It can be argued that data stored in a Canadian cloud may be safer, as long as you don’t transfer it anywhere. As soon as it goes over the pipes its anyones game. As for services forget using Google apps, Gmail, facebook etc.

  2. Sorry, typo …
    Second, the internet is a distributed system that does NOT flow within borders.

  3. Roger Tremblay says:

    If you think that the Canadian government is not spying on Canadians, I have a bridge to sell you! How about Champlain Bridge?

  4. Also…
    The current cellphone providers probably already give access to the Canadian intelligence service (SCRS I think) to their installation to enable same level of spying then the NSA does. And that’s also ignoring the fact that the NSA probably also have those spying blackboxes in Canada as they appear to have throught out the world…

    All in the name of the Global War on Terrorist…

  5. We shouldn’t allow ANY surveillance, ever, no matter what government it is…
    Let’s face it, it’s a slippery slope. We all agree on surveillance for terrorism, next it will be child porn, and then botnets, then spam, phishing, then copyright, hate speech, and eventually whistleblowing, too.

    This week an althlete had his data searched on suspicion of doping – (NOT an illegal drug, just against the rules of his sport).

    Soon Mr. Geist will no longer be allowed to let us post here anonymously, but instead will be forced to require that we sign in with Facebook using our real names.

    And soon governments will be telling us that criminals are using encryption, so encryption must be outlawed.

    We must stand up now and say NO MORE!!

    It is only information, which is harmless alone, and so could safely be allowed full freedom. Only when the explosives are shipped, or the money is stolen, or the child is assaulted should it be a crime. Again, information alone is harmless.

    Let’s not give up a free internet, or encryption, and give corrupt people such great power, just to stop so-called illegal information. Just say no to censorship (not just what YOU don’t like, any censorship!!), and then surveillance is no longer required.

  6. Canada Already Cooperates With The Patriot Act
    Our data crosses into the US weather we like it or not and becomes part of their jurisdiction.

  7. csec
    It’s most likely csec analyzing the data in Canada.

    Not surprised Bell’s name showed up.

    It’s still think it’s harder for the Americain “Security” apperatus to try and obtain legal court orders to force a foreigne company to hand over data vs a domestic one. I.E. If you’re holding an ebook in your email that’s stored on an american server, which copyright law applies? It can very well be off copyright in Canada and still be on in the U.S. of profiteering A.

  8. Let’s not be naiive
    Canada is a member of UKUSA (or “The Five Eyes). The fact that we haven’t had an Edward Snowden style whistleblower confirm it for us, it’s very likely that we’re being monitored every bit as much Americans are. The denials out of the government about it sounded very much like the denials issued by the American government prior to Snowden’s leaks.

  9. @Scott
    Very true, but keep in mind that the Canadian counterparts have not yet demonstrated a willingness to use such information for anything other the National Security. Even then, the case where the Navy officer was not immediately brought down by CSIS because they did not want to face scrutiny in the public courts. If CSIS was unwilling to share information about such a high level criminal with the RCMP. then I imagine our personal pictures and other private information would never leave their building either.

    I’m not defending them, I think it’s very wrong, just stating what past anecdotal evidence has shown to be CSIS’ position. It can change anytime.

    For the moment though, I still think being in Canada with Canadian companies is still safer.

    P.S. If your read up on the GCHQ MI6 and it’s relation to the NSA leak, I think you’ll find they where relying heavily on NSA data. I imagine the Canadian government would probably be doing the same. I draw this assumption from the fact that we have a smaller security establishment then the brits, so if they’re doing it, we probably are too.

  10. Given the American’s disdain and suspicions of failures in our immigration and customs policies, I would have to imagine that data originating in Canada would be at least if not more important than their home grown data.

  11. Seeing that Bell refuses to peer with TorIX, they cannot talk about the NSA.
    They certainly don’t care that their internet traffic must flow to the US first just to reach a local website here in Toronto….

  12. Rogers email service is run by Yahoo, Bell’s (I believe) by MS. Where are the servers located that our email passes through?