Behind the Internet ‘boomerang effect’
Data routed to U.S., putting Canadian web traffic at risk of interception, research finds
OTTAWA— Done any online shopping this holiday season? Paid any bills online? Maybe sent an email to your local MP about road salt?
If you answered yes to any of the above, there’s a good chance your data made its way through the United States. And that puts your personal information at risk of interception, new research by two Canadian academics shows.
Researchers Andrew Clement and Jonathan A. Obar call it the “boomerang effect.” Because most of the Internet’s infrastructure runs through the United States.
“When (data) passes through the United States . . . Canadians have no legal rights at all. We lose our constitutional rights, and under U.S. law Canadians are foreigners, so there’s no protection for our communications,” Clement said in an interview.
But before getting into the issues associated with the boomerang effect, we need to know a little bit more about that marvellous series of tubes called the Internet.
How the Internet actually works
In the recently released book Law, Privacy and Surveillance in Canada in the Post-Snowden Era, Clement and Obar explain that all interactions on the Internet are data packets being transmitted between routers. (The book was edited by Michael Geist, a University of Ottawa professor who writes a weekly column for the Star.)
“They’re literally tubes of light, fibre optics,” Clement said. “And then in addition to the tubes, there’s the switching centres where packets get switched from one tube to another. And those are critically important.”
The Internet doesn’t work like an old landline. Instead, data can jump through multiple routers between its origin and destination.
For instance, an email sent from the University of Toronto to Queen’s Park doesn’t simply go across the street. In Clement and Obar’s experiment, that email began in Toronto, made its way to New York, then on to Chicago, finally arriving in Toronto.
In fact, they found that 22 per cent of Canadian Internet traffic they monitored was routed through at least one major city in the U.S.
Email traffic to Queen’s Park?
These days, most government business is conducted online. Emails with sensitive information is routinely bounced between politicians, staffers and bureaucrats.
The National Security Agency (NSA), the U.S.’s massive electronic spying agency, has reportedly installed “splitter” sites in major cities that would give them the ability to intercept data as it is transmitted through major cities. Clement and Obar write that Canadian data running through the U.S. has no protection, constitutionally or otherwise, regarding its interception and use by American intelligence services.
And before you chalk this up to the tinfoil hat crowd, the U.S. and Canada have conducted economic espionage on each other in the past. Canada’s signals intelligence agency, the Communications Security Establishment, reportedly spied on the U.S. to help secure a lucrative wheat deal with China in the 1980s — to name but one example.
Sovereignty, network and otherwise
Clement and Obar argue the federal government should begin moving to a concept of “network sovereignty” — Canada should make sure Canadian Internet traffic is routed domestically, rather than through the U.S.
While a new term, Clement and Obar argue, network sovereignty is quite an old concept.
Clement said that with relatively little investment, Canada could ensure that its citizens’ Internet communications could remain in Canada — and be subject to Canada’s privacy and data laws.
“These (investments) include, most notably, public Internet exchange points, where all carriers can freely hand traffic off to each other, as well as the high-capacity fibre optic trunk lines that connect them,” they write.
If that sounds pricey, well, it probably is. But Clement and Obar note that the federal government has spent hundreds of millions — rightly, they say — on expanding Internet services to rural communities. The federal government has spent nowhere near that in building Canada’s Internet “backbone” capacity.
What’s the hold-up?
First, the issue of U.S. mass Internet surveillance wasn’t widely known until Edward Snowden exposed some of the NSA’s largest programs. So the scope of the problem with routing Canadians’ communications through the U.S. wasn’t clear.
Second, Clement notes the issue of “network sovereignty” has not really been widely discussed. If policymakers don’t know about the issue, it’s not likely it will see significant public investment or work its way onto the government’s priority list.
Finally, large telecommunications companies obviously have an incentive to control as much infrastructure as possible, forcing smaller companies to purchase transmission capacity from them.
Avoiding the boomerang
Clement and Obar argue that investing in network sovereignty would increase Canada’s information security, but that’s not enough — Canada has its own electronic spying agency, after all. But network sovereignty, Clement and Obar conclude, as well as promoting a free and open Internet, would go a long way to ensuring Canadians rights are respected.
And if Canada takes a leadership role on the issue, the effects could be felt beyond the country’s borders in this ever-increasingly connected world.