Data Governance in the Digital Age | Canadian Network Sovereignty: A Strategy for Twenty-First-Century National Infrastructure Building

Internet Governance

Canadian Network Sovereignty: A Strategy for Twenty-First-Century National Infrastructure Building

Published: March 26, 2018

Author: Andrew Clement

Key Points

Canada’s excessive dependence on US internet infrastructure and enterprises has implications for its development of a national digital strategy.
Much of domestic Canadian internet communication passes through the United States before returning to Canada. This “boomerang” routing means data loses Canadian legal and constitutional protections and is exposed to mass surveillance by the National Security Agency (NSA).
Major Canadian internet service providers (ISPs) contribute to this boomerang traffic, in part, as a matter of competitive strategy.
A national digital infrastructure strategy for Canada should be based on “network sovereignty” — the long-standing principle that to advance the public interest, Canadians need to exercise effective control over the communication networks upon which the social/economic life of the nation depends. In the twenty-first century, this principle also means establishing links internationally that reduce the current dependence on the United States.

ata is increasingly recognized as a strategic resource of national significance. But unlike the other resources Canada has in abundance and has historically been famous for, data is not naturally occurring. As a human artifact, data is inextricably bound to the digital infrastructures through which it is created, stored, transmitted, processed, sold, accessed and used in the service of human wants and needs. Unfortunately, in recent decades, too little attention has been paid to advancing the public’s interests in the structure and operation of Canada’s digital networks. During this formative period of the internet, Canadians have been losing control over their networks, as well as their data — where it flows, who has access to it and what is done with it. A national data strategy must therefore incorporate a strategy for strengthening Canada’s internet infrastructure, with special attention to enabling effective governance of personal information.¹

The Internet Is Not a “Cloud”

Contrary to popular mythology, the internet is not best thought of as a cloud — an ethereal, placeless space where borders, jurisdictions and physical location or distance are not of concern. The cloud is highly misleading when it comes to assessing public interests in national data strategy formulation. At its core, the physical infrastructure of the internet consists of massive banks of routers crammed into large anonymous buildings located in the downtown core of major cities. These switching centres are linked by bundles of fibre optic cables capable of transmitting tens of billions of bits per second (Blum 2012). For the most part, large telecommunication companies own these cables and routers, and the policies they adopt for who can connect to their networks and on what terms fundamentally determine how the internet operates. So, quite unlike a cloud, the facilities vital to internet routing are highly concentrated, both geographically and organizationally. This degree of concentration has important strategic policy implications in terms of potential risks as well as remedial possibilities.

Large switching centres, or internet exchanges, represent critical choke points in the flow of information, making them prime sites for state security agencies to install interception equipment. Gaining access to the routers and cables to capture the data transmitted through them typically involves the cooperation of these giant enterprises. Because of the severe threats to privacy and democracy this activity poses, the tight, secretive relationship between state security agencies and ISPs is an essential but particularly thorny challenge in developing a national digital strategy.

NSA Internet Surveillance and Canadian Boomerang Routing

The clearest indication of ISP cooperation with security agencies to achieve mass state surveillance of domestic communications came with Edward Snowden’s revelations that the US NSA was capturing data flowing through the switching centres of AT&T, Verizon and other major telecommunications companies (Greenwald 2014). While there is good reason to suspect the Communications Security Establishment (CSE), the Canadian equivalent of the NSA, is conducting similar domestic surveillance, this NSA surveillance should concern Canadians (Clement, forthcoming 2018). Not only does it offer a disturbing example of the weakness of democratic institutions in the face of “security” threats, but also because so much of Canadian internet communication passes through the United States. Once across the border, Canadians’ data loses the legal and constitutional protections it enjoys when in Canada, without gaining the rights offered to US citizens (Austin and Carens-Nedelsky 2015). A significant proportion of even domestic Canadian web traffic travels through the United States.² This is referred to as boomerang routing — i.e., someone in Canada accessing a website physically located in Canada will often have their data routed via the United States, and subject to NSA surveillance.

Boomerang routing often occurs when the communication end points are in the same city, even across the street from each other. The IXmaps internet mapping service³ provides a striking example of this counter-intuitive behaviour. Figure 1 shows the route data takes between the University of Toronto and an Ontario government web server on the other side of Queen’s Park. The route passes through New York and Chicago, both cities where the NSA undoubtedly has interception facilities.

Figure 1: A Canadian Boomerang Route Routed via NSA Cities

Clement Fig 1.png — Source: Clement and Obar (2015).

IXmaps research suggests that, at some point in their online activities, no regular internet user in Canada will be free from exposure to NSA surveillance, even in communicating with their government (Clement and Obar 2015).

While the number of Canadians directly threatened by NSA internet surveillance from boomerang routing is small, for someone identified as a “person of interest,” the personal consequences can be harsh. The risks to Canadians who fit this profile appear heightened under the current US administration.

Corporate privacy and security are also at risk from foreign surveillance. Enterprises that route their communications relating to such sensitive matters as intellectual property, negotiating strategy and delicate financial transactions via the United States have good reason to be concerned. While the NSA justifies its mass surveillance principally as a necessary counterterrorism measure, it also deploys its formidable interception apparatus in service of domestic US economic interests.

Similar risks of NSA interception arise for Canadian internet communications with countries other than the United States, since more than 80 percent of that traffic is estimated to pass through the United States, almost invariably via a city where the NSA has interception capabilities. This is because Canada has only two trans-Atlantic fibre optic cables and none crossing the Pacific, compared to 25 landing in the United States (see Figure 2).

Figure 2: Submarine Fibre Optic Cable Routes

Clement Fig 3.png — Source: TeleGeography, “Submarine Cable Map,” www.submarinecablemap.com.

The Canadian Internet Registration Authority (CIRA), whose primary goal is “Building a better online Canada” (CIRA 2016), has been concerned for years that dependence on US routing of Canadian internet traffic is inefficient and impairs the ability of Canadian internet users to enjoy high-quality internet services. It raises the cost of transit services and can put Canadian internet businesses at a disadvantage (see Figure 3).

Figure 3: Boomerang Routing from an Efficiency Perspective

Clement Fig 4.png — Source: Woodcock and Edelman (2012), "Toward Efficiencies in Canadian Internet Traffic Exchange," CIRA.

Why Boomerang Routing?

While efficiency and geography are factors in internet routing, more decisive are the business strategies of the particular carriers involved. Large carriers have a strategic incentive to make it difficult for their smaller competitors to reach destinations outside their immediate networks (Norton 2014). Bell and Telus stand out as among the worst offenders in this respect. As Figure 4 shows, they only “peer” outside Canada, often forcing domestic communications across the border, with all the attendant costs and risks. Furthermore, as these and other incumbent carriers pursue their narrow oligopolistic interests, they are creating a vacuum, drawing large foreign internet carriers into Canada.

Figure 4: Peering Cities for Canadian ISPs

Clement Fig 5.png — Source: Woodcock (2016).

To summarize, the current heavy reliance of Canadian internet routing on US digital infrastructure, for both domestic and international communications, puts personal and corporate data at risk while impairing the efficiency and quality of Canadian internet services. This one-sided dependence on the United States for a major part of critical national infrastructure also weakens bilateral bargaining power. These challenges point to the central, overarching issue being weak Canadian sovereignty in the realm of internet routing. Any national data strategy must actively pursue national network sovereignty.

Achieving Canadian Network Sovereignty

Network sovereignty — the principle that to advance the public interest, a nation needs to exercise effective control over the transportation and communication networks upon which the social/economic life of the nation depends — is simply national sovereignty applied in the domain of network infrastructures. While network sovereignty is a relatively new term, the concept is old. Indeed, public investment in and oversight of national transportation and communication network infrastructure has been central to the Canadian nation-building project from the early nineteenth century. The twin driving motives have been to foster socio-economic development and to knit the disparate communities into a more cohesive whole, especially in the face of forces pulling Canada closer into the US orbit.

An early example is the Rideau Canal, constructed as a protective military measure following the War of 1812. Canada’s most famous network sovereignty initiative was building the transcontinental railway now central to Canada’s founding mythology as The National Dream (Berton 1970). With the emergence of radio communication, the threat of US stations taking over the airwaves galvanized a nationalist grassroots movement in the 1920s. Popular pressure successfully pushed for establishing a nationwide public broadcasting system, based on the premise that the electromagnetic spectrum was public property to be used in the public interest (Raboy 1990).

In keeping with this long history, the Canadian Telecommunications Act of 1993 effectively mandates Canadian internet network sovereignty in its declaration that “telecommunications performs an essential role in the maintenance of Canada’s identity and sovereignty.”⁴ Among the explicit objectives of Canadian telecommunication policy, the act stipulates that the system is “to facilitate the orderly development throughout Canada of a telecommunications system that serves to safeguard, enrich and strengthen the social and economic fabric of Canada and its regions” and “to contribute to the protection of the privacy of persons.”⁵

What would this historical tradition and legislative mandate in favour of network sovereignty look like applied to the emerging internet, the twenty-first-century medium of all media? As this history suggests, it would consist of a public interest policy framework combining technical, financial and legal measures taking account of the dynamic landscape of an increasingly digital society.

Network Sovereignty as Data Localization

The most obvious approach to achieving network sovereignty for the Canadian internet is data “localization” — i.e., keeping data local to its sites of creation and use whenever feasible. The federal government and two provinces have taken modest steps in this direction by demanding personal data collected by public bodies be stored within Canada, but there are not yet similar requirements with internet routing.

Keeping Canadian domestic internet communication within Canadian jurisdiction means developing greater technical capacity to route traffic efficiently through domestic facilities. Public internet exchange points (IXPs) represent the most promising first step toward data routing localization. IXPs enable local networks to reach end users on other networks, without having to buy transit services. This improves performance, reduces transit cost and delay, and can often avoid boomerang routing via the United States and the risks it poses.

The most obvious approach to achieving network sovereignty for the Canadian internet is data localization.

CIRA has taken the lead. It has actively promoted the development of IXPs across Canada, helping to increase the number from just two to 11. As well as improved network reliability and resilience, the significant cost savings mean IXPs can pay back the investment in a remarkably short time.⁶

Providing low-cost, long-haul connections between them would further increase IXP utility and attractiveness while further reducing boomerang routing. In sharp contrast to the nearly $1 billion the federal government has appropriately invested in extending internet services to rural and remote areas since the mid-1990s, no comparable financial commitments have been made to ensure that Canada has a high-capacity, widely accessible internet backbone serving all Canadians who go online.

While there is more to be done in building IXPs and connecting them, a crucial step in achieving the benefits they can offer is for major institutions, especially public bodies such as the Government of Ontario in the example above, to join the IXPs in their regions.

Government purchasing power offers another powerful means to encourage domestic routing. A procurement requirement that contractors providing internet services to public bodies peer at local IXPs would stimulate Canadian internet businesses while repatriating Canadian traffic.

Pursuing a strategy of internet traffic localization has its critics. The most prominent argument is that it promotes “balkanization,” the fragmentation of the internet along national, geographic, commercial, religious or other lines, accompanied by the erection of borders that inhibit the free flow of communication across them (Meinrath 2013). Characterized as a “splinternet,” this is presented as a betrayal of the ideals of a global, open internet free of externally imposed restrictions. Fears become acute when localization is linked to isolation from the wider internet and violation of international human rights norms. But localization by building national infrastructure to keep domestic traffic local is not inherently balkanizing in the negative sense indicated above.

Network Sovereignty as International Connectivity

Concerns about the localization of internet routing stem in part from an overly narrow interpretation of network sovereignty. A vital aspect of sovereignty in democratic societies is the ability to make agreements with other nations on the basis of equality and independence, while respecting privacy, freedom of expression and other internationally recognized rights. Building an open, robust, global internet is an important goal in formulating a national digital strategy as it broadens opportunities for Canadians and enables socio-economic development more generally.

Laying trans-oceanic fibre optic cables that more directly connect Canada internationally, in particular to Europe and Asia, would significantly advance network sovereignty. This would help avoid US transit as well as strengthen the internet globally. Increasing redundancy by creating alternative internet paths also promotes resiliency, making additional routing options available in the case of interference or other forms of blockage when transiting intermediary states.

Building an open, robust, global internet is an important goal in formulating a national digital strategy as it broadens opportunities for Canadians and enables socio-economic development more generally.

Ultimately more important than building particular physical internet infrastructures, by whatever routing, is forging a robust governance regime that ensures every internet user’s rights are well protected. As with governing every other vital global resource, such as the high seas, atmosphere and electromagnetic spectrum, international internet governance requires effective binding rules that enjoy the support of all parties. The internet has reached a similar status as a global commons upon which many facets of contemporary life and our shared future depend. As it is a communicative, expressive medium, the Universal Declaration of Human Rights applies directly. Inherent with such international agreements, especially given the transborder character of the internet, national autonomy is willingly constrained where it contributes to wider mutual benefit.

Those promoting network sovereignty need also to help advance a global internet governance regime that respects these international legal norms. Internet governance is an active and dynamic arena. Especially relevant to the current discussion about the threats that internet surveillance poses for privacy in particular is Necessary and Proportionate: International Principles on the Application of Human Rights to Communications Surveillance, a framework for evaluating whether surveillance laws and practices were consistent with human rights developed by a civil society coalition (Necessary and Proportionate 2014). Among the 13 principles, number nine, transparency, widely recognized as a foundational human rights and democratic governance principle, is especially relevant here. In the case of internet routing, there is a vital public interest in knowing where data travels, what jurisdictions apply and what forms of surveillance it is exposed to.

It is important to note that while localizing domestic traffic within Canada and avoiding US transit in international communications helps address the problems identified above, it does not do so fully, especially in relation to communications privacy. Indeed, it makes more urgent an informed national discussion aimed at resolving the thorny issues around Canada’s own suspicion-less mass surveillance activities conducted by the CSE. While beyond the scope of this essay, protecting Canadian domestic internet communications from mass state surveillance and holding security agencies to democratic account must be a vital element of any national data strategy. The current parliamentary debate over Bill C-59, focusing on national security matters, provides an important opportunity for this national discussion.

Furthermore, for Canada to maintain credibility in international fora around internet governance, it must resolve the tensions between being a member of the Five Eyes security alliance actively spying on the domestic affairs of third-party countries and its more traditional stance of offering a model for others to emulate. Distancing itself from the unfettered global internet surveillance of the NSA and coming clean on it own role in these activities are important steps in the right direction. Given the widespread alarm and disapproval of the current US administration, now is an opportune time to begin.

Conclusion

Strengthening Canada’s digital infrastructure needs to be a cornerstone of any national data strategy. In particular, in the area of internet routing, domestically and internationally, Canadian data is excessively dependent on US infrastructure, bringing exposure to NSA mass surveillance. This poses threats to personal and corporate privacy, economic efficiency, online service quality, critical infrastructure resilience and Canadian sovereignty more generally. Drawing on a long history of investing in transportation and communications networks as vital to its national integrity, Canada should bolster its internet infrastructure with a strategy of network sovereignty, supporting data localization as well as international connectivity. The following policy measures can contribute:

develop and promote the use of public IXPs in Canada;
build up and open access to Canada’s long-haul internet backbone, especially for interconnecting IXPs;
require public bodies to peer openly at local IXPs where feasible;
promote open peering at IXPs in procurement and other policies;
require greater transparency and accountability of Canadian internet carriers in relation to their internetworking practices;
enforce the requirements for transparency and equivalent protection in data exchanges under the Personal Information Protection and Electronic Documents Act, as they apply to internet carriers operating in Canada;
evaluate the privacy risks for Canadians’ data when exposed to US jurisdiction in light of NSA mass surveillance;
require greater transparency and accountability on the part of Canadian security and intelligence; and
reconsider Canada’s role in the Five Eyes security alliance in light of the Snowden revelations and the policies of the current US administration.

Finally, whatever success is achieved in advancing network sovereignty, there will remain a vital public interest in ensuring safe, free, open global internet communication. This will require developing a robust international internet governance regime that meets human rights standards and strengthens democracy. Helping to forge a progressive alliance among contending actors internationally — i.e., building a stronger nation as a leading member of our highly interconnected global community — will be integral to achieving national sovereignty and public interest goals in relation to internet infrastructure.

Author's Note

This essay draws on the IXmaps research project, which is the work of an extensive team that began work in 2009. Currently active members are Colin McCann, Antonio Gamba and Jonathan Obar. The project has been supported by the Social Sciences and Humanities Research Council, the Office of the Privacy Commissioner of Canada and CIRA. We are also grateful to those individuals, largely anonymous, who collectively have contributed over 400,000 traceroutes to the database by installing and running our customized traceroute generation program. See: http://IXmaps.ca.

¹ An extended version of this essay can be found at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3139206.
² Estimates vary between 25 percent (Clement and Obar 2015) and 60 percent (CIRA 2016, 4).
³ See https://ixmaps.ca.
⁴ Telecommunications Act, SC, 1993, c 38, s 7, <http://laws-lois.justice.gc.ca/eng/acts/T-3.4/page-2.html#h-6>.
⁵ Ibid.
⁶ See https://cira.ca/sites/default/files/public/attachments/publications/toward-efficiencies-in-canadian-internet-traffic-exchange.pdf.

Works Cited

Austin, Lisa M., and Daniel Carens-Nedelsky. 2015. “Why Jurisdiction Still Matters.” In Seeing Through the Cloud: National Jurisdiction and Location of Data, Servers, and Networks Still Matter in a Digitally Interconnected World. Report to the Office of the Privacy Commissioner of Canada. http:// ecommoutsourcing .ischool.utoronto.ca/.

Berton, Pierre. 1970. The National Dream. Toronto, ON: McClelland and Stewart.

Blum, Andrew. 2012. Tubes: A Journey to the Center of the Internet. New York, NY: Ecco.

CIRA. 2016. FY 17 – 20 Strategic Plan. https://cira.ca/sites/default/files/public/cira_strategic_plan-fy17-20-en.pdf.

Clement, Andrew. Forthcoming 2018. “Where does the CSE intercept Canadians’ internet communications?” In National Security Intelligence and Surveillance in a Big Data Age, edited by David Lyon and David Murakami Wood. Vancouver, BC: UBC Press.

Clement, Andrew and Jonathan Obar. 2015. “Canadian Internet ‘Boomerang’ Traffic and Mass NSA Surveillance: Responding to Privacy and Network Sovereignty Challenges.” In Law, Privacy and Surveillance in Canada in the Post-Snowden Era, edited by Michael Geist, 13–44. Ottawa, ON: University of Ottawa Press. www.press.uottawa.ca/law-privacy-and-surveillance.

Greenwald, Glenn. 2014. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. New York, NY: Metropolitan Books.

Meinrath, Sascha. 2013. “We Can’t Let the Internet Become Balkanized.” Slate, October 14. www.slate.com/articles/technology/future_tense/2013/10/internet_balkanization_may_be_a_side_effect_of_the_snowden_surveillance.html.

Necessary and Proportionate. 2014. Necessary and Proportionate: International Principles on the Application of Human Rights to Communications Surveillance. May. https://necessaryandproportionate.org/files/2016/03/04/en_principles_2014.pdf.

Norton, William. 2014. The Internet Peering Playbook: Connecting to the Core of the Internet. DrPeering Press.

Raboy, Marc. 1990. Missed Opportunities: The Story of Canada’s Broadcasting Policy. Montreal, QC: McGill-Queen’s University Press.

Woodcock, Bill. 2016. “Results of the 2016 PCH/CIRA Study on Canadian Network Interconnection.” Presented at Canadian ISP Summit, Toronto, ON, November 8.

Woodcock, Bill and Benjamin Edelman. 2012. “Toward Efficiencies in Canadian Internet Traffic Exchange.” CIRA, September 12. https://cira.ca/sites/default/files/public/attachments/publications/toward-efficiencies-in-canadian-internet-traffic-exchange.pdf.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Author

Andrew Clement

Andrew Clement is professor emeritus in the Faculty of Information at the University of Toronto. His research and teaching interests are in the social implications of information/communications technology and human-centred systems development.