There are numerous, not-so-obvious ways that the nebulous net can unexpectedly cross borders and become subject to the whims of foreign agencies.
One example was Lakehead University in Thunder Bay, Ontario, who in a cost-savings measures, decided to take advantage of GoogleApps. This caused a strike by academic professionals when they realized their emails, documents, etc. would be entirely open to Homeland Security. (AFAIK, CSIS is not so empowered; not so sure about the CSE (Communications Security Establishment Canada). I believe this continues to be the case until an "all-in-Canada solution" is developed, but with faculty, staff and students working within the limits of a list of cautions. Then there's Facebook and analogues... John Baxter Edmonton (My own opinions, not necessarily those of my employer.) -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Rick Fochtman Sent: Tuesday, June 16, 2009 7:39 PM To: [email protected] Subject: Re: Where should processing be done was Re: IBM Software Secure Support via USA Citizens ------------------------------------------------<snip - Go to bottom>---------------------------------------------------- Clark Morris wrote: >On 16 Jun 2009 16:31:00 -0700, in bit.listserv.ibm-main you wrote: > > > >>>As a US citizen living in Canada, I would strongly urge Canadian companies not doing business in the US to also not keep any personal data on US computers because of Patriot Act implications. >>> >>> >>Even if they're doing business in the US, I would strongly recommend keeping Canadian data in Canada. >> >> >>A couple of years ago, George W got the clearing houses in Belgium (I believe) to cough up information from any/all members of that international consortium. >> >>While security for the US is important to the US, it does not give them the right to trump another country's security. >> >>Another example is that the US now requires all the security information of any flight to/from/within Canada to be supplied to them, if the flight path happens to cross over any US air-space. >> >> > >I agree with you on the latter and hope Canada reciprocates the >request for information. Where this discussion is relevant is in the >provision of service and policies each of us might consider advising >our employers about implications. When I am contracting on the >applications side, much of the time in order to do my job I need to >have access to confidential information to verify that the requested >change/fix/enhancement works and that data is properly validated. >Control of who has access to what is a very interesting challenge. The >laws surrounding the protections on the data and on outside >contractors use/misuse of it are interesting. Of course an >organization may not want to hear about concerns. I know it was >interesting addressing security issues at one shop (a situation that >has changed since I left). > >The main reason that this topic may be off topic is that most of us >are (or in my case were since I am retired with a willingness to take >contracts) not in a position to effectively raise this type of issue. > > >>As a Canadian, I find this a little hard to swallow. >> >>This is the last I'll say (publicly) on this issue, since it has drifted off-topic. >>- >>Too busy driving to stop for gas! >> >> -------------------------------------------------<unsnip>--------------- -------------------------- There's a very fine line between security and paranoia; when do we decide that it's been crossed? Seriously. What constitutes a "Security Measure", as opposed to a disturbing invasion of privacy? When does my aftershave, properly packaged in the original container, become a potential "liquid explosive"? Or the bottle of water that I'm drinking? When does my shotgun cease to be a valid bird-hunting gun and become a "terrorist weapon"? My point is this: we need to think, realistically, about what constitutes a threat and how do we defend against that threat. I'm sure that we can all develope serious threats in our own minds, and some may be very real. But let's evaluate threat possibilities with a couple of pounds of realistic thinking. Between reality and dollar signs, most management teams are capable of learning. It's up to us, as realists and technicians, to help management learn the realities. Slowly but surely, we have to wean them away from the "Airline Magazines" that so many seem to be enamored of, and help them see a bit of the real world. Reality can be a real "BITCH"; but it's still reality!!!!! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html The information transmitted is intended only for the addressee and may contain confidential, proprietary and/or privileged material. Any unauthorized review, distribution or other use of or the taking of any action in reliance upon this information is prohibited. If you receive this in error, please contact the sender and delete or destroy this message and any copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
