Feeds

Canucks' ISPs routing data through snoop heaven USA

Does your ISP use a 'Boomerang route' to fling data into the NSA's lap?

Choosing a cloud hosting partner with confidence

A University of Toronto-led transparency project has criticised Canada's ISPs for unnecessarily routing user traffic via the US, even when both the origin and destination of the traffic is within Canada.

In a study that mirrors, in part, European concerns about why traffic should traverse the US when it doesn't need to, the Canadian transparency study blames an unwillingness to peer for sending traffic into the reach of the NSA.

The university's Andrew Clement and Jonathan Obar have put together the report along with an interactive map, in which they rate Canadian ISPs on various transparency characteristics. The ratings, the report says, are based on how easily users can find information including an ISP's compliance with data privacy legislation, how they report data access requests, how well they define personal information, information about where user data is stored.

Against the ten criteria used in the assessment, nobody scored highly: the best was Teksavvy, scoring just 3.5 stars out of a possible ten, followed by Primus on three stars.

None of the carriers tested provide transparency reporting, and the researchers say none of the 20 carriers they examined are in full compliance with Canada's PIPEDA (Personal Information Protection and Electronic Documents Act) privacy law.

About routing, the report states: “Fewer than half (8/20) of the ISP privacy policies refer to the location and jurisdiction for the information they store. Only one (Hurricane) gives an indication of where it routes customer data and none make explicit that they may route data via the US where it is subject to NSA surveillance”.

“Boomerang” routing – where data leaves Canada, traverses US networks (who might choose to ignore PIPEDA) and returns to Canada – accounts for as much as 25 per cent of traffic, the report states. The report claims that traffic traversing the US is “almost certainly subject to NSA surveillance”.

The key reason, of course, is peering, a discussion that will resonate with smaller ISPs around the world. If an ISP is unable to peer its traffic within Canada's TorIX (Toronto Internet Exchange) or OttIX (Ottowa), it may need to send data upstream through its transit provider to reach its destination.

The project's maps can be viewed here. The full 61-page PDF report is here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.