What? We’re trying to buy Sopwith Camels and we don’t want anyone to know.
Two government agencies have been meeting with Microsoft Inc. to discuss ways to store secret Canadian data on American servers, a measure expressly forbidden by federal policy.
Microsoft’s talks this year with Shared Services Canada and the Communications Security Establishment reviewed whether sensitive data about Canadians and other confidential matters could be securely encrypted on American “cloud” services.
A May 2017 memo to the chief operating officer of Shared Services Canada (SSC) says the discussions examined in part how to protect Canada’s sovereignty by insulating the data from legal demands under the USA Patriot Act, which forces firms to turn over confidential information to American law enforcement if demanded.
“This memorandum is to provide you with an update on the feasibility of Microsoft – or any other cloud vendor – to hold Government of Canada encrypted data in such a manner that Shared Services Canada holds and owns the decryption keys and is able to access the data while the vendor is not able to access to the data,” says the memo.
A copy of the heavily censored document was obtained by CBC News under the Access to Information Act.
A spokesperson for Shared Services Canada, Monika Mazur, did not respond directly when asked whether the IT agency was still considering foreign cloud services for sensitive government data, but referred to a federal document that forbids it.