Why is Canada reluctant to adopt cloud computing?

Why is Canada reluctant to adopt cloud computing?

Summary: The number of cloud-using university students in Canada are shockingly low in comparison to Europe or the US. Could data protection law and privacy be a reason why?


With many universities and educational institutions opting for an outsourced, external email system usually provided by a major software company, with cheaper costs and less overall maintenance, one could easily assume it to be a wise, money saving move.

But equally, one could ask - as students who actually indirectly benefit from the services - where does our data actually go, and is it safe where it is?

I feel this requires some background; just for sake of adding context to this.

Internal email is where the email server is housed within the university, though usually off-site but very much within the near vicinity and most definitely within the legal boundary of that institution. This can of course work in favour of privacy as it allows that university to be in complete control of any legal issues as its within that host country.

Cloud email (external) can also be useful as it's housed in giant data centers which are invested in highly to maintain up-time, and usually have multiple backups in various other countries. Though this means that the data controls must be in line with that host country - which can often differ from that of the legal system of that university.

So what's the deal, and why is this important? Because it is.

There will be different agreements for different parties involved. The end user, the student, using the cloud email client will have to abide by certain terms and conditions; most of which are not too unreasonable (at least most of the time) and are fairly generic. The provider of the users, the university or college, will have to engage in different and more private agreements and contracts to ensure the stability and reliability of the data exchange, as well as many potentially clandestine propositions.

One can only guess, without seeing such agreements at hand. You can bet your bottom dollar that the providers of such cloud email will not be too willing to give these out.

And now on to the interesting bit

Oh and how interesting it is. Both Google and Microsoft seem to be rather quiet about their cloud efforts in Canada. It's important to note that the following only reflects what the two respective companies want to share, and may not include the final numbers. But what isn't there does shows more than what is.

Microsoft has not published any case studies of its Live@edu users in Canada. This isn't to say that there are no Live@edu users in Canada, but in comparison to the vast number of case studies in the US and the UK, it shows if anything that Microsoft is struggling to find a positive case study from the numbers it has in the country.

Google seems to only have four schools in Canada - all close to the US border - which have enrolled in their cloud email service. From the colour key, it appears that Canada has less than 10,000 students enrolled in the country, which will be a dent in their unreleased and untouchable figures nonetheless.

One could assert that as Manitoba and Quebec has less-strict privacy laws versus British Columbia and Alberta, this could be a reasonable assumption as to the lack of universities adopting to the US-governed cloud.

A former Microsoft "person" who once worked closely with the Live@edu teams told me that they remember:

"...a Canada sales representative telling me that Adoption of hosted e-mail systems has stalled in Canada due to privacy concerns stemming from the US Patriot Act. The problem is that the US Patriot Act gives the US government the right to access virtually any data, at any time, hosted by US companies (Microsoft and Google included) by US companies (again, Microsoft and Google included).

This person also said that:

"This has prompted fear among faculty who believe they may face repercussions for violating the Patriot Act if they were to use a hosted e-mail system. It remains to be proven whether or not faculty are at risk. However, the perception is In light of this, Microsoft is limiting efforts to draw attention to Live@edu until the legal implications can be Live@edu until the legal implications can be resolved.”

Microsoft was unable to give a comment until more specific information was given, and Google has not responded. At least this goes to show at least one of the reasons why the Canadian cloud is so very empty.

Topics: Enterprise Software, CXO, Collaboration, Data Centers, Outsourcing, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The #1 reason

    You already got it: The Patriot Act.

    According to the US government, it doesn't matter where the datacenter is located, so long as ownership belongs to a US company. When Americans criticize China's online actions, I laugh. At least citizens know what's considered "bad", because it's already blocked for them. The US government's goal is the same, except they'd rather catch you in the act under a false sense of privacy.

    The #2 reason: general terms of data privacy, of which Google falls flat on their face.

    Google is an ad company. Monetizing data is what they do. Microsofts holds a lot more trust among organizations than Google because of this fact.
    • RE: Why is Canada reluctant to adopt cloud computing?

      @Joe_Raby Oh I know. I'm just teasing the PR firms with the "nativity" and the "tip of the iceberg" sensation :) This is me just having fun with the beginning of a long campaign to highlight how far US law infringes upon student data rights.
      • "US Law Infringes upon student data rights"?

        @zwhittaker Well, you could argue that.

        However you could also argue that the universities themselves are the biggest source of infringement. The fact of the matter is that in the US academia, the federal government, and state government are the triumvirate of data leakage. This isn't a matter of policy but of boneheaded decisions, poor data practices, foolishness and folly.

        If you keep your eye on the news you can't help seeing the examples. Things like people transferring portions of databases to personally owned laptops and flash drives that don't have even the most basic precautions (let alone strong encryption) - then having those devices lost or stolen. Or, just to show it isn't just electronic leaks, take a look at this: http://www.9news.com/news/investigative/fraud_squad/article.aspx?storyid=82418&catid=476 To summarize it though, a Colorado State government employee was taking a stack of paper files home in the trunk of his car but decided to stop at a shopping mall - where the car was stolen. The files ended up with a known identity theft ring.

        How about this one: http://thehill.com/blogs/hillicon-valley/technology/97817-va-loses-another-laptop-with-veterans-personal-information Here the Veteran's Administration has lost a laptop with private data on veterans. It was NOT encrypted. The article above is from 5/13/2010. Does the story sound familiar? ist should because the title of the story contains "VA loses ANOTHER...". Yup, that's right, there was a big news story about five years ago(???) about the VA losing a laptop...and they have learned NOTHING! They are still letting people walk out with private data on unencrypted laptops. I'm a veteran so this kind of ticks me off.

        The academic world is full of similar examples as is state government. So I think we have less to worry about from the Patriot Act than we do from pure incompetence.
      • Another thought on the Patriot Act

        @zwhittaker Isn't this the perfect opportunity for an upstart Canadian company to corner the Canadian market? They could put in their advertising how they are fully owned and operated by Canadians and located in Canada and thus immune to US law.
  • Power failures.

    It's actually quite simple: Winter weather conditions make power failures much more common and last much longer in Canada than in Silicon Valley. A blizzard may mean you're on your own for days - it's just you and your generator. The ability for a machine to remain useful even while network connectivity is unavailable is a far greater priority in Canada.

    Well, that patriot act thing may also be a valid point. But I think most users are probably more likely to not use it for more practical reasons. It really does suck when you have no internet connection and you're using cloud based services.
    • RE: Why is Canada reluctant to adopt cloud computing?

      I guess we have such unreliable power and Internet because all our igloos melt each July 1 and we are all homeless until the 50 feet of snow falls on Sept. 1 and we can rebuild everything.

      As a Canadian, I am insulted. As a North American, I am embarrassed by such ignorance.

      Canada's entire infrastructure, south of the Arctic Circle, is every bit as reliable as any in the U.S.
      Gee Whiz!
      • RE: Why is Canada reluctant to adopt cloud computing?

        @anothercanuck Spent some time in Canada, and spent most of my life in MN, a state that borders Canada. Didn't seem that reliable to me.
      • RE: Why is Canada reluctant to adopt cloud computing?


        At least we have better 3G coverage. iPhone on all 3 national carriers, and they cover 90% of the population - with *3G* service too, not just with 2G, like AT&T.

        ....too bad it costs too much though. :(
  • RE: Why is Canada reluctant to adopt cloud computing?

    Because they're intelligent?
    • RE: Why is Canada reluctant to adopt cloud computing?


      because they does not trust in their neighbor.
      • RE: Why is Canada reluctant to adopt cloud computing?

        Correction - because the neighbor (neighbour for us) doesn't trust anyone including its own citizens/corporations. Hence the Patriot Act.
      • Why Would We?

        Seriously though, our Privacy Commissioner recommends that no Canadian submit any personal information that may be processed in the US because of the Patriot Act. Any entity collecting data that is processed in the US must also get consent to do so. I don't think it would be legally feasible for most schools to involve themselves with these services.
  • My feelings about the cloud

    I think nature shows optimal designs in just about everything. Vital organs are packed closer to the centers of our bodies. Our less vital organs (our arms, legs, hands, and feet) are farther away. The same is true for plants, where the most vital organs of plants are found closer to their main sections, and their least important organs are found much farther away. Cities are built the same way, etc. That is just one of the reasons why I don't trust over dependence on clouds. Placing vital organizational systems thousands of miles away, strikes me as being of poor design. Now it is true that a public cloud may act reliably for a while; but history has shown us that over time, individual?s' and organizations' interests often fluctuate in and out of synch with our own, and that we are better off attending to our vital interests ourselves over the course of time.

    Now it is true that we all rely on utilities - but most of us only do so because we don't have a choice, or because overall, it is better to rely on outside help for relatively simple services. E.g. companies and individuals rely on IT, legal, and medical consulting services in lieu of the fact that they simply don't have the resources to do so themselves. We rely on power, water, and sewer services which are relatively simple, because it would be too much of a hassle and too distracting to handle these things ourselves. I think the questions therefore for companies are, what IT services are vital to them, and which ones aren't? I believe vital services that are fairly to very complex, that the company relies on day to day, should be maintained within the company. All other stuff can be optionally outsourced. Further, I believe private clouds allow companies to skew borderline outsource tasks such as email, back towards on premise systems.

    Now I think MS is a cool company and everything, but I think it is overreaching with its cloud efforts, by trying to convince companies to house much of their IT operations in its data centers. I think this is fraught with security and privacy issues. It is a timeless security protocol, that you mitigate risk by dispersing vital assets in as many places as possible. MS seeks to directly go against this, by moving vital corporate assets, into as few places as possible. If MS does this, it will effectively place a gigantic bulls eye on its data centers (and its clients' data), drawing the attention of just about every hacker and terrorist on a scale that's unheard of. With a bounty, the size these guys have never seen before, MS runs the danger of being the largest magnet for some of the most sophisticated, organized hackers and terrorists ever seen. As for the matter of privacy: I believe privacy is a vital issue, which cannot easily be outsourced. When you outsource your power supply, and it goes down, recovering from it is not so bad. However if you outsource your private data and it gets released into the wild, it cannot be unreleased, and the ramifications of the snafu can be significant.
    P. Douglas
    • On the right track . . .

      @P. Douglas <br><br>You're on the right track.<br><br>A major principle of hardware design is called "locality." That's why computers have a bunch of caches in various parts of the hardware, and why there's a hierarchy of registers / cache / memory on the system.<br><br>The further out you place a resource a device needs to access, the longer it's gonna take to get the resource, and the less responsive the device will become.<br><br>. . . and quite conveniently the "cloud" people will totally ignore latency and do their best to convince you it's really about bandwidth.<br><br>Sorry, even light can only travel so fast on a large worldwide scale. All of the bandwidth in the world isn't gonna make your device snappier if you're having latency issues.
      • See your point but....

        @CobraA1 You seem to be implying that it's physical distance that matters? I agree that's the case. Sure, latency is an issue, but it would have more to do with the number of hops in between you and the resource and also how busy the resource is than it would with distance.

        For example if the service provider is under-provisioned and over-sold on a particular resource (which they have an incentive to do) you get a slow response even if you have a huge network pipe.
      • RE: Why is Canada reluctant to adopt cloud computing?


        "@CobraA1 You seem to be implying that it's physical distance that matters?"

        It's a bounding factor. No matter how well built a network is, the signal will always be delayed by some fraction of a second if the destination is a considerable distance from the source.

        Yes, other factors can be far greater than the minimum possible latency - but that only drives home my point further. Large, planet-scale networks have large latencies.

        "you get a slow response even if you have a huge network pipe."

        What I'm saying is that, no matter how large the pipe is, you can still get a delay due to the length of the pipe.

        Even with a huge network pipe far larger than what you need, you can still get a slow response due to distance!
  • I was one of the few trying out live@edu at my university

    I "beta tested" live@edu @ my university and this is the same exact thing that we get from any standard live account

    I personally couldn't recommend the school going for it when we already have a perfectly capable exchange solution in place...

    it's more trouble than anything else to check your mail (my personnal hotmail account is by default on my browser, have to log to another account hotmail account each time to read my university mail? no thanks !)

    I don't think data privacy was a big concern, but it's more about what advantage does it give us ? We already have trained staff, servers and data centers on site (with people in a union that can't be laid off, gotta love these contracts!)
    • RE: Why is Canada reluctant to adopt cloud computing?

      @tryonQc I agree, but only if the school is a non-US school where such laws like the Patriot Act don't apply. In house servers do come with risk and cost, but surely the privacy and data protection from government (not mutually exclusive to political party) is a greater need to protect the funding from international students - which reaps the greater cost - from families of "high risk" suspicion, such as those of Middle Eastern descent.

      These laws and acts are almost designed to be able to enact ethnic profiling of those which those governments deem to be unfriendly, and search them as and when they wish. Just think: take the Iraqi population, how many of the entire population would be linked to terrorism? Actually a very, very very small minority yet their nationality automatically opens them up to suspicion from the government.

      I totally agree with your points - but I think data privacy SHOULD be a big concern, though the dimensions of it are so far reaching and complicated, most non-tech people just switch off at the first thought of it.
      • data privacy

        @zwhittaker <br><br>I think a lot of students should be taught about legal issues of storing data in the cloud before they're forced to make a decision on storing documents there. Why is data privacy for cloud computing not made into a message that's as clear as: how to protect your home computer from viruses, hackers, or the importance of automatic security updates for your software?<br><br>Also, there are some organizations that won't trust their data to be hosted on a 3rd-party server, ever. Sometimes it's regulated or professional services, like legal and accounting offices (I know of several that have policies against even wireless network access). Sometimes it's just neurotic business owners that think it's safer in their own hands, and you know what? <b>THAT'S OK!</b> Don't automatically trust a hosting provider. Ask questions about their policies. Get them in writing. What kind of IP protection do they provide in the event of a catastrophic security flaw?<br><br>Also, there are many organizations that just don't have reliable internet connections. That happens. Not every business or school has a 100Gbe pipe with a 99.9% uptime service level agreement (SLA) with downtime compensation included. Cloud computing doesn't always work because of internet reliability issues. It might sound like a quick fix, but it isn't. Any solution provider that automatically suggests that firms should rip out their on-premise infrastructure and instantly move their data to the cloud should have their head examined. Likewise, it's only one option out there and it doesn't fit every customer. Sometimes on-premise is the right way to do it. Also, cloud computing is rarely cheaper than on-premise, and it certainly has a lot of limitations. Users have to do their homework.<br><br>We're on the cusp of <b>potential</b> changes in computing paradigms, but it's too early to tell if it's just a slow-moving fad, or something that will actually stick. If you want to talk about making infrastructure changes, start a petition for super-reliable, available-everywhere, mega-fast broadband internet access. <br><br>....and then let's talk about moving day-to-day computing to the cloud.
      • RE: Why is Canada reluctant to adopt cloud computing?


        Actually the Patriot Act is directly applicable to any Canadian institution or agency which is government funded, which includes our universities. In direct response to the overarching reach of the Patriot Act is it illegal for any gov't funded organization in Canada to store personal information or data with any company that has a US footprint and is therefore bound by the Patriot Act. Hence, little adoption of "cloud" infrastructures.

        Honestly "cloud" computing is just the latest in a long long line of computing buzzwords and catch-phrases that people try to build momentum around. Like all fad's it'll pass soon enough and the next Next Big Thing (tm) will come along to replace it without anyone really noticing.