Private Internet Access is aware of Canada’s proposed cyber security law but says it has not been consulted by or with the government about it and believe there could be unintended consequences for freedom, privacy and security of Canadians online.
The proposed cyber security legislation [Bill C-26] “raises serious concerns” around digital freedom, privacy and security, said a spokes person for Private Internet Access.
There has been mixed opinions about the proposed legislation, some good and some critical. Many supporters of the bill have also called into question concerns of undefined terms and phrases and vague wording which leaves it too broad for interpritation.
Private Internet Access (PIA), a Virtual Private Network (VPN) service provider shares some of the same concerns when it comes to the freedom, security and privacy for online users in Canada.
In an email statement a spokesperson for Private Internet Access said “The Canadian government should work towards safeguarding the nation’s cybersecurity without impinging on the privacy and digital freedom of its citizens.”
Private Internet Access (PIA) said it’s concerned over increasingly intrusive government legislation that threatens freedom, privacy. PIA highlighted a data security issues when it comes to the sharing of data across several government ministries, foreign governments and NGO’s.
“The proposed legislation raises serious concerns around digital freedom and privacy; not to mention the data security risks that could be created as a result of the data collection and sharing mechanisms used. Given the nature of the legislation and the impact it could have, more detail is required on both the restrictions themselves and how the government would implement them. The Canadian government should work towards safeguarding the nation’s cybersecurity without impinging on the privacy and digital freedom of its citizens.” the spokes person said.
BC Rise reported last month with Bill C-26 “The government will gain sweeping powers for collecting and sharing data including confidential information with other government of Canada Ministries and “any other prescribed person or entity” domestic and foreign whether it be a Non Government Organization, foreign state government or individual.”
Private Internet Access told BC Rise it will stay committed to continuing to provide a great level of service to its customers in Canada by providing secure encryption and maintaining a strict no logs policy.
“Private Internet Access is a long-time advocate of greater digital privacy and freedom, and protecting people from increasingly intrusive digital regulations and legislation is incredibly important to us. We have VPN servers in 84 countries across the world, a strict no logs policy, and a secure encryption service that protects our customers’ personal information and data from prying eyes. We are committed to continue to provide our customers in Canada and around the world with a superior level of digital privacy and online freedom.”
In December 2022 the government of Canada introduce Bill C-26, which is a long awaited cybersecurity law.
Bill C-26 is the is described as “An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts”
It’s currently being debated in the House of Commons. The second reading will be on March 6, 2023. You can view the status and full text of the Bill here.
How strict is the no log policy with Private Internet Access (PIA)? The whole service runs on RAM-only servers which doesn’t retain any information of their customers online activity which has been tested and proven in court to protect its customers rights.
A Ram-only server means all information is deleted when a connection session is terminated or the server is rebooted or powered off.
“PIA was founded on a message of “Your Privacy Is Our Policy”, and we are committed to maintaining the privacy and online freedom of all our customers. We do not collect or store browsing history, connected content, user IPs, connection time stamps, bandwidth logs or DNS queries. We collect and retain zero user logs. We designed our network architecture specifically to prevent data retention and our service runs on RAM-only servers. This means we cannot store any personal user data, and so we can’t be compelled to share information on our users that we don’t have. This has twice been confirmed in court. In both cases, PIA was proven not to have any activity logs to even be able to share, and so no logs were provided. Our no logs policy would not change regardless of legislation brought in by the Canadian government.
“Our no logs policy was independently audited last year by Deloitte and found that we store no logs and no details that could be used to identify our users or pinpoint their activities.” [NOTE: You can read the full report here: https://www.privateinternetaccess.com/blog/privacy-audit/]