The National Security Implications of Foreign Ownership in Canadian Telecommunications
Rogers Communications' Controversial Asset Sales Raise National Security Concerns
In a move that has sparked significant debate across Canada's political and security landscape, Rogers Communications is reportedly preparing to sell off telecommunications infrastructure that was previously restricted to Canadian ownership. This potential shift represents a dramatic departure from Canada's historically protective stance on critical communications infrastructure, where foreign ownership has been strictly limited to protect national interests.
Traditionally, Canadian regulations have capped foreign investment at 20% direct ownership of telecommunications companies and 33.3% indirect ownership through holding companies. These restrictions were designed specifically to ensure that control of critical infrastructure remained firmly in Canadian hands—a policy position that has long been justified on the grounds of national security and sovereignty.
The Growing Global Surveillance Landscape
The timing of these potential asset sales is particularly concerning given the recent revelations about sophisticated spyware operations affecting both government and private entities worldwide. The documents obtained for this article highlight several concerning incidents that underscore the risks of weakening national control over telecommunications infrastructure.
In recent months, University of Toronto's Citizen Lab uncovered evidence that Ontario's provincial police force has been using military-grade spyware developed by Israeli firm Paragon Solutions. This spyware, known as Graphite, has been linked to surveillance of journalists and civil society members across multiple countries, including Italy, where officials temporarily suspended its use following public outcry.
Citizen Lab researchers also discovered a vulnerability in WhatsApp that allowed the Paragon spyware to infiltrate devices through malicious PDF files sent in group chats, requiring no user interaction. This exploit affected approximately 90 individuals across 24 countries before WhatsApp detected and neutralized it in December 2024.
These revelations come just three years after Canada's national police force, the Royal Canadian Mounted Police (RCMP), admitted to using spyware to infiltrate mobile devices. The RCMP claimed they only employed such tools in serious cases after other surveillance methods had failed, but privacy advocates questioned these justifications.
Foreign Infrastructure Ownership: A Global Perspective
The question of foreign ownership in telecommunications varies significantly around the world:
The United States allows foreign ownership but subjects significant investments to review by the Committee on Foreign Investment (CFIUS) and requires Federal Communications Commission licensing.
European Union countries generally permit foreign ownership but are increasingly implementing national security screenings.
Australia allows foreign investment subject to review by their Foreign Investment Review Board.
China considers telecommunications a strategic sector and strictly limits foreign ownership.
Canada's traditional restrictions have placed it among the more cautious nations regarding foreign control of telecommunications infrastructure. The potential relaxation of these rules would represent a significant shift in policy.
Corporate Espionage Concerns
Beyond government surveillance, corporate espionage represents another significant risk associated with telecommunications security. A recent high-profile case between HR software startups Rippling and Deel illustrates how vulnerable corporate data can be. Rippling filed a lawsuit claiming that Deel "cultivated a spy" who accessed confidential information about customers, sales strategies, and competitive intelligence.
This case highlights how telecommunications and data infrastructure can be exploited not just by governments but also by corporate competitors seeking advantage. In an era where economic and national security are increasingly intertwined, these vulnerabilities take on greater significance.
SOC2 Compliance: A Protective Framework
For companies concerned about protecting their data in this environment, SOC2 (Service Organization Control 2) compliance offers a robust framework. Developed by the American Institute of CPAs (AICPA), SOC2 provides standards for managing customer data based on five "trust service principles":
Security: Protection against unauthorized access
Availability: System availability for operation and use
Processing integrity: System processing is complete, accurate, timely, and authorized
Confidentiality: Information designated as confidential is protected
Privacy: Personal information is collected, used, retained, and disclosed in conformity with privacy commitments
Organizations that implement SOC2 undergo rigorous audits to verify their compliance with these principles. For telecommunications companies and their enterprise clients, SOC2 certification demonstrates commitment to protecting sensitive data regardless of infrastructure ownership.
Canada's Foreign Investment Review Process
Canada currently employs the Investment Canada Act (ICA) as its primary mechanism for reviewing foreign investments. Under this framework, two key organizations are responsible for vetting foreign investors:
Innovation, Science and Economic Development Canada (ISED) - Reviews investments for their "net benefit" to Canada, considering economic factors such as job creation, technology transfer, and market competition.
The Canadian Security Intelligence Service (CSIS) - Conducts national security reviews, specifically examining potential threats to Canada's security interests.
For telecommunications specifically, investments are also subject to review by the Canadian Radio-television and Telecommunications Commission (CRTC) and may require approval from the Minister of Innovation, Science and Industry.
Despite these measures, experts have expressed concerns about the depth and effectiveness of Canada's vetting processes. The reviews often focus on immediate ownership structures rather than investigating the complex web of entities that may exert influence over the investing company.
The Challenge of Corporate Opacity and Money Laundering
One of the most significant challenges in vetting foreign investments is navigating through deliberately complex corporate structures designed to obscure ultimate beneficial ownership. These structures commonly involve:
Shell companies - Entities with no active business operations that serve primarily as vehicles for financial transactions
Multi-jurisdictional layering - Ownership structures that span multiple countries, especially those with minimal transparency requirements
Nominee directors - Individuals who serve as the face of a company while the actual controlling interests remain hidden
The "Panama Papers" and similar leaks have revealed how sophisticated these structures can become, with some beneficial ownership chains extending through five or more jurisdictions including Panama, the British Virgin Islands, Singapore, Dubai, and Luxembourg.
Domestic Money Laundering: A Troubling Precedent
Canada's challenges with foreign investment vetting are further complicated by persistent issues with money laundering within its own financial system. Major Canadian financial institutions, including TD Bank, have faced scrutiny over their anti-money laundering controls. In recent years, TD Bank has been subject to regulatory investigations regarding potentially inadequate money laundering detection systems, highlighting vulnerabilities even in Canada's most established financial institutions.
This raises a critical question: If Canadian authorities struggle to control money laundering through domestic banking giants with substantial regulatory oversight, how can they effectively vet complex foreign investment structures that span multiple jurisdictions with varying levels of transparency?
The scale of this challenge is staggering. A 2020 report from the Criminal Intelligence Service Canada estimated that between $45 billion and $113 billion is laundered through the Canadian economy annually, with a significant portion flowing through legitimate financial institutions despite existing controls.
The Telecom Security Dimension
In the telecommunications sector, where infrastructure could potentially be leveraged for surveillance or disruption, these opacity challenges present significant security concerns. A company appearing to be based in a friendly nation might, through layers of ownership, be controlled by entities affiliated with foreign governments or organizations with hostile intent.
Canadian intelligence agencies face substantial difficulties in penetrating these structures, particularly when they involve jurisdictions with strong corporate secrecy laws. Even with robust due diligence processes, ultimate beneficial ownership can remain obscured, creating blind spots in security reviews.
The question becomes not just how deeply to investigate potential foreign investors, but whether such investigations can ever be truly comprehensive given the sophistication of modern financial obscurement techniques. Some security experts suggest that effective vetting may require tracking ownership chains through at least five levels of corporate structure and across multiple jurisdictions—a resource-intensive process that current regulatory frameworks may not be equipped to handle.
The Path Forward: Balancing Investment and Security
As Canada considers potentially loosening restrictions on foreign ownership of telecommunications infrastructure, policymakers face difficult questions about balancing economic investment with national security concerns.
Key considerations include:
Implementing more robust security review processes for foreign investments, including deeper investigation of ultimate beneficial ownership
Requiring transparency about surveillance capabilities built into infrastructure
Strengthening privacy laws to protect individuals and organizations
Promoting adoption of security frameworks like SOC2
Ensuring intelligence and law enforcement agencies have appropriate oversight when conducting surveillance
Establishing ongoing monitoring mechanisms rather than one-time approval processes
The decisions made in the coming months will have long-lasting implications for Canada's telecommunications landscape, national security posture, and the privacy of its citizens. As Ron Deibert, director of Citizen Lab, noted regarding surveillance technologies: "Only the government can take away your freedom... That's why there should be a higher threshold for public accountability and transparency when these tools are used by state agencies."
However, this view requires updating for the modern era. While governments have traditionally held unique powers of coercion, today's technology empires wield unprecedented influence over individual freedoms and societal choices. Tech corporations control the digital infrastructure that mediates our communication, information access, financial transactions, and increasingly, our physical movements. Through algorithmic control, data harvesting, and platform governance decisions, these companies can effectively restrict speech, shape public discourse, influence economic opportunities, and determine which services and information citizens can access.
When telecommunications infrastructure ownership shifts to foreign entities—whether governmental or corporate—the power to monitor, filter, and potentially manipulate communications flows to millions of Canadians transfers with it. This represents not just a traditional national security concern, but a profound question of democratic sovereignty in the digital age.
The safeguards needed must therefore address both governmental and corporate power, ensuring transparency and accountability regardless of which entity controls the infrastructure that increasingly defines our fundamental freedoms.