Skip to main content
 

Auditor's report on CIRA Canadian Shield 

CIRA retained Deloitte LLP to provide an auditors report on our privacy processes that delivered the following conclusion:

"In our opinion, management’s assertion that the CIRA Canadian Shield service is suitably designed to support the achievement of CIRA’s privacy commitments."


What is DNS privacy?

Your DNS activity is a record of everything you do online. While there are services, like CIRA Canadian Shield, that can help make your DNS activity more private, the fact is someone has to know your DNS activity or you would never get where you need to go online.

In order for the internet to work, a one-to-one connection has to be made between your computer and the content you are accessing which requires information sharing. Choosing your DNS provider lets you choose who you are sharing your data with, and CIRA Canadian Shield offers both that critical DNS lookup function and powerful cybersecurity.  

CIRA also believes that your DNS privacy is important and we take steps to help you keep it.

How does CIRA protect your privacy?

What Comment/benefit
Servers are located only in Canada.
  • Data at rest is not available for foreign actors to access through discovery or other processes not-based in Canadian law.
  • Maximizes the opportunity for your query to stay in Canada while in transit and not "boomerang" through foreign servers. A significant portion of internet traffic in Canada flows through foreign jurisdictions and CIRA works hard to help support a stronger and more robust network here at home. 
Data is stored in secure systems with tight and well-documented access controls. 
  • You won't find us in the media with hundreds of employees and suppliers getting password credentials hacked. As the stewards of the .CA domain name registry, CIRA runs critical infrastructure and is ISO certified for our practices. We employ data control processes that you simply will not find in most organizations. 
When in use, the service is only accessing the exact data that is needed to deliver a DNS response.
  • Our service blocks malware blocking and protects your privacy; we don't need to know who your FB friends are. We are a non-profit and our goal is to build a trusted internet for all Canadians. 
IP addresses related to DNS queries are only stored for a maximum of 24 hours and then deleted.
  • The only personally identifiable information (PII) we keep is your IP address, which we delete after 24 hours. This is done to mitigate the risk from those who may attempt to damage the network via a DDoS attack or other means. Storing data for the shortest possible time is the most cost-efficient way to mitigate this risk. This service is not supported through any kind of government grants and we have no plans to monetize your data in any other way. The 24-hour storage limit was determined to be the best option that would enable us to focus our resources on delivering a faster, more resilient and more secure service.
After 24 hours only aggregated anonymous block data is retained.
  • This aggregated anonymous block data helps us improve the service, plan new infrastructure deployment and improve the quality of the threat feed for everyone using the platform. We aren't storing DNS lookups, the volume is so large it would be costly, inefficient and deliver nothing of value to our users.
In the case of malicious or anomalous activity, we retain the right to store information for longer.  
  • If we get hacked or attempted malicious activity, we need to figure out who and why. Please don't try and hack the system. It ruins it for everyone.
Threat data is shared with specific organizations.
  • Domain data and the number of blocks (no IP addresses) are shared with feed providers to help them improve their lists. To be honest, our threat feed providers have expressly asked us never to share your personal information with them. They don't want it as it complicates things and we like to keep things simple (and private).  
CIRA shares anonymized aggregate statistics. 
  • We not only work with Canadian and global partners to help improve internet security, but we also would like to share reports and data with Canadians to keep everyone safe.