[a-priori]

You can't. Most data transmitted between cities in Canada goes through the US.

The only mitigation is to make sure you encrypt everything in transit and ensure that the private keys never leave Canada.

[toomuchtodo]

And please please please make sure your server is configured to support Perfect Forward Secrecy.

https://www.ssllabs.com/projects/best-practices/

[luhn]

A good source for the recommended SSL configuration for Apache, nginx, et al.: https://mozilla.github.io/server-side-tls/ssl-config-generat...