No, There Hasn't Been A Big Shift Away From US Datacenters... Yet
from the give-it-time dept
We've been pointing out that the various disclosures about NSA surveillance, and its ability to tap into various servers associated with US companies, should be very troubling to the US tech industry, because it will make it harder and harder to do business -- especially with those outside of the US. Of course, some are claiming that this will all blow over, and while people will make noise about it, they won't actually go anywhere else. And, of course, the latest Netcraft data suggests that there's been little movement so far:Despite speculation that the recent PRISM revelations would result in a mass exodus from American data centers and web hosting companies, Netcraft has not yet seen any evidence of this. Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies. Contrary to some people's expectations, 47 sites moved to the US, which actually resulted in a net migration to the US.Of course, I think it's way too early to conclude much about this at this point for a variety of reasons. First, we're still learning about the extent of the surveillance, and some of the more damning revelations have really only just started to trickle out. Second, moving your hosting services is not generally something you just do overnight. It can take quite a bit of time. Third -- and this is a big one -- I'd argue the bigger concern is less about companies moving, but that the next generation of users will never agree to use US servers. And, finally (and perhaps most importantly), prior to these revelations, the market for more private and secure hosting and communications was fairly limited. Some have pointed out that even for those who wish to leave US services, it's not clear where to go.
This trend is also reflected by the entire web server survey, where a net sum of 270 thousand sites moved to the US from other countries (in total, 3.9 million sites moved to the US, while 3.6 million moved from the US). Germany was the most popular departure country, with nearly 1.2 million sites moving from German hosting companies. This was followed by Canada, where 803 thousand sites hopped across the border to the US.
But I am expecting that's going to change. One thing that these revelations have made clear is that current solutions are not as secure or private as people expected and that this is an issue that many, many people and companies are concerned about. As such, it seems quite likely that there will be investment and entrepreneurship focused on these areas over the next few years -- and I fully expect that a number of more secure and private solutions, who actively promote themselves on these features, will hit the market.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cloud computing, datacenters, impact, nsa, nsa surveillance, prism, privacy, us
Reader Comments
Subscribe: RSS
View by: Time | Thread
Moving Won't Help Legally
Anyway...
There is little motivation beyond rhetoric for companies to move their servers offshore, because it doesn't really relieve them of much legal liability, especially if they or their companies are still based in the US. Switching a server to North Korea or wherever won't mitigate your legal liability in the US, plain and simple.
Also, it's clear that governments all over the world are moving in on the internet and are no longer allowing the most lax set of rules in the world to determine the rules under which a service is offered. If you are offering or selling a service to Americans, you may (and likely will be) subject to American law. It's no different from EU countries wanting their VAT style taxes charged, they see what is going on.
So the only real way to a US company to avoid US liability is to move themselves AND their servers offshore, and to stop offering service in the US. Since the US is one the largest market that has the ability to pay for things online , it's not a market most people are willing to walk away from.
You only have to go back and look at the Poker world to understand the deal. Many poker places still run and still make good money, but most of them suffer because they lost a big portion of their player base when they lost the US, and generally lost their ability to get money into the system. They ran afoul of US law, a no amount of offshoring and weaseling could get them out of it. The result is that for an online poker player in the US, the options are very limited (almost non-existent).
[ link to this | view in chronology ]
Re: Moving Won't Help Legally
1) Techdirt doesn't censor posts, the community hides them. There's a difference. Just because you have the right to free speech does not mean you have the right to be heard.
2) This is a global economy. Remember in 2008 when the entire planet went into recession? We rely on each other more then you would like to admit. If companies from other countries stop doing business with the US, that would be far more damaging to the US then any terrorist attack.
3) The online gambling ban affected US companies and US citizens, not anywhere else. Other countries can still gamble online just fine. Same as with point number 2, companies from other countries stopped doing business with the US. Not damaging to the US economy since online gambling was relatively new and unused, but imagine if everything went that rout.
[ link to this | view in chronology ]
Re: Moving Won't Help Legally
Sad. Your comment wasn't hidden or delayed because unlike many posts of yours here, it's neither filled with lies nor attacks. It wasn't caught by an automated spam filter (the only reason a post would be delayed for days before appearing after it's manually approved) because there was no reason to. It's not been hidden because you make some good points apart from this crap at the beginning. Yet, you've still undermined your arguments straight away regardless. A pity.
Also, your example of US poker is pretty poor, apparently labouring under the delusion that the US was the only market that mattered. Yes, killing the legal US market (an illegal one still thrives) was problematic for many businesses, especially when otherwise perfectly legally operating companies found themselves under threat. But, if you look at those companies today, those operating outside of the US are still doing very good business. This is especially true if you look at gambling as a whole and don't just cherry pick "poker".
"The result is that for an online poker player in the US, the options are very limited (almost non-existent)."
...and while it sucks to be you and any business would want to be able to service a market that large, they don't need you. The rest of the world are playing and profiting just fine without you. Just as other companies will when they remove their services from your country. One of the biggest problems potentially facing the US is the hubris in thinking that bowing to your needs is necessary to be successful. It isn't.
[ link to this | view in chronology ]
Re: Re: Moving Won't Help Legally
1) No, actually it's not the community, it's a filter that the Techdirt staff have put in place. It took nearly 20 hours for my post to first appear. That's not people downvoting it, that is the post never appearing in the first place. Censorship, if they don't like the post, they don't even add it.
2) A global economy runs two ways, and the internet economy is diverse but still very US-centric. Pretty much every major category is dominated by a US player, or a player with strong US ties or a big part of their business in the US.
3) The issue is that for poker sites, the loss of US players has been significant, it's a large part of the market of people who both want to play the games and people who had income and the ability to pay for it online (credit cards etc). Most of the poker places I play at show about half or fewer players active than they did at peak. While the US is not "the only" market, they are a big part of the deal, a big part of the overall critical mass online.
Paul T:
"Yet, you've still undermined your arguments straight away regardless. A pity."
I am not trying to undermine my comments, I am only pointing out that on a site that crows on and on about free speech and how important it is no matter what, it seems a little hypocritical to be blocking, censoring, or delaying people's posts because you don't agree with them. Free speech comes in all forms, including many you don't like. If Techdirt can't handle them, then perhaps they aren't exactly really for full on free speech.
That said, the the gambling world outside the US isn't bad, but it isn't what it was 5 years ago. Fewer players, way less exposure... online poker (the mainstay) took a huge hit, the only really up side these days is sports book, which was never that big online in the US to start with. The reality is that online poker in particular took a huge hit with a loss of the US market, and continues to this day to suffer with a lack of payment processing options in most places in the world.
The example cited is only to show that, if a company moves offshore (the poker companies were pretty much all located in places like Jersey islands, with servers on Canadian Indian reservations), they are subject to US law if they do business with US clients. So a company merely moving their servers offshore isn't going to avoid US liability unless they move their servers, themselves, all of their business, all of their employees, and stop doing business with US customers. Just moving servers isn't much of a defense against anything.
Mike's post makes it sound like moving a server offshore somehow removes liability, or removed exposure to anything from the NSA to the boogieman, but really, it does not. If your New York based company moves a server to Latvia, the bad news is that you are still liable under US law - and you added Latvian law in there as a bonus. Moving servers alone doesn't solve the problem, and probably adds a bunch.
[ link to this | view in chronology ]
Not suprised to see not much action yet
And there would be new procurement process to find a new hosting, where the process could take months.
[ link to this | view in chronology ]
Re: Not suprised to see not much action yet
An industry outside USA has to grow in size to actually be able to absorb the influx. On the other hand, is GCHQ, ANSSI or BND any better, not to mention the domestic programs in these countries? Gibraltar, Switzerland and other tax-shelters are your best bets and even then...
[ link to this | view in chronology ]
Re: Re: Not suprised to see not much action yet
I suspect that "insourcing" is more likely than switching in response to this.
[ link to this | view in chronology ]
Sometimes my fellow man disappoints me, the rest of the time i just sigh in muted anger.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
NSA Price List?
[ link to this | view in chronology ]
Re: NSA Price List?
I just note when I receive a blocked number and check my bill at the end of the month.
[ link to this | view in chronology ]
Re: Re: NSA Price List?
but the nsa would!!!
[ link to this | view in chronology ]
Re: Re: NSA Price List?
[ link to this | view in chronology ]
Re: Re: Re: NSA Price List?
[ link to this | view in chronology ]
Contract renewal is key
However, when contracts come up for renewal, or new contracts are being allocated, you can expect European lawyers to be urging extreme caution about moving services outside the EU. The EU (the UK especially) is not perfect, but it's at least a partial risk mitigation.
[ link to this | view in chronology ]
Re: Contract renewal is key
All it requires is more countries to enact - and enforce - similar legislation.
NB: A number of 'cloud' companies have sought to accommodate this legislation by creating data centres in the country e.g. Germany.
However, with the US Government's interpretation of "if you [the cloud hosting company] trade in the USA then your data belong to us", this might well put an end to country-local data centres.
[ link to this | view in chronology ]
I suspect it will take any 5 to 6 months before any trend shows up.
[ link to this | view in chronology ]
Notice we are talking about SITES. What about storage services,e-mail services, search engines, online maps etc etc?
[ link to this | view in chronology ]
Re:
It is your internal stuff that is the issue.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
No, it is not. Any outward facing site with user accounts will have at least some data which is private to each account and the site administrator. At least the user's authentication credentials (password, tokens) are always private. Depending on the site, other user information will be private, up to almost everything the user does on the site. For instance, if the site is a personal finance manager, only the user and the site administrator should have access to any of the user's data.
[ link to this | view in chronology ]
Re: Re:
I'm sure that users of web-based email, cloud storage services, etc., would disagree with this.
[ link to this | view in chronology ]
Re:
This is the key right here ^
[ link to this | view in chronology ]
Where to go? Insource...
And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.
[ link to this | view in chronology ]
Re: Where to go? Insource...
This would include all websites that keep records on what their users are doing and/or that require registration.
[ link to this | view in chronology ]
"I think it's way too early to conclude much about this"
Actually, it's WAY LATE to fear NSA can rummage through your "cloud" data: if news to anyone in IT (ahem, management), they're a major problem.
The phony deal that evil people (and gullible fools) try to force on us: You can't have the benefits of technology unless give up all privacy.
[ link to this | view in chronology ]
Re: Think Carefully
Of course, if that doesn't scare you, imagine what happens if a Chinese or Russian spy manages to become an NSA analyst. Without effective oversight, you have no way to catch the rogue analyst who is stealing secrets from the US government or other US companies.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Maybe it's the internet where 99% of it is all mouth and no show but somehow I don't think that is the case. It's gone on too long. The ones they don't like but don't really do anything about just sort of weathers over and fades away. Seems the NSA stories have some leg under them.
[ link to this | view in chronology ]
What really matters...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Think Carefully
The history of government surveillance in the US (and elsewhere) proves this belief to be incorrect.
[ link to this | view in chronology ]
This isn't going away even if we bomb NSA into the stone-age.
The US is not the only country, or monied interest that is expanding its intelligence gathering capabilities on the internet. Granted, the immediate problem is that the NSA's surveillance efforts are being used to incriminate and incarcerate people inconsistent with fourth amendment rights, and the human right to privacy according to multiple international charters.
But we have to expect that our communications are going to continue to be monitored by anyone who has the ability to do deep-packet analysis.
This may kill the Google business model, since their immense database is too politically volatile: too many external interests will want to force access to Google-style databases that are not supposed to be viewed by human eyes without anonymization.
We need to advance our encryption schemes. We need end-to-end encryption to be the norm. We need to fix the system so that it is impossible for interests with the power of force to provide backdoor access to unencrypted communications.
And this can be done already with the technology we have, let alone technology we develop when there is a desperate need for it.
[ link to this | view in chronology ]
Re: This isn't going away even if we bomb NSA into the stone-age.
We almost had it right with the PC revolution, where everyone keeps their data on their own physical machines, where they can have complete access control.
Now, people have come to think it's perfectly safe to store most of the data they care about on third party servers, where they have no true access control over it.
We need to shift away from the client-server model that is the cloud. There are some very, very cool ways that people can do this while still retaining the ability to have the same social media functions we have now, as well as goodies like all your data being available on all your devices.
[ link to this | view in chronology ]
This isn't going away...
But yeah, a backup in the cloud is about as safe as a backup on a flash drive. Both are susceptible to winding up in a smoldering crater, and both can be seized by the local government.
Redundancy and encryption.
I've also talked before about false-bottom encryption. We need to create services (software) that can plausibly "open" an encrypted file to reveal a total lack of incriminating content... much like the boss key in early video games.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: outside the USA?
[ link to this | view in chronology ]