No, There Hasn't Been A Big Shift Away From US Datacenters... Yet

from the give-it-time dept

We've been pointing out that the various disclosures about NSA surveillance, and its ability to tap into various servers associated with US companies, should be very troubling to the US tech industry, because it will make it harder and harder to do business -- especially with those outside of the US. Of course, some are claiming that this will all blow over, and while people will make noise about it, they won't actually go anywhere else. And, of course, the latest Netcraft data suggests that there's been little movement so far:
Despite speculation that the recent PRISM revelations would result in a mass exodus from American data centers and web hosting companies, Netcraft has not yet seen any evidence of this. Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies. Contrary to some people's expectations, 47 sites moved to the US, which actually resulted in a net migration to the US.

This trend is also reflected by the entire web server survey, where a net sum of 270 thousand sites moved to the US from other countries (in total, 3.9 million sites moved to the US, while 3.6 million moved from the US). Germany was the most popular departure country, with nearly 1.2 million sites moving from German hosting companies. This was followed by Canada, where 803 thousand sites hopped across the border to the US.
Of course, I think it's way too early to conclude much about this at this point for a variety of reasons. First, we're still learning about the extent of the surveillance, and some of the more damning revelations have really only just started to trickle out. Second, moving your hosting services is not generally something you just do overnight. It can take quite a bit of time. Third -- and this is a big one -- I'd argue the bigger concern is less about companies moving, but that the next generation of users will never agree to use US servers. And, finally (and perhaps most importantly), prior to these revelations, the market for more private and secure hosting and communications was fairly limited. Some have pointed out that even for those who wish to leave US services, it's not clear where to go.

But I am expecting that's going to change. One thing that these revelations have made clear is that current solutions are not as secure or private as people expected and that this is an issue that many, many people and companies are concerned about. As such, it seems quite likely that there will be investment and entrepreneurship focused on these areas over the next few years -- and I fully expect that a number of more secure and private solutions, who actively promote themselves on these features, will hit the market.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    horse with no name, Aug 23rd, 2013 @ 12:15am

    Moving Won't Help Legally

    First off, this is the FIRST comment made on this story, but it will likely only get posted a few days later. Too bad Techdirt is still working the censorship angle hard!

    Anyway...

    There is little motivation beyond rhetoric for companies to move their servers offshore, because it doesn't really relieve them of much legal liability, especially if they or their companies are still based in the US. Switching a server to North Korea or wherever won't mitigate your legal liability in the US, plain and simple.

    Also, it's clear that governments all over the world are moving in on the internet and are no longer allowing the most lax set of rules in the world to determine the rules under which a service is offered. If you are offering or selling a service to Americans, you may (and likely will be) subject to American law. It's no different from EU countries wanting their VAT style taxes charged, they see what is going on.

    So the only real way to a US company to avoid US liability is to move themselves AND their servers offshore, and to stop offering service in the US. Since the US is one the largest market that has the ability to pay for things online , it's not a market most people are willing to walk away from.

    You only have to go back and look at the Poker world to understand the deal. Many poker places still run and still make good money, but most of them suffer because they lost a big portion of their player base when they lost the US, and generally lost their ability to get money into the system. They ran afoul of US law, a no amount of offshoring and weaseling could get them out of it. The result is that for an online poker player in the US, the options are very limited (almost non-existent).

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Chronno S. Trigger (profile), Aug 23rd, 2013 @ 10:02pm

      Re: Moving Won't Help Legally

      A few counterpoints to your almost well thought out argument.

      1) Techdirt doesn't censor posts, the community hides them. There's a difference. Just because you have the right to free speech does not mean you have the right to be heard.

      2) This is a global economy. Remember in 2008 when the entire planet went into recession? We rely on each other more then you would like to admit. If companies from other countries stop doing business with the US, that would be far more damaging to the US then any terrorist attack.

      3) The online gambling ban affected US companies and US citizens, not anywhere else. Other countries can still gamble online just fine. Same as with point number 2, companies from other countries stopped doing business with the US. Not damaging to the US economy since online gambling was relatively new and unused, but imagine if everything went that rout.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      PaulT (profile), Aug 24th, 2013 @ 12:21am

      Re: Moving Won't Help Legally

      "First off, this is the FIRST comment made on this story, but it will likely only get posted a few days later. Too bad Techdirt is still working the censorship angle hard!"

      Sad. Your comment wasn't hidden or delayed because unlike many posts of yours here, it's neither filled with lies nor attacks. It wasn't caught by an automated spam filter (the only reason a post would be delayed for days before appearing after it's manually approved) because there was no reason to. It's not been hidden because you make some good points apart from this crap at the beginning. Yet, you've still undermined your arguments straight away regardless. A pity.

      Also, your example of US poker is pretty poor, apparently labouring under the delusion that the US was the only market that mattered. Yes, killing the legal US market (an illegal one still thrives) was problematic for many businesses, especially when otherwise perfectly legally operating companies found themselves under threat. But, if you look at those companies today, those operating outside of the US are still doing very good business. This is especially true if you look at gambling as a whole and don't just cherry pick "poker".

      "The result is that for an online poker player in the US, the options are very limited (almost non-existent)."

      ...and while it sucks to be you and any business would want to be able to service a market that large, they don't need you. The rest of the world are playing and profiting just fine without you. Just as other companies will when they remove their services from your country. One of the biggest problems potentially facing the US is the hubris in thinking that bowing to your needs is necessary to be successful. It isn't.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        horse with no name, Aug 24th, 2013 @ 2:29am

        Re: Re: Moving Won't Help Legally

        Start with Chrinno:

        1) No, actually it's not the community, it's a filter that the Techdirt staff have put in place. It took nearly 20 hours for my post to first appear. That's not people downvoting it, that is the post never appearing in the first place. Censorship, if they don't like the post, they don't even add it.

        2) A global economy runs two ways, and the internet economy is diverse but still very US-centric. Pretty much every major category is dominated by a US player, or a player with strong US ties or a big part of their business in the US.

        3) The issue is that for poker sites, the loss of US players has been significant, it's a large part of the market of people who both want to play the games and people who had income and the ability to pay for it online (credit cards etc). Most of the poker places I play at show about half or fewer players active than they did at peak. While the US is not "the only" market, they are a big part of the deal, a big part of the overall critical mass online.

        Paul T:

        "Yet, you've still undermined your arguments straight away regardless. A pity."

        I am not trying to undermine my comments, I am only pointing out that on a site that crows on and on about free speech and how important it is no matter what, it seems a little hypocritical to be blocking, censoring, or delaying people's posts because you don't agree with them. Free speech comes in all forms, including many you don't like. If Techdirt can't handle them, then perhaps they aren't exactly really for full on free speech.

        That said, the the gambling world outside the US isn't bad, but it isn't what it was 5 years ago. Fewer players, way less exposure... online poker (the mainstay) took a huge hit, the only really up side these days is sports book, which was never that big online in the US to start with. The reality is that online poker in particular took a huge hit with a loss of the US market, and continues to this day to suffer with a lack of payment processing options in most places in the world.

        The example cited is only to show that, if a company moves offshore (the poker companies were pretty much all located in places like Jersey islands, with servers on Canadian Indian reservations), they are subject to US law if they do business with US clients. So a company merely moving their servers offshore isn't going to avoid US liability unless they move their servers, themselves, all of their business, all of their employees, and stop doing business with US customers. Just moving servers isn't much of a defense against anything.

        Mike's post makes it sound like moving a server offshore somehow removes liability, or removed exposure to anything from the NSA to the boogieman, but really, it does not. If your New York based company moves a server to Latvia, the bad news is that you are still liable under US law - and you added Latvian law in there as a bonus. Moving servers alone doesn't solve the problem, and probably adds a bunch.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 23rd, 2013 @ 1:04am

    Not suprised to see not much action yet

    Even if they have intention to move, most will wait until the current service contract ends.

    And there would be new procurement process to find a new hosting, where the process could take months.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 23rd, 2013 @ 1:23am

      Re: Not suprised to see not much action yet

      Add a lack of awareness for companies about alternatives and vice versa.

      An industry outside USA has to grow in size to actually be able to absorb the influx. On the other hand, is GCHQ, ANSSI or BND any better, not to mention the domestic programs in these countries? Gibraltar, Switzerland and other tax-shelters are your best bets and even then...

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Richard (profile), Aug 23rd, 2013 @ 4:57am

        Re: Re: Not suprised to see not much action yet

        Your best bet is "none of the above". If you are big enough to be worried that the NSA might pass your information on to US competitors then you are almost certainly big enough to host your own stuff.

        I suspect that "insourcing" is more likely than switching in response to this.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Marak, Aug 23rd, 2013 @ 1:31am

    This just proves a lack of awareness. Which bugs me to no end, some.... Scratch that, lots of people need to lean how to read the damn news and keep upto date.

    Sometimes my fellow man disappoints me, the rest of the time i just sigh in muted anger.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Zakida Paul (profile), Aug 23rd, 2013 @ 1:49am

      Re:

      This is not the reason. The first commenter hit the nail on the head. Companies cannot just break their service contracts, that will just cost them money, and they cannot just switch providers at the drop of a hat. That process will take a very long time.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Dcameron, Aug 23rd, 2013 @ 2:17am

    NSA Price List?

    Where can i get an NSA price list as i really want to know who my wife has been texting?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Bengie, Aug 23rd, 2013 @ 5:26am

      Re: NSA Price List?

      Your phone bill should show every incoming and outgoing txt and phone, including "blocked" calls.

      I just note when I receive a blocked number and check my bill at the end of the month.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Bob Dowling (profile), Aug 23rd, 2013 @ 2:32am

    Contract renewal is key

    As has been commented on above, companies can't just drop everything.

    However, when contracts come up for renewal, or new contracts are being allocated, you can expect European lawyers to be urging extreme caution about moving services outside the EU. The EU (the UK especially) is not perfect, but it's at least a partial risk mitigation.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      haiku, Aug 24th, 2013 @ 6:35am

      Re: Contract renewal is key

      It should be noted that a number of countries (amongst them Germany, Switzerland, India, Canada and Australia) have enacted data residency laws that specifically prohibit the storage of corporate data outside their physical boundaries.

      All it requires is more countries to enact - and enforce - similar legislation.

      NB: A number of 'cloud' companies have sought to accommodate this legislation by creating data centres in the country e.g. Germany.

      However, with the US Government's interpretation of "if you [the cloud hosting company] trade in the USA then your data belong to us", this might well put an end to country-local data centres.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 23rd, 2013 @ 2:41am

    If all you want is a public access web-site, with no private data, who cares if the servers are in the US or not, it makes little difference to government access to the site. If you have a lot of data that needs to be kept private then building your own data centre and migrating is going to take many months.
    I suspect it will take any 5 to 6 months before any trend shows up.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Aug 23rd, 2013 @ 3:33am

    Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies.

    Notice we are talking about SITES. What about storage services,e-mail services, search engines, online maps etc etc?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Aug 23rd, 2013 @ 5:00am

      Re:

      You are right there. There is no reason to move an outward facing site - all the data is sort of public anyway.

      It is your internal stuff that is the issue.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Ninja (profile), Aug 23rd, 2013 @ 5:20am

        Re: Re:

        I wonder if there's data on that? I'm very interested in seeing it. Ie: there's the mykolab guy who could enlighten us if they saw any increase in their subscription base out of anything ordinary.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 23rd, 2013 @ 7:50am

        Re: Re:

        There is no reason to move an outward facing site - all the data is sort of public anyway.

        No, it is not. Any outward facing site with user accounts will have at least some data which is private to each account and the site administrator. At least the user's authentication credentials (password, tokens) are always private. Depending on the site, other user information will be private, up to almost everything the user does on the site. For instance, if the site is a personal finance manager, only the user and the site administrator should have access to any of the user's data.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Aug 23rd, 2013 @ 11:19am

        Re: Re:

        There is no reason to move an outward facing site - all the data is sort of public anyway.


        I'm sure that users of web-based email, cloud storage services, etc., would disagree with this.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 23rd, 2013 @ 9:24am

      Re:

      "Notice we are talking about SITES. What about storage services,e-mail services, search engines, online maps etc etc?"

      This is the key right here ^

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Nicholas Weaver (profile), Aug 23rd, 2013 @ 5:27am

    Where to go? Insource...

    Web hosting is generally public, providing public facing information. The data of real note is email, internal documents, and other such critical systems. It is that data which should flee the cloud.

    And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Aug 23rd, 2013 @ 11:23am

      Re: Where to go? Insource...

      businesses which need confidentiality


      This would include all websites that keep records on what their users are doing and/or that require registration.

       

      reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Aug 23rd, 2013 @ 5:48am

    "I think it's way too early to conclude much about this"

    Well, thanks for the non-conclusion.

    Actually, it's WAY LATE to fear NSA can rummage through your "cloud" data: if news to anyone in IT (ahem, management), they're a major problem.

    The phony deal that evil people (and gullible fools) try to force on us: You can't have the benefits of technology unless give up all privacy.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    DCX2, Aug 23rd, 2013 @ 7:49am

    Re: Think Carefully

    When debating whether the government should have a certain level of surveillance powers without oversight, one should always ask: What Would Nixon Do? If the answer is, "abuse this power to spy on political opponents", then perhaps some oversight is in order.

    Of course, if that doesn't scare you, imagine what happens if a Chinese or Russian spy manages to become an NSA analyst. Without effective oversight, you have no way to catch the rogue analyst who is stealing secrets from the US government or other US companies.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 23rd, 2013 @ 8:11am

    Even setting aside any privacy concerns, server location matters. While the Web does not concern itself with national borders, it is still limited by the speed of light. When you have a large Web service with a large US client base, locating your CDN entirely offshore is going to do a world of hurt to your latency, and I think that alone may be serious incentive to keep things where they are.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 23rd, 2013 @ 8:55am

    Like commenter #1 makes mention of, contracts are going to be the determining factor. Guess we don't hang out around the same areas of the internet cause I been hearing lots of folk unhappy with US servers and services over this spying affair.

    Maybe it's the internet where 99% of it is all mouth and no show but somehow I don't think that is the case. It's gone on too long. The ones they don't like but don't really do anything about just sort of weathers over and fades away. Seems the NSA stories have some leg under them.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Kevin Carson, Aug 23rd, 2013 @ 9:14am

    What really matters...

    ...is not the gross scale of movement away from U.S. data centers, but the much smaller movement of activists, terrorists, and everyone else with something the surveillance state wants to read offshoring to foreign data centers. The tendency on the margin will be for needles to relocate outside the haystack, at the very time the U.S. surveillance state is hoovering up more hay -- thus exponentially increasing false positives and making the surveillance state an utterly useless white elephant.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    oopsidroppedyourdata, Aug 23rd, 2013 @ 10:46am

    Host all your own secret stuff .. get on the NSA cash cow list look how big google has gotten in the last 5 yrs Id bet alot of these companies are calling and asking the NSA where do i sign up

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Aug 23rd, 2013 @ 11:22am

    Re: Think Carefully

    The US government doesn't care about business that has nothing to with national threat or terrorism act. I believe the purpose of that surveillance is not to confiscate any property or business neither to listen any irrelevant gossip that has nothing to do in national threat.


    The history of government surveillance in the US (and elsewhere) proves this belief to be incorrect.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Uriel-238 (profile), Aug 23rd, 2013 @ 1:57pm

    This isn't going away even if we bomb NSA into the stone-age.

    Not that I'm advocating bombing the NSA into the stone age rather that we salvage their assets.

    The US is not the only country, or monied interest that is expanding its intelligence gathering capabilities on the internet. Granted, the immediate problem is that the NSA's surveillance efforts are being used to incriminate and incarcerate people inconsistent with fourth amendment rights, and the human right to privacy according to multiple international charters.

    But we have to expect that our communications are going to continue to be monitored by anyone who has the ability to do deep-packet analysis.

    This may kill the Google business model, since their immense database is too politically volatile: too many external interests will want to force access to Google-style databases that are not supposed to be viewed by human eyes without anonymization.

    We need to advance our encryption schemes. We need end-to-end encryption to be the norm. We need to fix the system so that it is impossible for interests with the power of force to provide backdoor access to unencrypted communications.

    And this can be done already with the technology we have, let alone technology we develop when there is a desperate need for it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Aug 24th, 2013 @ 5:54pm

      Re: This isn't going away even if we bomb NSA into the stone-age.

      Also, and equally as important as securing communications channels, we need change the mental stance abut how we store our data.

      We almost had it right with the PC revolution, where everyone keeps their data on their own physical machines, where they can have complete access control.

      Now, people have come to think it's perfectly safe to store most of the data they care about on third party servers, where they have no true access control over it.

      We need to shift away from the client-server model that is the cloud. There are some very, very cool ways that people can do this while still retaining the ability to have the same social media functions we have now, as well as goodies like all your data being available on all your devices.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Uriel-238 (profile), Aug 25th, 2013 @ 12:24pm

        This isn't going away...

        My use for the cloud is synchronization and shared files. And those can be secured with encryption.

        But yeah, a backup in the cloud is about as safe as a backup on a flash drive. Both are susceptible to winding up in a smoldering crater, and both can be seized by the local government.

        Redundancy and encryption.

        I've also talked before about false-bottom encryption. We need to create services (software) that can plausibly "open" an encrypted file to reveal a total lack of incriminating content... much like the boss key in early video games.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 23rd, 2013 @ 9:49pm

    there will be a shift in cloud offerings where the services are more secure and beyond the reach of the USA.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      JJJoseph (profile), Aug 27th, 2013 @ 1:13am

      Re: outside the USA?

      Then there are those of us outside the USA who are quite content to store our data in the US rather than in our home countries. We're quite pleased to have the NSA scouring our data for links to Yemen or Iran. Saves me a lot of worry, and I trust the NSA more than my own government.

       

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This