No, There Hasn't Been A Big Shift Away From US Datacenters… Yet
from the give-it-time dept
We’ve been pointing out that the various disclosures about NSA surveillance, and its ability to tap into various servers associated with US companies, should be very troubling to the US tech industry, because it will make it harder and harder to do business — especially with those outside of the US. Of course, some are claiming that this will all blow over, and while people will make noise about it, they won’t actually go anywhere else. And, of course, the latest Netcraft data suggests that there’s been little movement so far:
Despite speculation that the recent PRISM revelations would result in a mass exodus from American data centers and web hosting companies, Netcraft has not yet seen any evidence of this. Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies. Contrary to some people’s expectations, 47 sites moved to the US, which actually resulted in a net migration to the US.
This trend is also reflected by the entire web server survey, where a net sum of 270 thousand sites moved to the US from other countries (in total, 3.9 million sites moved to the US, while 3.6 million moved from the US). Germany was the most popular departure country, with nearly 1.2 million sites moving from German hosting companies. This was followed by Canada, where 803 thousand sites hopped across the border to the US.
Of course, I think it’s way too early to conclude much about this at this point for a variety of reasons. First, we’re still learning about the extent of the surveillance, and some of the more damning revelations have really only just started to trickle out. Second, moving your hosting services is not generally something you just do overnight. It can take quite a bit of time. Third — and this is a big one — I’d argue the bigger concern is less about companies moving, but that the next generation of users will never agree to use US servers. And, finally (and perhaps most importantly), prior to these revelations, the market for more private and secure hosting and communications was fairly limited. Some have pointed out that even for those who wish to leave US services, it’s not clear where to go.
But I am expecting that’s going to change. One thing that these revelations have made clear is that current solutions are not as secure or private as people expected and that this is an issue that many, many people and companies are concerned about. As such, it seems quite likely that there will be investment and entrepreneurship focused on these areas over the next few years — and I fully expect that a number of more secure and private solutions, who actively promote themselves on these features, will hit the market.
Filed Under: cloud computing, datacenters, impact, nsa, nsa surveillance, prism, privacy, us
Comments on “No, There Hasn't Been A Big Shift Away From US Datacenters… Yet”
Moving Won't Help Legally
First off, this is the FIRST comment made on this story, but it will likely only get posted a few days later. Too bad Techdirt is still working the censorship angle hard!
Anyway…
There is little motivation beyond rhetoric for companies to move their servers offshore, because it doesn’t really relieve them of much legal liability, especially if they or their companies are still based in the US. Switching a server to North Korea or wherever won’t mitigate your legal liability in the US, plain and simple.
Also, it’s clear that governments all over the world are moving in on the internet and are no longer allowing the most lax set of rules in the world to determine the rules under which a service is offered. If you are offering or selling a service to Americans, you may (and likely will be) subject to American law. It’s no different from EU countries wanting their VAT style taxes charged, they see what is going on.
So the only real way to a US company to avoid US liability is to move themselves AND their servers offshore, and to stop offering service in the US. Since the US is one the largest market that has the ability to pay for things online , it’s not a market most people are willing to walk away from.
You only have to go back and look at the Poker world to understand the deal. Many poker places still run and still make good money, but most of them suffer because they lost a big portion of their player base when they lost the US, and generally lost their ability to get money into the system. They ran afoul of US law, a no amount of offshoring and weaseling could get them out of it. The result is that for an online poker player in the US, the options are very limited (almost non-existent).
Re: Moving Won't Help Legally
A few counterpoints to your almost well thought out argument.
1) Techdirt doesn’t censor posts, the community hides them. There’s a difference. Just because you have the right to free speech does not mean you have the right to be heard.
2) This is a global economy. Remember in 2008 when the entire planet went into recession? We rely on each other more then you would like to admit. If companies from other countries stop doing business with the US, that would be far more damaging to the US then any terrorist attack.
3) The online gambling ban affected US companies and US citizens, not anywhere else. Other countries can still gamble online just fine. Same as with point number 2, companies from other countries stopped doing business with the US. Not damaging to the US economy since online gambling was relatively new and unused, but imagine if everything went that rout.
Re: Moving Won't Help Legally
“First off, this is the FIRST comment made on this story, but it will likely only get posted a few days later. Too bad Techdirt is still working the censorship angle hard!”
Sad. Your comment wasn’t hidden or delayed because unlike many posts of yours here, it’s neither filled with lies nor attacks. It wasn’t caught by an automated spam filter (the only reason a post would be delayed for days before appearing after it’s manually approved) because there was no reason to. It’s not been hidden because you make some good points apart from this crap at the beginning. Yet, you’ve still undermined your arguments straight away regardless. A pity.
Also, your example of US poker is pretty poor, apparently labouring under the delusion that the US was the only market that mattered. Yes, killing the legal US market (an illegal one still thrives) was problematic for many businesses, especially when otherwise perfectly legally operating companies found themselves under threat. But, if you look at those companies today, those operating outside of the US are still doing very good business. This is especially true if you look at gambling as a whole and don’t just cherry pick “poker”.
“The result is that for an online poker player in the US, the options are very limited (almost non-existent).”
…and while it sucks to be you and any business would want to be able to service a market that large, they don’t need you. The rest of the world are playing and profiting just fine without you. Just as other companies will when they remove their services from your country. One of the biggest problems potentially facing the US is the hubris in thinking that bowing to your needs is necessary to be successful. It isn’t.
Re: Re: Moving Won't Help Legally
Start with Chrinno:
1) No, actually it’s not the community, it’s a filter that the Techdirt staff have put in place. It took nearly 20 hours for my post to first appear. That’s not people downvoting it, that is the post never appearing in the first place. Censorship, if they don’t like the post, they don’t even add it.
2) A global economy runs two ways, and the internet economy is diverse but still very US-centric. Pretty much every major category is dominated by a US player, or a player with strong US ties or a big part of their business in the US.
3) The issue is that for poker sites, the loss of US players has been significant, it’s a large part of the market of people who both want to play the games and people who had income and the ability to pay for it online (credit cards etc). Most of the poker places I play at show about half or fewer players active than they did at peak. While the US is not “the only” market, they are a big part of the deal, a big part of the overall critical mass online.
Paul T:
“Yet, you’ve still undermined your arguments straight away regardless. A pity.”
I am not trying to undermine my comments, I am only pointing out that on a site that crows on and on about free speech and how important it is no matter what, it seems a little hypocritical to be blocking, censoring, or delaying people’s posts because you don’t agree with them. Free speech comes in all forms, including many you don’t like. If Techdirt can’t handle them, then perhaps they aren’t exactly really for full on free speech.
That said, the the gambling world outside the US isn’t bad, but it isn’t what it was 5 years ago. Fewer players, way less exposure… online poker (the mainstay) took a huge hit, the only really up side these days is sports book, which was never that big online in the US to start with. The reality is that online poker in particular took a huge hit with a loss of the US market, and continues to this day to suffer with a lack of payment processing options in most places in the world.
The example cited is only to show that, if a company moves offshore (the poker companies were pretty much all located in places like Jersey islands, with servers on Canadian Indian reservations), they are subject to US law if they do business with US clients. So a company merely moving their servers offshore isn’t going to avoid US liability unless they move their servers, themselves, all of their business, all of their employees, and stop doing business with US customers. Just moving servers isn’t much of a defense against anything.
Mike’s post makes it sound like moving a server offshore somehow removes liability, or removed exposure to anything from the NSA to the boogieman, but really, it does not. If your New York based company moves a server to Latvia, the bad news is that you are still liable under US law – and you added Latvian law in there as a bonus. Moving servers alone doesn’t solve the problem, and probably adds a bunch.
Not suprised to see not much action yet
Even if they have intention to move, most will wait until the current service contract ends.
And there would be new procurement process to find a new hosting, where the process could take months.
Re: Not suprised to see not much action yet
Add a lack of awareness for companies about alternatives and vice versa.
An industry outside USA has to grow in size to actually be able to absorb the influx. On the other hand, is GCHQ, ANSSI or BND any better, not to mention the domestic programs in these countries? Gibraltar, Switzerland and other tax-shelters are your best bets and even then…
Re: Re: Not suprised to see not much action yet
Your best bet is “none of the above”. If you are big enough to be worried that the NSA might pass your information on to US competitors then you are almost certainly big enough to host your own stuff.
I suspect that “insourcing” is more likely than switching in response to this.
This just proves a lack of awareness. Which bugs me to no end, some…. Scratch that, lots of people need to lean how to read the damn news and keep upto date.
Sometimes my fellow man disappoints me, the rest of the time i just sigh in muted anger.
Re: Re:
This is not the reason. The first commenter hit the nail on the head. Companies cannot just break their service contracts, that will just cost them money, and they cannot just switch providers at the drop of a hat. That process will take a very long time.
NSA Price List?
Where can i get an NSA price list as i really want to know who my wife has been texting?
Re: NSA Price List?
Your phone bill should show every incoming and outgoing txt and phone, including “blocked” calls.
I just note when I receive a blocked number and check my bill at the end of the month.
Re: Re: NSA Price List?
only if its an sms message, if she uses a data plan based app, the bill wont show that.
but the nsa would!!!
Re: Re: NSA Price List?
Really? Mine doesn’t. My bill just tells me I pay for voice, data, and texting and the amount owed.
Re: Re: Re: NSA Price List?
Mine doesn’t either. Although my phone itself keeps all that information.
Contract renewal is key
As has been commented on above, companies can’t just drop everything.
However, when contracts come up for renewal, or new contracts are being allocated, you can expect European lawyers to be urging extreme caution about moving services outside the EU. The EU (the UK especially) is not perfect, but it’s at least a partial risk mitigation.
Re: Contract renewal is key
It should be noted that a number of countries (amongst them Germany, Switzerland, India, Canada and Australia) have enacted data residency laws that specifically prohibit the storage of corporate data outside their physical boundaries.
All it requires is more countries to enact – and enforce – similar legislation.
NB: A number of ‘cloud’ companies have sought to accommodate this legislation by creating data centres in the country e.g. Germany.
However, with the US Government’s interpretation of “if you [the cloud hosting company] trade in the USA then your data belong to us”, this might well put an end to country-local data centres.
If all you want is a public access web-site, with no private data, who cares if the servers are in the US or not, it makes little difference to government access to the site. If you have a lot of data that needs to be kept private then building your own data centre and migrating is going to take many months.
I suspect it will take any 5 to 6 months before any trend shows up.
Within the most popular 10 thousand sites, Netcraft witnessed only 40 sites moving away from US-based hosting companies.
Notice we are talking about SITES. What about storage services,e-mail services, search engines, online maps etc etc?
Re: Re:
You are right there. There is no reason to move an outward facing site – all the data is sort of public anyway.
It is your internal stuff that is the issue.
Re: Re: Re:
I wonder if there’s data on that? I’m very interested in seeing it. Ie: there’s the mykolab guy who could enlighten us if they saw any increase in their subscription base out of anything ordinary.
Re: Re: Re:
There is no reason to move an outward facing site – all the data is sort of public anyway.
No, it is not. Any outward facing site with user accounts will have at least some data which is private to each account and the site administrator. At least the user’s authentication credentials (password, tokens) are always private. Depending on the site, other user information will be private, up to almost everything the user does on the site. For instance, if the site is a personal finance manager, only the user and the site administrator should have access to any of the user’s data.
Re: Re: Re:
I’m sure that users of web-based email, cloud storage services, etc., would disagree with this.
Re: Re:
“Notice we are talking about SITES. What about storage services,e-mail services, search engines, online maps etc etc?”
This is the key right here ^
Where to go? Insource...
Web hosting is generally public, providing public facing information. The data of real note is email, internal documents, and other such critical systems. It is that data which should flee the cloud.
And where should the data run? Why inhouse: businesses which need confidentiality (Law firms, and any business with significant international competition) should forget about outsourcing to the cloud at all.
Re: Where to go? Insource...
This would include all websites that keep records on what their users are doing and/or that require registration.
"I think it's way too early to conclude much about this"
Well, thanks for the non-conclusion.
Actually, it’s WAY LATE to fear NSA can rummage through your “cloud” data: if news to anyone in IT (ahem, management), they’re a major problem.
The phony deal that evil people (and gullible fools) try to force on us: You can’t have the benefits of technology unless give up all privacy.
Think Carefully
When debating whether the government should have a certain level of surveillance powers without oversight, one should always ask: What Would Nixon Do? If the answer is, “abuse this power to spy on political opponents”, then perhaps some oversight is in order.
Of course, if that doesn’t scare you, imagine what happens if a Chinese or Russian spy manages to become an NSA analyst. Without effective oversight, you have no way to catch the rogue analyst who is stealing secrets from the US government or other US companies.
Even setting aside any privacy concerns, server location matters. While the Web does not concern itself with national borders, it is still limited by the speed of light. When you have a large Web service with a large US client base, locating your CDN entirely offshore is going to do a world of hurt to your latency, and I think that alone may be serious incentive to keep things where they are.
Like commenter #1 makes mention of, contracts are going to be the determining factor. Guess we don’t hang out around the same areas of the internet cause I been hearing lots of folk unhappy with US servers and services over this spying affair.
Maybe it’s the internet where 99% of it is all mouth and no show but somehow I don’t think that is the case. It’s gone on too long. The ones they don’t like but don’t really do anything about just sort of weathers over and fades away. Seems the NSA stories have some leg under them.
What really matters...
…is not the gross scale of movement away from U.S. data centers, but the much smaller movement of activists, terrorists, and everyone else with something the surveillance state wants to read offshoring to foreign data centers. The tendency on the margin will be for needles to relocate outside the haystack, at the very time the U.S. surveillance state is hoovering up more hay — thus exponentially increasing false positives and making the surveillance state an utterly useless white elephant.
Host all your own secret stuff .. get on the NSA cash cow list look how big google has gotten in the last 5 yrs Id bet alot of these companies are calling and asking the NSA where do i sign up
Think Carefully
The history of government surveillance in the US (and elsewhere) proves this belief to be incorrect.
This isn't going away even if we bomb NSA into the stone-age.
Not that I’m advocating bombing the NSA into the stone age rather that we salvage their assets.
The US is not the only country, or monied interest that is expanding its intelligence gathering capabilities on the internet. Granted, the immediate problem is that the NSA’s surveillance efforts are being used to incriminate and incarcerate people inconsistent with fourth amendment rights, and the human right to privacy according to multiple international charters.
But we have to expect that our communications are going to continue to be monitored by anyone who has the ability to do deep-packet analysis.
This may kill the Google business model, since their immense database is too politically volatile: too many external interests will want to force access to Google-style databases that are not supposed to be viewed by human eyes without anonymization.
We need to advance our encryption schemes. We need end-to-end encryption to be the norm. We need to fix the system so that it is impossible for interests with the power of force to provide backdoor access to unencrypted communications.
And this can be done already with the technology we have, let alone technology we develop when there is a desperate need for it.
Re: This isn't going away even if we bomb NSA into the stone-age.
Also, and equally as important as securing communications channels, we need change the mental stance abut how we store our data.
We almost had it right with the PC revolution, where everyone keeps their data on their own physical machines, where they can have complete access control.
Now, people have come to think it’s perfectly safe to store most of the data they care about on third party servers, where they have no true access control over it.
We need to shift away from the client-server model that is the cloud. There are some very, very cool ways that people can do this while still retaining the ability to have the same social media functions we have now, as well as goodies like all your data being available on all your devices.
Re: Re: This isn't going away...
My use for the cloud is synchronization and shared files. And those can be secured with encryption.
But yeah, a backup in the cloud is about as safe as a backup on a flash drive. Both are susceptible to winding up in a smoldering crater, and both can be seized by the local government.
Redundancy and encryption.
I’ve also talked before about false-bottom encryption. We need to create services (software) that can plausibly “open” an encrypted file to reveal a total lack of incriminating content… much like the boss key in early video games.
there will be a shift in cloud offerings where the services are more secure and beyond the reach of the USA.
Re: outside the USA?
Then there are those of us outside the USA who are quite content to store our data in the US rather than in our home countries. We’re quite pleased to have the NSA scouring our data for links to Yemen or Iran. Saves me a lot of worry, and I trust the NSA more than my own government.