The Harms of Forced Data Localization

How we store data---and how we think about keeping our memories available over the long term---has changed in the last few years. The world has become better at keeping data secure and safe by distributing it to multiple continents. However, some leaders are calling for "national Internets"---censored, walled gardens set up to appease special interest groups that range from political factions, to property cartels, to religious police. Other leaders have taken a different tack, called forced localization; rather than blocking your communications, they want to require that all your data (and all the computers that handle it) be inside a single country: theirs, for whichever country they represent. These would be major changes to the structure of the Internet---changes that would harm both businesses and the general public.

Currently, services on the modern Internet are built with "cloud computing"---the idea that services that you use, from Facebook, to Google, to Netflix, should store your data in many different, geographically diverse places, as well as close to where you are. This makes sure that your work, your entertainment, and your memories are available wherever you might want them, whether that's on your phone, your laptop, your tablet, or your TV. Cloud computing not only powers most companies, but a huge amount of research: from genomics and drug discovery, to climate modeling and radio astronomy. The ability to use computing power spread across the globe is making discoveries faster and more achievable; around the world, cars are safer, applications are smarter, and operations are more efficient.

At first, forced data localization might not seem so bad. The problem is that there is no country on the planet big enough to defend your data on its own. Natural disasters pose one type of threat; earthquakes, tsunamis, hurricanes, and typhoons now cause devastation for hundreds or thousands of miles. Many times, disasters will destroy datacenters or power facilities, which may destroy your data forever; other times, such events will compromise the fiber-optic cables that connect data and computers to the Internet, making your data inaccessible for days or weeks. Data destruction doesn't always require a continent-scale event; in 2011, a slow water drip in a nondescript office building in Calgary, Alberta set off an explosion that caused days of computer outages for hospitals, ambulances, radio stations, taxis, and criminal justice facilities around the province. While most of the data was eventually recovered, we may never know how many illnesses were made worse, or situations made less safe, by centralizing so much critical data.

Right now, companies are able to use the whole world's cloud resources so that if a computer in Seattle goes offline, a computer in Dublin can take up the slack. Your photos might be stored in Singapore, London, and Toronto to make sure that no matter what happens, your data is protected from loss. The cloud is made of computers that have to live somewhere, however, and if a few misguided people get their way, a water drip, car crash, or squirrel on a power line may be all it takes to destroy the photos of your child or cut off access to the data your business needs to survive. Once your data is limited to a tiny geographic area, subject to weather, earthquakes, and political whimsy, all bets are off.

Some will say that keeping things in a single country is the only way to prevent international spies from reading our data, since we now know that certain countries have a bad habit of not minding their own business on the Internet. This is misguided. The lawless are not deterred by new laws; keeping data within a border won't stop those who believe that rules don't apply to them, even though it will curtail the ability of law-abiding people to keep their data safe. The way to protect secrets from prying eyes is through software that is both secure and easy to use, with projects like Peerio, RedPhone, SpiderOak, and Silent Circle making powerful security available to the general public.

The conclusion is simple. Applying national borders to data, the way we would to a shipment of coffee beans, solves no real problems; it only creates a threat to our work and to our memories. It will be a harm to business that we can't afford, and it will destroy the communication system that has revolutionized this century. We need the world to work together to face the challenges that lie ahead. Let's bring our friends along for the journey.

Frank Heidt is the Chief Executive Officer of Leviathan Security Group in Seattle, WA. More information about the dangers of forced data localization can be found at http://www.leviathansecurity.com/cloudsecurity.