Well, China issues aside, that should be the case in every country -- such services should be local, governed by local laws, and not giving a free-pass to foreign countries/governments (foreign as to the users of the service) to enforce their laws/surveillance.
E.g. I would like the EU iCloud to be hosted in EU.
> that should be the case in every country -- such services should be local, governed by local laws
So a cloud service that's available worldwide should store and process data locally in every country (or perhaps even every sub-jurisdiction of every country) just so that that jurisdiction can serve warrants to it and others cannot? Or worse, people in multiple countries should have to use different services and hope those services interoperate with each other, just so that they can "shop local"?
The Internet does not and should not work that way. If we're going to go to the trouble of building interoperable, federated services, it should be to put them in the control of individual users, not in the control of governments.
>So a cloud service that's available worldwide should store and process data locally in every country (or perhaps even every sub-jurisdiction of every country) just so that that jurisdiction can serve warrants to it and others cannot?
Simply put, yes.
You are maybe concerned with the technical issues / problems to the service provider.
I'm more concerned with the decentralization, surveillance, and data sovereignty.
>Or worse, people in multiple countries should have to use different services and hope those services interoperate with each other, just so that they can "shop local"?
Yes. In fact, this decentralized nature, and resilience, was an early vision about the internet itself, and not just some hippie dream, even in its army-research origins... And of course all the way to ideas such as XMPP, Diaspora, and so on.
Nobody dreamed a Facebook silo somewhere gathering all the world's data...
>The Internet does not and should not work that way.
That it does not, it's obvious. That it should not, less so.
(And of course, if one's county is the one doing the data-gathering/policing of data for the rest of the world, it's "naturally" all A-OK to them that it is so).
>If we're going to go to the trouble of building interoperable, federated services, it should be to put them in the control of individual users, not in the control of governments.
Notice how I didn't propose putting them "in control of governments".
They already are in control of at least one government (the one of the country of Facebook, Google, MS, Apple, Twitter, etc).
So what I proposed is already de-centralized: putting each users data under democratic control in the places where they themselves are (and vote, have rights, etc), as opposed to a central place, where they don't vote, don't have any right or resource as foreigners and are "fair game" to the whims of both the service-origin government and the service company.
If they're going to go to control of individual users, even better. But stopping the control of a single foreign government is already a good first step.
(Exceptions could be made for non-democratic countries -- no reason to give control of a service's local data to a dictatorship).
> You are maybe concerned with the technical issues / problems to the service provider.
Not just that (though I certainly don't consider it reasonable to expect a service to have thousands of servers in thousands of jurisdictions and deal with thousands of legal systems; frankly, I want services to expose themselves to as few jurisdictions as possible).
I'm concerned about the usefulness of the service to its users. As a user of a service, I will not accept partitioned and walled-off services where I cannot interact with people elsewhere in the world. That's my choice, and the choice of people and projects I collaborate with, and I choose to use services that allow me to collaborate with those people and projects.
> And of course all the way to ideas such as XMPP, Diaspora, and so on.
I did specifically say that:
If we're going to go to the trouble of building interoperable, federated services, it should be to put them in the control of individual users, not in the control of governments.
If you have the capability of interoperability and federation, then where you host your data should have nothing to do with jurisdiction, and everything to do with who wants to store and control the data.
Well, I don't propose or expect companies to volunteer doing this.
My point is that EU (for one) should mandate them, and if service providers like FB, etc, don't like them, they could skip the 500m market -- and just be careful not to let the door hit them on their way out...
>Not just that (though I certainly don't consider it reasonable to expect a service to have thousands of servers in thousands of jurisdictions and deal with thousands of legal systems; frankly, I want services to expose themselves to as few jurisdictions as possible).
As long as it's your jurisdiction? (assuming you're in the US, since it says on your HN profile that you work for Intel).
Or that's a happy accident (for you) that is not really relevant to your point, but others should be fine with?
I'd prefer the services I use to be under the control of my country's laws and my democratic vote -- not under what some third country dictates and controls.
Besides, hyperbole much?
There aren't "thousands of jurisdictions and legal systems". At worst, they are like 150 or so, as many countries. And some could get together and accept a single country as the host and set their common rules (like the EU could do for EU member states).
Major services already have tons of global CDNs servers, even on small countries.
And if there was a mandate, there could easily be an infrastructure and common services to deploy to span the globe (e.g. turn-key Amazon provision for sharding your data into multiple data centers per jurisdiction).
It doesn't even need to be all players, could be mandated on some size and above -- and surely Google, Facebook, Apple, etc scale.
No, not at all. I expect it to be the jurisdiction of whoever runs the service. That jurisdiction will necessarily have control over the authors of the service; there's no getting around that. (The authors can try to build the service with themselves as a threat model, which few services do, and even then that may not work.) Unless you want to mandate that people can't use services from outside their country (and enforce that with a country-wide firewall blocking access to the real Internet), then you're never going to get around that.
Also, you seem to be treating "store and use data locally" as a thing that protects the citizens of a country, rather than a thing that threatens the citizens of a country. Many countries want data stored locally so that they can seize it, and want services hosted locally so that they can block those services or make them consistent with the country's propaganda.
Also, you're assuming that data is nicely partitioned by user. For many useful services, it isn't. Just for the simplest case, consider collaboratively-edited works by multiple users.
> There aren't "thousands of jurisdictions and legal systems".
Tell that to states and equivalent sub-jurisdictions within countries. Tell that to many large cities and their local regulations. Thousands is if anything an underestimate.
> there could easily be an infrastructure and common services to deploy to span the globe
That sounds like a great way to introduce security holes and a vastly expanded threat model.
Also, to comment on something you edited into a previous comment:
> (Exceptions could be made for non-democratic countries -- no reason to give control of a service's local data to a dictatorship).
Who gets to decide that? Obviously not the countries themselves. That just leaves the people building the service and the people deciding which services to use; those are the same parties who already get to decide that today.
