At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Technically speaking, we don't need the US Congress to foist algorithm transparency rules on social media platforms; the EU can effectively set that bar for us too.
The tech companies have shown themselves more than willing to tailor their platforms to specific jurisdictions
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
That is only marginally true now. "The internet" is not really run on hardware that lives in the real world anymore. It's run on virtual hardware that lives in multiple places simultaneously and indistinguishably, and while that virtual hardware runs on physical hardware it's only fleetingly possible to pin down which physical device is doing what at a given moment. It's often not running software written by humans in the world anymore either, and that will be increasingly true over the next decade or two. "Who wrote this code" won't be a sentence that means a lot when applied to infrastructure and web 3.0.
The ideas don't map well. GDPR is probably the best we've done so far and it is a paper tiger at best, tied to an essentially corporate conception of the internet that has no real ability to impact individuals or amorphous entities.
I mean, attempt to use GDPR to block 4chan in Germany and see how you get on. How many IRC servers have been banned due to GDPR? This is a fig leaf. A pretty big one, to be fair, but still. GDPR can only be considered successful regulation insofar as it gave good actors a line to toe, and maybe that's good enough - regulation as a sternly-voiced suggestion for how to behave. Keep Off the Grass, internet style.
But it's not going to solve the underlying problem, assuming we even agree that it is a problem.
Correct me if I'm wrong, but my understanding of the GDPR seems more like a sledgehammer than a paper tiger. Not suited to pinning down agile, distributed internet communities, true, but quite effective for threatening large, established entities like Google and Facebook who can't just keep changing their domain to avoid blocks or pretend they're not home to dodge lawsuits.
Being able to drop that hammer on Twitter while Gab and 8chan skitter under the refrigerator seems good enough to me.
ArbitraryDescriptor on
0
OrcaAlso known as EspressosaurusWrexRegistered Userregular
edited July 2020
Okay, it's being run on 100 different virtual machines, all of which may or may not even be on the same physical machine. Fine. Hell, we'll say it's split across several different datacenters. Fine. They all still exist in the real world, and are run by companies that exist in the real world transmitting data across fiber optic lines that exist in the real world owned by a variety of other companies that exist in the real world, to a user that exists in the real world.
The internet is not special.
edit: as entities existing in the real world, they are all subject to the laws of the part of the world that they happen to exist in.
Okay, it's being run on 100 different virtual machines, all of which may or may not even be on the same physical machine. Fine. Hell, we'll say it's split across several different datacenters. Fine. They all still exist in the real world, and are run by companies that exist in the real world transmitting data across fiber optic lines that exist in the real world owned by a variety of other companies that exist in the real world, to a user that exists in the real world.
The internet is not special.
At the very least, hosting services have a billing address, and countries know who is owning the installation that provide access.
It's always possible to find someone who knows who need to be fined.
Also, the GDPR is all about privacy. It's not a set of regulation on everything. It only really makes sense for commercial uses.
Just like hate speech laws are not usually concerned about private conversations.
If you want to ban twitter, it's easy. Just tell ISPs to block twitter. Sure, some people would use VPNs, but if twitter cannot get advertising money from your country, and people have to figure out a way to get a VPN to access twitter, you just banned twitter quite effectively.
Blocking something like IRC is harder, but at that point, you might as well block phones, carrier pigeons, and the modulated use of light switches.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Technically speaking, we don't need the US Congress to foist algorithm transparency rules on social media platforms; the EU can effectively set that bar for us too.
The tech companies have shown themselves more than willing to tailor their platforms to specific jurisdictions
True, but we're talking about their core tech here, not a content filter that bans swastikas based on IP. They might tweak it, but any transparency disclosures on their EU-algo fork should be illuminating enough.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
That is only marginally true now. "The internet" is not really run on hardware that lives in the real world anymore. It's run on virtual hardware that lives in multiple places simultaneously and indistinguishably, and while that virtual hardware runs on physical hardware it's only fleetingly possible to pin down which physical device is doing what at a given moment. It's often not running software written by humans in the world anymore either, and that will be increasingly true over the next decade or two. "Who wrote this code" won't be a sentence that means a lot when applied to infrastructure and web 3.0.
The ideas don't map well. GDPR is probably the best we've done so far and it is a paper tiger at best, tied to an essentially corporate conception of the internet that has no real ability to impact individuals or amorphous entities.
I mean, attempt to use GDPR to block 4chan in Germany and see how you get on. How many IRC servers have been banned due to GDPR? This is a fig leaf. A pretty big one, to be fair, but still. GDPR can only be considered successful regulation insofar as it gave good actors a line to toe, and maybe that's good enough - regulation as a sternly-voiced suggestion for how to behave. Keep Off the Grass, internet style.
But it's not going to solve the underlying problem, assuming we even agree that it is a problem.
Correct me if I'm wrong, but my understanding of the GDPR seems more like a sledgehammer than a paper tiger. Not suited to pinning down agile, distributed internet communities, true, but quite effective for threatening large, established entities like Google and Facebook who can't just keep changing their domain to avoid blocks or pretend they're not home to dodge lawsuits.
Being able to drop that hammer on Twitter while Gab and 8chan skitter under the refrigerator seems good enough to me.
It's a technological arms race we haven't really started yet. The jury's still out on whether gigantic social media companies like Facebook and Twitter can even survive with their current scope with additional regulation.
I don't care about them, but I feel like assuming we will have a future-proof hold on something that can circumnavigate the globe 7 times per second is cause for doubt.
Marty: The future, it's where you're going? Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
While racing light mechs, your Urbanmech comes in second place, but only because it ran out of ammo.
+1
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Why does the internet need special constitutional protection not afforded to any other medium of commerce or communication?
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
do you provide services to the citizens who reside in your jurisdiction
if so, government can fuck with you unless you want to take your ball and go home
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
You seem to be under the impression that the EU sets regulations for internet companies in the USA. This is not the case. The EU sets regulations for internet companies in the EU.
Internet companies applies most of those EU regulations everywhere because it's less trouble most of the time. This is also true for USA regulations, like HIPAA. Or Canadian regulations, like PIPEDA.
That's because it's not hard to comply with all of them simultaneously, so why not. If there's a conflict, well, it's like for intellectual property with different licences per region: geo-locking.
That's why Netflix is not the same everywhere.
This is a solved problem: we know how to apply regulations to the internet.
+10
MonwynApathy's a tragedy, and boredom is a crime.A little bit of everything, all of the time.Registered Userregular
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
To be blunt, the GDPR is a polite fiction that's only really relevant to outlets with lots of money, and any attempt to replicate it in the US would be likewise. The EU is not going to build a Great Firewall of its own, and neither will the US.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
do you provide services to the citizens who reside in your jurisdiction
if so, government can fuck with you unless you want to take your ball and go home
Person in country A sends GET request to server in country B, which responds. If country A doesn't like what's in that exchange, Country A can ask country B to do something about it or it can physically intercept the messages or cut the connection altogether. And the later case is assuming a wired connection. Theoretically I imagine you could have satellite internet that's going through the air so the only part of the whole exchange that is actually physically present in country A is a client machine and a transmitter/receiver.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
You seem to be under the impression that the EU sets regulations for internet companies in the USA. This is not the case. The EU sets regulations for internet companies in the EU.
Internet companies applies most of those EU regulations everywhere because it's less trouble most of the time. This is also true for USA regulations, like HIPAA. Or Canadian regulations, like PIPEDA.
That's because it's not hard to comply with all of them simultaneously, so why not. If there's a conflict, well, it's like for intellectual property with different licences per region: geo-locking.
That's why Netflix is not the same everywhere.
This is a solved problem: we know how to apply regulations to the internet.
Literally anyone who actually cares enough can get around geolocking with a VPN. I think it was the Mandalorian that had a weird international release schedule recently? From what I remember of the reaction among British youtubers I watch it was almost universally "Man, the Mandalorian is pretty good... I mean... we definitely haven't seen it yet because it's not out here wink wink nudge nudge".
HamHamJ on
While racing light mechs, your Urbanmech comes in second place, but only because it ran out of ammo.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
To be blunt, the GDPR is a polite fiction that's only really relevant to outlets with lots of money, and any attempt to replicate it in the US would be likewise. The EU is not going to build a Great Firewall of its own, and neither will the US.
Nobody is asking for a Great Firewall, and that favorite strawman of the tech industry is getting tiresome. What people are asking for is that Silicon Valley be held accountable for the harm it does, and the argument against this seems to be "if you regulate us, then we can't operate as we do, and there will be collapse and anarchy." Slate just ran a piece on Zeran v. AOL, one of the first Section 230 lawsuits, which held that service providers were completely immunized against user content, even after being notified. There's a good point near the end of the article:
Zeran asked me what I thought of the proposal, and I pointed out that, as with so much related to Section 230, there are trade-offs. While a notice-based system may only target illegal speech, I say, it could have a significant chilling effect on other speech. “Who needs to live in a society of illegal speech?” he asked in response. “Who does that help?”
Basically, the author makes the usual paean to chilling speech, and Zeran points out why that argument has been losing authority - it ignores that those policies also cause harm and chill speech, just in different ways that get routinely ignored by the free speech "absolutism" crowd (mainly because they're not the usual targets of those policies.)
Regulation won't kill the internet. It will make people like Zuckerberg accountable, though - and that's why they fight it.
@spool32 I'd argue the point that it exists everywhere simultaneously. Regional data centers are absolutely a thing, and what you do for US East 1 is materially different from EU West - Ireland, which is also different from Singapore. It's absolutely a hard thing to do well, but that doesn't remove the obligation of tech companies to do it. As someone who works for a multinational, this is something we deal with on a daily basis for both technology and business-side artifacts and requires good governance and audit practices. Tech companies just need to stop whining and learn real operations, like everyone else has had to deal with since forever.
I’d assume that US regulation on internet speech would be designed to chill left-wing speech and promote the right. It’d be more likely to get antifa treated like ISIS than to shut up Nazis.
Net. Neutrality is fully dead, right? Like ISPs can already do whatever they want with or without pressure from the government?
Marty: The future, it's where you're going? Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
At the end of the day, the Internet is not some special, unique, inviolate space. It's still run on hardware that lives in the real world. Those machines are administered by humans in specific locations in the real world. It's running software written by humans in specific locations in the real world.
As such, it is subject to any and all regulations considered appropriate by humans in the real world.
So why not transparency regulations?
We have a world wide web but not a world wide government. I'm sure that short of every nation making their own firewall the will be sovereignty issues
right which is why you set down regulations that the companies have to adhere to if they want to operate in your jurisdiction
The EU already does this, you may have noticed some of the GDPR messages
To be blunt, the GDPR is a polite fiction that's only really relevant to outlets with lots of money, and any attempt to replicate it in the US would be likewise. The EU is not going to build a Great Firewall of its own, and neither will the US.
Nobody is asking for a Great Firewall, and that favorite strawman of the tech industry is getting tiresome. What people are asking for is that Silicon Valley be held accountable for the harm it does, and the argument against this seems to be "if you regulate us, then we can't operate as we do, and there will be collapse and anarchy." Slate just ran a piece on Zeran v. AOL, one of the first Section 230 lawsuits, which held that service providers were completely immunized against user content, even after being notified. There's a good point near the end of the article:
Zeran asked me what I thought of the proposal, and I pointed out that, as with so much related to Section 230, there are trade-offs. While a notice-based system may only target illegal speech, I say, it could have a significant chilling effect on other speech. “Who needs to live in a society of illegal speech?” he asked in response. “Who does that help?”
Basically, the author makes the usual paean to chilling speech, and Zeran points out why that argument has been losing authority - it ignores that those policies also cause harm and chill speech, just in different ways that get routinely ignored by the free speech "absolutism" crowd (mainly because they're not the usual targets of those policies.)
Regulation won't kill the internet. It will make people like Zuckerberg accountable, though - and that's why they fight it.
That's not a good point at the end of the article, it's Zeran saying nothing in response to a question.
Q: Might targeting illegal speech have a chilling effect on speech?
A: What does illegal speech help?
A proper answer would discuss the relative harms of action and inaction and decide which is the lesser. It's simply always going to be true that some speech is harmful, and efforts to reduce harmful speech will have a chilling effect. Policy that doesn't recognize this and grapple with it can't be considered serious.
@spool32 I'd argue the point that it exists everywhere simultaneously. Regional data centers are absolutely a thing, and what you do for US East 1 is materially different from EU West - Ireland, which is also different from Singapore. It's absolutely a hard thing to do well, but that doesn't remove the obligation of tech companies to do it. As someone who works for a multinational, this is something we deal with on a daily basis for both technology and business-side artifacts and requires good governance and audit practices. Tech companies just need to stop whining and learn real operations, like everyone else has had to deal with since forever.
Even regional datacenters are an abstraction and don't represent everywhere your data lives or where operations are performed. Packet switched networks make all this an abstraction, and the metal where the work is happening is an abstraction too. When you rent 12 cores from Amazon you're not renting a discreet set of processors, just an abstraction. Multiple layers of virtualization and redundancy mean you're only partially able to distinguish where on earth something hapened, and also let's be honest, you're relying on Amazon's attestations for auditing unless you're a crazy person or your work is very paranoid.
@spool32 I'd argue the point that it exists everywhere simultaneously. Regional data centers are absolutely a thing, and what you do for US East 1 is materially different from EU West - Ireland, which is also different from Singapore. It's absolutely a hard thing to do well, but that doesn't remove the obligation of tech companies to do it. As someone who works for a multinational, this is something we deal with on a daily basis for both technology and business-side artifacts and requires good governance and audit practices. Tech companies just need to stop whining and learn real operations, like everyone else has had to deal with since forever.
Even regional datacenters are an abstraction and don't represent everywhere your data lives or where operations are performed. Packet switched networks make all this an abstraction, and the metal where the work is happening is an abstraction too. When you rent 12 cores from Amazon you're not renting a discreet set of processors, just an abstraction. Multiple layers of virtualization and redundancy mean you're only partially able to distinguish where on earth something hapened, and also let's be honest, you're relying on Amazon's attestations for auditing unless you're a crazy person or your work is very paranoid.
To some extent yes, but their data centers have a physical component, and unless you're haphazardly applying multi-AZ availability to data stores without knowing what's in them (don't do this), there is a strong tie between data in transit and at rest and a physical location. While you're renting an abstraction, that abstraction still resides in Virginia or Ohio (for East) and is subject to the appropriate rules of that physical place. You don't get to handwave laws because your engineers and governance folks are too lazy to restrict data storage to appropriate Availability Zone locations. I could argue the same thing about throwing documents in unlabeled boxes and letting a storage provider select where they go - while you CAN do it, it doesn't free you from liability or your requirements to follow local regulations. For example - there's a reason no one lands anything in Russia technically that they don't have to - it's a vector for data exfiltration and systems intrusion.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
I'll also note that my company has done not-insignificant amounts of work to ensure data does not accidentally end up in an EU datacenter and thus subject to GDPR. The invalidation of the "safe harbour" provisions of EU/US data transfer has definitely made things more complex and harder, but for good reasons. If you can't build well enough that your data will be restricted to only appropriate locations, get out of the data business. Localized data laws would be useless if they didn't restrict transit as you could just move it all to the least regulated spot and process/mine there.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
From a quick search, you can get that done, if you pay for it, and set it up. It won't happen automatically, if only because of billing.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
Marty: The future, it's where you're going? Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
0
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
It's not so much bandwidth as latency. The number of switches, and the actual speed of light. 7.5 times around the Earth sounds impressive, but 260ms is a terrible ping.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
From a quick search, you can get that done, if you pay for it, and set it up. It won't happen automatically, if only because of billing.
GDPR fines will rapidly outstrip any infrastructure cost for data at rest location specification. Otherwise - don't collect data that will get you in trouble. Encrypted data in transit is largely protected from many things as it's not really ever meant to be accessed/utilized in the region it's transiting. Unencrypted? Fix those practices as you could be negligent in your data handling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
Marty: The future, it's where you're going? Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
+1
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
That's the theoretical physical limit if you shined a light that distance. It's not the easy though, you need to re-transmit it to maintain the signal which adds delay. It's running through a number of networks, which adds delay. When I've gamed on EU servers, my lag is typically 200+ms. That's 200ms for a request-response and no time to actually do something useful with the data.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
That's the theoretical physical limit if you shined a light that distance. It's not the easy though, you need to re-transmit it to maintain the signal which adds delay. It's running through a number of networks, which adds delay. When I've gamed on EU servers, my lag is typically 200+ms. That's 200ms for a request-response and no time to actually do something useful with the data.
Also, c is the speed of light in a vacuum, signals travel slower in other media, so you have to account for that. (Fun side note: Chenrenkov radiation is what happens when things go faster than light in a given medium)
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
this is so entirely not a thing anymore in datacenters. Data is encrypted at rest, storage is virtualized and presented as contiguous when it's striped and stored redundantly... it's basically not possible to know any longer what data is "on the hard drive" you're pulling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
this is so entirely not a thing anymore in datacenters. Data is encrypted at rest, storage is virtualized and presented as contiguous when it's striped and stored redundantly... it's basically not possible to know any longer what data is "on the hard drive" you're pulling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
You can dream about a nationless world, but that ain't the one we live in. Every cloud provider has meaningful barriers between countries to prevent issues like this (including things like government contracts that specify in-country servers/utilization)- and while cloud technology has handed us a bazooka to deal with our infra problems, it has also forced all of us to revisit process and governance, as that needs to be really tight in a world where you can't fall back on trusted internal network access to save you from mistakenly leaking data.
Will countryless/regionless failover eventually be a thing? Sure. Will it be overlain with common regulatory frameworks that share characteristics? If cloud providers don't want to absorb legal liability for their clients, absolutely. We're in a period of transition where privacy and data regulations are being solved piecemeal. At some point there will be common multi-country agreements around handling that will allow for common usage, but again - we ain't living in that world yet. We also still have fundamental data classification problems that are getting better, but it's still a definite work in progress.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
this is so entirely not a thing anymore in datacenters. Data is encrypted at rest, storage is virtualized and presented as contiguous when it's striped and stored redundantly... it's basically not possible to know any longer what data is "on the hard drive" you're pulling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
All those things are business decisions that can be made illegal. They aren't facts of nature.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
That's the theoretical physical limit if you shined a light that distance. It's not the easy though, you need to re-transmit it to maintain the signal which adds delay. It's running through a number of networks, which adds delay. When I've gamed on EU servers, my lag is typically 200+ms. That's 200ms for a request-response and no time to actually do something useful with the data.
Possibly a chunk comes from our own network infrastructure problems, but how many huge marketshare applications need to be in the same country to work well?
Marty: The future, it's where you're going? Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
That's the theoretical physical limit if you shined a light that distance. It's not the easy though, you need to re-transmit it to maintain the signal which adds delay. It's running through a number of networks, which adds delay. When I've gamed on EU servers, my lag is typically 200+ms. That's 200ms for a request-response and no time to actually do something useful with the data.
Possibly a chunk comes from our own network infrastructure problems, but how many huge marketshare applications need to be in the same country to work well?
All of them. In fact, many countries are too big, and have to be split into regions.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
this is so entirely not a thing anymore in datacenters. Data is encrypted at rest, storage is virtualized and presented as contiguous when it's striped and stored redundantly... it's basically not possible to know any longer what data is "on the hard drive" you're pulling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
You can dream about a nationless world, but that ain't the one we live in. Every cloud provider has meaningful barriers between countries to prevent issues like this (including things like government contracts that specify in-country servers/utilization)- and while cloud technology has handed us a bazooka to deal with our infra problems, it has also forced all of us to revisit process and governance, as that needs to be really tight in a world where you can't fall back on trusted internal network access to save you from mistakenly leaking data.
Will countryless/regionless failover eventually be a thing? Sure. Will it be overlain with common regulatory frameworks that share characteristics? If cloud providers don't want to absorb legal liability for their clients, absolutely. We're in a period of transition where privacy and data regulations are being solved piecemeal. At some point there will be common multi-country agreements around handling that will allow for common usage, but again - we ain't living in that world yet. We also still have fundamental data classification problems that are getting better, but it's still a definite work in progress.
this is just the same as arguing that piracy isn't a problem because nobody wants to spend 4 hours downloading one song, though. Sure, we'll come up with some kind of regulatory framework but it won't actually stop anything, anymore than "you wouldn't download a car" stopped piracy. The fundamental nature of the systems we're building resist arbitrary regulation and standing up alternates is ever more trivial, which gets us back to my original point - there's no balance point where the regulatory regime is comprehensive and effective, but not authoritarian and oppressive. They come together and we continue to build systems where it's inherently true, then rely on the vanishing physical realm to keep the lid on resulting problems in the places that aren't China (where it still ain't working well). Reliance on the physical didn't work with piracy and it's not going to work with any of the rest of this either.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Also, people generally kinda like to know in which situations someone can get into the datacenter and start pulling hard drives, and what exactly is installed on the servers.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
this is so entirely not a thing anymore in datacenters. Data is encrypted at rest, storage is virtualized and presented as contiguous when it's striped and stored redundantly... it's basically not possible to know any longer what data is "on the hard drive" you're pulling.
Electricity takes time to move between two locations. Data is going to be processed in the nearest and same location if at all possible because otherwise the lag is going to be horrible.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
All those things are business decisions that can be made illegal. They aren't facts of nature.
As successfully as making copyright violations, or pot, illegal. Fire away, see how you get on!
They are facts of nature, as immutable as any of the rest. Technological progress won't be halted, we won't stop the increasing abstraction of computing resources without instituting authoritarian controls on ourselves that technologists will just ignore anyway, same as everyone ignored music downloads.
Posts
The tech companies have shown themselves more than willing to tailor their platforms to specific jurisdictions
Correct me if I'm wrong, but my understanding of the GDPR seems more like a sledgehammer than a paper tiger. Not suited to pinning down agile, distributed internet communities, true, but quite effective for threatening large, established entities like Google and Facebook who can't just keep changing their domain to avoid blocks or pretend they're not home to dodge lawsuits.
Being able to drop that hammer on Twitter while Gab and 8chan skitter under the refrigerator seems good enough to me.
The internet is not special.
edit: as entities existing in the real world, they are all subject to the laws of the part of the world that they happen to exist in.
At the very least, hosting services have a billing address, and countries know who is owning the installation that provide access.
It's always possible to find someone who knows who need to be fined.
Also, the GDPR is all about privacy. It's not a set of regulation on everything. It only really makes sense for commercial uses.
Just like hate speech laws are not usually concerned about private conversations.
If you want to ban twitter, it's easy. Just tell ISPs to block twitter. Sure, some people would use VPNs, but if twitter cannot get advertising money from your country, and people have to figure out a way to get a VPN to access twitter, you just banned twitter quite effectively.
Blocking something like IRC is harder, but at that point, you might as well block phones, carrier pigeons, and the modulated use of light switches.
True, but we're talking about their core tech here, not a content filter that bans swastikas based on IP. They might tweak it, but any transparency disclosures on their EU-algo fork should be illuminating enough.
It's a technological arms race we haven't really started yet. The jury's still out on whether gigantic social media companies like Facebook and Twitter can even survive with their current scope with additional regulation.
I don't care about them, but I feel like assuming we will have a future-proof hold on something that can circumnavigate the globe 7 times per second is cause for doubt.
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
Define operate. If a service doesn't own anything actually in your territory, the only leverage you have is whatever power wherever they do own something chooses to give you, and the ability to prevent your own citizens from accessing them. The former of those is I think largely still an open question and it seems like we may be moving to a bifurcated internet between the US and China. But that could also lead to further balkanization as well. Currently it doesn't seem like the US hasn't has any problems with the EU setting regulations for it's internet companies but the EU I believe is kind of not happy with the amount of influence the US has on the internet, and if relations between the two sides continue to worsen who knows what might happen.
The latter is also a political question and a technical challenge, and even if we can it doesn't necessarily mean we should. Personally I'm more inclined to say we need to create new constitutional limitations to what the government can do in regards to the internet.
do you provide services to the citizens who reside in your jurisdiction
if so, government can fuck with you unless you want to take your ball and go home
Internet companies applies most of those EU regulations everywhere because it's less trouble most of the time. This is also true for USA regulations, like HIPAA. Or Canadian regulations, like PIPEDA.
That's because it's not hard to comply with all of them simultaneously, so why not. If there's a conflict, well, it's like for intellectual property with different licences per region: geo-locking.
That's why Netflix is not the same everywhere.
This is a solved problem: we know how to apply regulations to the internet.
To be blunt, the GDPR is a polite fiction that's only really relevant to outlets with lots of money, and any attempt to replicate it in the US would be likewise. The EU is not going to build a Great Firewall of its own, and neither will the US.
Person in country A sends GET request to server in country B, which responds. If country A doesn't like what's in that exchange, Country A can ask country B to do something about it or it can physically intercept the messages or cut the connection altogether. And the later case is assuming a wired connection. Theoretically I imagine you could have satellite internet that's going through the air so the only part of the whole exchange that is actually physically present in country A is a client machine and a transmitter/receiver.
Literally anyone who actually cares enough can get around geolocking with a VPN. I think it was the Mandalorian that had a weird international release schedule recently? From what I remember of the reaction among British youtubers I watch it was almost universally "Man, the Mandalorian is pretty good... I mean... we definitely haven't seen it yet because it's not out here wink wink nudge nudge".
Nobody is asking for a Great Firewall, and that favorite strawman of the tech industry is getting tiresome. What people are asking for is that Silicon Valley be held accountable for the harm it does, and the argument against this seems to be "if you regulate us, then we can't operate as we do, and there will be collapse and anarchy." Slate just ran a piece on Zeran v. AOL, one of the first Section 230 lawsuits, which held that service providers were completely immunized against user content, even after being notified. There's a good point near the end of the article:
Basically, the author makes the usual paean to chilling speech, and Zeran points out why that argument has been losing authority - it ignores that those policies also cause harm and chill speech, just in different ways that get routinely ignored by the free speech "absolutism" crowd (mainly because they're not the usual targets of those policies.)
Regulation won't kill the internet. It will make people like Zuckerberg accountable, though - and that's why they fight it.
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
That's not a good point at the end of the article, it's Zeran saying nothing in response to a question.
Q: Might targeting illegal speech have a chilling effect on speech?
A: What does illegal speech help?
A proper answer would discuss the relative harms of action and inaction and decide which is the lesser. It's simply always going to be true that some speech is harmful, and efforts to reduce harmful speech will have a chilling effect. Policy that doesn't recognize this and grapple with it can't be considered serious.
Even regional datacenters are an abstraction and don't represent everywhere your data lives or where operations are performed. Packet switched networks make all this an abstraction, and the metal where the work is happening is an abstraction too. When you rent 12 cores from Amazon you're not renting a discreet set of processors, just an abstraction. Multiple layers of virtualization and redundancy mean you're only partially able to distinguish where on earth something hapened, and also let's be honest, you're relying on Amazon's attestations for auditing unless you're a crazy person or your work is very paranoid.
To some extent yes, but their data centers have a physical component, and unless you're haphazardly applying multi-AZ availability to data stores without knowing what's in them (don't do this), there is a strong tie between data in transit and at rest and a physical location. While you're renting an abstraction, that abstraction still resides in Virginia or Ohio (for East) and is subject to the appropriate rules of that physical place. You don't get to handwave laws because your engineers and governance folks are too lazy to restrict data storage to appropriate Availability Zone locations. I could argue the same thing about throwing documents in unlabeled boxes and letting a storage provider select where they go - while you CAN do it, it doesn't free you from liability or your requirements to follow local regulations. For example - there's a reason no one lands anything in Russia technically that they don't have to - it's a vector for data exfiltration and systems intrusion.
Turn out regulations are not only applicable, they are useful.
I would much prefer it if my data was under EU regulations than USA regulations, but at least it's mostly under CND regulations.
Yes, this is why when you set up various cloud services you get to pick the physical location of your server. It's conceivable that this could be auto-optimized, though.
You still get to pick the valid list of Availability Zones though. I'd be thoroughly shocked if any cloud provider automatically load balanced data across an ocean given all the hoops and potential liabilities.
From a quick search, you can get that done, if you pay for it, and set it up. It won't happen automatically, if only because of billing.
How much time nowadays? With fiber optic infrastructure and other innovations, internet speeds continue to increase - by 30% in 2017. The US is currently way down the list in internet speeds, beat out by multiple island countries in asia and random eastern European countries. We are not on the cutting edge of connectivity here, and I have to wonder if location is actually a make or break issue from an international perspective.
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
You can't beat the speed of light for latency. You can for throughput: try a 747 full of micro SD cards sometime. But the speed of light limits your latency, which means there is always benefit to trying to be as close to the thing you're trying to send to as possible.
GDPR fines will rapidly outstrip any infrastructure cost for data at rest location specification. Otherwise - don't collect data that will get you in trouble. Encrypted data in transit is largely protected from many things as it's not really ever meant to be accessed/utilized in the region it's transiting. Unencrypted? Fix those practices as you could be negligent in your data handling.
But the speed of light is actually kind of fast? Like 67 milliseconds to reach the other side of the world if I calculated correctly?
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
That's the theoretical physical limit if you shined a light that distance. It's not the easy though, you need to re-transmit it to maintain the signal which adds delay. It's running through a number of networks, which adds delay. When I've gamed on EU servers, my lag is typically 200+ms. That's 200ms for a request-response and no time to actually do something useful with the data.
Also, c is the speed of light in a vacuum, signals travel slower in other media, so you have to account for that. (Fun side note: Chenrenkov radiation is what happens when things go faster than light in a given medium)
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
this is part of my objection to the idea that it's just easy to do etc. We're still, in 2020, relying on physical limitations as though they will matter. It's perfectly reasonable to imagine that in a decade this idea of needing to pick a region for your data and manage failover will be anachronistic and quaint. We're imagining a regulatory regime that assumes truths about the world that we are at the same time frantically rendering false. "You know where your data is located" is only barely technically true anymore, where at the beginning of the last decade it was largely true, and at the beginning of the millennium was so obviously the case that mentioning it sounded weird.
Trying to argue that a nationality-based regulatory regime is possible because latency makes it impractical to configure it otherwise, is like arguing that pirating music is hard because the data is big and takes a long time to download.
You can dream about a nationless world, but that ain't the one we live in. Every cloud provider has meaningful barriers between countries to prevent issues like this (including things like government contracts that specify in-country servers/utilization)- and while cloud technology has handed us a bazooka to deal with our infra problems, it has also forced all of us to revisit process and governance, as that needs to be really tight in a world where you can't fall back on trusted internal network access to save you from mistakenly leaking data.
Will countryless/regionless failover eventually be a thing? Sure. Will it be overlain with common regulatory frameworks that share characteristics? If cloud providers don't want to absorb legal liability for their clients, absolutely. We're in a period of transition where privacy and data regulations are being solved piecemeal. At some point there will be common multi-country agreements around handling that will allow for common usage, but again - we ain't living in that world yet. We also still have fundamental data classification problems that are getting better, but it's still a definite work in progress.
All those things are business decisions that can be made illegal. They aren't facts of nature.
Possibly a chunk comes from our own network infrastructure problems, but how many huge marketshare applications need to be in the same country to work well?
Doc: That's right, twenty five years into the future. I've always dreamed on seeing the future, looking beyond my years, seeing the progress of mankind. I'll also be able to see who wins the next twenty-five world series.
All of them. In fact, many countries are too big, and have to be split into regions.
this is just the same as arguing that piracy isn't a problem because nobody wants to spend 4 hours downloading one song, though. Sure, we'll come up with some kind of regulatory framework but it won't actually stop anything, anymore than "you wouldn't download a car" stopped piracy. The fundamental nature of the systems we're building resist arbitrary regulation and standing up alternates is ever more trivial, which gets us back to my original point - there's no balance point where the regulatory regime is comprehensive and effective, but not authoritarian and oppressive. They come together and we continue to build systems where it's inherently true, then rely on the vanishing physical realm to keep the lid on resulting problems in the places that aren't China (where it still ain't working well). Reliance on the physical didn't work with piracy and it's not going to work with any of the rest of this either.
As successfully as making copyright violations, or pot, illegal. Fire away, see how you get on!
They are facts of nature, as immutable as any of the rest. Technological progress won't be halted, we won't stop the increasing abstraction of computing resources without instituting authoritarian controls on ourselves that technologists will just ignore anyway, same as everyone ignored music downloads.