I seldom comment when a service provider opens a new data center. I find that I had to talk with ElasticHosts about their announcement that the company was going to add two new data center locations (one in Los Angeles, California, and one in Toronto, Canada) to its current locations in London, UK, and San Antonio, TX. The announcement materials included the following quote:
"Additionally, in offering a data center in Canada, ElasticHosts can provide North American cloud hosting that does not fall under the US Patriot Act, Digital Millennium Copyright Act (DMCA) or the forthcoming Stop Online Piracy Act (SOPA). This means that Canadian and European businesses which do not want to operate in US jurisdiction can still enjoy the benefits of North American cloud servers with fast network connectivity to US and Canadian markets. "
Although I'm not an attorney nor do I play one on TV, I was concerned about the language ElasticHosts used in the announcements. I found it rather difficult to believe that companies that have even a small footprint in the United States would be totally shielded from the Patriot Act, DMCA or even the proposed SOPA concerns just because their cloud hosting firm was based in Europe and the data was outside of the U.S.
It was my belief that the U.S. has it within its power to exert a great deal of pressure on companies operating in the U.S. regardless of who owns the data center and where it is located.
When I expressed this concern to ElasticHosts' very pleasant PR representative, I was offered a chance to speak with the CEO of ElasticHosts, Richard Davies. Having spoken with Richard in the past, I was looking forward to the opportunity to discuss this rather thorny issue.
Davies was quick to note that since ElasticHosts was a UK-based company having data centers outside of the U.S., customers would be protected from any but the most forceful requests for propriety data or to take down content. He pointed out that the U.S. Patriot Act, DMCA and the proposed SOPA were laws in the U.S. The UK has different laws and different processes.
I repeated my concern that if a ElasticHosts customer had a footprint in the U.S., regardless of size, the customer could be subjected to a great deal of pressure regardless of whether the data center was not in the U.S. and the data center operator was not a U.S. company. Davies agreed that in an extreme case that was correct. He pointed out that a non-U.S. company, operating out of a non-U.S. data center, operated by a non-U.S. cloud supplier would be subject to the laws where they were located, where the data center was located and where the data center operator was located.
Davies repeated the assertion that set of circumstances would shield companies from U.S. laws to some extent. The U.S., he pointed out, could, on the other hand, present a legal complaint in the U.K. or in Canada. In that case, the laws there would apply.
I believe that he has several good points, but the language in the release is still a bit too strong. ElasticHosts can not shield its customers completely from U.S. laws if they operate in the U.S. What do you think?