I was idly scanning The Register's write-up of yesterday's Gmail outage in Europe when this explanation from Gmail reliability manager Acacio Cruz caught my eye:
"Unexpected side effects of some new code that tries to keep data geographically close to its owner caused another data centre in Europe to become overloaded, and that caused cascading problems from one data center to another. It took us about an hour to get it all back under control."
Why is Google developing code to keep data 'geographically close to its owner'? Europe's privacy laws, is my guess. This is a topic I've been following over on The Connected Web, where I recently posted about a phenomenon I've called data protectionism: "One important obligation on any business operating within the EU is a continuing responsibility to ensure the security and privacy of data transferred elsewhere." This week I followed up with news of a World Privacy Forum report that helpfully spells out all the implications for cloud providers and consumers.
Here's how this ends up bringing down Gmail:
- Google successfully recruits several large European enterprises to Google Apps;
- Those businesses express concern about their data privacy obligations under EU law;
- Google's engineers start developing algorithms to keep data from straying beyond certain geographic territories;
- Those algorithms behave unexpectedly during a routine upgrade;
- Gmail goes down.
I have no evidence for this chain of events apart from what Cruz wrote, but why else would Google want to keep data "geographically close to its owner"? In cloud computing terms, the notion is almost absurd — and of course absurdity is precisely the sort of thing that produces unexpected outcomes in any system.
Absurd though it may seem, the point is a crucial one for cloud providers to take on board. Their infrastructures are going to have to build in awareness of real-world jurisdictions so that providers and their customers can demonstrate compliance with undertakings on matters of national law such as data privacy, intellectual property rights and taxation. Shifting data across a national boundary during an outage can have serious legal repercussions, and the cloud has got to take that into account — but without falling over.