Last time, I covered the legal risks of entering into a contract with Amazon for S3 or its other web services. The complete loss of your service and data at any time, for any reason or for no reason at all, may seem a bad enough risk; but there may be worse to come.
Amazon boast a network of data centres. At present this “worldwide” network only covers countries that send teams to the World Series; but at some time in the future Amazon plan to put data centres in Europe and elsewhere to increase access speed, which is not really adequate outside North America (see A Slow Interlude).
Let’s imagine that Amazon place a data centre in the UK. This means fast access for UK users, who will no longer have to rely on their ISPs’ transatlantic links.
As part of Amazon’s worldwide network of data centres, the UK centre will receive replicated copies of data from all over the place – not only data originating or being used in Europe – as Amazon’s proprietary algorithms ensure maximum data security through maximum geographical diversity. If you scan a document in Peoria for use in Chicago, and store it in S3, it is as likely to end up in England as anywhere else.
You will probably be prudent and encrypt your data.
In England and Wales, the Regulation of Investigatory Powers (RIP) Act 2000 says that as part of an investigation “in the interests of national security, for the purpose of preventing or detecting serious crime, or for the purpose of safeguarding the economic well-being of the United Kingdom” the police may demand the keys to any encrypted data. It is an offence (with sentence of up to two years in jail) to fail to provide your encryption keys, and it can also be an offence to reveal the fact that the keys have even been demanded. Ross Anderson, the Professor of Security Engineering at Cambridge University has been forced to cover himself like this:
Here is my PGP key. If I revoke this key, I will always be willing to explain why I have done so provided that the giving of such an explanation is lawful.
So, suddenly, simply because Amazon have replicated some of your data into the UK without your knowledge, you open yourself to police demands to reveal your encryption keys with the threat of a prison sentence if you don’t.
A great deal of work is being done on this: see, for example, this blog entry on Cambridge’s Scrambling for Safety conference, which was devoted entirely to the RIP Act (there is BBC coverage here). On the government side, the draft code of practice is all emollience, containing safeguard after reassurance after safeguard in the best manner of the British Civil Service. But these reassurances ultimately come from the government of a country where a Labour Party member (an 82-year-old Holocaust survivor) was detained under anti-terrorism legislation for daring to heckle a minister at his own party’s annual conference (BBC report here), and so we may be forgiven for not being entirely reassured. How long before “the economic well-being of the United Kingdom” is interpreted as “the profits of a company in which the ruling party owns shares”?
I have mentioned one country but there will be others. The restrictions and penalties on S3 data will be a combination of all the possible ones in all the countries where Amazon choose to have a data centre. Do you really want to investigate the law and politics of every country where Amazon might decide to put a computer? This kind of international political risk can only get worse as Amazon’s data centres spread round the world.
Perhaps now we know why Jeff Bezos is so interested in space flight. S3 servers in low earth orbit could in the end be cheaper to buy than politicians. Googling for “low earth orbit routing protocol” already returns 12,800 pages…
Next time I’ll mention a collection of risks that I’ve filed under “M for miscellaneous”: denial of service by anti-virus software, and cost inflation through slashdotting and doshslatting. It’ll break all my previous promises by being quite a technical posting, but be patient because the time after next will bring the conclusion to this whole series. Thank you for reading so far.