Last week I wrote about how ServInt was beating the NSA. Here’s a talk I gave on the same subject in TechWeek in Chicago last month. ServInt cares about protecting our users’ rights. The talk will explain why we care, and what we’re trying to do to fix the “NSA problem.”
Yesterday I was interviewed by Bloomberg News about the effects of NSA surveillance on the Cloud. They wanted to know if we had lost any customers specifically because of the Edward Snowden leaks. This, of course, is a hot topic: how is mass surveillance affecting the cloud, and can we quantify the damage that is being done? Is it costing us jobs and economic growth in the cloud? The answer, of course, is “yes” — and ServInt isn’t scared of saying so.
I said that we had lost customers and even more potential customers — which is true. ServInt has been one of the few players willing to speak up and say this and as a result we have been quoted in places like The Hill and the New York Times. The cloud hosting field is a tough, competitive business and it is hard to talk about losses. But ServInt isn’t afraid of calling out the problem, because we have been leaders in directly addressing the issue since it arose a little over a year ago.
The cloud in the United States has been badly hurt by the actions of the NSA. These days anybody can relocate their digital business with just two or three clicks of a mouse. You don’t need to sign a long contract or tell anybody why you are making your choice, you just move. I’ve talked to a lot of people who have decided they want to move their business outside of the United States because they feel like the US doesn’t care about privacy. I’m quoted in the Bloomberg article about this being a “death by a thousand papercuts.” I was talking about the affect on the overall economy, not our business, which for the record has seen a 30 percent decline in foreign signups since the NSA leaks began, not a 30 percent decline in total foreign customers.
In fact, ServInt is actually weathering the Snowden storm very well, compared to many of our competitors. Why? Because our clients trust us. They understand the cardinal rule of security and data safety:
It’s not where you’re hosted, it’s how you’re hosted.
Your business needs to stay up, online and fast. It needs to stay stable and secure. And your data needs to be protected. You need experts at the helm to accomplish all of those things — experts you trust. And earning the trust of small to medium businesses is what ServInt has been doing for 19 years.
The NSA revelations are just another hurdle to overcome in ServInt’s ongoing pursuit of being the most trusted name in the Cloud. We’re doing so by requiring warrants for content, and by responsible handling of data. We’re doing so by being thought leaders in the fight against NSA surveillance in Washington, through our leadership within the i2Coalition. And we’re trying to curb the misinformation about NSA surveillance. Everybody tempted to move their content out of US datacenters needs to remember that the vast majority of all spying is done on foreign networks. “Move your site out of the U.S. to avoid spying” may be good marketing, but it doesn’t take into account the reality of how surveillance works.
We do all this because we want to win the day, and win it honorably, by doing the right thing We win the day when we make customer trust our number one goal. We win the day when our customers know we have their backs when it comes to protecting their data, and we win the day when we fight for privacy and NSA accountability.
Last week, a good friend who works at Google sent me a link to a Wall Street Journal story on the price wars that seem to be heating up in the cloud computing and storage sectors. (Editor’s note: WSJ hyperlinks only work once. To read this article run a google search for “A Price War Erupts in Cloud Services”)
I found the article fascinating, but I thought it did a surprisingly poor job helping the reader understand how the Cloud might affect real-world hosting decisions.
At the center of the problem was the effort the author made to demystify the cost of cloud hosting. In order to provide a common storage and processing task against which all the major cloud service providers’ fees would be measured, the author chose the following:
“(Hosting) a medium-sized website with about 50 million page views a month…” Read more
Earlier today, ServInt signed on to a letter, spearheaded by the Center for Democracy & Technology, that was sent to leaders in the U.S. House and Senate. The letter urged reform of U.S. surveillance practices “by limiting the scope of surveillance and by substantially enhancing…privacy protections, oversight, and accountability mechanisms” — specifically through the enactment of the USA FREEDOM Act, about which we’ve written here before.
Following is a transcript of the letter. Please take a moment to look it over — then contact your elected representatives to urge them to support it. If you’re looking for the Reader’s Digest version of what’s at stake here, it boils down to this: the USA FREEDOM Act would close a wide range of loopholes in previous homeland security-related legislation that make it easy for the government to gain access to your e-mail, data, and other private information, without warrants or the protection of other elements of basic due process. Here’s the letter: Read more
For this final post on the history of U.S. Internet regulation, we need to look at one of the broadest pieces of cybersecurity policy out there – broad enough to hit just about anybody in the world. The Computer Fraud and Abuse Act (CFAA) of 1984 and its increasingly liberal interpretation have led to a state of affairs in which most U.S Internet users — you and me included — could be considered felons.
Technology is changing far faster than any government could hope to keep up. One of the many challenges of setting cybersecurity policy is that if you set requirements that are technical in nature into the law they will be outdated by the time they are passed. The law can’t be prescriptive when it comes to cybersecurity, so it ends up turning to broad generalization.
The Computer Fraud and Abuse Act is one of those laws that succumbs to broad generalization. Read more
Any discussion about PRISM centers around the concept of privacy on the Internet. For my third post on the history of U.S. Internet Legislation, I’ll focus in on the laws that govern our privacy online.
When attempting to ascertain the state of online privacy, there tends to be a lot of talk about law enforcement “abuses.” Having a basic understanding of the laws that serve as the basis for most law enforcement and Intelligence community programs that target online activity can help us determine how, and whether, things need to change.
Let’s start our brief look at those laws by imagining that I’m a U.S. Federal officer and you are an American citizen, and my goal is to go through your underwear drawer to look for suspicious activity. To do that I need a search warrant, signed off by a judge, and generally to get that I need probable cause. The Fourth Amendment to the United States constitution, which prevents unreasonable search and seizure, requires that. The Electronic Communications Privacy Act was written to codify that these fourth amendment rights also exist online. However, certain laws carve out exceptions to the warrant requirement under specific conditions.
Discussion of our privacy rights online center around what the government has and doesn’t have the right to do with our online data. In the wake of PRISM I want to define two categories through which we can explore those legal rights:
- Surveillance that is made possible by the acquisition of a search warrant by law enforcement
- Surveillance that is made possible through an exception to the warrant requirement
Below are a few common legislative acts (not an exhaustive list) that empower law enforcement to get data they seek online. Read more
With the U.S. government’s PRISM program, there has been a lot of talk recently about what the government can and will do with Internet communications. What the government can do is limited by the protections granted under various laws governing the Internet. Some of the most important laws governing protections on the Internet are nearly 20 years old and – when written – were ancillary to much broader legislation.
In 1996, when the Internet was full of promise but of questionable scope, two pieces of United States legislation were passed that helped form the basis of the commercial Internet:
Section 230 of the Communications Decency Act (CDA 230)
The Safe Harbor provisions of the Digital Millennium Copyright Act (DMCA Safe Harbor).
As the Chief Operating Officer of a web hosting company, I take a lot of pride in the work we do. Companies like ServInt are building tools for people who are using the power of the Internet to change the world. Without the protections we receive from laws like CDA 230 and DMCA Safe Harbor, this innovation would not be possible. These two laws are the pillars that hold up the U.S. commercial Internet. Read more
Any discussion of U.S. government laws relating to the Internet and programs like PRISM inevitably begin all the way back in 1986 with the passage of the Electronic Communications Privacy Act. Written before the birth of the modern Internet, ECPA is a key law that enables law enforcement to have access to data while protecting the privacy rights of citizens. ECPA is not a scary law that steals people’s Internet freedom. ECPA is simply an outdated attempt to preserve freedom in the digital arena.
What it is:
At its heart, ECPA is an attempt to try to define the scope of the Fourth Amendment (the part of the Bill of Rights which guards against unreasonable search and seizure, along with requiring any warrant to be judicially sanctioned and supported by probable cause) when it comes to digital communication. Over time, both legislation and judicial precedent have told us what is and isn’t unreasonable search and seizure when it comes to law enforcement action at our home, place of business or on a public street, but in 1986, when Congress took up the task of creating ECPA, they were attempting to outline rules for search and seizure of remotely stored digital data.
ECPA outlines the relationship between data storage providers, their customers, and law enforcement. It acknowledges that providers act as custodians and not owners of information in their possession on behalf of their customers and subscribers. It actually serves to limit the ability of providers to voluntarily disclose customer information to the government.
What should concern you: Read more
If you’ve been following the news recently, you may have heard a lot about the US government’s PRISM program, led by the NSA. There has been a lot of talk about what the government can and cannot do (or will and will not do) under PRISM, and — frankly — a lot of fear as well.
But PRISM is not a US law, it is a government surveillance program built on US laws. To fully understand what kinds of digital information the U.S. government is capable of gathering and analyzing, and under what circumstances, we need to look at the various laws enacted over the years that govern law enforcement in the digital age.
Remember when ServInt was fighting to defeat SOPA and PIPA? Those bills were associated with an attempt to legislate the Internet in some potentially very destructive ways. But SOPA and PIPA are just the tip of the iceberg when it comes to legislation you should know about if you make your living on the Internet. Some proposed laws pose serious risks to the basic concept of a free and open Internet, while others are quite well designed and deserve your full support.
Over the next few weeks, I’ll be walking you through four major legislative initiatives and their associated amendments to give you a background on what legislation you should be aware of as an informed citizen and Internet business owner. Specifically, we’ll look at: Read more
Last week ServInt released an updated SLA that covers all of our products, from VPS to dedicated to cloud. And like everyone else, we laid out the “uptime guarantee” for network, servers, support, etc. This guarantee, though, is simply a threshold, if your service dips below which, you may request hosting credits.
What’s ridiculous is the way some hosts – and some industry “experts” – glibly refer to uptime guarantees as if they were some sort of literal guarantee of future performance: “Wow, they’re offering five nines in their SLA,” “Did you hear about the host that guarantees 100% uptime?”
Uptime guarantees don’t promise what percentage of the time your server will remain online without network disruption, and they are not evidence of future network performance.
An uptime guarantee is – no matter which host you look at – simply a promise of what refund the host offers customers if there is a network outage.
And every network—even the most robust, redundant networks—at some point will experience an outage. Our last network outage was in 2004.
The question is not: Will my host have an outage in the future? They are: How likely is it that my host will be the next to experience an outage? and, How quickly and efficiently will they respond and fix any problem that occurs? Read more