I am well aware of that, having created a transcript ( http://www.gwern.net/docs/1955-nash ) of it. A cryptosystem that the NSA rejected because it was too easily broken is obviously not in the same category of information as what I was responding to.
I would guess that the primary reason Australian organizations prefer hosting locally is performance. Australia is really far from the US and even further from Europe. Most of Australia's population is clustered in east coastal cities, so it makes sense to host the data and services there too.
Why would anyone choose to add 200ms+ to every network call if there's an option to host data and services locally? Not to mention the bandwidth costs associated with moving bits across the Pacific.
Even without the latency (which is significant), there are two more technical issues:
1. Australia has pretty limited data pipes to the outside, so the more traffic is kept in-country the cheaper it is and the less likely there will be issues with world-traveling traffic
2. Aus ISPs have pretty low quotas for international traffic (40-200GB range I believe) but none for national traffic[0], which also lead those same ISPs to build or help building massive national caches of international resources (I believe Steam download traffic, for instance, is kept mostly or solely national)
[0] I may be wrong, and please correct me if I am. That's what I recall from past conversations on the subject
There used to be a lack of competition in the submarine cable sector, this is no longer true. In some cases it would cost more to push it to the user (DSL wholesale etc), and this is solely due to monopoly infrastructure providers.
No ISP has ever explicitly differentiated international and local traffic. Many ISPs unmeter their own content and mirrors, this was a result of international and some domestic traffic costing a fortune back in the day. Some ISPs unmetered peering exchange traffic as well, but I don't think any do anymore.
The trend now is towards true unlimited plans.
Many of the smaller ISPs (of which there are now not many) and some of the larger ISPs have peering agreements (with PIPE networks) which mean that this traffic is effectively "free". It used to be quite the selling point, but appears to be no longer be the case (possibly because it's a bit iffy as to what is and isn't free).
My Aussie relatives' caps don't differentiate between international and domestic traffic, it's just one number. They're with the major telecom Telstra, I believe.
I have seen plans that have separate quotas. And even ISPs that don't, I think it's safe bet that there is shaping and throttling on international routes.
> And it is dirty expensive here. I currently pay $89.95/month for 300 GB/month via ADSL2 (20/1 Mbit/s) including line rental.
It's not as expensive as you think-at least if we're comparing DSL vs DSL and ignoring FiOS/Cable.
Our download limits are pretty similar to the most of the limits "hidden" by the US ISP's, and our ISP's typically offer better free content and are FAR better in terms of customer service[1] and more lenient if you are the type to regularly hit your limit.
[1]: In part because they have to be due to consumer advocate bodies, and also because this will be the key differentiator (along with content) when the National Broadband Network gets deployed to the majority.
Limited in several ways: total bandwidth, independence, number of routes, and latency.
Australia is a long way from anywhere. It's closest technical neighbor is NZ, but by several measures, that's tiny. Among the benefits AU has is that it's relatively close to India and the Philippines, both of which share a fair bit of language and culture (Commonwealth / US protectorate).
Both are countries with their own distinctive histories and cultures, tough they share a pretty significant colonial history under an English-speaking power (England, for India, the US for the Philippines), resulting in a population that's largely English-speaking. At least among educated classes. As opposed, say, to most of the rest of Asia. Yes, China was some English dominion, but other than Hong Kong the legacy isn't particularly deep. Japan's largely been independent (though with some US influence post WWII). Vietnam some French/US influence, but it's not a significant tech player.
Australia from my time there is very much a crossroads of Asian and the Pacific. Especially Sydney. But I see stronger cultural ties with these two countries in particular.
So, yes, for countries which are technically relatively forward in its hemisphere, India and the Philippines offer some cultural landmarks offering commonality.
Not true, I live in Sydney, my clients are in Australia and I host in both the US and in Australia.
Sure, I get <3ms latency from local servers and ~200ms latency from Freemont CA, but it's not a big deal to anyone (except maybe gamers).
I have consulted to government and banks in Australia, and they all do care (to varying degrees ) about the legal jurisdiction in which their data is held.
The main issues I have heard (from memory) are:
1. Subpoena risk - can a third party access my information without my consent (or even knowledge) using a subpoena?
2. Legal jurisdictional complication - As a business I must comply with the laws of Australia and NSW, but if a software supplier keeps their data outside of Australia, how can I prove that the supply chain complies with Australia / NSW law?
3. Lack of recourse if there is a breach / loss of data because a supplier is out of jurisdictional reach.
4. Sovereign risk - How can I be expected to track pertinent changes to law in foreign jurisdictions?
My experience is that in most cases clients don't perceive these risks as insurmountable; they do understand that they are industry wide problems that need to be addressed out, and they do in some cases lead to a preference for local suppliers of hosted software.
Inside Australia you have the major peering fabrics which are on the order of a dollarish a mbit (cap). Compare that to $50-200/mbit for international transit and you'll see the problem. Quickly compare the cost of a gigE link.
About the only "international" player that doesn't (really) have this problem is NZ. Transit to NZ is ca $5/mbit last time i looked at it.
Not only that, but Australian ISPs usually pay 100% of the cost of their links to international peering points, and these costs get passed on in the form of quotas and tiered plans, sometimes with separate quotas for international traffic.
AARNET, the Australian Academic network definitely included differential pricing for international traffic that it passed onto universities when I was in college.
Hilarious. I think the Australian government is quite right in advocating against using US hosting where government or personal data privacy is a key requirement. If the cloud providers want the business so much, build some local infrastructure.
This hesitance to use US infrastructure due to US legislation such as the Patriot Act is only going to grow. This is an opportunity for cloud providers in regions with a good mix of infrastructure and data protection policies.
The question of infrastructure investment is a good one - of all the major providers I believe Azure has half to a full rack of gear for their CDN in Australia. The others have zero of anything apparently.
The current 'cloud' providers in Australia sell little more than a VPS at this stage.
"Agencies should note it may also be possible for foreign governments to access information held in their jurisdiction or to access information held in Australia by any company with a presence in their jurisdiction.
For instance, the USA PATRIOT Act 2001 contains provisions allowing the US Government to access information in specified circumstances, (i.e. cases involving suspected terrorism or threats to national security) irrespective of the geographical location and, without necessarily advising the agency."
Note also the second part of the first sentence - I have been told explicitly that we will never be allowed to use Amazon AWS for private information (public websites like data.gov.au already use AWS but have no private areas) even if there were physical datacenters in Australia because their US staff could be coerced under the Patriot Act to access that information and in that case would be ordered to circumvent any logging/audit trails to do so.
The USA PATRIOT Act only altered the search and seizure requirements for foreign nationals under FISA. It's not a big deal - these requirements were already in place, they just lessened the legal justification for getting a court order. Personally, the USA PATRIOT Act wouldn't concern me - SOPA style legislation would though.
I've worked in Canberra (Aust. government) IT circles, and this comes as absolutely no surprise - you could probably count the number of federal government departments that store their data (even public data) on any public cloud provider on one hand.
Yeah, there are a bunch of non-security reasons for this (latency, bandwidth costs, variable service costs), but in my experience it's always come down to security; and with what happened to Megaupload, the potential widespread (mis)use of National Security Letters / FISA Surveillance, and the general lacking of concrete privacy / security / SLA guarantees from the providers, it really doesn't surprise me that they're saying that putting your data overseas isn't a great idea.
There's no reason that US-based companies can't host infrastructure in Australia and certify that it's compliant with the DSD's ISM (which is part of where all of this is coming from), which itself says that it doesn't preclude the use of foreign owned service operators, but that they should ensure that information is hosted in and doesn't leave Australian borders. Which, in the context of what's above, makes 100% sense.
All the government departments I've worked with that made use of cloud infrastructure had agreements with the providers to have there own dedicated servers, giving then a private cloud to work with.
A lot of people are saying this is due to latency, but it's really not.
Is it any surprise that any country wouldn't want their data stored on US servers? Canada does the same. The USA just wants to eat it's cake and have it too.
That being said, the Australian Government (particularly Department of Defence) also doesn't allow government data on any cloud server, even those hosted inside Australia. These US cloud providers are just trying to drum up business by claiming a bias to loosen regulations, but there is no bias, just good old security policy. Tight security policy, true, but it's their data and they can direct their own employees how they want it handled.
Eventually though the walls will come down unless the functionality offered by the cloud can be duplicated on government servers, but I do think more needs to be done for security guarantees in the cloud to mature first. I have no qualms putting my own data on some 2 week old startups servers, but more serious info probably needs a little bit more consideration about where it can go.
Some hosting decision are latency/throughput based; when working on hosting full HD streaming video we couldn't get a reliable stream from anywhere outside Australia (for Australian viewers)
This video content was all publicly accessible, so there was no risk of it being seized.
I've read the '2012 National Trade Estimate Report on Foreign Trade Barriers'. And trust me it is not the juicy salacious slamming of Australia that this article makes it out to be.
For those who don't want to read the article there is essentially one Victorian(Australia State) dept. that is "sending negative messages about cloud computing services to potential Australian customers in both the public and private sectors"
And that's pretty much it. The article is a beat up.
This was an attempt, by the US, to frame the discussion with a "no your a dumb head" argument. This statement will and has backfired both on the technical side and the political side. First argument being that, as stated by others, it is primarily a technical decision for hosting not a political/privacy decision. Secondly, fear is justified if you observe the exact feared outcome occurring, which we have in the last year.
It is pretty funny that they do this, as most US government jurisdictions mandate that you store many types of data within the continental US. Even poor Alaska doesn't get a break!
Didn't the US just sieze a bunch of foreign owned data from MegaUpload? Carpathia Hosting leased over a 1000 servers in the US and Canada to MegaUpload. There's no reason why they couldn't have seized a Rackspace server or an Amazon EC2/S3 server had they used that instead. If the government wants your data, if it's within their borders, they will get it.
Also, once every few years, a cable gets cut and all international traffic slows to a crawl as every other cable becomes saturated. If you're doing something mission critical, it's nice not to have to worry about that contingency.
It's a recognised business standard to not store data outside the realm of control. It protects trade secrets, intellectual property and upcoming business plans.
Hiring a 3rd party cloud provider fits under this policy, in the same way that companies don't need to set up their own ISP for transmitting data securely.
However if the government where the 3rd party is located can arbitrarily request access to the data. (Such as your Google Docs) then the policy prevents the company from using that service. This is a consequence of the US's own wiretapping laws and there will be no international change just because of a bit of "bad press".
And Australia slams [insert countries] for not buying Australian goods.
If most of the traffic is from Australia, it makes sense to keep it within Australia. Then we have what others have mentions: Patriot Act and the likes.
> And Australia slams [insert countries] for not buying Australian goods.
And then encourages people to buy products and services that are Australian made.
"Ok, so...I should purchase products and services from local businesses to support our own industries, but...other countries should do the opposite and buy stuff from us? Riiight..."
The government of Canada cannot legally use US cloud services either without violating their privacy laws. It is only prudent.
Industry warned them and they went ahead and enacted those laws. Now they whine about the predictable results?