Cat and Mouse with Multi-national infrastructure –The Participants to date
There is an ever-changing, game of cat and mouse developing in the world of cloud computing. Its not a game that you as a consumer might see, but it is there. An undercurrent that has been there from the beginning. It pits Technology Companies and multi-national infrastructure against local and national governments. For some years this game of cat and mouse has been quietly played out in backrooms, development and technology roadmap re-works, across negotiation tables, and only in the rarest of cases – have they come out for industry scrutiny or visibility. To date the players have been limited to likes of Google, Microsoft, Amazon, and others who have scaled their technology infrastructure across the globe and in large measure those are the players that governments have moved against in an ever intricate chess game. I myself have played apart in the measure/counter-measure give and take of this delicate dance.
The primary issues in this game have to do with realization of revenue for taxation purposes, Safe Harbor and issues pertaining to personally identifiable information, ownership of Big Data, the nature of what is stored, how it is stored, and where it is stored, the intersection where politics and technology meet. A place where social issues and technology collide. You might call them storm clouds, just out of sight, but there is thunder on the horizon that you the consumer and/or potential user of global cloud infrastructure will need to be aware of because eventually the users of cloud infrastructure will become players in the game as well.
That is not to say that the issues I tease out here are all gloom and doom. In fact, they are great opportunities for potential business models, additional product features, and even cloud eco-system companies or niche solutions unto themselves. A way to drive significant value for all sides. I have been toying with more than a few of these ideas myself here over the last few months.
To date these issues have mostly manifested in the global build up of infrastructure for the big Internet platforms. The Products and Services the big guys in the space use as their core money-making platforms or primary service delivery platforms. Rarely if ever do these companies use this same infrastructure for their Infrastructure as a service (IAAS) or Platform as a Services (PAAS) offerings. However, as you will see, the same challenges will and do apply to these offerings as well. In some cases they are even more acute and problematic in a situation where there may be a multi-tenancy with the potential to put even more burden on future cloud users.
If I may be blunt about this there is an interesting lifecycle to this food chain whereby the Big Technology companies consistently have the upper hand and governmental forces through the use of their primary tools – regulation and legislation – are constantly playing catch up. This lifecycle is unlikely to change for at least five reasons.
- The Technology Companies will always have the lens of the big picture of multi-national infrastructure. Individual countries, states, and locales generally only have jurisdiction or governance over that territory, or population base that is germane to their authority.
- Technology Companies can be of near singular purpose on a very technical depth of capability or bring to bear much more concentrated “brain power” to solve for evolutions in the changing socio-political landscape to continually evolve measures and counter-measures to address these changes.
- By and large Governments rely upon technologies and approaches to become mainstream before there is enough of a base understanding of the developments and impacts before they can act. This generally places them in a reactionary position.
- Governmental forces generally rely upon “consultants” or “industry experts” to assist in understanding these technologies, but very few of these industry experts have ever really dealt with multi-national infrastructure and fewer still have had to strategize and evolve plans around these types of changes. The expertise at that level is rare and almost exclusively retained by the big infrastructure providers.
- Technology Companies have the ability to force a complete game-change to the rules and reality by completely changing out the technology used to deliver their products and services, change development and delivery logic and/or methodology to almost affect a complete negation of the previous method of governance, making it obsolete.
That is not to say that governments are unwilling participants in this process forced into a subservient role in the lifecycle. In fact they are active participants in attracting, cultivating, and even subsidizing these infrastructural investments in areas of under their authority and jurisdiction. Using tools like Tax breaks, real estate and investment incentives, and private-public partnerships do have both initial and ongoing benefits for the Governments as well. In many ways these are “golden handcuffs” for Technology Companies who enter into this cycle, but like any kind of constraint – positive or negative – the planning and strategy to unfetter themselves begins almost immediately.
Watson, The Game is Afoot
Governments, Social Justice, Privacy, and Environmental forces have already begun to force changes in the Technology landscape for those engaged in multi-national infrastructure. There are tons of articles freely available on the web which articulate the kinds of impacts these forces have had and will continue to have on the Technology Companies. The one refrain through all of the stories is the resiliency of those same Technology Companies to persevere and thrive despite what might be crucial setbacks in other industries.
In some cases the technology changes and adapts to meet the new requirements, in some cases, approaches or even vacating “un-friendly” environs across any of these spectrums becomes an option, and in some cases, there is not an insignificant bet that any regulatory or compulsory requirements will be virtually impossible or too technically complex to enforce or even audit.
Lets take a look at a couple of the examples that have been made public that highlight this kind of thing. Back in 2009, Microsoft migrated substantial portions of their Azure Cloud Services out of Washington State to its facilities located in San Antonio Texas. While the article specifically talks about certain aspects of tax incentives being held back, there were of course other factors involved. One doesn’t have to look far to understand that Washington State also has an B&O Tax (Business and Occupation Tax) which is defined as a gross receipts tax. It is measured on the value of products, gross proceeds of sale, or gross income of the business. As you can imagine, interpreting this kind of tax as it relates to online and cloud income and the like could be very tricky and regardless would be complex and technical problem to solve. It could have the undesired impact of placing any kind of online business at an interesting disadvantage, or at another level place an unknown tax burden on its users. I am not saying this was a motivating factor in Microsoft’s decision but you can begin to see the potential exposure developing. In this case, The Technology could rapidly change and move the locale of the hosted environments to minimize the exposure, thus thwarting any governmental action. At least for the provider, but what of the implications if you were a user of the Microsoft cloud platform and found yourself with an additional or unknown tax burden. I can almost guarantee that back in 2009 that this level of end user impact (or revenue potential from a state tax perspective) had not even been thought about. But as with all things, time changes and we are already seeing examples of exposure occurring across the game board that is our planet.
We are already seeing interpretations or laws getting passed in countries around the globe where for example, a server is a taxable entity. If revenue for a business is derived from a computer or server located in that country it falls under the jurisdiction of that countries tax authority. Imagine yourself as a company using this wonderful global cloud infrastructure selling your widgets, products or services, and finding yourself with an unknown tax burden and liability in some “far flung” corner of the earth. The Cloud providers today mostly provide Infrastructure services. They do not go up the stack far enough to be able to effectively manage your entire system let alone be able to determine your tax liability. The burden of proof to a large degree today would reside on the individual business running inside that infrastructure.
In many ways those adopting these technologies are the least capable to deal with these kinds of challenges. They are small to mid-sized companies who admittedly don’t have the capital, or operational sophistication to build out the kind of infrastructure needed to scale that quickly. They are unlikely to have technologies such as robust configuration management databases to be able to to track virtual instances of their products and services, to tell what application ran, where it ran, how long it ran, and how much revenue was derived during the length of its life. And this is just one example (Server as a taxable entity) of a law or legislative effort that could impact global users. There are literally dozens of these kinds of bills/legislative initiatives/efforts (some well thought out, most not) winding their way through legislative bodies around the world.
You might think that you may be able to circumvent some of this by limiting your product or services deployment to the country closest to home, wherever home is for you. However there are other efforts winding their way through or in large degree passed that impact the data you store, what you store, whose data are you storing, and the like. In most cases these initiatives are unrelated to the revenue legislations developing, but balanced they can give an interesting one – two punch. For example many countries are requiring that for Safe Harbor purposes all information for any nationals of ‘Country X’ must be stored in ‘Country X’ to ensure that its citizenry is properly protected and under the jurisdiction of the law for those users. In a cloud environment, with customers potentially from almost anywhere how do you ensure that this is the case? How do you ensure you are compliant? If you balance this requirement with the ‘server as a taxable entity’ example I just gave above there is an interesting exposure and liability for companies prove where and when revenue is derived. Similarly there are some laws that are enacted as reactions against legislation in other countries.
In the post-911 era within the United States, the US Congress enacted a series of laws called the Patriot Act. Due to some of the information search and seizure aspects of the law, Canada forbade that Canadian citizens data be stored in the United States in response. To the best of my knowledge only a small number of companies actually even acknowledge this requirement and have architected solutions to address it, but the fact remains they are not in compliance with Canadian law. Imagine you are a small business owner, using a cloud environment to grow your business, and suddenly you begin to grow your business significantly in Canada. Does your lack of knowledge of Canadian law excuse you from your responsibilities there? No. Is this something that your infrastructure provider is offering to you? Today, no.
I am only highlighting certain cases here to make the point that there is a world of complexity coming to the cloud space. Thankfully these impacts have not been completely explored or investigated by most countries of the world, but its not hard to see a day/time where this becomes a very real thing where companies and the cloud eco-system in general will have to address. At its most base level these are areas of potential revenue streams for governments and as such increase the likelihood of their eventual day in the sun. I am currently personally tracking over 30 different legislative initiatives around the world (read as pre-de-facto laws) that will likely shape this Technology landscape for the big providers and potential cloud adopters some time in the future.
What is to come?
This first article was really just to bring out the basic premise of the conversation and topics I will be discussing and to lay the groundwork to a very real degree. I have not even begun to touch on the extra-governmental impacts of social and environmental impacts that will likely change the shape even further. This interaction of Technology, “The Cloud”, Political and Social Issues, exists today and although largely masked by the fact that eco-system of the cloud is not fully developed or matured, is no less a reality. Any predictions that are made are extensions of existing patterns I see in the market already and do not necessarily represent a forgone conclusion, but rather the most likely developments based upon my interactions in this space. As this Technology space continues to mature, the only certainty is uncertainty modulated against the backdrop of a world where increasingly geo-political forces will continue to shape the Technology of tomorrow.