RSSYale wants to know where their Apps are
And in one of those "Ripped from the headlines" moments, it looks like Yale is among the first (or at least among the most public of the first) organizations re-thinking their Apps conversion on the basis of where e-mail and application data will be located in Google's cloud store.
The scenario I suggested last week regarding taxation was a little less high-minded than Yale's concerns over the impact of local laws on freedom of expression, but the principal is the same: the cloud still goes somewhere, and it can pay to know where exactly that is. Google, as a matter of course, doesn't (and perhaps can't, at this stage of the technology) tell you were the various redundantly placed bits and pieces of your data are located in its global data centers (except that they aren't in China!). As I have said before, I think that the "security" concerns over cloud-based solutions are specious (what do you think Yale spends on IT security? how about Google?) but security is not a term that is typically applied to protecting oneself from the local authorities. Google, perhaps alone among major cloud-service providers, has at least paid some lip-service to resisting more onerous regimes, but it's increasingly unclear where to draw that line. British law governing information and individual liberties is significantly different than US law, even though most would be considered "free" compared to China.
This all presents an interesting problem for both users and providers; you want the real security provided by geographic distribution of your data, but sorting out the implications of the various overlapping sets of international law covering information in that scenario may be beyond the resources of even an organization such as Google. My own first blush solution would involve a lot of overhead and some legal implications of its own: encryption and even greater distribution. You could, at least in theory, turn data into such gibberish, and to scatter it so widely, that any individual governmental authority that did get hold of it wouldn't be able to tell whose it was (the provider itself might not know) or what it was. The stakes for Google or any other big provider, and the political pressure which could be brought to bear against them, probably means they'll never introduce such a system. But a smaller or community effort could, possibly even laid on top of resources those major companies provide (you could certainly implement something of this sort on top of S3, for example). It will be interesting to see if anyone hits on this solution or if the demand exists to support it.
You mention regimes like China -
However if we look closer to home - how about native US ‘discovery’ or Patriot act requests?
What if I as a Canadian business do business with Cuba - but my data is the US - which laws apply?