Ask HN: Where should a UK-based company move to if encryption is outlawed?

[throwawayblwBz]

Throwaway account for probably-obvious reasons. We would be grateful if people avoided speculating about who this is in the comments :-)

We're a UK-based PaaS. About 90% of our customers are from outside the UK.

The party most likely to form the government after the upcoming election here is strongly averse to encryption. Although it remains to be seen what, if any, legislation they will actually enact if they get in, we need to do contingency planning. The worst-case scenario (which, to be clear, we think is very unlikely) is that they might pass laws that would mean we would not be able to offer a service with sufficient security for our international customers.

In this - again, we think unlikely - event, we'd either have to close the business, as we can't keep going on our UK revenue only, or we'd have to move to another country.

Our question for HN is: which country would it be best to move to? It would need to be one with no crazy laws around encryption (and no obvious political rumblings that it might move in that direction), and an immigration system that would let us in. Ideally it would also be a nice place to live :-)

Thanks in advance for any suggestions!

[edit] By "political rumblings", this is the kind of thing we're worried about, coming from the EU: https://www.theregister.co.uk/2017/03/30/ec_push_encryption_backdoors/

[throwawaymanbot]

You should go to Ireland. Completely Different jurisdiction. Still in the EU. Close enough so you can go back and forth between The UK and Ireland.

If you contact idaireland @ ida .ie, they may have some relocation help available to avail off.

PS, there is an update at the bottom of that register article about backdoors. The EU is NOT requiring them.

"A spokesperson from the EC got in touch to say that Jourová's words had been misinterpreted and there is no plan to introduce legislation covering encryption. The proposed laws will instead cover faster access to material held in the cloud in different jurisdictions. Material that, presumably, they expect to be unencrypted"

[gpresot]

Consider Switzerland. Proton Mail which basically has a business model founded on privacy and encryption , uses this location as a competitive advantage. Switzerland has some of the strictest privacy and confidentiality laws (all those private banks and secret bank accounts needed them :) ). Zurich has a good tech scene apparently (Google has an engineering center there) and ETH and EPFL provide excellent talent. Downside is cost. Cost of living is extremely high and salaries have to match that (I think salaries for developers are substantially higher than in London). Some companies set up HQ here and then keep bulk of people in Berlin or other location (e.g. Getyourguide.com )

[ignasl]

Probably Berlin. Vilnius or Tallinn could be interesting choices because of friendly business climate, lower taxes, competent and cheap talent, not far away, good tech culture and basically 0% chance that someone would try to outlaw your business (Germany probably has a bit higher chance but I guess it's also not that high). I think US do have some restrictions about exporting encryption to some (all?) foreign countries so you better look closer into that before making a decision. P.S. Stockholm also could be a good place. It's just quite expensive.

[throwawayblwBz]

Vilnius and Tallinn are definitely highly tempting, just from the simplicity of getting set up over there from a business registration standpoint (at least in Tallinn, not quite so sure about Vilnius). There are a few concerns about Russia's attitude to the Baltics, though - probably overblown in the press over here, but we'd need to research.

Berlin - yes, definitely a tempting option.

[threesixandnine]

Very overblown. Almost histerical paranoia. Even people in Vilnius are not so afraid of Russia as people here in the UK.

[KingMob]

There are indeed some restrictions, but nothing like in the 90's. For the most part, as long as you're not exporting to designated "rogue" states, it's just a matter of some licenses and occasional reviews, though IANAL.

[kevinbowman]

Amsterdam? It's got quite a tech culture, and is only 30-60 mins' flight from most of the UK. I don't know what the political stance is on tech-sensitive issues, though.

[throwawayblwBz]

Pretty solid, as far as we can tell: http://www.bbc.co.uk/news/technology-35251429

[ciaran23]

Dublin, ireland. Huge tech culture, lots of highly skilled employees

[throwawayblwBz]

Yes, that's definitely high on the list. Some of us have friends and family over there, and of course there's no need to learn another language, which helps.

[aosaigh]

Also low corporation tax rate and a land border with the UK (I'm surprised it's so low down on the page)

[jrs95]

I'm not sure on how difficult it would be to move to the U.S., but there's a lot of underemployed tech talent in Columbus, Ohio, and we have a pretty low cost of living too. I'm pretty confident we won't have any encryption bans any time soon, we have too many giant corporations that would be vehemently opposed to it.

[throwawayblwBz]

Thanks! Sorting out visas etc is definitely a concern for the US, but that's a good point about encryption. It's hard to imagine Google and Facebook sitting quiet while bad stuff happened in that area.

[roryisok]

Google and Facebook haven't had much effect on the "bad stuff" from the last six months. I wouldn't be confident about their ability to influence encryption legislation, since they haven't been able to change the administration's mind on immigration, climate change or net neutrality so far.

[cpncrunch]

Canada. It's English speaking, close to the USA, generally very liberal, tolerant and safe (certainly compared to the USA and UK), good economy, amazing lifestyle.

So far there are no encryption laws in Canada, and nothing on the horizon, although you never know what could happen in future (if we get another idiot like Stephen Harper in power).

https://www.theglobeandmail.com/technology/why-canada-isnt-h...

[ue_]

Although there are no encryption export laws in Canada, I do believe that there are key disclosure laws and various restrictions against free speech (in particular certain types of drawn pornography). That may not be a problem, but it's certainly worth noting.

[throwawayblwBz]

Where in Canada, though? Vancouver seems to be where everyone goes, but from what I've heard, that's led to a property boom almost as crazy as London's...

[cpncrunch]

I live on Vancouver Island, near Nanaimo. Prices are much more reasonable, it's a beautiful place to live, there are quite a few startups here, and it's just a 15 min floatplane ride to downtown Vancouver or Victoria.

http://business.financialpost.com/management/nanaimo-quietly...

Only problem might be immigration, but the Start-up Visa Program might be an option:

http://www.cic.gc.ca/english/immigrate/business/start-up/ind...

[everytimewe]

If you want to stay close to the UK and outside of EU, I guess Switzerland or Iceland make most sense for this type of business. Otherwise you could move to Americas, South Africa or Asia.

[gonvaled]

Why “outside EU“? Not an stated requirement.

You could as well say “and move to a country starting with P“ ...

Specially considering that UK is in the EU.

[throwawayblwBz]

I think the GP was saying "outside the EU" because of our worries about the EU's political direction regarding encryption in the link at the bottom of the original post. However, logiclabs has pointed out that our worries on that point were probably misplaced.

[gonvaled]

I managed to completely miss that, sorry.

[CarolineW]

Article 50 has been triggered, and if the present government is re-elected - and even if not - the UK will most likely be out of the EU in 2 years.

[gonvaled]

Lots of assumptions.

[roryisok]

You think the UK will stay on the EU? Explain

[throwawayblwBz]

Hadn't considered Switzerland. Thanks!

[sr2]

I keep seeing Seychelles[0] popping up everytime I research offshore hosting providers. I don't know why this is. I think it's one of those rare countries where you can't simply subpoena a hosting provider and ask for specific data / business records. I'm not sure if this helps with doing illegal crypto programming[1], but I do know in the early crypto wars people had to travel far and wide to weird countries to do their programming.

[0]: https://en.wikipedia.org/wiki/Seychelles

[1]: https://en.wikipedia.org/wiki/Restrictions_on_the_import_of_...

[iSloth]

Isle of Man? Not subject to UK law, 0% Corporation Tax, still physically very close.

[throwawayblwBz]

Hmm, now that's an interesting thought. Maybe the Channel Islands would work too?

[iSloth]

Yeh - Generally you would find each of the Channel Islands has its own attraction, aimed at either Business, People or Tourists.

Isle of Man (disclaimer, I live there) is definitely wired up to attract new businesses, through things like the Taxation and Government assistance.

However I've seen some business people move from the Isle of Man to Jersey/Guernsey, with the knowledge it would cost them more, but you can't buy sunshine yet!...

[confounded]

If you wanted a swing in the opposite direction, Iceland has the best privacy and data laws. I get the impression their economy will increasingly reflect this.

However, it also has plenty of challenges, from population/talent size, costs, weather, etc. From a cursory look, immigration looks relatively easy if you have a job.

[throwawayblwBz]

Costs have been the biggest worry when looking there. Not sure about bandwidth either...? IIRC the Eve Online guys had to do their server hosting in the UK for that reason.

[mhkool]

The whole issue also depends on your customers. If your customers are in countries where the governments are speculating about backdoors the business may fail since it does not help when the business is in a safe area but the customers not.

Why don't you start a new political party ?

[throwawayblwBz]

That's a great point. Our customers are from all over the world - the US is the largest single country, but there are lots in the EU, India, Japan, Australasia, Latin America, Africa...

We'd love to start a new political party, but doing that at the same time as a startup would be, um, hard.

[laurentl]

Definitely look at your customer base, and maybe talk to them in terms of privacy expectations and which jurisdiction they're comfortable with. From what I understand of your post the issue is not only encryption legislation itself but more generally if/how the government can access your data (and your customers').

If you're banking for EU customers, then anywhere in the EU should be fine once the GDPR comes into effect (2018 IIRC). If you want to accommodate a broader base and/or have customers with stringent privacy requirements, Switzerland is a good option.

[tonyedgecombe]

>Although it remains to be seen what, if any, legislation they will actually enact if they get in

This is the key point, there is quite a lot of scaremongering on the internet and in the media. To me it looks extremely unlikely we will get anything that will result in damage to our ability to do business from within the UK.

[toomuchtodo]

Dublin or Barcelona.

[throwawayblwBz]

Thanks! Elsewhere in the EU - soon to be, "in the EU" :-( - is definitely something we're considering, but this is giving us pause: https://www.theregister.co.uk/2017/03/30/ec_push_encryption_...

[logiclabs]

Did you see the correction at the bottom?

Subversion of E2E encryption would likely be in conflict with the GDPR: https://tresorit.com/blog/encryption-gdpr-compliance/

[throwawayblwBz]

Thanks, that's useful to know. So that would suggest that in the EU we wouldn't even need to worry about the national government trying to ban encryption, because it would be shut down by the European courts.

[garrettheaver]

Ireland

[throwawayblwBz]

Nice idea. Some of us have friends and family over there, and of course it's a great place.

[unixhero]

Iceland

[throwawayblwBz]

Thanks! Presumably any country with Pirate Party members of parliament is unlikely to restrict the Internet too much...

[kiqi]

the moon or outer space?

[throwawayblwBz]

Excellent plan. Will get on the phone to Elon Musk tomorrow.

[atmosx]

Sounds like a great idea for a startup!

Imagine a group of young people, trying to raise capital to start a data haven in a remote Sultanate or Principality. Who knew that could be an important competitive advantage?

You could call the startup "Epiphyte Corporation" :-D

[roryisok]

While you're talking to him, can you ask him to fix that climate change thing

[fuckemem]

Middle of the ocean might be more practical if the goal is to avoid any jurisdiction