Certifying The Network And Storage Is In Country Before We Adopt Internet Connected Devices

I've been reading a number of stories about concerns within the Department of Interior about the usage of DJI drones as part of their UAV operations. Whether or not the federal agency actually issued a ban on using the drones is another story, regardless I wanted to extract this concept and apply to the wider world of Internet of Things, in which drones are definitely a poster child for.

In our race to connect devices to the Internet, at the consumer and industrial level, what considerations are being made regarding what data is collected, how this information is transmitted (via which networks), and ultimately where is data being stored (which country). Obviously, this is something the federal government is beginning to think about, but I'm guessing hasn't fully formed an approach to dealing with this problem consistently across agencies. 

People love to dismiss individual consumer right to know about their data at this level, as nobody cares enough, but at the corporate, institutional, and agency level we better be taking things a little more seriously. If you are uploading your organizational intelligence unknowingly to servers out of the country, or in jurisdictions where it might be easily shared with your competitors or rival factions--you might want to be thinking about switching providers. ;-)

As platform providers how will we be certifying the chain of custody for the Internet-connected devices we are manufacturing, and within the applications and system they employ? As device consumers, how will we ensure that ALL the devices we are employing are in sync with our organizational mission and governance? 

So many interesting questions being asked right now, as we race to wire up our physical world to the Internet...