Sophos Cloud Optix
The “Made in the USA” label has become tainted by fallout from revelations about US surveillance, industry watchers say, while overseas governments are working to build data-privacy havens that are giving US technology services and products a run for their money.
The Information Technology and Innovation Foundation (ITIF) estimates that such fallout could cost Silicon Valley up to $35 billion* in annual revenue, much of it from lost overseas business, the Wall Street Journal reports.
As the ITIF outlined in an August 2013 paper titled “How Much Will PRISM Cost the U.S. Cloud Computing Industry?”, the US has been the one to beat in the worldwide cloud computing market, and countries were already investing money to do that – at the government level – before the surveillance revelations about the NSA.
Neelie Kroes, European commissioner for digital matters, said in July that indeed, were she an American cloud provider, she’d be “quite frustrated with my government right now,” predicting that US cloud services providers could well be looking at major business losses:
Why would you pay someone else to hold your commercial or other secrets if you suspect or know they are being shared against your wishes?
It is often American providers that will miss out, because they are often the leaders in cloud services. If European cloud customers cannot trust the United States government, then maybe they won't trust US cloud providers either. If I am right, there are multibillion-euro consequences for American companies.
Another data point to round out the $35 billion figure comes from the Cloud Security Alliance, an industry group.
The alliance conducted a survey this summer which found that 56% of non-US members said security concerns made it less likely that they would use cloud services based in the US.
Another 10% reported having already canceled a contract, the WSJ reports.
There are overseas cloud service providers that are more than happy to pick up that slack.
But data is anything but static. It doesn’t obediently sit inside the confines of a country with stronger privacy protection than the US.
Ronaldo Lemos, director of the Institute for Technology & Society, a Rio de Janeiro think tank, put it this way to the WSJ:
It basically ignores the entire internet ... This data has to circulate. It's going to be sent to Miami, to Europe. It's not going to be sitting idle.
A case in point is that of Brazil, a country that’s reacted fiercely to the US’s use of surveillance.
In September, Brazilian President Dilma Rousseff, reacting to allegations that the NSA eavesdropped on her phone calls and emails, announced plans to create an undersea fiber-optic cable that would bypass the US entirely by directing internet traffic between South America and Europe.
She also urged legislators to pass an amendment that would force technology players such as Google and Microsoft to store data for Brazilian users on in-country servers.
Brazil’s postal service has already begun developing an encrypted domestic email system.
But none of that is likely to stop the NSA, says Christopher Soghoian, principal technologist and senior policy analyst at the American Civil Liberties Union (ACLU), given that the US already has a nuclear submarine dedicated to tapping undersea internet cables.
Soghoian put it this way to The Verge:
Just because you take steps to make it more difficult for the NSA doesn’t mean the NSA packs up their stuff and goes home.
Besides, as the WSJ points out, Brazil isn’t all that hot at protecting its own citizens’ privacy: Facebook, for its part, reported that Brazil made 715 requests for Facebook user data in the first half of 2013.
A WSJ quote from Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations, sums it all up:
At the end of the day, some agency will spy on you.
What do you think? Do you agree with the ITIF that the US is on track to lose the whopping sum of $35 billion because of the NSA?
And what about these overseas cloud service providers and politicians? Are they offering anything but smoke and mirrors, at the competitive expense of US businesses?
Please let us know what you think in the comments section below.
*How trustworthy is such a massive figure? For what it’s worth, ITIF is a well-respected think tank. It ranked No. 5 on the 2012 Top 50 Science and Technology Think Tanks [PDF] report from the University of Pennsylvania, has been described as “scrupulously nonpartisan” by Inc. Magazine, and was deemed “one of the leading, and most prolific, tech policy think tanks” by Ars Technica.
Images of hole and eagle courtesy of Shutterstock.
Over time, that figure may well be reached.It is going to take a long,long time before non-US cloud service users trust a US based cloud service provider.Such users could end up being happier with the non-US cloud service provider & even less likely to want to return to a provider that could put their data places they didn't intend that data to be.
Whether or not the U.S. loses business due to the slimy & extremely condemnable behaviour of the NSA, I strongly believe that it is high time the U.S. strangehold on the Information Technology business is broken. Monopolies are never a good thing. So, what better time than now to start ?!
Just because the U.S. has been in the news lately for spying doesn't mean other countries aren't doing it, too. If you're trying to keep your data out of government hands, public cloud is probably not the best option for you.
Well, just because the United States has been conducting assassination-by-drone campaigns against its disaffections, it doesn't mean other countries aren't doing it too. However, given that practically all the the "drone operations" have been conducted to fit within the known american gov. agenda, it is highly unlikely any other country approaches them in drone use. The same can be said about mass espionage. Other countries have dabbled at it from time to time, but none have done it with the same
investiment level. NSA and CIA amount to a secret, paralell army, and no other country can expend that amount without detection.
I attended a sales webinar session the other day from a significant US-based cloud/services provider. Though they didn't mention the NSA breaches directly, a significant slide in their PowerPoint deck brought attention to their datacenter in Germany in case "a client's regulator requires storage outside the continental USA".
Hmm, pretty interesting. So American companies are already starting to try to enhance their non-US assets to distance themselves from the NSA.
Of course if I went with this company's offering I'd expect (and hope) that my data be replicated between Germany and other datacenters anyway for redundancy, and I — based in the US — would being pulling my data across pipes back into the USA whenever I needed to access it. So it really does nothing to get away from infrastructure that the NSA is know to be harvesting from.
But it will be very interesting to see how US companies change their marketing messages to try to avoid or mitigate this whole debacle that they unfairly find themselves in. If I ran one of these companies I'd be pretty upset too.
Would you trust the USA at any level let alone cloud data storage I know I won't especially now that the NSA want to store data that is of a financial matter.
Why should I entrust the USA with any information as when good information is passed to them they don't act on it . They would rather treat the world as though they are a terrorist group, so let them spy but it will cost them billions in lost earnings.
Andrew, "them" (the NSA) are not the ones losing earnings. It's easy to be anti-American about this whole thing, but I don't know of any IT companies in America that support the government's surveillance. Yet THEY (American IT service companies) are the ones losing out.
To my mind, framing everything American as bad is short-sighted and totally misses the point. One point is that the NSA is sharing data with so-called other "Five Eyes" countries, and Israel and who-knows who else.
This is not an America-is-bad problem. It's an American-government-is-bad problem, aong with all kids of other governments that get funding or data too, or at the very least turn a blind eye until it's leaked to the world's press.
That's a problem BIGGER than the USA or any other single country on earth.
The NSA fundings, however, come from the taxes paid by the american IT companies. The american politicians who approve the said fund alocations, and
the NSA policy, are elected with the american IT companies donations.
As for IT espionage being a big, global problem, I agree. It is another poisonous fruit of the Bretton Woods problem.
My understanding of the PRISM program is that it HAD the cooperation of major IT companies such as Microsoft, Facebook, Yahoo, etc. Please correct me if I'm wrong, but many major players in the industry have been cooperating with (and reimbursed by) the NSA; whether they "like" it or not is another matter, and inconsequential when the results are the same: poached data.
The shock and surprise by Tim Cook and other top executives smacks to me of plausible deniability. Some companies could have certainly complained (see Google wanting to unseal some FISA documents), but companies ultimately have their bottom line's at interest and realize that actively working against a massive military spying agency is 'bad for business'.
Gavin I am holding the American Government at fault not American citizens as for the IT companies, they are not to blame and the system will bring them down because of the paranoia of that countries Government.
It is most certainly a sad state of affairs and one that will surely cost the US economy.
I am not Anti American just Anti American Government. and besides if you people don’t like what your Gov. is doing vote them out.