Was anyone really that surprised at last week’s news? Surprised that is, at reports that NSA spies have been secretly helping themselves to all of our emails, voice communications, chat records, photographs and other communications over the last few years?

No?

What with the level of pessimism towards the US government these days, I doubt that very few people were even remotely shocked about the extent of its surveillance network. After all, what with reports of government acts like SOPA and CISPA that supposedly threaten our online privacy being blocked, it was pretty obvious that if these didn’t get voted in, the feds would find some other way of getting what they want. This news has been heavily presaged for years, it was only a matter of time before it all came out.

What is more surprising is level of indifference towards the revelations – the reaction of my girlfriend was extremely telling:

“You mean you didn’t know that already?” she shrugged, before immediately turning her attention back to Facebook.

She honestly didn’t care, and nor will millions of others who barely noticed the brouhaha that erupted before being distracted by their lives once again.

The sad truth is that few people actually give a damn about their privacy online anymore – in fact very few probably ever did – and this is a concern because the implications could go much further than most people realize. We may not care if our own emails are being scanned by the NSA because so long as we’re not terrorists, we’ll never even know about it. But there is one area that could well be impacted by the revelations, and it happens to be something that most US readers at least, will agree matters more than most – in business.

The Loss of Trust, and What It Could Mean:

We can expect to see huge repercussions in Europe, where technology companies are burdened with strict regulations about safeguarding user data. The European Data Directive stipulates that any tech firm operating in the EU must inform their customers if any of their personal data is disclosed to third parties – something that clearly hasn’t happened in the case of PRISM. So far there’s a lot of uncertainty as to whether or not the likes of Google and Microsoft were actually complicit in PRISM (both have denied it, as have the other seven firms involved), but if they were then this is clearly a breach of EU laws. And as we know, the Europeans certainly aren’t shy about taking action against US companies when they’re seen to have overstepped the boundaries.

In an interview on today’s edition of NewsDesk, my colleague John Casaretto explains that in all likelihood, US companies did know about PRISM.

“[the denials] were probably a pre-meditated protocol in the event that this news did get out,” stated Casaretto. “The government hasn’t actually denied it themselves, instead they’re stating that it’s something that was necessary.”

The biggest concern right now is that if US firms lose their credibility, people in other countries might look to take their business elsewhere. Government officials have been desperately trying to cover their tracks at home, insisting that PRISM is about spying on foreigners and not US citizens, but how does the rest of the world feel about this? The answer is that they’re far from impressed, as the following statement from Germany’s Data Protection and Freedom of Information Commissioner sums up perfectly:

“The U.S. government must provide clarity regarding these monstrous allegations of total monitoring of various telecommunications and Internet services. Statements from the U.S. government that the monitoring was not aimed at U.S. citizens but only against persons outside the United States do not reassure me at all.”

This could cause significant problems for American tech firms that are competing on the global stage. Already, Germany’s justice minister Jorg-Uwe Hahn has called for a boycott of the nine companies alleged to be participating in PRISM:

“I am amazed at the flippant way in which companies such as Google and Microsoft seem to treat their users’ data. Anyone who doesn’t want that to happen should switch providers,”

And he’s not the only one doing it. In the UK website The Register, Trevor Pott urges readers to consider boycotting US tech companies, predicting that companies could even benefit from marketing themselves as being “not subject to US law”:

“Non-U.S. Western businesses need to start using ‘not subject to U.S. law’ as a marketing point. We need cloud providers and software vendors that don’t have a U.S. presence, no U.S. data centers, no U.S. employees–no legal attack surface in that nation of any kind. Perhaps most critical of all, we need a non-American credit-card company.”

Elsewhere, Megaupload founder Kim Dotcom made a similar call, tweeting that “the European Parliament should come up with an incentive program to fund an EU search engine to compete with Google”. These sentiments were later echoed by Mikko Hypponen of the security firm F-Secure, who told Reuters that “the long term solution is that Europe should have a dot.com industry just like the United States.”

Clearly, the Europeans are not happy, but its not just them. There’s been similar outrage in countries as far apart as Australia and India. Doubtless, thousands of people from other countries will be equally upset – no one’s asked the Russians or the Chinese what they think of the NSA’s activities, but guaranteed they won’t be at all happy about it.

Of course, many of the citizens in these countries will be just as apathetic towards being spied upon as most US nationals are, but that’s not the real issue. What’s dangerous is that the NSA’s actions are upsetting foreign politicians and privacy groups, and these are the people who could ultimately damage the US tech industry, by backing rival companies in their own countries or bringing in new laws that make it impossible for them to operate there.

The NSA’s spying might gain the US a little extra security and peace of mind, but one question that’s yet to be answered is what the real cost of this operation will be to its long-term business interests?