Whether or not Ed Snowden’s revelations that the NSA has been secretly monitoring web traffic have harmed national security remains a matter of debate, but there’s one thing that doesn’t appear to be in doubt any more – the existence of PRISM has had a negative impact on US cloud service providers, which have reportedly lost hundreds of overseas customers since knowledge of the leaks first became public.
Evidence of this damage comes from a survey conducted by the Cloud Security Alliance (CSA) last week, which revealed that around 500 of its 48,000 or so members now mistrust US companies enough to warrant ditching them. According to the CSA, its corporate membership encompasses virtually all major US cloud and security vendors and service providers.
Most interesting was the feedback from the CSA’s non-US members, of which ten percent indicated that they had cancelled projects that would have used US-based cloud providers. More tellingly, 56 percent of foreign companies said that they were now “less likely” to use US cloud companies.
The mood was depressing from the US end as well. Around 36 percent of the 220 US companies surveyed stated their belief that it’s now “more difficult” to conduct business outside of the country following the PRISM revelations. Opposing this view were 64 percent of US companies that said the news had no impact on their ability to do business with foreign companies.
Of course, these concerns are not exactly new. There has been a certain amount of suspicion and paranoia about using US cloud companies ever since the PATRIOT Act and its “enhanced surveillance” provisions came into force. This provision gives the NSA warrantless access to traffic flowing to and from “protected computers”, but the wording and defintion of what a “protected computer” really is has led to plenty of concerns that the US government can access companies’ data simply by asking for it.
But for all the fears over the PATRIOT Act, it had nothing like the kind of impact that Ed Snowden’s leaks have had on US businesses. The CSA’s survey confirms earlier warnings given by myself, and more recently, by Wikibon’s Scott Lowe. Although there have since been allegations that some European countries’ spy agencies may be complicit in PRISM, the outrage in Europe has nevertheless been extremely vocal, with Germany’s justice minister Jorg-Uwe Hahn previously calling for a boycott of US companies, and Trevor Pott in The Register suggesting that some companies could soon find a niche in marketing themselves as being “not subject to US law”.
No one’s saying that US cloud companies are staring into the abyss just yet, but the CSA’s survey does raise some doubt about their prospects for long-term success. As Wikibon’s Lowe pointed out, the problem is that these kinds of services demand “extremely high levels of trust”, and that faith has clearly been eroded to the point where it could become a major roadblock for US firms.
So what to about all this? The answer is actually fairly simple. Lowe concludes his report by saying that American companies need to demand concrete answers from the government to ensure to the world that the United States is transparent and trustworthy the CSA’s survey indicates that this could have a very positive impact on their image. According to the CSA, 91 percent of respondents said that it would be beneficial if companies were allowed to discuss their responses to NSA subpoenas and warrants, something that they are currently unable to do due to FISA laws.
The confidence boost that this would give towards US cloud providers is one of the subjects of discussion in today’s NewsDesk special – The Edward Snowden Saga: PRISM In Review – featuring SiliconANGLE’s contributing editor John Casaretto. In his segment, Casaretto explains the importance of companies being able to show greater transparency.
“These companies feel that by being open they can establish visibility on the true extent of the government’s requests,” he states.
“Ostensibly, what this means is that if from time to time there’s a surge in the number of government requests for data, this would be out in the open… People would have a better idea of what’s going on. It’s something that these companies feel will make a big difference.”
You can see more of John Casaretto’s discussion here: