The cloud computing industry is particularly vulnerable to the effects of NSA bulk surveillance, and could lose billions in the next three to five years, according to a new study. The New America Foundation published “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” this week, which attempts to quantify and categorize the external costs of surveillance programs since they were leaked over a year ago.
The costs under review are those to the broader economy, and to US interests and the global internet community, or those costs which are a by-product of the PRISM program leaked by Edward Snowden and published in the Guardian, the Washington Post and elsewhere in June 2013.
The categories which surveillance practice costs are broken into are: direct costs to US businesses; potential costs from data localization and protection proposals; costs to US foreign policy; and costs to cybersecurity.
In the report the New America Foundation refers to three documents, including the President’s Review Group on Intelligence and Communications Technologies, which question the security value of bulk data collection.
The report goes on to detail a number of sources of lost revenue for American companies. A Peer1 survey indicated that 25 percent of British and Canadian customers were moving data out of the US due to NSA practices. Cisco blamed an 8 to 10 percent decline in worldwide revenue for Q4 2013 largely on mistrust in China, indicating the challenges to hardware manufacturers. Cloud adoption and even online commerce and banking appear to have been negatively affected by surveillance practices.
The report suggests that these problems are continuing to batter the American cloud and hosting industries, quoting Microsoft General Counsel Brad Smith saying: “It’s not blowing over.In June of 2014, it is clear it is getting worse, not better.”
The report concludes with eight recommendations for the US government, including applying privacy protections internationally, increasing transparency, and separating the “offensive and defensive” elements of the NSA. Several of the recommendations also focus on the need to restore cryptography standards and confidence in those standards, through measures such as helping “to eliminate security vulnerabilities in software, rather than (stockpiling) them.”
Attempts made in the aftermath of the Snowden revelations to predict the three-year financial impact on the industry range from $21.5 billion in the low estimate from The Information Technology and Innovation Foundation to $180 billion from Forrester.