Congressional lawmakers last week pondered what, if any, changes can be made to U.S. government surveillance programs, as fallout continues over whistleblowerEdward Snowden’s disclosures about the National Security Agency’s (NSA) collection of massive amounts of personal data.
The agency’s actions stand to harm U.S.-based cloud service providers and their customers around the globe. Revelations about the NSA\’s PRISM program could cost cloud computing companies $22 million to $35 million by 2016, according to an August estimate by the Information Technology & Innovation Foundation. Forrester predicted the losses could be much higher at $180 billion, or a 25 percent hit to overall revenues.
CIO.com talked to Alex Lakatos, partner in the Washington, D.C. office of Mayer Brown\’s litigation and financial services regulatory and enforcement practice, about the reactions of European governments to NSA surveillance, the likely inaction of the U.S. government, and what is all means for cloud providers—stateside and abroad—and their clients around the world.
What’s been the reaction thus far to the NSA revelations in the global business community?
Alex Lakatos, Mayer Brown: Most businesses we have spoken with have a negative view of the PRISM and phone records programs, viewing them with suspicion and distrust. The programs can undermine retail customers’ trust in U.S. businesses, and that trust is an asset that U.S. businesses value. The programs can put U.S. businesses at a competitive disadvantage when competing against non-U.S. businesses.
For program participants, it has been a reputational hit, and no doubt an administrative burden to provide their (likely involuntary) cooperation to the NSA. Anecdotally, there is a lot of quiet admiration for Twitter’s general counsel, who led the company in its decision to resist pressure to participate in the PRISM program. Of course, U.S. business tends to appreciate a stable climate fostered by strong national security, but these programs that impose directly on U.S. business are largely seen to have crossed the line.
What do you predict the overall impact will be for cloud services providers and their customers, given current sentiment about the NSA surveillance programs?
Lakatos: There is a risk that cloud services customers will avoid using U.S.-based cloud service providers based on the perception that U.S. providers are more vulnerable to NSA surveillance. Sen. [Al] Franken [D-Minnesota] cited studies supporting this conclusion in his statement at this week’s hearing.
We anticipate that non-U.S. providers will continue to market their services as being beyond the reach of the U.S. government and the NSA, although such assertions may be dubious from a legal and, perhaps, technological perspective. In short, recent revelations about NSA surveillance are likely to be a boon for non-U.S. cloud service providers.