Fallout from the NSA PRISM revelations continues, and American cloud providers may be one of the groups paying the price. Jaikumar Vijayan writing for ComputerWorld reports on how European customers are reacting:
A Cloud Security Alliance (CSA) survey found that 10% of 207 officials at non-U.S. companies have canceled contracts with U.S. service providers following the revelation of the NSA spy program last month. The alliance, a non-profit organization with over 48,000 individual members, said the survey also found that 56% of non-U.S. respondents are now hesitant to work with any U.S.-based cloud service providers.
In the full survey, more than half of 456 representatives of companies in the U.S., Europe and Asia said they are less likely to use American cloud service providers because of concerns over U.S government access to their data.
Yesterday’s cnet story from Declan McCullagh about the federal government seeking user passwords from tech companies will further exacerbate the situation:
“I’ve certainly seen them ask for passwords,” said one Internet industry source who spoke on condition of anonymity. “We push back.”
A second person who has worked at a large Silicon Valley company confirmed that it received legal requests from the federal government for stored passwords. Companies “really heavily scrutinize” these requests, the person said. “There’s a lot of ‘over my dead body.'”
The companies’ zeal for protecting user privacy aside, customers are undoubtedly more concerned than ever about the security of the information they entrust to American firms.
In a Politico oped in March, Marvin and I warned of how American surveillance laws could lead to a situation in which American businesses suffer economic harm due to privacy concerns of their users:
Many foreign companies are converging toward a common argument for why they’re better than their American competitors. It’s not that the foreign-made technology is better, more resilient, or more ubiquitous, nor that the foreign companies are more innovative or better managed. They compare not their businessmen but their politicians. They argue simply that American laws undermine any American product — that these laws fail to protect privacy of personal or business information of all users. This argument works partly because consumers claim to “avoid doing business” with companies they don’t trust to protect their privacy.
While this business argument exaggerates the problems with American privacy law, it should still concern policymakers, who unwittingly help less innovative foreign companies compete by providing a germ of truth to foreign privacy concerns.
Sadly new developments continue to confirm these warnings. Our concerns aren’t meant to malign the motives of our intelligence agencies or diminish their efforts to protect the security of the United States. On the contrary, the need for intelligence collection to safeguard the country from foreign threats is clear and justified. But the revelations of late are having a detrimental effect on American businesses, the full implications of which remain to be seen. As members of Congress debate whether to impose limitations on the intelligence gathering capabilities of our national security agencies, they should carefully consider the harm befalling American businesses, and weigh that harm in their decision-making process.