Ever since Edward Snowden leaked news of PRISM, a program that allows the National Security Agency to easily get access to user information stored through American companies like Google, we knew this was coming. One survey found that more than half of non-U.S. residents were less likely to use American cloud services for fear of the NSA.
Now, the Information Technology and Innovation Foundation has put a price tag on the damage: between $22 and $35 billion to the U.S. economy.
Though some of how PRISM works is still hazy, Snowden's leaked slides, plus participating companies' carefully-crafted denials, paint a decent picture. It enables the NSA to tap a handful of powerful American companies—Google, Yahoo, Facebook, Microsoft, and Apple—for specific users' content. It's apparently made legal through section 702 of the Foreign Intelligence Surveillance Act (FISA), which keeps the government from explicitly listening to Americans' communications, but doesn't afford that protection to anybody else. And when the NSA uses PRISM, it issues a legal gag order to those companies. They're vocal about disliking the practice, but their hands are largely tied.
PRISM's wake left plenty of anecdotal evidence of people fleeing those major companies. Duck Duck Go, a search engine that, unlike Google, doesn't track your history, saw its use skyrocket. Pirate Bay cofounder Peter Sunde easily raised over $100,000 to start a privacy-protecting phone app, specifically noting that it wouldn't be "based in the USA" because that would "automatically [disqualify it] from being safe."
The ITIF notes that while the U.S. is the clearly dominant force in the cloud computing market, its competition, particularly from Europe, has been steadily rising since 2011. France, for instance, invested €135 million ($179 million USD) in developing cloud programs that year. The country's cloud security advisor, Jean-Francois Audenard, explained it wasn't just about cashing in on an emerging market, either: “It’s extremely important to have the governments of Europe take care of this issue because if all the data of enterprises were going to be under the control of the U.S., it’s not really good for the future of the European people," he said.
It's still an emerging market, the ITIF admits, but it has left $13 billion in wiggle room. The figure is largely crafted from already-existing projections of the U.S. losing market share in cloud storage, coupled with surveys indicating people specifically wanting to start using non-U.S. Internet companies.
Of course, that might be a silly proposition, especially for Europeans. To quote the ITIF:
While the reputations of U.S. cloud computing providers (even those not involved with PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is that most developed countries have mutual legal assistance treaties (MLATs) which allow them to access data from third parties whether or not the data is stored domestically.
In particular, both the U.K. and Germany, the latter of which has hosted anti-NSA protests in scores of cities, have highly invasive Internet spy programs of their own. And those agencies partner with the NSA anyway.
H/T Gigaom | Illustration by Jason Reed