Out-Law / Your Daily Need-To-Know

US cloud providers set to lose billions following Prism revelations, says think tank

Out-Law News | 07 Aug 2013 | 3:13 pm | 3 min. read

US cloud computing providers could lose between $21.5 billion and $35bn over the next three years as customers move to non-US cloud providers in the wake of revelations about a US intelligence gathering programme, a think tank has said.

The Information Technology & Innovation Foundation (ITIF), a research and education body that formulates views on technology policy in the US, said that US cloud providers are likely to lose out on business because of how the Prism revelations have been handled (9-page / 110KB PDF) unless the US government acts. 

"At this stage it is unclear how much damage will be done [as a result of the Prism revelations], in part because it is still not certain how the US government will respond," the ITIF said in a new paper it has published. "But it is possible to make some reasonable estimates about the potential impact." 

"On the low end, US cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the US eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market. On the high end, US cloud computing providers might lose $35.0 billion by 2016. This assumes the US eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share," it said. 

Earlier this summer the Guardian, together with a number of US newspapers, published details about the existence and operation of 'Prism', a computer programme which reportedly permits the US' National Security Agency (NSA) to collect data "directly from the servers" of a number of major technology companies, including Microsoft and Google. The revelations came from NSA whistleblower Edward Snowden. 

Amidst uproar from privacy groups, US government and intelligence officials have claimed that data is accessed in line with the US' Foreign Intelligence Surveillance Act (FISA). FISA sets out the procedures that US intelligence agencies have to follow in order to gather foreign intelligence information about foreign based individuals for the purposes of protecting against attacks on the US, such as terrorism. Under the regime intelligence agencies require a court to sanction the acquisition of data, although privacy groups have challenged the thoroughness of the procedure. 

Following the revelations the European Commission has decided to conduct a review of the existing agreement the EU has in place with the US in relation to data transfers. The 'Safe Harbor' framework allows for the transfer of personal data from Europe to the US where data protections meet EU standards. US organisations that self-certify that they conform to the requirements of the Safe Harbour scheme are deemed as having met European safety standards outlined in the Data Protection Directive. 

EU Justice Commissioner Viviane Reding said that the agreement may contain a "loophole" that allows for data transfers to take place in cases where US data protection standards are lower than permitted under the Directive. 

In addition, German Interior Minister Hans-Peter Friedrich recently called on those who suspect their communications of being intercepted to avoid using services that go through US servers. 

"Given current conditions US cloud service providers stand to lose somewhere between 10 and 20 percent of the foreign market in the next few years," the ITIF said. "Indeed, some foreign providers are already reporting their success. Artmotion, Switzerland’s largest hosting company, reported a 45 percent increase in revenue in the month after Edward Snowden revealed details of the NSA’s Prism program." 

"The percentage lost to foreign competitors could go higher if foreign governments enact protectionist trade barriers that effectively cut out US providers. Already the German data protection authorities have called for suspending all data transfers to US companies under the US-EU Safe Harbor program because of Prism," it said. 

The ITIF called on the US government to continue declassifying information about its intelligence practices and allow companies to explain more about the requests for data they have received from governments. The measures will help US cloud providers to "effectively compete globally" whilst ensuring national security interests are maintained. 

"The United States has both the most to gain and the most to lose," the ITIF said. "Many of the economic benefits of cloud computing, such as job growth and revenue, are dependent on the United States being able to export cloud computing services. If US firms are to maintain their lead in the market, they must be able to compete in the global market. It is clear that if the US government continues to impede US cloud computing providers, other nations are more than willing to step in to grow their own industries at the expense of US businesses."