It’s long been theorized that the U.S. stands to lose the most from a cyberwar. We have the most technology, and our economy relies more on that technology than any other nation on earth, so we are the most vulnerable. The continuing controversy swirling around the National Security Agency and electronic surveillance is starting to prove this theory — and it’s going to be a costly battle.
If you were making decisions for a foreign company, would you trust Google or Microsoft with your data, knowing what you now know about Prism and other NSA surveillance programs? Using Gmail or Hotmail now seems akin to cc’ing Uncle Sam on every note. How will that impact U.S. tech companies overseas?
According to an estimate by The Information Technology & Innovation Foundation, fear of NSA prying will cost U.S. cloud computing providers between $22-$35 billion during the next three years.
Before explaining that estimate — admittedly rough, but realistic — let’s catch up on last week’s twists and turns in the NSA saga. When Edward Snowden first disclosed the existence of extensive digital surveillance in May, President Obama tried to douse the firestorm by assuring Americans “Nobody is listening to your phone calls.” Only communications among foreigners suspected of terrorism are subject to Big Brotherish treatment, he said.
Two news stories published last week are making it harder and harder for the president to stick with that claim. First, the New York Times revealed that NSA agents feel at liberty to peruse U.S. citizens’ e-mails and phone calls without a warrant if they have any suspicions that foreign suspects are being discussed. Then the Guardian revealed that secret changes to rules governing NSA searches mean the agency can now use U.S. citizens’ names to query its vast databases of communications.
The law allowing some warrantless searches, section 702 of the 2008 update to the Foreign Intelligence Surveillance Act, quite clearly was written to avoid ensnaring Americans in a digital dragnet.
“Section 702 provides authority to acquire foreign intelligence information, with assistance from U.S.-based communications service providers, targeting NON-USPERs reasonably believed to be located outside the United States,” the rules say.
While the two stories leave many questions unanswered, the idea that nobody is listening to Americans’ phone calls seems less and less defensible.
Meanwhile, real-life economic fallout from the NSA scandal is starting to become apparent. Last week, two security-conscious e-mail providers shut down, saying they feared government action.
The first, Lavabit, was the encrypted e-mail service that NSA leaker Snowden used. When the service was shuttered, thousands of users lost all access to their e-mail.
“I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” says a statement on Lavabit’s website signed by owner Ladar Levison. “After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot.” He said he is appealing a district court ruling that he could not describe, and still hoped to resurrect the service.
Later that day, a second firm, Silent Circle, said it was pre-emptively shuttering its Silent Mail service.
“We see the writing on the wall, and we have decided that it is best for us to shut down,” said a statement issued by the company.
President Obama recently said he has ordered a review of the NSA surveillance program and planned to include privacy advocates as part of the discussion. Let’s hope those involved have a copy of the U.S. Constitution handy. It wouldn’t hurt to have a few sensible technology executives in the room, too.
The Information Technology & Innovation Foundation says the global market for cloud services will be $150 billion next year, rising to $200 billion by 2016. In June and July, the Cloud Security Alliance surveyed its members and found 10 percent said they had canceled a project with a U.S.-based cloud provider as a reaction to the Prism leak, while 56 percent said the news gave them at least some second thoughts. Using the back of an envelope and those rough numbers, the group hypothesized that U.S. firms would lose at least 10 percent of their business because of the NSA — $22 billion on the low end, and $35 billion on the high end, assuming an even more severe reaction.
The U.S. has enjoyed its first-mover advantage on the Internet and among many of the technologies it has spawned. It has always walked a fine line between openness and control, as our government wrestled with questions such as who should operate the Web’s critical domain name system. There has been an enormous peace dividend enjoyed by U.S. tech firms that have been able to spread their brands and ideas to all corners of the globe, even to places where relations are otherwise tense. To do this, the U.S. has, at times, had to hold its nose and let go of a little control at critical junctures.
That peace dividend is increasingly at risk as the U.S. government is now showing it values control over freedom. First with Stuxnet, the virus that interfered with Iran’s nuclear research, and now with NSA surveillance, the U.S. seems to be picking a cyberfight. Our government needs to think carefully before it starts a fight it cannot finish, in a game where the rules really do favor David over Goliath.
This story is an Op/Ed contribution to Credit.com and does not represent the views of the company or its affiliates.