The recent revelations about the extent to which the National Security Agency (NSA) and other U.S. law enforcement and national security agencies have used provisions in the Foreign Intelligence Surveillance Act (FISA) and USA PATRIOT Act to obtain electronic data from third parties will likely have an immediate and lasting impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits, according to the statistics revealed by the latest report of the Information Technology and Innovation foundation (ITIF).
If European cloud customers cannot trust the United States government, then maybe they won’t trust U.S.cloud providers either. If I am right, there are multibillion-euro consequences for American companies. If I were an American cloud provider, I would be quite frustrated with my government right now.– Neelie Kroes, European Commissioner for Digital Affairs.
The United States has been a global leader in providing cloud computing services globally and a big chunk of the US Cloud industry’s revenue comes from companies outside the North America. Of late, however, other countries, especially Europeans, are trying to play catch-up to the United States’ early success, and are even taking their governments’ help to do so. France, for example, has invested €135 million in a joint venture in cloud computing.
As shown in table 1 below, the global enterprise public cloud computing market will be a $207 billion industry by 2016. While much of this projected growth was until recently up for grabs by U.S. companies, the disclosures of the NSA’s electronic surveillance may fundamentally alter the market dynamics.
“Whoever fears their communication is being intercepted in any way should use services that don’t go through American servers,” declared Hans-Peter Friedrich, German Interior Minister publicly. German Justice Minister Jörg-Uwe Hahn has also called for a boycott of U.S. companies.
How much do U.S. cloud computing providers stand to lose from PRISM?
The Cloud Security Alliance conducted a survey in June and July of 2013 amongst its members who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks.
10 percent of non-US respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.-based cloud computing service. 36 percent of the U.S. residents indicated that the NSA leaks made it more difficult for them to do business outside of the United States.
Soruce: Cloud Security Alliance
Thus given the current conditions, on the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.
Table 1: Low estimate of losses from NSA revelations, in $ billions.
On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share.
Table 2: High estimate of losses from NSA revelations, in $ billions.
What should the U.S. government do?
The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed. The U.S. government needs to proactively declassify information about the PRISM program and allow companies to reveal more details about what information has been requested of them by the government.
Also, the U.S. government should make it is clear what information U.S.-based and non-U.S.-based companies are disclosing to both domestic and foreign governments. U.S. trade negotiators should work to include transparency requirements in trade agreements, including the Transatlantic Trade and Investment Partnership (TTIP) currently being negotiated with the EU.
If the U.S. government continues to impede U.S. cloud computing providers, other nations are more than willing to step in to grow their own industries at the expense of U.S. businesses.
To see the full report by Daniel Castro, a Senior Analyst with the Information Technology and Innovation Foundation and Director of the Center for Data Innovation, click here.
