Friday 25 October, 2013
The United States National Security Administration’s PRISM surveillance program could hurt the US cloud service industry, according to a survey conducted by the Cloud Security Alliance in June 2013. The survey found that because of the program and its threat to privacy and confidentiality, European companies are reluctant to use US-based cloud service providers.
PRISM is a mass electronic surveillance data mining program that has been operated by the NSA since 2007. It was top-secret until former NSA contractor Edward Snowden leaked it.
How Bad Is It?
The Cloud Security Alliance survey asked 200 respondents about their feelings regarding US cloud service. Over half of the respondents said they would not use US-based cloud service providers in the future because of privacy concerns. Ten percent of respondents said they had already canceled their US cloud service because of the program.
The European Commission’s digital commissioner Neelie Kroes said in a statement that the NSA program could cost US cloud service providers billions of euros. She warned that European companies will act ‘rationally’ and stop using US providers since they’re sharing with intelligence agencies. If so, this is especially bad news for the cloud service industry, since many providers are now expanding into overseas markets due to a decrease in US demand.
Europe isn’t the only market where US cloud service providers are seeking to expand, but Jim Reavis, executive director of the Cloud Service Alliance, says, ‘It will spread to other areas as well. If this doesn’t get fixed, we’re looking at some big numbers.’
For some in Europe, this is a golden opportunity to steer business back to European providers. Most famously, Estonia’s president Toomas Hendrik Ilves said that Europe should build its own cloud where it can offer its citizens the privacy and security that no longer exists in the United States.
A Breach of Trust
For cloud service providers, privacy is a huge selling point. They store both business and personal data, much of which is extremely sensitive. In the United States, government agencies can send ‘National Security Letters’ to American companies to compel them to release data on their customers or users, even if these customers and users are non-US citizens. In this situation, it’s difficult for US cloud service providers to guarantee security and gain the trust of potential customers. This is why PRISM is a clear threat to the privacy of anyone worldwide who uses a US cloud service provider.
It’s interesting to note that although European companies overwhelmingly felt reluctance to deal with US cloud service providers because of privacy concerns, US-based respondents to the Cloud Service Alliance survey were not bothered by the fact that government intelligence agencies had access to their data.