“What you see is a lot of foreign officials and foreign companies sort of making hay while the sun still shines. Foreign companies are happily using PRISM as the latest series of clubs to beat US companies over the head.”
Take a peek at the results of a survey carried out by the Cloud Security Alliance (CSA) which found that 10% of 207 officials at non-US companies have already canceled contracts with US service providers following the revelation of the NSA spy program.
More than half of 456 representatives of companies in the US., Europe and Asia said they are less likely to use US cloud service providers because of concerns over US government access to their data.
Only three in ten survey respondents said the PRISM scandal will have no impact on their use of US-based cloud services.
At the ITIF policy meeting, Philip Verveer, the former US coordinator for international communications and information policy at the State Department, warned:
“The PRISM disclosures are damaging, and I think I’m prepared to speculate extremely damaging to commercial firms that have offered cloud and related kinds of services, and that do or would benefit from efficient cross-border data flows.”
Neelie Kroes, never wasting a good crisis
But it’s interesting to note seeming signs of denial among the US cloud industry as when the CSA asked US respondents if the PRISM row would impact on their ability to conduct business overseas, only 36% felt it would while 64% felt that it will have no effect on their business.
Perhaps they’re right. Taking a look around Europe, there’s no standard position been adopted to date.
She’s got some support from the likes of Germany where Chancellor Angela Merkel has given her backing to controversial data protection reforms which would see companies fined as much as two percent of their annual turnover for any breach of the law and would entrench the ‘right to be forgotten’ in law.
Under enormous political pressure and with PRISM becoming a campaign issue ahead of Germany’s 22nd September federal elections, Merkel is playing tough for the audience at home, declaring that she wants to ensure that around Europe:
“no compromises are made that deviate from our standards in terms of quality, but that high-quality common EU data protection norms are created, which would of great value for us. “
To that end, Merkel says she expects cloud services providers and the like:
“to tell us in Europe who they are giving data to.”
Merkel also made an interesting comment about another EU nation state:
“We [Germany] have a great data protection law. But if Facebook is registered in Ireland, then Irish law is valid, and therefore we need unified European rules.”
Chancellor Merkel – not happy (again)
The reference to Ireland is understandable from the Merkel political perspective.
For its part, the Irish government seems essentially relaxed about PRISM – as well it might be given the efforts it’s gone to to attract the likes of Microsoft and Google, which are alleged to have cooperated with the PRISM program, to set up in the republic.
The Irish Office of the Data Protection Commissioner (ODPC) ruled this week in relation to queries from Austrian (?!?!) student activists that:
“We do not consider that there are grounds for an investigation under the Irish Data Protection Acts given that ‘Safe Harbour’ requirements have been met…If something is agreed by the European Commission for the purpose of providing safeguards, that ticks a box under our jurisdiction.”
That runs completely contrary to the European Commission world view in Brussels and that means trouble ahead – for everyone.
Europe vs US
Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, fired off her view earlier this week when she declared:
“The Safe Harbor agreement may not be so safe after all. US data protection standards are lower than our European ones.”
That would suggest that the ball bounces back to Kroes and Reding and the Commission. They all now need to decide if they want to play hardball with the US authorities and essentially try to rewrite Safe Harbor.
Reding, for one, seems up for a rumble:
” I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year.”
Given that the US Senate just passed a bill approving the ongoing funding for PRISM, that’s not going to happen without a fight.
The best hope of movement comes perhaps from the Republican Party which is inevitably less concerned by the overseas implications of PRISM, but rails against what it sees as more ‘big government’ interference. As such it may inadvertently assist in cutting PRISM funding and killing it off in the process.
Typical is Republican Justin Amash of Michigan, who introduced a defunding amendment last week. He storms:
“Opponents of this amendment will use the same tactic that every government throughout history has used to justify its violation of rights: fear. They’ll tell you that the government must violate the rights of the American people to protect us against those who hate our freedom.”
Well maybe, maybe not, – but the fact is that he and his fellow opponents lost the vote.
The Obama administration is determined to keep PRISM in place.
This row is not going to go away – and it’s not just down to the beastly foreigners either.
Colvin of the National Foreign Trade Council also predicted this week that non-US competitors will use PRISM as a reason to insist that companies store data locally. He warned darkly:
“I think this will certainly embolden calls for digital trade protectionism.”
He’s quite right of course.
And when it does, then PRISM will be playing right into the hands of those in Europe who want to see just such barriers reinforced, largely against US firms.
The US government is effectively providing ammunition to those whose own self-interest and political ambition are unlikely to be most supportive of the US – or indeed the global – cloud services provider market.
Stuart Lauchlan has been tracking and commenting on the enterprise IT market for 23 years during which time he's managed to amuse, inform and irritate buy and sell side participants in equal and appropriate measure. Lauchlan also helps companies understand the needs of technology readers.
Good, interesting round-up of the Brussels FUD-factory. Here's an alternative view http://www.hldataprotection.com/files/2013/05/A-Sober-Look-at-National-Security-Access-to-Data-in-the-Cloud.pdf which with it's earlier sister white paper alleges in quite a convincing way that the European snooping environment is worse than the US. Which I suppose we never really doubted. So, is the argument that although greater powers to snoop may exist in Europe it's the cousins that are actually doing it...? And today's allegation that GCHQ was paid £100m in an outsourcing deal: that's just one in the eye for the DGSE, who presumably tendered but lost? I wonder if GCHQ looked at their pricing as it whizzed down the transatlantic pipe.
The trouble is, as your reported surveys show, if you throw enough FUD it sticks.
The irony of this situation is surely that those which PRISM is allegedly aimed at will simply find other providers who are out of the NSAs line of sight. If true then we get to find out the real motivation behind PRISM. And we haven't even touched the latest row over demands for passwords.