The US, the EU and the outbreak of cloud war

obama_listen_AP

Ready to listen, not just listen in?

I love the smell of paranoia in the morning!

“What you see is a lot of foreign officials and foreign companies sort of making hay while the sun still shines. Foreign companies are happily using PRISM as the latest series of clubs to beat US companies over the head.”

Those were among sage thoughts of Jake Colvin, vice president of global trade issues at the National Foreign Trade Council, at a policy talk this week hosted by the Washington-based think tank the Information Technology and Innovation Foundation (ITIF).

Is he really saying that it’s all beastly foreigners over-reacting and picking on Uncle Sam just because a bit of innocent spying and prying then?

If so, what utter nonsense!

The PRISM and NSA revelations of recent months were immediately identified as having the potential to undermine confidence in US cloud services providers, especially when vested interests in Europe – such as the European Commission – are happy to exploit the FUD to their own political ends.

Take a peek at the results of a survey carried out by the Cloud Security Alliance (CSA) which found that 10% of 207 officials at non-US companies have already canceled contracts with US service providers following the revelation of the NSA spy program.

More than half of 456 representatives of companies in the US., Europe and Asia said they are less likely to use US cloud service providers because of concerns over US government access to their data.

Only three in ten survey respondents said the PRISM scandal will have no impact on their use of US-based cloud services.

Denial?

At the ITIF policy meeting, Philip Verveer, the former US coordinator for international communications and information policy at the State Department, warned:

“The PRISM disclosures are damaging, and I think I’m prepared to speculate extremely damaging to commercial firms that have offered cloud and related kinds of services, and that do or would benefit from efficient cross-border data flows.”

But it’s interesting to note seeming signs of denial among the US cloud industry as when the CSA asked US respondents if the PRISM row would impact on their ability to conduct business overseas, only 36% felt it would while 64% felt that it will have no effect on their business.

Perhaps they’re right. Taking a look around Europe, there’s no standard position been adopted to date.

As we saw last month, Neelie Kroes, the Commissioner responsible for the Digital Agenda, has been shamelessly rattling her sabre, attempting to cite PRISM as a reason for needing a pan-European cloud computing strategy.

She’s got some support from the likes of Germany where Chancellor Angela Merkel has given her backing to controversial data protection reforms which would see companies fined as much as two percent of their annual turnover for any breach of the law and would entrench the ‘right to be forgotten’ in law.

Under enormous political pressure and with PRISM becoming a campaign issue ahead of Germany’s 22nd September federal elections, Merkel is playing tough for the audience at home, declaring that she wants to ensure that around Europe:

“no compromises are made that deviate from our standards in terms of quality, but that high-quality common EU data protection norms are created, which would of great value for us. “

To that end, Merkel says she expects cloud services providers and the like:

“to tell us in Europe who they are giving data to.”

Merkel also made an interesting comment about another EU nation state:

“We [Germany] have a great data protection law. But if Facebook is registered in Ireland, then Irish law is valid, and therefore we need unified European rules.”

merkel_08_27_2012

Chancellor Merkel – not happy (again)

The reference to Ireland is understandable from the Merkel political perspective.

For its part, the Irish government seems essentially relaxed about PRISM – as well it might be given the efforts it’s gone to to attract the likes of Microsoft and Google, which are alleged to have cooperated with the PRISM program, to set up in the republic.

The Irish Office of the Data Protection Commissioner (ODPC) ruled this week in relation to queries from Austrian (?!?!) student activists that:

“We do not consider that there are grounds for an investigation under the Irish Data Protection Acts given that ‘Safe Harbour’ requirements have been met…If something is agreed by the European Commission for the purpose of providing safeguards, that ticks a box under our jurisdiction.”

That runs completely contrary to the European Commission world view in Brussels  and that means trouble ahead – for everyone.

Europe vs US

Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, fired off her view earlier this week when she declared:

“The Safe Harbor agreement may not be so safe after all. US data protection standards are lower than our European ones.”

That would suggest that the ball bounces back to Kroes and Reding and the Commission. They all now need to decide if they want to play hardball with the US authorities and essentially try to rewrite Safe Harbor.

Reding, for one, seems up for a rumble:

” I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year.”

Given that the US Senate just passed a bill approving the ongoing funding for PRISM, that’s not going to happen without a fight.

The best hope of movement comes perhaps from the Republican Party which is inevitably less concerned by the overseas implications of PRISM, but rails against what it sees as more ‘big government’ interference. As such it  may inadvertently assist in cutting PRISM funding and killing it off in the process.

Typical is Republican Justin Amash of Michigan, who introduced a defunding amendment last week. He storms:

“Opponents of this amendment will use the same tactic that every government throughout history has used to justify its violation of rights: fear. They’ll tell you that the government must violate the rights of the American people to protect us against those who hate our freedom.”

Well maybe, maybe not, – but the fact is that he and his fellow opponents lost the vote.

The Obama administration is determined to keep PRISM in place.

Verdict

This row is not going to go away – and it’s not just down to the beastly foreigners either.

Colvin of the National Foreign Trade Council also predicted this week that non-US competitors will use PRISM as a reason to insist that companies store data locally. He warned darkly:

“I think this will certainly embolden calls for digital trade protectionism.”

He’s quite right of course.

And when it  does, then PRISM will be playing right into the hands of those in Europe who want to see just such barriers reinforced, largely against US firms.

The US government is effectively providing ammunition to those whose own self-interest and political ambition are unlikely to be most supportive of the US – or  indeed the global – cloud services provider market.

That would really be rather ironic, wouldn’t it?

Stuart Lauchlan

Stuart Lauchlan

Stuart Lauchlan has been tracking and commenting on the enterprise IT market for 23 years during which time he's managed to amuse, inform and irritate buy and sell side participants in equal and appropriate measure. Lauchlan also helps companies understand the needs of technology readers.
Stuart Lauchlan

@whostu

Tech journalism - the accident from which I've never recovered

Leave a Reply

  • […] long-standing public commitment to open source and open standards. Some have even spoken of the prospect of a forthcoming ‘cloud war’ between Europe and the US, which would undermine even basic efforts to promote open source cloud […]

  • […] before the Snowden revelations made privacy laws a battlefield of international diplomacy, the EU’s plans to harmonize data protection were already stirring a crucible of strong […]

  • […] But in the wake of the PRISM/NSA spying scandal, many in Europe have also been talking up the new measures as a respon… […]

  • […] global cloud adoption? We’ve seen our share of mixed reviews, even on diginomica, in terms of the impact of PRISM and regional variations in cloud adoption. BSA – The Software Alliance, which bills itself as […]

  • […] long-standing public commitment to open source and open standards. Some have even spoken of the prospect of a forthcoming ‘cloud war’ between Europe and the US, which would undermine even basic efforts to promote open source cloud […]

  • […] written a lot about the impact of the PRISM NSA online snooping scandal, highlighting both the fears of the US cloud industry of the potential impact on its business […]

  • […] commissioner Viviane Reding, who is pushing through the data protection regulations, has also initiated a review of the EU’s Safe Harbor agreements with the US in the wake of the Snowden r…, potentially adding to […]

  • Geoffrey Moore: culture, collaboration, clouds and chasms says:

    […] also questioned – as I have – the jingoistic noises made against US providers by certain European Commmisison technocrats and politici…around the need for tougher data protection and security on the back of the PRISM […]

  • […] it’s pitched as response to mounting tensions between the US and the rest of the world over its surveillance of online data which has become a major electoral issue in […]

  • [...] month we wrote about the prospect of forthcoming ‘cloud war’ between Europe and the US as a result of the National Security Agency’s (NSA) Obama-endorsed PRISM data collection [...]

  • lindsaysmith says:

    Good, interesting round-up of the Brussels FUD-factory.  Here’s an alternative view http://www.hldataprotection.com/files/2013/05/A-Sober-Look-at-National-Security-Access-to-Data-in-the-Cloud.pdf which with it’s earlier sister white paper alleges in quite a convincing way that the European snooping environment is worse than the US. Which I suppose we never really doubted.  So, is the argument that although greater powers to snoop may exist in Europe it’s the cousins that are actually doing it…? And today’s allegation that GCHQ was paid £100m in an outsourcing deal: that’s just one in the eye for the DGSE, who presumably tendered but lost?  I wonder if GCHQ looked at their pricing as it whizzed down the transatlantic pipe.
    The trouble is, as your reported surveys show, if you throw enough FUD it sticks.

  • [...] “What you see is a lot of foreign officials and foreign companies sort of making hay while the sun still shines. Foreign companies are happily using PRISM as the latest series of clubs to beat US companies over the head.” [Read the full article] [...]

  • dahowlett says:

    The irony of this situation is surely that those which PRISM is allegedly aimed at will simply find other providers who are out of the NSAs line of sight. If true then we get to find out the real motivation behind PRISM. And we haven’t even touched the latest row over demands for passwords.