The US, the EU and the outbreak of cloud war

I love the smell of paranoia in the morning!

"What you see is a lot of foreign officials and foreign companies sort of making hay while the sun still shines. Foreign companies are happily using PRISM as the latest series of clubs to beat US companies over the head."

Those were among sage thoughts of Jake Colvin, vice president of global trade issues at the National Foreign Trade Council, at a policy talk this week hosted by the Washington-based think tank the Information Technology and Innovation Foundation (ITIF).

Is he really saying that it's all beastly foreigners over-reacting and picking on Uncle Sam just because a bit of innocent spying and prying then?

If so, what utter nonsense!

The PRISM and NSA revelations of recent months were immediately identified as having the potential to undermine confidence in US cloud services providers, especially when vested interests in Europe - such as the European Commission - are happy to exploit the FUD to their own political ends.

Take a peek at the results of a survey carried out by the Cloud Security Alliance (CSA) which found that 10% of 207 officials at non-US companies have already canceled contracts with US service providers following the revelation of the NSA spy program.

More than half of 456 representatives of companies in the US., Europe and Asia said they are less likely to use US cloud service providers because of concerns over US government access to their data.

Only three in ten survey respondents said the PRISM scandal will have no impact on their use of US-based cloud services.

Denial?

At the ITIF policy meeting, Philip Verveer, the former US coordinator for international communications and information policy at the State Department, warned:

"The PRISM disclosures are damaging, and I think I'm prepared to speculate extremely damaging to commercial firms that have offered cloud and related kinds of services, and that do or would benefit from efficient cross-border data flows."

But it's interesting to note seeming signs of denial among the US cloud industry as when the CSA asked US respondents if the PRISM row would impact on their ability to conduct business overseas, only 36% felt it would while 64% felt that it will have no effect on their business.

Perhaps they're right. Taking a look around Europe, there's no standard position been adopted to date.

As we saw last month, Neelie Kroes, the Commissioner responsible for the Digital Agenda, has been shamelessly rattling her sabre, attempting to cite PRISM as a reason for needing a pan-European cloud computing strategy.

She's got some support from the likes of Germany where Chancellor Angela Merkel has given her backing to controversial data protection reforms which would see companies fined as much as two percent of their annual turnover for any breach of the law and would entrench the 'right to be forgotten' in law.

Under enormous political pressure and with PRISM becoming a campaign issue ahead of Germany's 22nd September federal elections, Merkel is playing tough for the audience at home, declaring that she wants to ensure that around Europe:

"no compromises are made that deviate from our standards in terms of quality, but that high-quality common EU data protection norms are created, which would of great value for us. "

To that end, Merkel says she expects cloud services providers and the like:

"to tell us in Europe who they are giving data to."

Merkel also made an interesting comment about another EU nation state:

"We [Germany] have a great data protection law. But if Facebook is registered in Ireland, then Irish law is valid, and therefore we need unified European rules."

The reference to Ireland is understandable from the Merkel political perspective.

For its part, the Irish government seems essentially relaxed about PRISM - as well it might be given the efforts it's gone to to attract the likes of Microsoft and Google, which are alleged to have cooperated with the PRISM program, to set up in the republic.

The Irish Office of the Data Protection Commissioner (ODPC) ruled this week in relation to queries from Austrian (?!?!) student activists that:

"We do not consider that there are grounds for an investigation under the Irish Data Protection Acts given that 'Safe Harbour' requirements have been met…If something is agreed by the European Commission for the purpose of providing safeguards, that ticks a box under our jurisdiction."

That runs completely contrary to the European Commission world view in Brussels  and that means trouble ahead - for everyone.

Europe vs US

Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, fired off her view earlier this week when she declared:

"The Safe Harbor agreement may not be so safe after all. US data protection standards are lower than our European ones."

That would suggest that the ball bounces back to Kroes and Reding and the Commission. They all now need to decide if they want to play hardball with the US authorities and essentially try to rewrite Safe Harbor.

Reding, for one, seems up for a rumble:

" I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year."

Given that the US Senate just passed a bill approving the ongoing funding for PRISM, that's not going to happen without a fight.

The best hope of movement comes perhaps from the Republican Party which is inevitably less concerned by the overseas implications of PRISM, but rails against what it sees as more 'big government' interference. As such it  may inadvertently assist in cutting PRISM funding and killing it off in the process.

Typical is Republican Justin Amash of Michigan, who introduced a defunding amendment last week. He storms:

"Opponents of this amendment will use the same tactic that every government throughout history has used to justify its violation of rights: fear. They'll tell you that the government must violate the rights of the American people to protect us against those who hate our freedom."

Well maybe, maybe not, - but the fact is that he and his fellow opponents lost the vote.

The Obama administration is determined to keep PRISM in place.

Verdict

This row is not going to go away - and it's not just down to the beastly foreigners either.

Colvin of the National Foreign Trade Council also predicted this week that non-US competitors will use PRISM as a reason to insist that companies store data locally. He warned darkly:

"I think this will certainly embolden calls for digital trade protectionism."

He's quite right of course.

And when it  does, then PRISM will be playing right into the hands of those in Europe who want to see just such barriers reinforced, largely against US firms.

The US government is effectively providing ammunition to those whose own self-interest and political ambition are unlikely to be most supportive of the US - or  indeed the global - cloud services provider market.

That would really be rather ironic, wouldn't it?