Warning: EU's PRISM exploitation will cost US $35bn

Last month we wrote about the prospect of forthcoming 'cloud war' between Europe and the US as a result of the National Security Agency's (NSA) Obama-endorsed PRISM data collection programme.

At the time - and in a previous item - we noted that such actions were playing into the hands of those in the European Union who are pressing for what we - and others - regard as a fundamentally flawed and ill-advised attempt to force through a pan-European cloud computing strategy from Brussels.

Neelie Kroes, Commissioner in charge of the Digital Agenda, said last month:

"If European cloud customers cannot trust the United States government, then maybe they won't trust US cloud providers either. If I were an American cloud provider, I would be quite frustrated with my government right now.”

The problem is that while the sabre-rattlers within the European Commission are working up a good rhythm, across the Pond there are those who see the outrage about PRISM overseas, and the prospect of tougher data protection rules as a result, as just another 'attack' on US commercial interests by uppity foreigners.

But there are more signs that some elements of US business are waking up to the knock-on impact of PRISM - even if their suggested course of action as a result isn't necessarily on track.

A survey conducted in June and July by the Cloud Security Alliance found that 10% of foreign cloud industry participants had cancelled a project with a US cloud computing provider, and 56% said they would be less likely to use a US company.

The latest warning comes from the Information Technology and Innovation Foundation (ITIF) in a report entitled  How Much Will PRISM Cost the U.S. Cloud Computing Industry?  which predicts that the program could cost US cloud firms up to $35 billion over the next three years.

The report argues:

Global spending on cloud computing is expected to grow by as much as 100 percent between 2012 and 2016, whereas the global IT market will only grow by 3 percent.

If U.S. companies lose market share in the short term, this will have long-term implications on their competitive advantage in this new industry.

Beastly foreigners

ITIF bases its conclusions on the assumption that the US is the clear leader in cloud computing and that other countries are playing catch-up. PRISM gives those countries an opening to gain a foothold in the market, warns ITIF.

The report warns:

Europeans in particular are trying to edge out their American competitors, and they are enlisting their governments to help.

The Europeans are quite frank about their intentions. The EC notes 'this strategy is about building a new industry, and better competing against the United States in particular.

As you can see, the ITIF report does stray pretty rapidly and consistently  into the 'beastly foreigners out to get us' territory:

Rival countries have noted this opportunity and will try to exploit it.

One tactic they used before the PRISM disclosures was to stoke fear and uncertainty about the USA PATRIOT Act to argue that European businesses should store data locally to protect domestic data from the US government.

After PRISM, the case for national clouds or other protectionist measures is even easier to make.

This last point may well be true - indeed it's what we warned last month - but it does come dangerously close to just stoking up the 'them vs US' paranoia given the provenance of this report which is pitched at a domestic US audience.

According to Daniel Castro, a senior analyst at ITIF:

“Many foreign customers are now deciding whether the risks of storing data with a US company are worth the benefits, and foreign cloud service providers will ruthlessly exploit this perceived weakness to gain market share.

"In addition, some countries may use PRISM as an excuse to enact a series of protectionist policies to restrict access to their markets and promote their domestic cloud providers."

Not a solution 

Ultimately - and somewhat depressingly -  ITIF assumes that PRISM isn't going to go away - which unfortunately does seem a fair enough assumption for now given that the Obama administration is right behind it.

Accepting that PRISM is now the norm, ITIF decides the main concern is how much is this going to cost US business.

Castro concludes:

"In addition to the privacy and civil liberties debates going on, we need to have a serious conversation about the potential economic costs of electronic government surveillance.

"The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed."

With that in mind, ITIF makes two primary recommendations for the US cloud computing industry and government:

• De-classify information about the Prism program so that companies are clear about what information the government is trying to access.
• The creation of international transparency guidelines so that it is clear what exactly US-based and non-US-based companies are releasing to domestic and foreign governments.

It's not immediately apparent how this is supposed to counter the political opportunism of the likes of Kroes whose case is built on anger about ANY data collection taking place.

The very existence of PRISM at all is all that's needed to allow committed protectionists to make their argument ring loud and clear, particularly in Germany where US snooping has become an issue in next month's elections.

Verdict

Another timely warning about the cost of PRISM to the US cloud industry and a reminder of how it's playing into the hands of those who may not have the best interests of the global market at heart.

But fatally undermined by excessive attribution of implied dubious intentions by all Europeans, as opposed to a politically motivated minority, and by its acceptance that PRISM is here to stay and all  we need to stop worrying about it is a bit more information.

Nonsense. Naive nonsense.