Amid the very public debate about the civil liberties implications of Edward Snowden’s revelations about NSA spying at home and abroad, the potential business fallout from the leak of classified information has been a footnote.
But as the disclosures wear on, business leaders in the U.S. and elsewhere are beginning to discern the impact of the Snowden leaks. One place they’re voicing their concerns is The State Department, where technology vendors have been complaining of blowback from international customers, according to a senior State Department official who spoke with The Security Ledger.
“We’re talking to cloud providers, including some very large cloud providers, about the challenges they face abroad,” the official said.
The State Department has heard anecdotal reports of US firms losing business due to concerns about government surveillance, but companies have been reluctant to advertise lost accounts. At the same time, the State Department has heard of foreign competitors drumming up concerns about NSA surveillance of data stored on US assets as a way to increase the appeal of their products and services. Some large cloud providers, he said, are adding infrastructure outside the US to address customer concerns, a step he worries won’t be a long-term fix.
“None of this is new,” the official said. “Competitors to US companies have been using these incidents and others like them as a competitive tool in the market.” However, the State Department is concerned that questions about the integrity of US IT infrastructure could be harmful to business.
To date, most of the writing about the bottom line impact to US high-tech firms from the Snowden revelations has been speculative. A November survey from the Information Technology and Innovation Foundation, (ITIF) pegged potential losses to U.S. businesses from concern over NSA spying at between $21 billion and $35 billion through 2016, assuming the U.S. loses about 10 percent of foreign business to European or Asian competitors, according to Daniel Castro, a senior analyst at ITIF.
In December, executives from leading US technology firms including Google, Microsoft and Apple and Facebook signed a letter addressed to President Obama and Congress calling for sharp curbs in surveillance by US intelligence agencies and legal reforms designed to provide more transparency about what information the government monitors and collects. Executives from Cisco and other Silicon Valley firms also met with President Obama to discuss the need for reform and warning about the danger of economic fallout from NSA spying.
Cloud computing and hosting providers report that customers are asking them to cordon off data from US-based systems, or those of other ‘Five Eyes’ nations (the UK, Australia, New Zealand and Canada) that are known to cooperate and share information with U.S. intelligence.
But even cloud providers are reluctant to put a dollar figure on the cost to their business of the NSA spying revelations – or whether the atmosphere of anger and distrust engendered by the Snowden leaks will last.
The official asked that his name not be used because he did not have permission to speak about the impact of NSA spying on State Department business.
He said that the State Department is hopeful that new rules that relax what US firms can say about government surveillance will help alleviate some fears. The US Government and Obama Administration will also be reiterating that the country doesn’t engage in economic espionage on behalf of domestic firms.
“The message that’s critical abroad in relation to commerce is that we did not use any surveillance powers we had to take intellectual property,” he said.
The new rules on disclosures by companies about government requests for data are still strict. US firms will be permitted to publish a rough number of administrative subpoenas known as national security letters – but only in increments of 1,000. Companies might narrow their disclosure to increments of 250 FISA court orders and national security letters. However, they will still be held to the 1,000 increment when discussing FISA orders and national security letters separately, according to reports. Information on surveillance orders can be made public every six months, with reports delayed by six months.
In the long-term, the official said he doesn’t expect the spying and surveillance revelations to cause long-term harm to US companies doing business abroad.
“We have the strongest technology industry in the world. We produce the best services in the world, and that’s why people want them,” he said. “To the degree that we face a challenge abroad its in our ability to communicate to them and to society that we understand their concerns and respect the rights of individuals.”