US businesses stand to lose up to $35B as a result of PRISM

How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation -- a highly regarded DC think-tank -- estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying.

On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share. (See Appendix A for details.) What is the basis for these assumptions? The data are still thin—clearly this is a developing story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security Alliance surveyed its members, who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks. 16 For non-U.S. residents, 10 percent of respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.- based cloud computing service. For U.S. residents, slightly more than a third (36 percent) indicated that the NSA leaks made it more difficult for them to do business outside of the United States.

Thus we might reasonably conclude that given current conditions U.S. cloud service providers stand to lose somewhere between 10 and 20 percent of the foreign market in the next few years. Indeed, some foreign providers are already reporting their success. Artmotion, Switzerland’s largest hosting company, reported a 45 percent increase in revenue in the month after Edward Snowden revealed details of the NSA’s PRISM program. 17 And the percentage lost to foreign competitors could go higher if foreign governments enact protectionist trade barriers that effectively cut out U.S. providers. Already the German data protection authorities have called for suspending all data transfers to U.S. companies under the U.S.-EU Safe Harbor program because of PRISM. 18

While the reputations of U.S. cloud computing providers (even those not involved with PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is that most developed countries have mutual legal assistance treaties (MLATs) which allow them to access data from third parties whether or not the data is stored domestically. 19 The market research firm IDC noted in 2012, “The PATRIOT Act is nothing special, indeed data stored in the US is generally better protected than in most European countries, in particular the UK.” 20 In Germany (yes, the same country that wants to suspend data transfers to the United States) the G10 act gives German intelligence officials the ability to monitor telecommunications without a court order. 21

How Much Will PRISM Cost the U.S. Cloud Computing Industry? [Daniel Castro/ITIF] (via Daily Dot)