US businesses stand to lose up to $35B as a result of PRISM

How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation — a highly regarded DC think-tank — estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying.

On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This
assumes the U.S. eventually loses 20 percent of the foreign market to competitors and
retains its current domestic market share. (See Appendix A for details.)
What is the basis for these assumptions? The data are still thin—clearly this is a developing
story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security
Alliance surveyed its members, who are industry practitioners, companies, and other cloud
computing stakeholders, about their reactions to the NSA leaks. 16 For non-U.S. residents,
10 percent of respondents indicated that they had cancelled a project with a U.S.-based
cloud computing provider; 56 percent said that they would be less likely to use a U.S.-
based cloud computing service. For U.S. residents, slightly more than a third (36 percent)
indicated that the NSA leaks made it more difficult for them to do business outside of the
United States.

Thus we might reasonably conclude that given current conditions U.S. cloud service
providers stand to lose somewhere between 10 and 20 percent of the foreign market in the
next few years. Indeed, some foreign providers are already reporting their success.
Artmotion, Switzerland's largest hosting company, reported a 45 percent increase in
revenue in the month after Edward Snowden revealed details of the NSA's PRISM
program. 17 And the percentage lost to foreign competitors could go higher if foreign
governments enact protectionist trade barriers that effectively cut out U.S. providers.
Already the German data protection authorities have called for suspending all data transfers
to U.S. companies under the U.S.-EU Safe Harbor program because of PRISM. 18

While the reputations of U.S. cloud computing providers (even those not involved with
PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is
that most developed countries have mutual legal assistance treaties (MLATs) which allow
them to access data from third parties whether or not the data is stored domestically. 19 The
market research firm IDC noted in 2012, "The PATRIOT Act is nothing special, indeed
data stored in the US is generally better protected than in most European countries, in
particular the UK." 20 In Germany (yes, the same country that wants to suspend data
transfers to the United States) the G10 act gives German intelligence officials the ability to
monitor telecommunications without a court order. 21