US firms worry Edward Snowden is wrecking their business, but the Patriot Act was already doing that

Mmm… data.
Mmm… data.
Image: AP Photo / Charles Dharapak
We may earn a commission from links on this page.

Shortly after a meeting of an EU-sponsored program to push European cloud-computing capabilities in Estonia last month, a high-ranking EC official noted that the biggest losers from Edward Snowden’s revelation about US surveillance would be US businesses:

If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.

If I were an American cloud provider, I would be quite frustrated with my government right now.

American firms certainly are frustrated—so frustrated they have produced two reports in a span of two weeks, both arguing that the US government needs to fix this problem. The first (pdf) is from the Cloud Security Alliance (CSA), an industry body. It released a survey of 500 of its members late last month,  and found that more than half of non-US respondents were “less likely to use US-based cloud providers” and a tenth had “cancelled a project to use US-based cloud providers.” A third of American companies said they felt “the Snowden Incident” made it more difficult for their companies to conduct business outside the US.

The second (pdf) also comes from an industry body, Information Technology and Innovation Foundation (ITIF). It used CSA’s survey, which led it to “reasonably conclude that given current conditions US cloud service  providers stand to lose somewhere between 10% and 20% of the foreign market in the next few years.” Combining that with various forecasts for the size of the cloud-computing industry in the next three years, ITIF estimated that the US cloud-computing industry will suffer between $21.5  billion and $35 billion in losses by 2016.

These numbers appear to be more of a back-of-the-envelope calculation than a rigorous analysis suited for national publications. For one thing, CSA’s survey came soon after the revelations, at a time when emotion was high. More importantly, ITIF doesn’t explain why its conclusion is reasonable, and assumes “current conditions” will continue. As the report itself admits, “The data are still thin—clearly this is a developing story and perceptions will likely evolve.”

Still, the report does make a valid point that goes beyond the Snowden incident. European concerns about data privacy predate Snowden’s revelations about the National Security Agency’s surveillance program: Europeans have been concerned about the Patriot Act ever since it became law. The Dutch don’t use American cloud services for that reason, some British firms don’t either, and Microsoft is still trying to convince people it didn’t mean it when it said the US can obtain data stored on its European servers through the Patriot Act. Indeed, data security may be one of the big sticking points in the forthcoming US-EU free trade agreement. Snowden’s leaks have caused another stir, but as in the past, life—and business—are bound to go on.