10 Months After the NSA Revelations: What’s Changed?
In the wake of the 2013 revelations regarding the National Security Agency’s (NSA) domestic surveillance practices, there were dire predictions made about the future of the U.S.’ cloud computing industry, with analysts estimating potential losses between $35B and $180B by 2016 (when a number of contracts between foreign countries and American cloud providers are due to end.) While until then no one can be certain of any long-term market repercussions due to the NSA’s PRISM program, there have already been shifts in the ways major cloud providers do business and the industry’s leaders are taking significant steps to regain user trust.
Results of a study, carried out by Chinese telecom giant NTT Communications, were released yesterday and revealed the effect that last year’s NSA revelations have had on the way corporate decision makers view cloud technology. In the survey of 1,000 respondents in the U.S., Europe and Asia, 88 percent reported that they were reevaluating their cloud-related purchasing behavior and 31 percent plan to move their stored data to countries they consider safer. Of those not currently using the cloud, 62 percent reported that the discovery put them off from moving their information technology into it. An overwhelming number of both EU and U.S. respondents indicated they would be restricting cloud services to their own region and 16 percent replied that they were delaying future or cancelling current contracts.
Microsoft (NASDAQ:MSFT), as reported by the Financial Times, has broken away from other major U.S. cloud providers in their surveillance response. After losing Brazil as a client due to reports that the NSA used Microsoft’s network to keep tabs on Brazilian and European citizens, the technology giant began allowing foreign customers to store their information in data centers outside the U.S. As the announcement of this change was made in January, it is too soon to know how the decision will affect Microsoft’s share of the foreign cloud market.
IBM, having assured clients in an open letter that it has not turned over any user data under the PRISM program, is following Microsoft’s lead in trying to maintain a footing in foreign cloud storage. Opening 15 new data centers this year operating outside the U.S., it anticipates $7B in cloud revenue by 2015 and project the market as a whole will be worth $200B by 2020.
Google (NASDAQ:GOOG) chose a more confrontational approach to dealing with the NSA after The Washington Post ran an article purporting that the agency had circumvented the FISA court order system and broke into communication links run by Google and Yahoo (NASDAQ:YHOO) that connected the duo’s global data centers. Google did not hide its outrage at the allegation that the NSA gathered over 181 million emails during one 30 day period alone without any permission, especially after a slide revealed the agency’s exploiting a weakness in Google’s cloud encryption.
Late last month, Nicolas Lidzborski, Gmail’s Security Engineering Lead, posted on the site’s official blog explaining that they had enhanced their encryption technology to avoid any future interceptions, affecting the mail service’s 425 million users. While this move does not prevent Google handing over users’ records in compliance with an FBI National Security Letter, it does complicate government agencies’ ability to procure the information without Google’s knowledge.
Google has also advocated for greater public awareness about governmental requests for content removal as well as user data by maintaining a detailed transparency section on their site. The report, updated every six months, discloses the number of requests it receives over the previous period as well as any of the requests’ notable details.