activity share. Global spending on cloud computing is expected to grow
by as much as 100 percent among 2012 and 2016, whereas the global IT
market will only grow by 3 percent.11 If U.S.A.. companies lose market
share in the short term, this will have long-term implications on their
competitive advantage in this new industry.
Rival countries have noted this opportunity and will try to exploit it. One tactic they used before the PRISM disclosures was to stoke fear and uncertainty about the USA PATRIOT Act to argue that European businesses should store data locally to protect domestic data from the U.S. government.12 Reinhard Clemens, CEO of Deutsche Telekom’s T-systems group, argued in 2011 that creating a German or European cloud computing certification could advantage domestic cloud computing providers. He stated, “The Americans say that no matter what happens I’ll release the data to the government if I’m forced to do so, from anywhere in the world. Certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them.”13 And after the recent PRISM leaks, German Interior Minister Hans-Peter Friedrich declared publicly, “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.”14 Similarly, Jörg-Uwe Hahn, a German Justice Minister, called for a boycott of U.S. companies.15 After PRISM, the case for national clouds or other protectionist measures is even easier to make.
FINDINGS: THE IMPACT ON U.S. CLOUD SERVICE PROVIDERS
Just how much do U.S. cloud computing providers stand to lose from PRISM? At this stage it is unclear how much damage will be done, in part because it is still not certain how the U.S. government will respond. But it is possible to make some reasonable estimates about the potential impact.
On the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.
On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share. (See Appendix A for details.)
What is the basis for these assumptions? The data are still thin—clearly this is a developing story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security Alliance surveyed its members, who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks.16 For non-U.S. residents, 10 percent of respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.-based cloud computing service. For U.S. residents, slightly more than a third (36 percent) indicated that the NSA leaks made it more difficult for them to do business outside of the United States.
Rival countries have noted this opportunity and will try to exploit it. One tactic they used before the PRISM disclosures was to stoke fear and uncertainty about the USA PATRIOT Act to argue that European businesses should store data locally to protect domestic data from the U.S. government.12 Reinhard Clemens, CEO of Deutsche Telekom’s T-systems group, argued in 2011 that creating a German or European cloud computing certification could advantage domestic cloud computing providers. He stated, “The Americans say that no matter what happens I’ll release the data to the government if I’m forced to do so, from anywhere in the world. Certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them.”13 And after the recent PRISM leaks, German Interior Minister Hans-Peter Friedrich declared publicly, “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.”14 Similarly, Jörg-Uwe Hahn, a German Justice Minister, called for a boycott of U.S. companies.15 After PRISM, the case for national clouds or other protectionist measures is even easier to make.
FINDINGS: THE IMPACT ON U.S. CLOUD SERVICE PROVIDERS
Just how much do U.S. cloud computing providers stand to lose from PRISM? At this stage it is unclear how much damage will be done, in part because it is still not certain how the U.S. government will respond. But it is possible to make some reasonable estimates about the potential impact.
On the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.
On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share. (See Appendix A for details.)
What is the basis for these assumptions? The data are still thin—clearly this is a developing story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security Alliance surveyed its members, who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks.16 For non-U.S. residents, 10 percent of respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.-based cloud computing service. For U.S. residents, slightly more than a third (36 percent) indicated that the NSA leaks made it more difficult for them to do business outside of the United States.
because we might reasonably end that given current conditions U.S.A..
cloud service providers stand to lose somewhere between 10 and 20
percent of the foreign market in the next few years. Indeed, some
foreign providers are already reporting their success. Artmotion, Switzerland’s largest hosting company, reported a 45 percent increase in revenue in the month after Edward Snowden revealed details of the NSA’s
PRISM program.17 And the percentage lost to foreign competitors could
go higher if foreign governments enact protectionist trade barriers that
effectively cut out U.S. providers. Already the German data protection authorities have called for suspending all data transfers to U.S. companies under the U.S.-EU Safe Harbor program because of PRISM.18
While the reputations of U.S. cloud computing providers (even those not involved with PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is that most developed countries have mutual legal assistance treaties (MLATs) which allow them to access data from third parties whether or not the data is stored domestically.19 The market research firm IDC noted in 2012, “The PATRIOT Act is nothing special, indeed data stored in the US is generally better protected than in most European countries, in particular the UK.”20 In Germany (yes, the same country that wants to suspend data transfers to the United States) the G10 act gives German intelligence officials the ability to monitor telecommunications without a court order.21
RECOMMENDATIONS
So what should the U.S. government do?
First, U.S. government needs to proactively set the record straight about what information it does and does not have access to and how this level of access compares to other countries. To do this effectively, it needs to continue to declassify information about the PRISM program and allow companies to reveal more details about what information has been requested of them by the government. The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed.
Second, the U.S. government should work to establish international transparency requirements so that it is clear what information U.S.-based and non-U.S.-based companies are disclosing to both domestic and foreign governments. For example, U.S. trade negotiators should work to include transparency requirements in trade agreements, including the Transatlantic Trade and Investment Partnership (TTIP) currently being negotiated with the EU.
Taking these steps will help ensure that national security interests are balanced against economic interests, and that U.S. cloud service providers are able to effectively compete globally.22
CONCLUSION
The United States has both the most to gain and the most to lose. Many of the economic benefits of cloud computing, such as job growth and revenue, are dependent on the United States being able to export cloud computing services. If U.S. firms are to maintain thei
While the reputations of U.S. cloud computing providers (even those not involved with PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is that most developed countries have mutual legal assistance treaties (MLATs) which allow them to access data from third parties whether or not the data is stored domestically.19 The market research firm IDC noted in 2012, “The PATRIOT Act is nothing special, indeed data stored in the US is generally better protected than in most European countries, in particular the UK.”20 In Germany (yes, the same country that wants to suspend data transfers to the United States) the G10 act gives German intelligence officials the ability to monitor telecommunications without a court order.21
RECOMMENDATIONS
So what should the U.S. government do?
First, U.S. government needs to proactively set the record straight about what information it does and does not have access to and how this level of access compares to other countries. To do this effectively, it needs to continue to declassify information about the PRISM program and allow companies to reveal more details about what information has been requested of them by the government. The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed.
Second, the U.S. government should work to establish international transparency requirements so that it is clear what information U.S.-based and non-U.S.-based companies are disclosing to both domestic and foreign governments. For example, U.S. trade negotiators should work to include transparency requirements in trade agreements, including the Transatlantic Trade and Investment Partnership (TTIP) currently being negotiated with the EU.
Taking these steps will help ensure that national security interests are balanced against economic interests, and that U.S. cloud service providers are able to effectively compete globally.22
CONCLUSION
The United States has both the most to gain and the most to lose. Many of the economic benefits of cloud computing, such as job growth and revenue, are dependent on the United States being able to export cloud computing services. If U.S. firms are to maintain thei
lead in the market, they must be able to compete in the global market. It is clear that if the U.S. government continues to impede U.S. cloud computing providers, other nations are more than willing to step in to grow their own industries at the expense of U.S. businessesa
No comments