Cloud Service Providers Fight Back, Challenge NSA
- 26 February, 2014 15:30
For U.S. cloud computing companies that have long been fighting to defend the privacy protections involving data stored in their servers or passing over their networks, the ongoing revelations about the extent of the NSA's surveillance activities could carry a huge price tag.
For years, in markets such as Western Europe, cloud providers like Google and Microsoft have been trying to beat back concerns voiced by would-be customers -- and stoked by competitors and governments -- that the Patriot Act and other laws render data stored with American firms readily accessible to the U.S. government.
But the protectionist policies that some countries were pursuing -- restricting cross-border data flows or requiring local hosting, for instance -- had been a nuisance, but they didn't seem pervasive enough to challenge U.S. hegemony in the cloud sector.
The equation began to change dramatically last June, when media outlets first began reporting on widespread electronic surveillance programs at the NSA, Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, said Tuesday at a policy discussion on the fallout of the disclosures of former government contractor Edward Snowden.
[ Related: A Look at the Fallout From the 2013 Snowden Leaks ]
"Then the revelations come and people start saying, 'Well, what's going to happen?'" Castro says. "Everyone's angry and they start saying, 'Can we trust the United States? Can we trust the United States with our data?' We've had these conversations before, especially around the Patriot Act. We knew that other countries have been using this argument for a long time, but suddenly they had a trump card. Suddenly they had something very clear to point to and say, 'This is why you shouldn't use Google. This is why you shouldn't use whatever -- any U.S. company -- insert the name there.'"
Castro is the author of a widely cited report that attempted to quantify the revenues U.S. cloud companies stand to lose in foreign markets if the White House or Congress does not take dramatic steps to rein in the NSA's intelligence operations. Castro pegged the potential revenue losses at between $22 billion and $35 billion over the next three years, estimates that he called "conservative" on Tuesday.
"Repeatedly we see companies saying we're the ones out there on the front lines defending this," Castro said. "U.S. companies can't solve this problem, and that's the biggest challenge right now."
Tech Firms Battle Back Against NSA
But some of the firms most affected have been fighting back. Many of the leading companies in the tech sector have mobilized their legal and policy teams in response to the NSA revelations.
[Related: 15 Ways to Make Sense of Calls for NSA Reform ]
Early on, seeking to counter the notion that the NSA had opened a backdoor into their data centers, a handful of companies began pressing the government for permission to publish more information about the nature and scope of the information requests they receive and how they respond to them.
Then in October, reports surfaced that the NSA had secretly hacked into the interconnections between the overseas data centers of Google and Yahoo, detailing a brazen intelligence-gathering effort that appeared to operate at the margins of U.S. law.
"That was when the companies got really publicly angry," says Kevin Bankston, policy director of the Open Technology Institute at the New America Foundation.
In addition to the joint litigation seeking greater transparency on government data requests, several companies that compete vigorously in the marketplace have banded together to form the Reform Government Surveillance coalition, championing a series of principles that would limit federal intelligence authorities and introduce new oversight and accountability measures.
"We've seen a lot of movement from the companies. We've seen unprecedented things. We've seen Apple, Microsoft and Google sitting down in a room together and agreeing to do something together with five other major companies in the form of this ReformGovernmentSurveillance.com effort where they've put forward a bunch of surveillance reform principles," Bankston says.
Through that effort, the group has enlisted the services of a lobbying firm to spread its message on Capitol Hill. Meantime, several companies have been beefing up their own security procedures to guard against government intrusions.
"They've been aggressively pursuing transparency reporting in an attempt to restore trust. We've seen a number of them acting very quickly to encrypt their data links. Many companies that had not had HTTPS turned on before are now finally turning it on," Bankston says.
Silicon Valley vs. the NSA
Expanding their presence inside the Beltway could be an important step for tech firms seeking curbs on the NSA's intelligence gathering, according to Mieke Eoyang, a long-time congressional staffer who now serves as director of the National Security Program at the think tank Third Way.
"Silicon Valley's had a very standoffish attitude towards Washington, and part of it is engaging with Washington to explain what they do," Eoyang says. "But then this is also beyond Silicon Valley."
Eoyang points to a recent report in the New York Times that detailed efforts on the part of intelligence authorities to insert radio frequency technology into computers to expand the scope of their surveillance activities. In some cases, the report alleged, the transmitters were added to the computers after they had been purchased and put into use, but it also noted that hardware manufacturers had been complicit in installing the monitoring devices.
"Any company who is thinking about cooperating directly with the intelligence community on a particular program needs to pass or think about the front-page test," Eoyang says. "What does it mean for the stock price and the shareholders if it winds up on the front page of the New York Times or some other paper that they were in bed with the intelligence community to do this? No American company wants to be in the category of Huawei. So from a company's perspective, as much money as the United States government might dangle in front of you, you need to think very carefully about what it means if that program were to become public."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about government in CIO's Government Drilldown.