

How Much Will PRISM Cost the U.S. Cloud Computing Industry? [PDF], a report from the Information Technology and Innovation Foundation — a highly regarded DC think-tank — estimates that the US cloud computing companies will lose $22-$35 billion as a result of customers' nervousness about PRISM and other spying programs. The US had been leading the world in cloud computing, but analysts are seeing a rush to European cloud providers that are (presumably) out of reach on the NSA and in jurisdictions with tighter rules on government spying.



On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This

assumes the U.S. eventually loses 20 percent of the foreign market to competitors and

retains its current domestic market share. (See Appendix A for details.)

What is the basis for these assumptions? The data are still thin—clearly this is a developing

story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security

Alliance surveyed its members, who are industry practitioners, companies, and other cloud

computing stakeholders, about their reactions to the NSA leaks. 16 For non-U.S. residents,

10 percent of respondents indicated that they had cancelled a project with a U.S.-based

cloud computing provider; 56 percent said that they would be less likely to use a U.S.-

based cloud computing service. For U.S. residents, slightly more than a third (36 percent)

indicated that the NSA leaks made it more difficult for them to do business outside of the

United States.

Thus we might reasonably conclude that given current conditions U.S. cloud service

providers stand to lose somewhere between 10 and 20 percent of the foreign market in the

next few years. Indeed, some foreign providers are already reporting their success.

Artmotion, Switzerland's largest hosting company, reported a 45 percent increase in

revenue in the month after Edward Snowden revealed details of the NSA's PRISM

program. 17 And the percentage lost to foreign competitors could go higher if foreign

governments enact protectionist trade barriers that effectively cut out U.S. providers.

Already the German data protection authorities have called for suspending all data transfers

to U.S. companies under the U.S.-EU Safe Harbor program because of PRISM. 18

While the reputations of U.S. cloud computing providers (even those not involved with

PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is

that most developed countries have mutual legal assistance treaties (MLATs) which allow

them to access data from third parties whether or not the data is stored domestically. 19 The

market research firm IDC noted in 2012, "The PATRIOT Act is nothing special, indeed

data stored in the US is generally better protected than in most European countries, in

particular the UK." 20 In Germany (yes, the same country that wants to suspend data

transfers to the United States) the G10 act gives German intelligence officials the ability to

monitor telecommunications without a court order. 21