
How Much Will Prism Cost the U.S. Cloud Computing Industry? - andyl
http://www.itif.org/publications/how-much-will-prism-cost-us-cloud-computing-industry
======
rayiner
Link to the actual estimate: [http://www2.itif.org/2013-cloud-computing-
costs.pdf](http://www2.itif.org/2013-cloud-computing-costs.pdf). The estimate
is based on surveys conducted in June and July where 10% of respondents stated
that they had canceled a U.S. cloud computing project as a result of the NSA
programs. The paper than extrapolates from that and then projects the costs to
U.S. business over the next three years if the U.S. loses 10%-20% of non-U.S.
cloud spending over that period.

The weakness of the conclusion is that:

1) The survey is based on percentage of respondents, but that information is
used to make a conclusion about dollar value of spending;

2) It assumes that the survey taken in the direct aftermath of the
revaluations is representative of attitudes over the next three years.

~~~
pigscantfly
Analysis this questionable transcends the 'take with a grain of salt'
threshold, in my opinion. They're not publishing this to inform anyone, just
grab eyeballs. Hooray new media...

------
zmmmmm
I was in a meeting the other week where moving a bunch of computing services
to the cloud came up. The local vendor was making great hay with the ability
to assert that data stored in their cloud infrastructure would not leave our
(non-US) state and their company was outside of any foreign legal jurisdiction
(ie: not Amazon).

But I think the impact is actually far worse, because nobody actually cared
whether it was US based. PRISM has not destroyed US business, it is destroying
the cloud computing business everywhere, because nobody trusts that a) their
own government is not in cahoots with the NSA anyway, or b) their own
government is not even worse than the NSA.

Cloud computing has been one of the great revolutions of the last 10 years,
and has seriously lowered the barrier to entry for large scale computing,
dramatically boosting innovation. I think PRISM may well set us back 5 - 10
years in terms of migrating services to the cloud and the cost of that is
pretty much immeasurable.

~~~
rayiner
Maybe I'm outing myself as a luddite, but I never understood the point of
cloud computing for sensitive data in any case. If the system isn't end-to-end
encrypted so it's only in plain text locally, I don't care whether it's the
government can see it or some intern you hire to sysadmin for the summer can
see it--I'm not putting sensitive data on that system.

~~~
zmmmmm
Yes, it's funny, you would think end-to-end encryption would satisfy most
concerns, but it does not. I don't know if that is because people don't trust
/ understand it, or whether it's legal (maybe you still go to the same prison
if your patient data was stolen encrypted as if it was stolen unencrypted). It
may be logistical (how do you keep track of the keys, what do you do if the
encryption system you used later becomes compromised, or a rogue employee
makes off with the keys, etc.). In any case, encrypting the data is not seen
as a silver bullet to resolve the risks posed by cloud computing, and
certainly nobody at all is proposing to shove data up to the cloud unencrypted
- so that itself is not the issue anyway.

~~~
damarquis
I think it is mainly a logistical issue. The problem is that encryption keys
are a single point of failure. IT practices at most businesses would have to
be very rigorous before a design with a single point of failure for any
significant part of the IT infrastructure could even be remotely considered.

Changing business practices to decrease the risk of using end-to-encryption to
an acceptable level has an associated cost which, at most companies, probably
dwarfs the cost of its technical implementation.

------
DanBC
Avoiding the US because of government surveillance is odd, because we know
that if you're outside the US you lose all supposed protections you have
inside the US, and we know that other agencies collect everything.

GCHQ collect everything; caching it for 4 days and metadata for 30 days. These
times are probably going to increase.

There are good reasons to avoid hosting anything in the US. (eg Weird lack of
sensible privacy laws).

~~~
SG-
What protections do you have inside the US as a non-US citizen? While I'm sure
other agencies collect things or let the US collect things for them, the fact
is that most countries don't have the budget the NSA does to even do something
like PRISM.

~~~
adestefan
If you're in sovereign US territory, then you're provided the protections of
the Constitution even if you're not a citizen. This is why there's a big stink
about closing Guantanamo and moving all the inmates to Leavenworth.

~~~
SG-
It doesn't seem like the Constitution matters as much as it used to.
Regardless, that shouldn't be enough reason to write off other countries for
hosting your cloud data.

------
bowlofpetunias
I think it will take some time for the damage to become clear. We as a
European company are using services like Google Apps, AWS, Dropbox, Skype and
such.

We're not in any big hurry to incur the costs of migrating away from those,
but it's definitely going to happen in the next 5 years. It partly depends on
what alternatives pop up, and we're only at the start of that process.

Also, the policies that preclude ever using such U.S. services again in the
future are already being put in place in many organizations.

The actual impact will be slow, but it feels very much irreversible. I
introduced the use of AWS at our company. Today, I don't think I could sell
that.

------
btipling
Fix title. "lost" is not the equivalent of "stands to lose"

~~~
rhizome
Plus the unreality of calculating this a month and a half after the leak.

~~~
btipling
The OP link is mostly blog spam that references

[http://www.itif.org/publications/how-much-will-prism-cost-
us...](http://www.itif.org/publications/how-much-will-prism-cost-us-cloud-
computing-industry)

which says $22 to $35 BN qualified with an "if" statement.

> The United States has been the leader in providing cloud computing services
> not just domestically, but also abroad where it dominates every segment of
> the market. Recent revelations about the extent to which the NSA obtains
> electronic data from third-parties will likely have an immediate and lasting
> impact on the competitiveness of the U.S. cloud computing industry if
> foreign customers decide the risks of storing data with a U.S. company
> outweigh the benefits. Unless the White House or Congress acts soon, the
> U.S. cloud computing industry stands to lose $22 to $35 billion over the
> next three years.

------
kosei
Depressing that such hugely speculative extrapolation is getting upvoted the
way that it is. This "article" is typical traffic fodder taking a flawed
report at face value and reporting it as fact.

------
mrweasel
Some companies might move away from cloud solution and buy VPS or physical
servers in co-location facilities.

However, companies like RackSpace, Amazon and Heroku doesn't really have that
much to fear, they simply don't have European competitors. I might be wrong,
but I struggle to even find a good European replacement for Gmail ( even
though I'm willing to pay ).

I don't really trust UK companies either, so the "best" solution I found so
far are companies like Hetzner. It's not really the same as Rackspace, Amazon
or Heroku, maybe there's a marked for a OpenStack provider in Europe?

------
znmeb
This is junk - not even junk science, just pure bullshit.

~~~
AsymetricCom
say that to German citizens

~~~
zbyszek
Das ist aber Mist. Nicht bloß wissenschaflicher Mist, nur der reine Scheiß.

~~~
AsymetricCom
I know for a fact that not all Germans feel that way.

------
greendata
Oh, it's going to get much worse than this. You know how hard it is to be get
a bank account and/or financial services if you are US citizen living abroad?
Other countries simply do not want US citizen's business in banking and
financial services. It's too much trouble. I think non-US based cloud
companies will start to require proof that you are not a US citizen if you
want to use their service. It's simply too much trouble complying with their
requirements and you're risking too much. Look what happened to Freedom
Hosting recently. All those sites hacked by US Gov, partially b/c the US
citizen was involved (duel Irish/US).

------
RRRA
So the Internet will be more distributed because of this? ;)

~~~
AsymetricCom
Tell me more about this "distributed" Internet. Sounds like a great way to
make it robust and inexpensive, boosting the entire economy.

------
coldcode
Everything I hope. Otherwise politicians won't change a thing.

------
elchief
I wonder if the Feds subsidized Microsoft's purchase of Skype to make it
easier to listen in on Skype calls? </conspiracy-theory>

~~~
nullc
Pfft. If they were doing things like that then they would have blocked or
best-offered the purchase of ICQ by the mail.ru folks.

~~~
plorkyeran
ICQ was already utterly irrelevant by 2010.

~~~
nullc
_facepalm_

