Along with the privacy advocates and the national security establishment, there is another set of players with strong views on NSA surveillance programs: U.S. tech companies.
Google and five other companies weighed in on the surveillance debate last month, sending a letter to members of the Senate Judiciary Committee, supporting legislation to reform National Security Agency surveillance programs.
Their intervention was in part prompted by the news that the NSA had apparently managed to penetrate some of their data centers in Europe. The companies had previously given the NSA access to some of their users’ data in the United States under court order, but the interception in Europe was done without their knowledge.
“The companies now are seeing something that they didn’t see before,” says Robert Boorstin, formerly the policy director at Google. “The intelligence agencies are hacking into them.”
The companies’ concerns, however, are as much about profits as principles. They now have business interests at stake.
“There’s no question that we’ve reached the point where the tech companies are being threatened financially and commercially by what’s happened with the NSA,” Boorstin says.
U.S. tech companies, including Google, are doing more business overseas, and customers in some of those markets are saying the American firms’ associations with NSA surveillance activities will cost the companies some of that business.
At greatest risk are the U.S. companies’ prospects in the delivery of cloud computing services, such as Google’s Gmail or Amazon’s web hosting. Foreign customers of those services have to trust the U.S. companies with their data, and several governments are considering measures that would restrict tech firms in their overseas operations.
“We’re seeing a number of countries saying, ‘U.S. companies are not wanted or potentially not allowed [here],’ ” says Daniel Castro, a senior analyst who has followed the cloud computing industry for the Information Technology and Innovation Foundation. “Or [the U.S. companies] are going to have a higher cost of doing business than domestic firms.”
In August, Castro released a report suggesting that U.S. tech firms faced revenue losses of $22 billion to $35 billion over the next three years, and that was before the revelations about NSA snooping on data centers in Europe. “I would say that is a minimum rather than a maximum, because that was looking very specifically at cloud computing and taking a rather low-end estimate based on initial data,” he says.
Cloud computing is among the fastest growing parts of the technology industry, and it ranks high in the expansion plans of U.S. tech firms. But the risk to U.S. companies is across the entire tech sector.
“The revelations will be potentially devastating,” Castro says.
Last week, Cisco, which manufactures computer network equipment, announced disappointing results for the third quarter. Company executives said the NSA surveillance controversy was in part to blame.
The immediate danger is that other governments will now erect trade barriers that will make it harder for U.S. firms to engage in the export of digital services.
“I think this is going to happen in a big way in the coming negotiations between the Americans and the Europeans over a trade bloc,” says Joel Brenner, an attorney specializing in data protection issues and a former NSA inspector general. “It’s going to involve some hard bargaining over privacy rules. That’s where we’re going to begin to see it.”
Negotiations over the Transatlantic Trade and Investment Partnership are set to resume in late November and continue into December.
Anne Neuberger, director of the NSA’s Commercial Solutions Center and the agency’s principal liaison with tech companies, says “of course” her agency is concerned about the impact of the NSA surveillance controversy on U.S. firms, but she hopes that global discontent will be reduced as more information comes out about what the U.S. government requires of its companies in comparison to what other countries require.
“Before anyone makes a decision to stop using the services of U.S. communications companies, we’d strongly encourage them to take a look at the lawful intercept regimes of various countries around the world,” Neuberger says. “I know you will find that U.S. law provides some of the strongest protections for the privacy of users.”
But Neuberger acknowledges that it has been “challenging” to work with U.S. tech companies in the aftermath of the leaks about surveillance by former NSA contractor Edward Snowden. Asked if she has faced any angry tech executives in her meetings with the companies, she says, “I’ll give you two guesses.”
In any case, the NSA is not promising to stop intercepting the data held by U.S. technology, a capability the agency has argued is essential in order to track terrorist communications.
“The American government is not going to ask permission of a private actor to do something it has the right to do and the power to do,” says Brenner, the former NSA inspector general.
The NSA certainly has the power to gather the data it wants. And unless U.S. laws change, it appears it has a legal right to do so, no matter the commercial consequences for the firms it works with.