The NSA spying scandal risks undermining trust in U.S. cloud computing businesses, the European Commission’s vice-president, Neelie Kroes, has warned in a speech today. Kroes also reiterated calls for “clarity and transparency” from the U.S. regarding the scope and nature of its surveillance and access to data on individuals and businesses living and conducting business in Europe in order to avoid a knock-on effect on cloud businesses.
Loss of Europeans’ trust could result in “multi-billion euro consequences” for U.S. cloud providers, she added.
Kroes was speaking during a press conference held in Estonia, following a meeting of the EC’s European Cloud Partnership Steering Board, which was held to agree on EU-wide specifications for cloud procurement.
In her speech, part of which follows below, she argued that cloud computing businesses are at particular risk of fallout from a wide-reaching U.S. government surveillance program because they rely on their customers’ trust to function — trust that the data entrusted to them is stored securely.
If businesses or governments think they might be spied on, they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out.
Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all. Customers will act rationally, and providers will miss out on a great opportunity.
In this case it is often American providers that will miss out, because they are often the leaders in cloud services. Which brings me to another interesting consequence of recent allegations. Particularly allegations about US government surveillance concerning European partners and allies.
If European cloud customers cannot trust the United States government or their assurances, then maybe they won’t trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.
If I were an American cloud provider, I would be quite frustrated with my government right now. I do not have an agenda here: I am committed to open markets, to liberal values, and the opportunities of new digital innovations. Yet even I am thinking twice about whether there is such a thing as a level playing field when it comes to the cloud.
She added that in the context of a mass surveillance program, such as is apparently being conducted by the NSA security agency, using U.S. companies as its data-harvesting tentacles, being able to guarantee privacy can be viewed as a competitive advantage — which, she suggested, is food for thought for non-U.S. cloud startups and businesses.
“Companies focused on privacy need to start coming forward into the light and help them do that. That would be a smart company, indeed. And 2013 is the year. That includes European companies who should take advantage of interest to provide services with better privacy protection,” she said.
While Kroes conceded there are “some cases” where it may be legitimate for authorities to “access, to some degree, information held online” — citing child protection and terrorism as “good examples” — she stressed such access must be based on “transparent rule of law” and “is the exception to the rule.” Routine surveillance by governments on digital data turns that on its head by making spying the rule — and thereby risks tainting the U.S. businesses that are forced to comply and spy on routine day-to-day business.
“Concerns about cloud security can easily push European policy makers into putting security guarantees ahead of open markets — with consequences for American companies,” she added.
“The cloud has a lot of potential. But potential doesn’t count for much in an atmosphere of distrust. European cloud users and American cloud providers and policy makers need to think carefully about that.”
However, Kroes made her remarks on the same day it emerged that France has its own PRISM-esque data-gathering program. While the U.K. has previously been accused of indulging in similarly systematic data collection via its GCHQ spy agency. So the potential pool of European cloud companies that could benefit from any NSA-fuelled U.S. backlash might not be as large as Kroes suggests.