New revelations about the 2007 secret war for your data will send ripples through the world of cloud computing.

snowden-nsa-circumvent-internet-encryption

According to USA Today, “Disclosures about the National Security Agency’s extensive surveillance operations – and its almost maniacal quest for data from Apple, Yahoo, Facebook, Google and others – didn’t merely tar their brand names. It undermined their ability to compete in key foreign countries, creating a fissure with the U.S. government and prompting some to scramble to create ‘NSA-resistant’ products.”

We all know that money will be lost. The question is, how much? The Information Technology & Innovation Foundation stated that the NSA scandal/fiasco could cost U.S. businesses $22 billion through 2016. Others are claiming higher numbers, with Forrester Research estimating the potential losses at $180 billion, for cloud providers and technology in general. I’ll come down at a more reasonable level and say that it’s more like $18 billion through 2016, that is, if you’re able to track actual sales that have been lost to the NSA issues, which you cannot.

In 2007, Yahoo challenged the program – which was made public last week as part of about 1,500 pages of previously secret documents that were unsealed by the Feds. The company was determined to fight the constitutionality of a warrantless surveillance program. Yahoo will make more documents available; this should be an interesting fight for sure. “Among the more than 1,500 pages made public by the Justice Department and the Office of the Director of National Intelligence, were legal briefs detailing Yahoo’s reasoning for its challenge.”

It seems the government threatened to fine Yahoo $250,000 a day if it did not immediately comply with the secret court order. While Yahoo certainly pushed back on the Government as hard as they could, others have yet to chime in to the same degree as Yahoo, including Google and Apple.

Yahoo began to comply with government directives, and thus provided user data to the NSA, on May 12, 2008, four days after the Foreign Intelligence Surveillance Court of Review found Yahoo in contempt of court and threatened the $250,000 a day fine. The game was pretty much over for Yahoo at that point.

More fighting, less complying?

So, for seven months, Yahoo refused the government’s demands, arguing that handing over user information was unconstitutional. More specifically, that it violated the Fourth Amendment, which protects Americans against unreasonable search and seizure.

The government demands that data be turned over, as requested, from cloud providers, including Google, Microsoft, Apple and, of course, Yahoo. The providers are doing so, with a few fights breaking out, such as the one with Yahoo.

We would not have known about this situation, other than for the fact that Edward Snowden leaked the PRISM information to the public, and now the debate is out in the open. This includes tracking back on what occurred in 2007 and 2008, just as cloud computing was getting off the ground.

Now, in 2014, the cloud is in full swing. Those looking to pick cloud providers do, indeed, care about the legal issues surrounding their data. While some can argue that the NSA’s use of the data requested is needed to fight terrorism, and not at all harmful to US citizens, the fact of the matter is that non-US companies are thinking twice about handing over their business data to US-based cloud providers.

Indeed, the data collected by the NSA may not be as targeted as the NSA has been saying. According to a four-month investigation by the Washington Post, based upon information provided by Edward Snowden, ordinary Internet users far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks.

9 of 10 account holders found in a large store of intercepted electronic conversations, which Snowden provided in full to the Post, were not the intended surveillance targets. Instead, they were gathered as part of the NSA’s monitoring of other people of interest.

According to the Post:

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties, and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

As the cloud grows, these sorts of revelations keep coming, and they certainly hinder growth. However, it does not surprise me that the NSA holds so much data unrelated to its targets. It seems obvious that some of the data is sensitive and was never meant to be seen beyond the two original participants in the communications. It’s creepy at best, illegal at worst.

I’ve been pretty nonchalant on the whole PRISM thing, as related to the growth of cloud computing. On one hand, you have the government that needs to work in an increasingly Internet-delivered world, and needs to spot potential bad guys before they are able to act. On the other hand, we live in an “innocent until proven guilty” society, at least, in theory. We have an expectation of privacy, but I’m not down with disallowing all surveillance; that’s just not practical.

However, the demands for data by the NSA, and other US intelligence agencies, seems to be more haphazard, if you believe the claims of Snowden and some recent research based upon information supplied by Snowden, such as the Washington Post story. I suspect that the truth is somewhere in the middle, again. I don’t believe that the government has any bad intentions here, but I do believe that we’ll see some unintended consequences as part of the surveillance, such as the violation of privacy, which I’m pretty sure has occurred.

Thus, I’m not sure I can argue with a European business that’s a bit hesitant to place their data on a US-based cloud provider. There are many unanswered questions, and pretty much a story-a-month that focuses on some new revelation around the NSA data snooping, and the inability of US-based cloud providers to stop them. I tend to agree with Yahoo’s past legal actions.

Fixing the problem

The fix here is for U.S. lawmakers to reform the surveillance programs. Around the time of 9/11, everyone was pretty solid around the fact that new surveillance programs would be created, and the lawmakers got behind that public opinion. Have the programs gone too far in some instances? Perhaps. There need to be better controls, reporting, and accountability.

I’m not the only one calling for surveillance reform. Just last week, groups that represent Apple, Google, Microsoft, and other major tech companies, urged Senate Majority Leader Harry Reid, D-Nev., and Minority Leader Mitch McConnell, R-Ky., to support an updated version of the USA Freedom Act to reform the NSA.

In a letter to Reid and McConnell, BSA | The Software Alliance, the Computer and Communications Industry Association, the Information Technology Industry Council, Reform Government Surveillance, and the Software and Information Industry Association wrote that passing the USA Freedom Act will “send a clear signal to the international community and to the American people that government surveillance programs are narrowly tailored, transparent and subject to oversight.” They noted the impact on technology companies, specifically the growth of cloud computing.

No matter if this is done by reform, or sometimes by more secret legal battles, the current course is no longer acceptable. Those who think that things will settle down, and that companies won’t consider the risks around the current treatment of data are already finding that is not the case.