All Tech Considered
2:44 am
Wed November 20, 2013

Profit, Not Just Principle, Has Tech Firms Concerned With NSA

Originally published on Thu December 12, 2013 10:51 am

Along with the privacy advocates and the national security establishment, there is another set of players with strong views on NSA surveillance programs: U.S. tech companies.

Google and five other companies weighed in on the surveillance debate last month, sending a letter to members of the Senate Judiciary Committee, supporting legislation to reform National Security Agency surveillance programs.

Their intervention was in part prompted by the news that the NSA had apparently managed to penetrate some of their data centers in Europe. The companies had previously given the NSA access to some of their users' data in the United States under court order, but the interception in Europe was done without their knowledge.

"The companies now are seeing something that they didn't see before," says Robert Boorstin, formerly the policy director at Google. "The intelligence agencies are hacking into them."

The companies' concerns, however, are as much about profits as principles. They now have business interests at stake.

"There's no question that we've reached the point where the tech companies are being threatened financially and commercially by what's happened with the NSA," Boorstin says.

U.S. tech companies, including Google, are doing more business overseas, and customers in some of those markets are saying the American firms' associations with NSA surveillance activities will cost the companies some of that business.

At greatest risk are the U.S. companies' prospects in the delivery of cloud computing services, such as Google's Gmail or Amazon's web hosting. Foreign customers of those services have to trust the U.S. companies with their data, and several governments are considering measures that would restrict tech firms in their overseas operations.

"We're seeing a number of countries saying, 'U.S. companies are not wanted or potentially not allowed [here],' " says Daniel Castro, a senior analyst who has followed the cloud computing industry for the Information Technology and Innovation Foundation. "Or [the U.S. companies] are going to have a higher cost of doing business than domestic firms."

In August, Castro released a report suggesting that U.S. tech firms faced revenue losses of $22 billion to $35 billion over the next three years, and that was before the revelations about NSA snooping on data centers in Europe. "I would say that is a minimum rather than a maximum, because that was looking very specifically at cloud computing and taking a rather low-end estimate based on initial data," he says.

Cloud computing is among the fastest growing parts of the technology industry, and it ranks high in the expansion plans of U.S. tech firms. But the risk to U.S. companies is across the entire tech sector.

"The revelations will be potentially devastating," Castro says.

Last week, Cisco, which manufactures computer network equipment, announced disappointing results for the third quarter. Company executives said the NSA surveillance controversy was in part to blame.

The immediate danger is that other governments will now erect trade barriers that will make it harder for U.S. firms to engage in the export of digital services.

"I think this is going to happen in a big way in the coming negotiations between the Americans and the Europeans over a trade bloc," says Joel Brenner, an attorney specializing in data protection issues and a former NSA inspector general. "It's going to involve some hard bargaining over privacy rules. That's where we're going to begin to see it."

Negotiations over the Transatlantic Trade and Investment Partnership are set to resume in late November and continue into December.

Anne Neuberger, director of the NSA's Commercial Solutions Center and the agency's principal liaison with tech companies, says "of course" her agency is concerned about the impact of the NSA surveillance controversy on U.S. firms, but she hopes that global discontent will be reduced as more information comes out about what the U.S. government requires of its companies in comparison to what other countries require.

"Before anyone makes a decision to stop using the services of U.S. communications companies, we'd strongly encourage them to take a look at the lawful intercept regimes of various countries around the world," Neuberger says. "I know you will find that U.S. law provides some of the strongest protections for the privacy of users."

But Neuberger acknowledges that it has been "challenging" to work with U.S. tech companies in the aftermath of the leaks about surveillance by former NSA contractor Edward Snowden. Asked if she has faced any angry tech executives in her meetings with the companies, she says, "I'll give you two guesses."

In any case, the NSA is not promising to stop intercepting the data held by U.S. technology, a capability the agency has argued is essential in order to track terrorist communications.

"The American government is not going to ask permission of a private actor to do something it has the right to do and the power to do," says Brenner, the former NSA inspector general.

The NSA certainly has the power to gather the data it wants. And unless U.S. laws change, it appears it has a legal right to do so, no matter the commercial consequences for the firms it works with.

Copyright 2013 NPR. To see more, visit http://www.npr.org/.

Transcript

STEVE INSKEEP, HOST:

It's MORNING EDITION, from NPR News. I'm Steve Inskeep.

RENEE MONTAGNE, HOST:

And I'm Renee Montagne. While the debate over the National Security Agency's surveillance operations is mostly about balancing privacy and security concerns, U.S. tech companies have also started weighing in about their own issues. Some of them say they're suffering commercially as a result of the NSA revelations. NPR's Tom Gjelten has more.

TOM GJELTEN, BYLINE: The nation's telephone companies have been largely silent on the surveillance controversy. U.S. tech companies, by contrast, have been outspoken. They lately endorsed legislation that would force changes in NSA surveillance programs. Maybe it's their different histories. Robert Boorstin, a former policy director at Google, notes that the telephone industry, for years, has been highly regulated by the government. To him, it's looked like when the government says jump, the telephone companies say, how high?

ROBERT BOORSTIN: The Internet companies are a new breed, and they're not used to people poking around in their business. So, instead of saying how high should we jump, they say why should we jump?

GJELTEN: At first, the answer was simple: Google and other tech companies were ordered to give the NSA access to some of their data. So they did. But some data interceptions in Europe were apparently carried out without the companies' knowledge. And Robert Boorstin says that's what's gotten them so upset.

BOORSTIN: The tech companies now are seeing something that they didn't see before, which is that the intelligence agencies are hacking into them. That doesn't leave a good taste in anyone's mouth, and it could sour the relationship between Silicon Valley and the intelligence community.

GJELTEN: This isn't just a matter of principle. It now appears that Google and other tech companies are going to suffer financially as a result of their association with NSA surveillance. Those companies do a lot of business in Europe and Asia and elsewhere, and there's now a big danger that anger over the surveillance disclosures mean those companies will lose some of that overseas business.

DANIEL CASTRO: The revelations will be potentially devastating to the U.S. tech industry.

GJELTEN: Daniel Castro is a senior analyst at the Information Technology and Innovation Foundation. His latest estimate is that U.S. tech companies could lose $35 billion in revenue over the next three years. The biggest risk, he says, is to those companies' cloud computing services - Google's Gmail or Amazon's Web hosting, for example. Those businesses are all about data storage, and Castro says foreign customers may no longer trust American companies to store their data.

CASTRO: Right now, we're seeing a number of countries saying, you know, U.S. companies are not wanted, potentially not allowed, or they're going to have a higher cost of doing business than domestic firms.

GJELTEN: Last week, CISCO, which manufactures computer network equipment, announced disappointing results for the third quarter. Company executives said the surveillance controversy was, in part, to blame. Joel Brenner, an attorney specializing in data protection issues and a former NSA inspector general, predicts that the controversy over whether U.S. companies will have fair access to the data storage business will be the subject of international bargaining.

JOEL BRENNER: I think this is going to happen in a big way in the coming negotiations between the Americans and the Europeans for a trade bloc. That's where we're going to begin to see it.

GJELTEN: NSA leaders, for their part, say they recognize the surveillance controversy has put U.S. tech companies in commercial trouble. Anne Neuberger has the job at the NSA of working with tech executives. Asked if she's had to deal with any angry executives, she says: I'll give you two guesses. But she argues that the U.S. government is hardly the only country in the world to demand access to companies' data.

ANNE NEUBERGER: Before anyone makes a decision to stop using the services of U.S. communications companies, I strongly encourage them to take a look at the lawful intercept regimes of various countries around the world.

GJELTEN: Neuberger's hope is that more information about what the NSA requires of U.S. companies operating overseas compared to what other governments require might alleviate international concerns about dealing with Google or Yahoo or other American firms.

NEUBERGER: And I think you'll find - I know you'll find that U.S. law provides some of the strongest protections for the privacy of users.

GJELTEN: The NSA is not promising to stop intercepting the data held by tech companies. As long as that capability is necessary for counterterrorism purposes, that won't change, says Joel Brenner.

BRENNER: The American government is not going to ask permission of a private actor to do something it has the right to do and the power to do.

GJELTEN: The NSA certainly has the power to gather the data it wants. And unless U.S. laws change, it appears it has a legal right to do so, no matter the commercial consequences for the firms it works with. Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.