Edward Snowden's revelations about the National Security Agency's Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market -- a slice of business valued at up to $35 billion.
A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users' fears about the secret data collection program to challenge U.S. leadership in the hosted services business.
Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.
Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden's leak of NSA Prism documents earlier this year.
"If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry," said Castro in the ITIF report. "Rival countries have noted this opportunity and will try to exploit it."
To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.
"There are a lot of reasons to be concerned about just how significant those consequences will be," Weinstein said. "The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out."
Weinstein contends that European countries have fewer data protection rules than the U.S.
For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can't happen in the U.S.
"U.S. providers have done nothing other than comply with their legal obligations," he said. But because of Snowden's leaks, "they are facing potentially significant economic consequences."
Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, "I don't think Prism does U.S. providers any favors, that's for sure."
Nonetheless, Anderson added, "I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on."
One reason why U.S. providers may not suffer is because "the alternatives aren't great if you are a European company looking for a cloud service," he said.
Like Weinstein, Anderson said European governments also access private online data. "If you think that Prism is the only program in the world where a government is inspecting private data, you are pretty naive," he said.
Nonetheless, Anderson did warn that continued "missteps on the part of the U.S. government" could have a long-term impact on the worldwide perception of the U.S. cloud computing business.
Jaikumar Vijayan contributed to this story.
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.