In the 13 months since Edward Snowden leaked details revealing the extent of National Security Agency (NSA) spying, American companies are paying an economic price here and abroad for the vast, and questionable, surveillance program, according to a report from the New American Open Technology Institute (OTI).
Despite the outrage expressed at Snowden's revelations, the national discourse has not moved passed a debate the tradeoffs between national security and individual privacy despite, as OTI's “Surveillance Costs: The NSA's Impact on the Economy, Internet Freedom & Security" revealed, “the NSA's actions have already begun to, and will continue to, cause significant damage to the interests of the United States and the global Internet community.”
As one article of proof, the study cited an April 2014 Harris Poll in which “26 percent of respondents indicated that they are now doing less online shopping and banking since learning the extent of government surveillance programs.”
Noting that three other significant studies, the President's Review Group on Intelligence and Communications Technologies, the Privacy and Civil Liberties Oversight Board, and the New America Foundation's International Security Program, focus on the national security/privacy conundrum, the OTI study seeks to “quantify and categorize the costs of the NSA surveillance programs.” The organization divides those costs into four main groups — direct economic costs to U.S. businesses, potential costs to U.S. businesses and to the openness of the internet, costs to U.S. foreign policy and those to cybersecurity.
“The economic cost issues are not just a PR problem that will blow over,” Katharine Kendrick, policy associate at the Center for Business and Human Rights at NYU Stern School of Business, told SCMagazine.com in a Wednesday interview.
In an earlier statement, Kendrick had commended the report for highlighting “the real costs of NSA surveillance to American businesses,” making clear that “NSA practices have caused real damages to the U.S. tech industry, and have fueled other governments to pursue policies that are bad for both U.S. businesses and for human rights.”
In Wednesday's interview, Kendrick, who focuses on free expression and privacy challenges facing tech companies, noted that NSA spying and implications that U.S. companies had been somehow complicit by filling data requests and offering up products that were tainted with backdoors and vulnerabilities that made surveillance easier had “caused a fundamental breach of trust in an industry where trust is a value proposition.” Regaining trust will likely “take a long time,” she said.
In fact, U.S. companies have seen both declining sales overseas as well as lost business opportunities, the report said, noting that foreign companies are using the scandal to hawk products that they claim “protect users from NSA spying,” thereby gaining a competitive advantage over their American counterparts. The cloud computing industry could take a tremendous hit, losing billions of dollars in the next five years.
Both U.S. businesses and the nation's economy will likely suffer in the long term as foreign governments impose data localization requirements or stronger data protection regulations.
“These proposals could also force changes to the architecture of the global network itself, threatening free expression and privacy if they are implemented,” the report said.
The spying program has “colored a number of critical interactions” with Germany, Brazil and other countries, eroding U.S. credibility in regard to its Internet Freedom agenda and damaging “broader bilateral and multilateral relations.”
And, the study noted, by weakening key encryption standards, allegedly inserting surveillance backdoors into “widely used hardware and software products,” being slow to report software security vulnerabilities and participating in a “variety of offensive hacking operations,” the NSA has roundly damaged internet security.
To mitigate the economic and foreign policy damage caused by NSA surveillance activities, OTI made a number of recommendations, including “strengthening privacy protections for both Americans and non-Americans” and “providing for increased transparency around government surveillance, both from the government and companies.” The report also noted that the U.S. should take steps to restore trust in cryptography standards through the National Institute of Standards and Technology.
The U.S. government must not “undermine cybersecurity” by putting surveillance backdoors into tech products and should commit to eliminating vulnerabilities rather than stockpiling them.
Kendrick, who previously worked at the State Department developing internet freedom policy, noted that U.S. companies have already started to take action and urged that they do more, by “engaging with the administration,” pushing back on over-broad surveillance, challenging search warrants and improving their own processes and providing transparency reports.