Privacy? On spying, money also matters

• U.S. surveillance policies are imposing huge costs on companies and, maybe, the economy

By Claire Cain Miller / New York Times News Service

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than $1 billion to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the U.S. government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning U.S. providers, suspicious because of the revelations by Edward Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Even as Washington grapples with the diplomatic and political fallout of Snowden’s leaks, the more urgent issue, companies and analysts say, is economic. Technology executives, including Mark Zuckerberg of Facebook, raised the issue when they visited the White House recently for a meeting with President Barack Obama.

It is impossible to see now the full economic ramifications of the spying disclosures — in part because most companies are locked in multiyear contracts — but the pieces are beginning to add up as businesses question the trustworthiness of U.S. technology products.

The recent confirmation hearing for the new NSA chief, the video appearance of Snowden at a technology conference in Texas and the drip of new details about government spying have kept attention focused on an issue that many tech executives hoped would go away.

Despite the tech companies’ assertions that they provide information on their customers only when required under law — and not knowingly through a back door — the perception that they enabled the spying program has lingered.

“It’s clear to every single tech company that this is affecting their bottom line,” said Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who predicted that the U.S. cloud computing industry could lose $35 billion by 2016.

Forrester Research, a technology research firm, said the losses could be as high as $180 billion, or 25 percent of industry revenue, based on the size of the cloud computing, Web hosting and outsourcing markets and the worst case for damages.

The business effect of the disclosures about the NSA is felt most in the daily conversations between tech companies with products to pitch and their wary customers. The topic of surveillance, which rarely came up before, is now “the new normal” in these conversations, as one tech company executive described it.

“We’re hearing from customers, especially global enterprise customers, that they care more than ever about where their content is stored and how it is used and secured,” said John Frank, deputy general counsel at Microsoft, which has been publicizing that it allows customers to store their data in Microsoft data centers in certain countries.

At the same time, Castro said, companies say they believe the government is only making a bad situation worse.

“Most of the companies in this space are very frustrated because there hasn’t been any kind of response that’s made it so they can go back to their customers and say, ‘See, this is what’s different now; you can trust us again,’” he said.

In some cases, that has meant forgoing potential revenue.

Though it is hard to quantify missed opportunities, U.S. businesses are being left off some requests for proposals from foreign customers that previously would have included them, said James Staten, a cloud computing analyst at Forrester who has read clients’ requests for proposals. There are German companies, Staten said, “explicitly not inviting certain American companies to join.”

He added, “It’s like, ‘Well, the very best vendor to do this is IBM, and you didn’t invite them.’”

The result has been a boon for foreign companies.

Runbox, a Norwegian email service that markets itself as an alternative to American services like Gmail and says it does not comply with foreign court orders seeking personal information, reported a 34 percent annual increase in customers after news of the NSA surveillance.

Brazil and the European Union, which had used U.S. undersea cables for intercontinental communication, last month decided to build their own cables between Brazil and Portugal, and they gave the contract to Brazilian and Spanish companies. Brazil also announced plans to abandon Microsoft Outlook for its own email system that uses Brazilian data centers.

Mark Barrenechea, chief executive of OpenText, Canada’s largest software company, said an anti-American attitude took root after the passage of the Patriot Act, the counterterrorism law passed after 9/11 that expanded the government’s surveillance powers.

But “the volume of the discussion has risen significantly post-Snowden,” he said. For instance, after the NSA surveillance was revealed, one of OpenText’s clients, a global steel manufacturer based in Britain, demanded that its data not cross U.S. borders.

“Issues like privacy are more important than finding the cheapest price,” said Matthias Kunisch, a German software executive who spurned U.S. cloud computing providers for Deutsche Telekom. “Because of Snowden, our customers have the perception that American companies have connections to the NSA.”

Security analysts say that ultimately the fallout from Snowden’s revelations could mimic what happened to Huawei, the Chinese technology and telecommunications company, which was forced to abandon major acquisitions and contracts when U.S. lawmakers claimed that the company’s products contained a backdoor for the People’s Liberation Army of China — even though this claim was never definitively verified.

Silicon Valley companies have complained to government officials that federal actions are hurting U.S. technology businesses. But companies fall silent when it comes to specifics about economic harm, whether to avoid frightening shareholders or because it is too early to produce concrete evidence.

“The companies need to keep the priority on the government to do something about it, but they don’t have the evidence to go to the government and say billions of dollars are not coming to this country,” Staten said.

Some U.S. companies say the business hit has been minor at most.

John Chambers, chief executive of Cisco Systems, said in an interview that the NSA disclosures had not affected Cisco’s sales “in a major way.” Although deals in Europe and Asia have been slower to close, he said, they are still being completed — an experience echoed by several other computing companies.

Still, the business blowback can be felt in other ways than lost customers.

Security analysts say tech companies have collectively spent millions and possibly billions of dollars adding state-of-the-art encryption features to consumer services, like Google search and Microsoft Outlook, and to the cables that link data centers at Google, Yahoo and other companies.

IBM said in January that it would spend $1.2 billion to build 15 new data centers, including in London, Hong Kong and Sydney, Australia, to lure foreign customers that are sensitive about the location of their data. Salesforce.com announced similar plans this month.

Germany and Brazil, where it was revealed that the NSA spied on government leaders, have been particularly adversarial toward U.S. companies and the government. Lawmakers, including in Germany, are considering legislation that would make it costly or even technically impossible for U.S. tech companies to operate inside their borders.

Yet some government officials say laws like this could have a motive other than protecting privacy. Shutting out U.S. companies “means more business for local companies,” Richard Clarke, a former White House counterterrorism adviser, said last month.