Safety no longer guaranteed
Given even the big tech firms are unaware of these gaps, there's no way then of knowing that a user's data safe.
In the event that the big tech firm's -- by their own admission -- were unaware of government monitoring of their services, then users are left in a position in which they now know their service providers cannot in sincerity guarantee their data is safe.
That's less of a problem for US users, as the PRISM story does suggest their data is protected by some elements of the Constitution. However, international users are fair game, apparently.
Given the sheer quantity of international data passing across various cloud services into servers based in the US, that's a big concern.
It's not just a concern for blameless, guilt-free individuals who don't want governments, or anyone else, snooping through their information; it's also a huge concern for businesses that are increasingly storing confidential business data in the cloud.
Given competition is international, many businesses should now be asking themselves if they can trust their cloud service provider, particularly if that provider happens to be Google, Amazon, Microsoft...
In addition, if Microsoft, Apple, Google and Yahoo were unaware surveillance was taking place, what hope is there for security from smaller cloud service providers?
It is of course possible these firms were aware of PRISM, but have been required to deny it for reasons of "national security." Does that make it any better?
Of course not: It means, once again, that international business have been subject to routine surveillance of their data with very little oversight.
Who watches the Watchmen?
Perhaps that's fine in a perfect world, but in this imperfect world just how long might it be until confidential business secrets are stolen from cloud-based servers in order to be sold to the highest bidder by some rogue security professional? Human nature says this is likely to happen at some point, even if it hasn't already.
The cloud has been compromised.
In order for these services to become the main foundation of the Post-PC future, users are utterly justified in demanding binding commitments to security from service providers.
If such a commitment cannot be made, then business users may as well publish every slice of their confidential data to a public blog. That's even before they consider that if the US is engaged in such surveillance, others are probably engaged in it, too.
It is surely time for an internationally binding Bill of Digital Rights in which privacy is enshrined. However, even if there were such a Bill, would governments respect the spirit of it? In the words of Alan Moore, "Who watches the watchmen?"
Sign up for CIO Asia eNewsletters.