Clear restrictions on electronic surveillance by the National Security Agency is the best way to avoid economic damage to U.S. tech companies tainted by revelations of massive data collection on U.S. and foreign citizens, experts say.
The fallout from NSA activity, revealed through the release of classified documents by former agency contractor Edward Snowden, could include as much as $35 billion in lost business to U.S. cloud service providers over the next three years, according to a recent study by The Information Technology & Innovation Foundation. Most of that business would go to foreign rivals.
U.S.-based encrypted email services are also feeling the pain. Two providers, Lavabit and Silent Circle, shutdown their services this week, saying that under current U.S. law governing the NSA they could not provide the level of secrecy their clients demand.
"Over the long run I fear that Mr. Snowden has not only done irreparable harm to U.S. intelligence gathering capabilities, but also to the competitiveness of the U.S. IT industry," said Al Pascual, a senior analyst for Javelin Strategy and Research.
When it comes to collecting electronic data to combat terrorism and criminal activity, the U.S. government is no different than its counterparts in Europe, where companies are using the NSA revelations for competitive advantage, experts say.
The difference is U.S. activity, which included siphoning call data from Verizon and user information from Google, Facebook, Microsoft and other Internet companies, was exposed.
As a result, the U.S. is in a public relations mess that foreign cloud service providers can take advantage of, particular since the data collection revolved around finding possible terrorists overseas.
"There's a lot of showboating going on here by some foreign officials," said Adam Thierer, a senior research fellow at the Mercatus Center in George Mason University.
The grandstanding, from Europe, was cited in the ITIF report. Jean-Francois Audenard, the cloud security adviser for France Telecom, was quoted as saying, "It's extremely important to have the governments of Europe take care of this issue because if all the data of enterprises were going to be under the control of the U.S., it's not really good for the future of the European people."
There is no evidence that the NSA is gathering sensitive information from European companies, but its mandate to operate in secrecy prevents the spy agency from disclosing exactly what it gathers and how it uses it.
That means it is up to the U.S. government to take away the ammunition of critics overseas by becoming far more open about what the surveillance programs do, how far their reach is in and outside the U.S., and what the restrictions are to limit the impact on the privacy of innocent people, Thierer said. This greater transparency must be coupled with demonstrated restraint in data gathering.
Sign up for CIO Asia eNewsletters.