The cost of trust
When the secure email provider known as Lavabit, which National Security Agency (NSA) intelligence leaker Edward Snowden had used, abruptly ended its service, founder Ladar Levison couldn't go into details of the shutdown for legal reasons.
However, the message Levison posted on the Lavabit home page on Aug. 8 strongly implied that he'd been pressured by the U.S. government, which can compel Internet companies to hand over confidential user data. The companies must also comply with gag orders forbidding them to even reveal the existence of the government demands.
Levison's message ended with a cryptic warning: "I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States."
Mikko Hyppönen, a Finland-based security researcher, has also warned non-U.S. persons not to trust U.S. products.
"Frankly, U.S. cloud providers do not deserve foreign business as long as U.S. intelligence has legal right to do wholesale surveillance on them," Hyppönen tweeted.
Levison and Hyppönen are far from the only people whose trust in U.S.-based data companies has been shaken by recent revelations that the NSA "covertly influence[s]" these companies to gain access to their communications, according to formerly top-secret NSA documents leaked by Snowden and subsequently published by the New York Times and The Guardian.
The evidence of this loss of trust is in the numbers: the fallout from revelations about the NSA's massive communications-gathering program could cost U.S.-based cloud-computing providers such as Google, Apple and Microsoft up to a collective $35 billion in revenue over the next three years, according to a report by financial analyst Daniel Castro of the Information Technology and Innovation Foundation.
James Staton of market research firm Forrester predicts that the widespread mistrust of U.S.-based data companies is much higher, and could cost the industry as much as $180 billion, equivalent to a 25% revenue loss.
These numbers also account for increased competition from non-U.S. data companies, but even so, they clearly predict a growing mistrust of the U.S. government and, by extension, the companies under its jurisdiction.
However, the U.S. is not the only country to perform surveillance. "My view is that if you move your data to foreign servers, then you could open yourself up to surveillance by that country without necessarily avoiding surveillance by the NSA," said Jennifer Granick, the Director of Civil Liberties for the Center for Internet and Society at Stanford Law School.
So if you're concerned about your online privacy, what should you do?