Spying by the National Security Agency and increasing demands by the feds for client data continues costing U.S. IT giants billions in lost revenue while also damaging reputations of the American company’s themselves.
That’s the assertion by Electronic Frontier Foundation legislative analyst Mark Jaycox. Based on NSA documents leaked by fugitive Edward Snowden, successful agency programs, like surreptitiously inserting backdoor trojans into U.S. manufactured hardware destined for foreign customers, likely continue despite the firestorm the disclosures created.
“The NSA is like any other bureaucracy. Government programs that work continue. Ones that don’t are stopped. And then they try new ones,” Jaycox said.
Jaycox pointed out that the fallout has instilled a climate of suspicion that has affected myriad U.S. tech and telecommunication firms. Jaycox said his research derived from available NSA-related documents and U.S. corporate quarterly earnings, like Cisco’s, where executives have elucidated on the damage done to business by the revelations.
“NSA spying has impacted cloud-based company’s, telecos, software, everything across the board for U.S. firms,” Jaycox said.
In fact, after Cisco learned some of their products were being back-doored with NSA trojan malware, the company blasted the agency and the U.S. government for adversely affecting their bottom line. Indeed, a Cisco spokesperson emailed this response to VentureBeat late Wednesday.
“Cisco was actually one of the companies to acknowledge potential impacts on our business, discussing geopolitical factors in China during our November 2013 earnings call. While security has always been a high priority for our customers, we find it more significant today than ever before. These are conversations we want to have with our customers, and we welcome the opportunity to share our holistic approach to product security and how each customer can best protect and secure their network and data.”
Jaycox recently returned to the Bay Area after co-chairing a talk at the Black Hat security conference in Las Vegas last week about the NSA’s global metadata collection programs, including penetrating the likes of Apple, Facebook, Google, Twitter, and many others.
A former NSA official agreed, and said many customers of U.S. hardware and software had been forced to look at alternatives like the Chinese firm Huawei, who U.S. intelligence believes has a strong working relationship with China’s military and security services.
“The constant stream of news about NSA’s activities has raised broader questions, particularly internationally, about the security of technologies coming from US companies,” the former NSA official said.
“This has been measurably hitting the bottom lines of companies like Cisco and Juniper and caused many companies to look to alternatives like Huawei,” the former NSA official said, “this despite the fact that many companies particularly in China have ties to their own militaries when the technologies can be considered strategic.”
The agency’s budget is classified, but James Bamford, who has written five books on the NSA and knows the inside of the agency like no other, pegged it at $10.5 billion for fiscal 2013. That figure is likely to be higher this year in keeping with increased demands on the agency in light of the terror fight and boosting secrets from foreign firms competing with the U.S.
German politicians last year urged citizens and companies to take appropriate measures to evade the NSA’s electronic collection efforts. One way they said was to avoid storing and sending data through U.S. cloud-based firms.
Indeed, Germany Interior Minister Hans-Peter Friedrich declared after the scope of the NSA efforts were revealed that “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.”
Jörg-Uwe Hahn, a German justice minister, later called for a boycott of U.S. companies.
To be sure, some of the reactions lean toward hysteria. That’s because the final tally of the damage is still being counted, but again, we’ll likely never know the true extent of the blowback. In the world of signals intelligence, smoke and mirrors speaks volumes of the true extent, and methodology, of metadata collection.
Jaycox cited an Information Technology and Innovation Foundation report from 2013 that found the U.S. cloud computing industry, and its subjugation by U.S. intelligence agencies, for example, is forcing European nations to look inward to build their own capabilities while increasingly shunning American technology firms.
“There are quite a few points when it comes to NSA’s adverse consequences on the US tech sector. There’s the actual revenue lost, there’s the [reputation] damage, and there’s the loss of our tech leadership in industries like cloud computing,” Jaycox said.
Jaycox used San Jose, Calif.-based Cisco Systems as a prime example. Cisco released its quarterly earnings today.
“The [reputation] damage is closely linked with the potential decline in our tech leadership. One clear case of [reputation] damage is Cisco. The company reported a 12 percent slump in sales. And as the Financial Times reported, orders in Brazil saw a 25 percent drop, while orders in Russia saw a 30 percent drop,” Jaycox said.
“Cisco executives were quoted as saying the NSA’s activities have created ‘a level of uncertainty or concern’ that will have a deleterious impact on a wide-range of tech companies.”
A blog post on Cisco’s website in May went one step further:
“This week a number of media outlets reported another serious allegation: that the National Security Agency took steps to compromise IT products enroute to customers, including Cisco products. We comply with US laws, like those of many other countries, which limit exports to certain customers and destinations; we ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry.”
Indeed, VentureBeat reported last week that U.S. intelligence officials strongly believe that Snowden’s leaks to the Guardian and other media outlets like Germany’s Der Spiegel is behind a sudden burst of recent raids and investigations by Chinese authorities against Microsoft.
A ranking former U.S. intelligence official told VentureBeat last week that while they believe Snowden is behind the Chinese actions, and also recent moves by Russian President Vladimir Putin against America IT firms, they lack proof.
“We just don’t know,” the former intelligence official, who maintains contacts within the current administration, said.
The ITIF report estimated that the U.S. cloud computing sector’s short-term losses related to the leaks will cost Cisco between $22 and $35 billion in lost revenue. Jaycox said those numbers are middle range, and the report states that the numbers ultimately could be much higher.
Jaycox said the revelations are forcing international companies away from U.S.-based products. Peer 1 Hosting, a cloud hosting company based in Vancouver, said in a recent study that 25 percent of the 300 British and Canadian companies surveyed asserted they were terminating business contacts with U.S. data hosting services out of fear they had been compromised by American intelligence.
The Peer 1 report stated:
“25 percent (of these companies) will move their company data outside of the U.S. due to NSA-related privacy and security concerns. Canadian companies are even more likely to relocate data than UK companies, with one in three saying they will move away from U.S. data centers.
Privacy concerns are growing after the NSA scandals and the “summer of Snowden,” with 82 percent of companies indicating that privacy laws are a top concern when choosing where to host their data. Further, 81 percent want to know exactly where their data is being hosted.”
The final tally and effects of Snowden’s actions is likely never to be fully quantified. But the reports paint a disconcerting picture of long-term damage done by the perception that U.S. firms have been successfully compromised, or worse, colluding with the NSA, and are untrustworthy.
Jaycox said that ultimately, the NSA can only do as much as it’s budget allows it to do.
“Just like any agency, the NSA’s resources are not finite. They monitor to see what programs are producing. They’re still confined to what they can spend,” he said. “And no one knows it except people at the NSA.”