It’s hard to believe it has been a little over 18 months since Edward Snowden first revealed information about the NSA’s secret surveillance programs to the world. Since that day in June 2013 data privacy and security, specifically in the cloud, have taken on a whole new level of criticality. Organizations all over the world have had to adjust accordingly – creating advanced security features, adhering to more compliance protocols, hiring dedicated security/privacy officers, and even launching PRISM-proof products.
The US government has taken a notable action of putting together a new bill called the USA Freedom Act. Few people realize the act is a backronym, which is a specially constructed acronym created to fit an existing word, that stands for “Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act”, was brought into Congress just months after the leak, in October of 2013. Led by Senators Jim Sensenbrenner and Patrick Leahy, the bill was ultimately meant to end mass collection of Americans’ data and create a much higher level of transparency between the Government and the public regarding how data is being collected.
While many of the major tech companies in the US, such as Google, Microsoft, and Facebook were in favor of the bill, their combined market cap of over $1 trillion and overall clout was not enough to get the bill passed by Congress. The bill was halted in the Senate after falling just two votes shy of the required 60. The main opposition to the bill was that it would tie the government’s hands in defending our country against terrorism.
While national security is a vital and valid concern, it is widely agreed that the current programs in place are overstepping boundaries and are in violation of Americans’ Fourth Amendment rights. One step further, I see the violation as the single ‘drop of water’ causing a very negative ripple effect all over the world. Businesses are suffering and so are the cloud providers who are servicing them. If the cloud companies are unable to protect their customers’ data efficiently, they will have a serious churn problem on their hands.
Let’s take a look at some of the effects felt by businesses in the US and overseas as a result of the failed USA Freedom act:
As far as security, regulation, and compliance goes, Europe was already miles ahead of the United States. As we suffer breaches like Target, or the most recent Sony disaster, the European government is able to see holes in the US system and address them accordingly. While it has been in discussion for some time, the European Commission continues to make progressive adjustments to their General Data Protection Regulation (GDPR). This new set of regulations would protect the privacy of their citizens much more thoroughly than anything we have in place in the US. As a result, American businesses will have to comply to any and all EU regulations before they can even begin to think about doing business overseas.
The fastest way for a business to lose money is to lose customers. If customers cannot trust that their private information will be protected by cloud companies, they tend to stop doing business with them – and possibly in the cloud all together. As a direct result of a lack of trust in American security protocols, the slippery slope looks to be getting worse, putting millions (if not billions) of dollars in jeopardy.
Gary Shapiro, the CEO of the Consumer Electronics Association, expressed his concerns for business, both domestically and internationally, in an open letter supporting the USA Freedom Act, saying “Several companies, including members of CEA, have already lost contracts with foreign governments worth millions of dollars.”
By rejecting the USA Freedom Act last month, the Senate created even more FUD (fear, uncertainty, and doubt) between businesses and their customers. Without realizing the ramifications of their actions, the government forced businesses into reacting to the fallout. It has now become the job of US companies to spend valuable resources on gaining trust back from their customers and creating ways to protect them from government spying. Considering a lot of companies are not built or designed for this kind of development, there is a major shift in focus towards “fire-fighting” and unfortunately innovation suffers as a consequence.
As many still consider the US to be in the middle of a “tech bubble 2.0”, the bubble could soon pop if we can’t find a way to address these data privacy issues. If we can’t come to a consensus on a bill like the USA Freedom Act, which was a progressive step forward the US may be facing its toughest global competitor yet: itself.
By Vineet Jain