Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forrester: NSA Spying Could Cost Cloud $180B, But Probably Won't

Posted by samzenpus on from the chips-all-in dept.

itwbennett writes "Forrester's James Staten argues in a blog post that the U.S. cloud computing industry stands to lose as much as $180 billion, using the reasoning put forth by a well-circulated report from The Information Technology and Innovation Foundation that pegged potential losses closer to $35 billion. But Staten's real point is that when it comes down to it the cloud industry will likely not take much of a hit at all. Because as much as they voice their displeasure, turning back isn't really an option for businesses using the cloud."

23 of 136 comments (clear)

  1. "the cloud" is just mainframes again by Dan667 · · Score: 5, Insightful

    and all the problems of mainframes (like people spying on you) are being "rediscovered". The problems have not changed and no one will ever care about your data as much as you do.

    1. Re:"the cloud" is just mainframes again by Samantha+Wright · · Score: 5, Funny

      So is this your way of saying you wouldn't be interested in a mini-cloud in every university department and medium-sized business, or perhaps a personal cloud you could run at home? What about a mobile cloud to put in your pocket? Admittedly, they'll be rather bulky and brick-like at first, but some day they might be as compact and lightweight as, say, a deck of cards or a pocket notebook.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    2. Re:"the cloud" is just mainframes again by Dan667 · · Score: 2, Insightful

      or switching back to their own hardware.

    3. Re:"the cloud" is just mainframes again by Anonymous Coward · · Score: 3, Interesting

      What?

      I think what he's saying is we've spent the past 10 years giving up whatever privacy we gained during the PC revolution and (most of us) are back to the days when BOFHs & random spooks have access to our private bits.

      Personally I haven't given up on mainframes entirely but for some services at least (personal email, personal photo sharing) I've moved from Google/Yahoo/etc. to imap & webspace at my alma mater.

    4. Re:"the cloud" is just mainframes again by cosm · · Score: 3, Insightful

      So is this your way of saying you wouldn't be interested in a mini-cloud in every university department and medium-sized business, or perhaps a personal cloud you could run at home? What about a mobile cloud to put in your pocket? Admittedly, they'll be rather bulky and brick-like at first, but some day they might be as compact and lightweight as, say, a deck of cards or a pocket notebook.

      A mobile cloud to put in your pocket? If you're being satirical...kudos. If you're sincere...just...this. The cloud is not a mystical place bits go to evolve...it is just a loose metaphor for the aggregate of the large collection of SANs, multi-hop networks, and various application layers sourced to pull a metic fuck-ton of bits from many locations scattered about in IRL back to your wetware's optical inputs when requested...

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    5. Re:"the cloud" is just mainframes again by subreality · · Score: 2

      Not exactly. To the business world "The Cloud" means IaaS: outsourcing their datacenters. They're going from racked servers and storage that they own to racked servers and storage that someone else maintains.

      Your point about "mainframes again" applies more to SaaS where people replace their email client and word processor with a web app.

    6. Re: "the cloud" is just mainframes again by crdotson · · Score: 5, Funny

      If by "mainframe" you mean, "it's the 1980s and I use the term 'mainframe' for any vague computer concept I don't understand," then, sure. :)

    7. Re:"the cloud" is just mainframes again by s.petry · · Score: 3, Insightful

      This is the answer we have been telling people to keep ever since... well, always!! Businesses dropped common sense for price. Second on the list was usability, and last was security if it was thought about at all. While that would not have protected "Free" email accounts from being tapped so easily, it would have prevented the corporate espionage that the US has allegedly been involved in. Go ahead and Google search "nsa spying corporate espionage" if you want citation, you will find more links than you can read this week.

      Third world countries may be able to plead ignorance, or perhaps being duped by various Governments and their agencies. The US, EU, UK, China, Russia, etc.. should all know better but chose to ignore people that work in the field.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    8. Re:"the cloud" is just mainframes again by drinkypoo · · Score: 2

      It really isn't, although it has many of the same problems. It also solves some problems mainframes don't solve, like availability; if your building is crushed by a meteor or some other such improbable event, even the mainframes of old which could survive crashing through to the floor below while pulling their mains cables with them will be lost. But in a cloud computing scenario, in theory your field agents can continue working without even being aware that the home office has been consumed by fire. This in turn brings up a new problem; with a mainframe at least you knew who was spying on you. With the cloud, anyone could have access to your data, anytime, anywhere.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    9. Re:"the cloud" is just mainframes again by s.petry · · Score: 2

      Are you really trying to claim that you must trust that the Government is "good" and "innocent" when proof is absent? Do you know how many people were called "crazy conspiracy theorists" that were warning people about the Government trying to entrap MLK? Then we read about COINTELPRO and Operation Mocking Bird later, and find out they were correct. Do you know how many people said that the Government was poisoning people in St. Louis and were called "Crazy Conspiracy Nuts" just to find out later the US Government was dumping radioactive isotopes on them? NOTE: I'm not bothering to provide links to COINTELPRO, it's too easy to find.

      Those are two very easy examples out of thousands! If you read what architects and engineers ask about 9/11 you will find many very high quality questions.

      I agree that counting Google hits is not a way to measure the truth, but if you actually read some of the content you should be questioning what people tell you.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  2. Two years to go by Okian+Warrior · · Score: 4, Insightful

    It'll take about two years for this problem to disappear.

    There's an enormous monetary incentive for cloud services to implement good privacy. Anyone who doesn't implement it will get their lunch eaten by someone who does.

    There's already a massive exodus away from US based servers, both at home and abroad. People are thinking through the ramifications of having their sensitive information used as "incentives" to help business. Your client lists, sales information, costs and accounting - if any part of your local network is in the cloud, the US can rifle through it and trade the information to another company in return for help fighting terrorism. Many people will choose to believe that this is not happening, but what the heck - who can tell any more?

    This is a self-correcting problem.

    Mega has announced an encrypted E-mail service, the client software will be open for public inspection, and none of it will be hosted on US servers.

    Google has admitted in court that they don't think users have an expectation of privacy.

    Which E-mail service would you rather use? The one from a sleazy convicted criminal, but with impenetrable security? Or the one from a company that always rifles through the contents, but promises to only do it for the better good?

    1. Re:Two years to go by rtb61 · · Score: 4, Insightful

      The real question is will US three letter agencies bloated top heavy with for profit corporate contractors, simply indulge themselves in industrial espionage, there are just hundreds of billions to be made. Will they see an opportunity for inside trading on shares again billions to be made and just a key press away on the cloud.

      How many countries will be stupid enough to allow this to happen, not just in global markets but locally in their markets. How destructive could the US become in economic warfare, how destructive could all the for profit corporate contractors neck deep in US intelligence agencies in their quest for profits.

      Seriously will they resist the temptation to strip mine other countries economies, buy up all the assets and leave everyone beholding to the US. Stop and really think about what can be fiscally done when you have free access to the business cloud, every business email, every business phone call and can hack into every business network. Total global financial control and can't US corporations be trusted with that, ABSOLUTELY FUCKING NOT.

      --
      Chaos - everything, everywhere, everywhen
    2. Re:Two years to go by s.petry · · Score: 3, Insightful

      It's a much more complex fix which will basically cause an upheaval in all major current world powers in terms of throwing out politicians. What most people are not looking at with the Snowden leak is that the NSA and Germany were very clearly working hand in hand, sharing data on people that someone didn't like. The same can be said about the US and UK, and the US and France, and the US and Spain, etc.. etc... What makes you believe that those connections are simply bi-directional? There is a lot of anecdotal evidence which should make you question how deep this rabbit hole really goes.

      In many cases, the targets were people that did not agree with the politics in either country. Look at how effectively the US and Germany have shut down any and all political dissent. Media won't touch protesters except to mention the "unpatriotic criminals", police show up in mass at rallies and protests, protesters are detained harassed at the orders of higher ups. If it's illegal for the US to spy on citizens, how did they know an impromptu rally was happening in a certain location? The obvious answer is that someone else provided them data because that was a legal loophole.

      It's not just the US that needs to consider removing the political class and going back to what Socrates said when he defined the Republic. That change is needed very much globally. In case you didn't read Plato's "The Republic" Socrates was very clear than in order for a Government to serve the people, the people and government should never allow a Political class. Duties of Representation need to be shared among community members, not held by people willing to leach off of society.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  3. Open Source Failure by buswolley · · Score: 5, Insightful
    My information is my private property.

    Why isn't there a "simple" host your own "data manager" for people that will be their "email, social, storage server"?

    If opensource had a cause, that should be it,

    --

    A Good Troll is better than a Bad Human.

  4. Re:lolwut? by Anonymous Coward · · Score: 2, Interesting

    The idea that businesses are going to jump ship because of NSA spying is ridiculous.

    Then you're not paying attention; some already have.

    For one thing, most countries are doing the same thing the NSA is doing.

    [citation needed]

  5. Murmurs from an internet nobody. by EmperorOfCanada · · Score: 4, Interesting

    I recently took a course on Cryptography and the guy basically showed that with system after system that if he could pick just the tiniest thread loose he just tossed the algorithm into the junk heap. One of the other mantras was don't roll your own; you don't have enough Phds. But when it came to things like AES he seemed pretty confident. At the time of the course I nodded my head and wasn't thinking paranoid thoughts. But if we have learned anything this last month it is that you can take your typical person you once dismissed as paranoid and multiply their ravings by 3.

    So my paranoid raving #1 is that they can break any of the common encryption schemes. Some mathematicians might say pshaw but hey this is now a post Snowden world. If commonly accepted encryption isn't broken then yay!

    But for those with real good data such as bankers who don't want the NSA handing the data over to Goldman Sachs (why not as they make for great conspiracy fodder) then I would only use one time pad encryption. Good luck finding a mathematically loose thread there. A simple way to do one time pad encryption is just like the old spies. You send say 5 people over to your destination each with a different 1TB memory chip containing truly random data. (radioactive decay, xored with rain xored with a lava lamp) Then when you transmit data you xor it through all 5 layers of random data.

    But as for the article if I were in Europe I would move my servers to Europe tomorrow. These government goons all think alike so I suspect that even the Euro police will cooperate anyway; they'll just deny it in a different accent. For instance, I sit in Canada and don't believe for one second that the local police wouldn't pee themselves with delight if the us Feds asked them to do something.

    So the giant rethink in many security setups will have to be EVERYTHING that I don't control is completely compromised. Even individual employees could be compromised. Thus I would only use data schemes that would require the blackmailing/threatening/screwing of many employees.

    But the simple reality is that this requires everyone to become a Rosa Parks. Every employee at these big companies needs to step out and spill the entire truth. If one person comes out they are Snowden II. If 100 come out the party is over.

  6. Wait till governments get involved by Camael · · Score: 3, Informative

    Because as much as they voice their displeasure, turning back isn't really an option for businesses using the cloud.

    Maybe in the US, but worldwide is a different matter. Governments could easily force the issue by forbidding the use of US cloud companies, especially for their companies that deal with issues of defence and national security.

    Lest you think its farfetched, China already bans the use of Google, Facebook, Twitter, YouTube, and FourSquare in China. Local alternatives such as Sina, Tencent, qq etc. took their places fairly quickly. After PRISM, more governments may follow suit.

    1. Re:Wait till governments get involved by EmperorArthur · · Score: 3, Informative

      The EU is already considering requiring all companies to only use servers that comply with EU privacy regs. The US doesn't. That alone accounts for quite a bit of lost business. I'm pretty sure that in the face of, "Don't use US servers or we'll seize all your assets," that companies will reconsider the, "not an option."

      --
      So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
    2. Re:Wait till governments get involved by am+2k · · Score: 2

      Not quite, the EU already requires adherence to the privacy regulations. The only thing that is discussed right now is the problem that it's officially ok to use the US, even though its companies actually aren't adhering to them.

  7. Big Brother & Cloud Computing by lionchild · · Score: 2

    If big business, or any sort of business, that employs cloud computing models becomes truly concerned about the security of their data, that Big Brother is getting a copy of everything, then they'll either move their data outside the reach of Big Brother, they'll encrypt everything and leave a speed bump to be overcome, or they'll embed their own personnel in the data center so they'll know when a mysterious new server shows up that's mirroring their data traffic. Or, they'll not use cloud computing on someone else's cloud, they'll have their own, run by their own data center.

    Now, as for SMB, that's where you'll find a market for non-US based cloud systems, IMHO. And, being non-US, outside the reach of Big Brother, they may be willing to pay a little more, not a lot, than going rate for cloud systems that are US-based.

    --
    Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
  8. Re:lolwut? by DeSigna · · Score: 2

    Then you're not paying attention; some already have.

    Agreed. In every discussion I've had with customers about IaaS and cloud, the security aspect has been the #1 topic of conversation brought up by the customer. Closely followed by performance.

    Businesses of all sizes and industries are very interested in all this mess in the cloud space.

  9. Re:Facinating... by profplump · · Score: 5, Insightful

    The harm caused by exposing these programs isn't a result of their exposure -- the programs are harmful in their own right, whether or not they are exposed.

    Essentially you're arguing that if Warren Buffet murdered someone the government would be justified in keeping it a secret because exposing his crime would disrupt his economic contributions.

  10. Re:lolwut? by CRCulver · · Score: 2

    The NSA needs a lot of "cloud" to process all that data they're collecting... Amazon and several other vendors have been jumping at the chance to create 'government cloud' services... several are in production now.

    Creation of computing infrastructure for a government three-letter agency does not compensate for loss of trade to other countries. Making something for the government does not contribute to the economy unless its innovations flow back to the market, as the government is using tax money raised from the market to pay for it.

    This is not the Apollo program where all kinds of great inventions paid for by taxpayer money went on to be used in civilian manufacturing processes and ultimately boosted the economy. In this case, whatever great things are created for the NSA are not likely to be declassified for decades.