Forrester: NSA Spying Could Cost Cloud $180B, But Probably Won't

itwbennett writes "Forrester's James Staten argues in a blog post that the U.S. cloud computing industry stands to lose as much as $180 billion, using the reasoning put forth by a well-circulated report from The Information Technology and Innovation Foundation that pegged potential losses closer to $35 billion. But Staten's real point is that when it comes down to it the cloud industry will likely not take much of a hit at all. Because as much as they voice their displeasure, turning back isn't really an option for businesses using the cloud."

"the cloud" is just mainframes again

[Dan667]

and all the problems of mainframes (like people spying on you) are being "rediscovered". The problems have not changed and no one will ever care about your data as much as you do.

Re:"the cloud" is just mainframes again

[Samantha+Wright]

So is this your way of saying you wouldn't be interested in a mini-cloud in every university department and medium-sized business, or perhaps a personal cloud you could run at home? What about a mobile cloud to put in your pocket? Admittedly, they'll be rather bulky and brick-like at first, but some day they might be as compact and lightweight as, say, a deck of cards or a pocket notebook.

Re:"the cloud" is just mainframes again

What?

I think what he's saying is we've spent the past 10 years giving up whatever privacy we gained during the PC revolution and (most of us) are back to the days when BOFHs & random spooks have access to our private bits.

Personally I haven't given up on mainframes entirely but for some services at least (personal email, personal photo sharing) I've moved from Google/Yahoo/etc. to imap & webspace at my alma mater.

Re:"the cloud" is just mainframes again

[cosm]

So is this your way of saying you wouldn't be interested in a mini-cloud in every university department and medium-sized business, or perhaps a personal cloud you could run at home? What about a mobile cloud to put in your pocket? Admittedly, they'll be rather bulky and brick-like at first, but some day they might be as compact and lightweight as, say, a deck of cards or a pocket notebook.

A mobile cloud to put in your pocket? If you're being satirical...kudos. If you're sincere...just...this. The cloud is not a mystical place bits go to evolve...it is just a loose metaphor for the aggregate of the large collection of SANs, multi-hop networks, and various application layers sourced to pull a metic fuck-ton of bits from many locations scattered about in IRL back to your wetware's optical inputs when requested...

Re: "the cloud" is just mainframes again

[crdotson]

If by "mainframe" you mean, "it's the 1980s and I use the term 'mainframe' for any vague computer concept I don't understand," then, sure. :)

Re:"the cloud" is just mainframes again

[s.petry]

This is the answer we have been telling people to keep ever since... well, always!! Businesses dropped common sense for price. Second on the list was usability, and last was security if it was thought about at all. While that would not have protected "Free" email accounts from being tapped so easily, it would have prevented the corporate espionage that the US has allegedly been involved in. Go ahead and Google search "nsa spying corporate espionage" if you want citation, you will find more links than you can read this week.

Third world countries may be able to plead ignorance, or perhaps being duped by various Governments and their agencies. The US, EU, UK, China, Russia, etc.. should all know better but chose to ignore people that work in the field.

Two years to go

[Okian+Warrior]

It'll take about two years for this problem to disappear.

There's an enormous monetary incentive for cloud services to implement good privacy. Anyone who doesn't implement it will get their lunch eaten by someone who does.

There's already a massive exodus away from US based servers, both at home and abroad. People are thinking through the ramifications of having their sensitive information used as "incentives" to help business. Your client lists, sales information, costs and accounting - if any part of your local network is in the cloud, the US can rifle through it and trade the information to another company in return for help fighting terrorism. Many people will choose to believe that this is not happening, but what the heck - who can tell any more?

This is a self-correcting problem.

Mega has announced an encrypted E-mail service, the client software will be open for public inspection, and none of it will be hosted on US servers.

Google has admitted in court that they don't think users have an expectation of privacy.

Which E-mail service would you rather use? The one from a sleazy convicted criminal, but with impenetrable security? Or the one from a company that always rifles through the contents, but promises to only do it for the better good?

Re:Two years to go

[rtb61]

The real question is will US three letter agencies bloated top heavy with for profit corporate contractors, simply indulge themselves in industrial espionage, there are just hundreds of billions to be made. Will they see an opportunity for inside trading on shares again billions to be made and just a key press away on the cloud.

How many countries will be stupid enough to allow this to happen, not just in global markets but locally in their markets. How destructive could the US become in economic warfare, how destructive could all the for profit corporate contractors neck deep in US intelligence agencies in their quest for profits.

Seriously will they resist the temptation to strip mine other countries economies, buy up all the assets and leave everyone beholding to the US. Stop and really think about what can be fiscally done when you have free access to the business cloud, every business email, every business phone call and can hack into every business network. Total global financial control and can't US corporations be trusted with that, ABSOLUTELY FUCKING NOT.

Re:Two years to go

[s.petry]

It's a much more complex fix which will basically cause an upheaval in all major current world powers in terms of throwing out politicians. What most people are not looking at with the Snowden leak is that the NSA and Germany were very clearly working hand in hand, sharing data on people that someone didn't like. The same can be said about the US and UK, and the US and France, and the US and Spain, etc.. etc... What makes you believe that those connections are simply bi-directional? There is a lot of anecdotal evidence which should make you question how deep this rabbit hole really goes.

In many cases, the targets were people that did not agree with the politics in either country. Look at how effectively the US and Germany have shut down any and all political dissent. Media won't touch protesters except to mention the "unpatriotic criminals", police show up in mass at rallies and protests, protesters are detained harassed at the orders of higher ups. If it's illegal for the US to spy on citizens, how did they know an impromptu rally was happening in a certain location? The obvious answer is that someone else provided them data because that was a legal loophole.

It's not just the US that needs to consider removing the political class and going back to what Socrates said when he defined the Republic. That change is needed very much globally. In case you didn't read Plato's "The Republic" Socrates was very clear than in order for a Government to serve the people, the people and government should never allow a Political class. Duties of Representation need to be shared among community members, not held by people willing to leach off of society.

Open Source Failure

[buswolley]

My information is my private property.

Why isn't there a "simple" host your own "data manager" for people that will be their "email, social, storage server"?

If opensource had a cause, that should be it,

Murmurs from an internet nobody.

[EmperorOfCanada]

I recently took a course on Cryptography and the guy basically showed that with system after system that if he could pick just the tiniest thread loose he just tossed the algorithm into the junk heap. One of the other mantras was don't roll your own; you don't have enough Phds. But when it came to things like AES he seemed pretty confident. At the time of the course I nodded my head and wasn't thinking paranoid thoughts. But if we have learned anything this last month it is that you can take your typical person you once dismissed as paranoid and multiply their ravings by 3.

So my paranoid raving #1 is that they can break any of the common encryption schemes. Some mathematicians might say pshaw but hey this is now a post Snowden world. If commonly accepted encryption isn't broken then yay!

But for those with real good data such as bankers who don't want the NSA handing the data over to Goldman Sachs (why not as they make for great conspiracy fodder) then I would only use one time pad encryption. Good luck finding a mathematically loose thread there. A simple way to do one time pad encryption is just like the old spies. You send say 5 people over to your destination each with a different 1TB memory chip containing truly random data. (radioactive decay, xored with rain xored with a lava lamp) Then when you transmit data you xor it through all 5 layers of random data.

But as for the article if I were in Europe I would move my servers to Europe tomorrow. These government goons all think alike so I suspect that even the Euro police will cooperate anyway; they'll just deny it in a different accent. For instance, I sit in Canada and don't believe for one second that the local police wouldn't pee themselves with delight if the us Feds asked them to do something.

So the giant rethink in many security setups will have to be EVERYTHING that I don't control is completely compromised. Even individual employees could be compromised. Thus I would only use data schemes that would require the blackmailing/threatening/screwing of many employees.

But the simple reality is that this requires everyone to become a Rosa Parks. Every employee at these big companies needs to step out and spill the entire truth. If one person comes out they are Snowden II. If 100 come out the party is over.

Wait till governments get involved

[Camael]

Because as much as they voice their displeasure, turning back isn't really an option for businesses using the cloud.

Maybe in the US, but worldwide is a different matter. Governments could easily force the issue by forbidding the use of US cloud companies, especially for their companies that deal with issues of defence and national security.

Lest you think its farfetched, China already bans the use of Google, Facebook, Twitter, YouTube, and FourSquare in China. Local alternatives such as Sina, Tencent, qq etc. took their places fairly quickly. After PRISM, more governments may follow suit.

Re:Wait till governments get involved

[EmperorArthur]

The EU is already considering requiring all companies to only use servers that comply with EU privacy regs. The US doesn't. That alone accounts for quite a bit of lost business. I'm pretty sure that in the face of, "Don't use US servers or we'll seize all your assets," that companies will reconsider the, "not an option."

Re:Facinating...

[profplump]

The harm caused by exposing these programs isn't a result of their exposure -- the programs are harmful in their own right, whether or not they are exposed.

Essentially you're arguing that if Warren Buffet murdered someone the government would be justified in keeping it a secret because exposing his crime would disrupt his economic contributions.