Analytics // Security Monitoring
11/27/2013
01:10 PM
Connect Directly
RSS
E-Mail
100%
0%

NSA Surveillance Fallout Costs IT Industry Billions

Analysts predict US tech companies may lose $180 billion by 2016 due to international concerns about intelligence agencies' spying.

10 Cool DARPA Projects In Development
10 Cool DARPA Projects In Development
(click image for larger view)

Creating a massive digital dragnet designed to help U.S. intelligence agencies spot terrorists before they can strike might sound great in the abstract. But what are the real-world implications?

For US technology firms that sell hardware, software, and services, that would be a collective loss of $22 billion to $35 billion through 2016 due to foreign businesses and governments worrying if the National Security Agency (NSA) can spy on those products or services. That figure comes via the Information Technology & Innovation Foundation (ITIF), a Washington-based policy research group backed by many leading technology firms, including Cisco, Google, IBM, and Intel.

"The potential fallout is pretty huge given how much our economy depends on the information economy for its growth," Rebecca MacKinnon, a senior fellow at Washington-based policy group New America Foundation, told Bloomberg. "It's increasingly where the U.S. advantage lies."

[ Government data mining is here to stay, and it puts your confidential business data at risk. See NSA Surveillance: First Prism, Now Muscled Out Of Cloud .]

But by other analysts' reckoning, however, the ITIF's estimate is too low. Forrester, for example, recently estimated that losses for cloud businesses -- that market is lead by HP, Cisco Systems, and Microsoft -- and managed service providers (MSPs) would total $180 billion through 2016. For comparison's sake, that would be equivalent to about 25% of the annual US defense budget, including spending on the Iraq and Afghanistan wars. Furthermore, Forrester estimated that cloud providers and MSPs might see their revenues decline by 20% over the next three years.

"If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks," Sen. Ron Wyden (D-Ore.) said last month at a Cato Institute conference, The Washington Times reported. Likewise, Rep. James Sensenbrenner (R-Wis.), who authored the Patriot Act, which the White House said authorizes the NSA's digital dragnet, has accused the intelligence agency of overreaching. Some critics, however, have asked why Congressional oversight mechanisms failed to rein in the NSA's surveillance programs.

Still, don't blame just Congress, the White House, or the NSA for the expected business fallout, Forrester analyst James Staten said earlier this year in a blog post. "It's naive and dangerous to think that the NSA's actions are unique. Nearly every developed nation on the planet has a similar intelligence arm which isn't as forthcoming about its procedures for requesting and gaining access to service provider -- and ultimately corporate -- data," he said. For example, Germany's G10 act empowers that country's intelligence agencies to "monitor telecommunications traffic without a court order," he said.

Many technology firms say they've already seen the NSA surveillance scandal start to hit their bottom line. For example, Cisco, which is the world's largest networking equipment manufacturer, recently blamed the NSA revelations for causing buying hesitation in some emerging markets. While Cisco said it had seen only "nominal" concern over the NSA in many countries, it did see a 12% decline in sales in emerging markets, with Chinese buyers, especially, becoming more wary. "It's not having a material impact, but it's certainly causing people to stop and then rethink decisions, and that is reflected in our results," said Robert Lloyd, Cisco's president of development and sales, during a Nov. 13 conference call that reported good earnings, but a bad outlook.

That same day, Richard Salgado, Google's director of law enforcement and information security, warned the Senate Judiciary Subcommittee on Privacy, Technology, and the Law that the NSA's spying activities had caused governments in some countries -- including Brazil and Norway -- to rethink how they'll procure cloud services or work with US firms. Brazil, for example, has introduced a bill that would require service providers such as Google to store all Brazilian data in the country or risk massive fines.

Salgado, in his testimony, said those types of efforts could undermine today's Internet. "If data localization and other efforts are successful, then what we will face is the effective Balkanization of the Internet and the creation of a 'splinternet' broken up into smaller national and regional pieces with barriers around each of the splintered Internets to replace the global Internet we know today," he said.

The use of cloud technology is booming, often offering the only way to meet customers', employees' and partners' rapidly rising requirements. But IT pros are rightly nervous about a lack of visibility into the security of data in the cloud. In this Dark Reading report, Integrating Vulnerability Management Into The Application Development Process, we put the risk in context and offer recommendations for products and practices that can increase insight -- and enterprise security. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
11/27/2013 | 3:03:46 PM
Splinternet
Unfortunately, I believe that the Splinternet is coming. Blame it on the NSA, blame it on the FBI's suveillance unit, blame it on the White House. 

At this point, the blame game doesn't really do us any good. What needs to be done is something to fix these problems, or at least a step towards fixing them. 
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:07:46 PM
Reality Checks
Mr. Staten claims that "Nearly every developed nation on the planet has a similar intelligence arm" to the NSA. No they don't. Aside from possibly China or Russia, there is nothing remotely similar to the NSA, which is using extremely sophisticated method to intercept communications in ways that are far beyond the reach of almost any country.  And judging by the reaction of our major allies, they aren't listening into the phone calls of other allies, either. The NSA can proudly claim "We're no. 1!"

Rep. Wyden adds: "If a foreign enemy was doing this much damage to the economy, people would be in the streets with pitchforks,"  Hmmm. Maybe we better gather in the barnyard boys and girls, because numerous sources have reported China has broken into the systems of almost every major US corporation and government agency in the US (and probably elsewhere). The costs of that have gotta be adding up, though I haven't seen an estimate of the economic damage in total.

 
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:12:22 PM
Re: Splinternet
Daniel:  While I can't condone the NSA's over-the-top campaign to snoop into everyone's background, I think the leading reason the splinternet is coming stems from old-fashioned economic greed.  Clearly cable companies, phone companies and others want to charge everyone more for accessing the Internet, and that will lead to social divides that violate the very essence and spirit of sharing information globally. 

Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/27/2013 | 3:28:13 PM
Re: Reality Checks
The French DSG may not be 'similar,' but the folks on the Rainbow Warrior might think they are even worse in spirit... 

 

IMHO, the issue should be the topic of a robust debate.  I don't want my info collected, and I certainly don't want the current administration able to paw through it and use it for political gain they way the used the IRS, but I don't want a RIF to pop a nuke in Times Square, either.   Frankly, I suspect the cost/benefit ratio for the NSA data collection may be a lot better than having the TSA pawing grannies and infants, but it would be nice to have some real dialog about the issues without having idealogues from both sides staking out reflexive extreme positions and then talking over each other.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
11/27/2013 | 3:32:38 PM
Re: Splinternet
>Can we tame the NSA at the same time?  Yes, we can. Will we? I have my doubts if Congress has the stomach to do so.

 

I suspect you're right and that will only encourage further Internet balkanization. The Russians and the Chinese don't want to use US-controlled GPS. It follows that they'd prefer to avoid a US-dominated Internet. Other countries have long been agitating for greater control of Internet governance. I would not be surprised if we end up with national networks, tenuously linked to each other, in a decade or two. Governments don't like that which they can't control.
Tom Murphy
50%
50%
Tom Murphy,
User Rank: Apprentice
11/27/2013 | 3:49:53 PM
Re: Splinternet
True, Tom. If I were Russian or Chinese, I'd probably be a tad uncomfortable with the idea of using a global network built by DARPA  -- although we seem to get along pretty well in the International Space Station.

Why can we all just get along?
CLAFOUNTAIN100
100%
0%
CLAFOUNTAIN100,
User Rank: Apprentice
11/27/2013 | 4:13:00 PM
Re: Splinternet
Good point; however, in any particular market, there are "bubbles" created by Government to put people to work.


During the bush administration, there were too many "bubbles" created in my mind.
DanS776
50%
50%
DanS776,
User Rank: Apprentice
11/27/2013 | 4:27:37 PM
Blackberry Technology
Blackberry is not an American Corporation and has bullet proof security. Apple and Google phone systems are easy to trace, hack, and survey by any government agency.
anon3508728476
50%
50%
anon3508728476,
User Rank: Apprentice
11/27/2013 | 4:41:27 PM
Re: Reality Checks
I am so tired of these "naiive" arguments.  Yes the U.S. is special historically, because we stand historically for good principles.  Why cannot be take the high ground here?  Just because others can do it does not mean we should.  Also, all the trash arguments about that this is inevitable becasue of technology are pure hogwash.  If anything the mathematics and hardware which could be devised to protect rather than compromise secure communications could be BETTER not worse than in the era of PAPER MAIL and TELEPHONES.  Its pure nonsense from and engineering and software perspective.  There exist P2P algorithsm which no computer except a quantum computer (which are a long way off) could ever crack in the lifetime of the universe.  It can be done.  These infringements directly contradict our constitutional principles and are blantantly deliberate, and there is plenty of benefits which corporations can get from miniing private data from individuals and corporate competitiors, so this is all definitely complicit.  If we don't stand up for the right thing, who will???
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
11/27/2013 | 4:53:05 PM
Embedded authority to spy
Other countries don't invest in surveillance to the degree that the NSA has, but they have the laws on the books enabling them to do so. They are often embedded in an existing law rather than screaming out their existence, as in the U.S. Patriot Act. The Netherlands' is under Article 2 2(b) of the Personal Data Protection Act; likewise, in the UK under Section 5 of the Regulation of Investigatory Powers Act; also, Germany under Section 28(8) of the German Federal Data Protection Act.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.