Doing Business in the Shadow of the NSA

Did the revelations of U.S. snooping start a new type of technological warfare — or confirm its existence?


George Frey

In the realm of geopolitics — in wars hot, cold and in between — superpower relationships can be murky and alliances fluid. In a world increasingly automated and interconnected, those same dynamics are carrying over to the virtual battlegrounds of information technology and cyberspace. Taken to an extreme, the combat and its fallout would not necessarily be limited to nation-states. The collateral damage to businesses, markets and economies could be immeasurable.

For the moment, underscore the words “could be.” Although certain incidents have had apparent military or espionage motivations — the documents leaked by former National Security Agency contractor Edward Snowden are full of examples — significant or lasting real-world consequences have been hard to discern, let alone quantify.

Still, there is little doubt that the Snowden revelations caused political and economic backlash. For example, the European Union floated proposals to restrict where customer data can be stored. These gave rise to initiatives like social networking platform in Iceland and Safe Swiss Cloud in Switzerland. Both tout safety and privacy; the latter labels its enterprise computing service “NSA-free.” To some observers, such offerings point toward a more politicized and balkanized Internet.

“The European reaction was over the top,” commented Raimund Genes, chief technology officer of Trend Micro, during the Bloomberg Enterprise Technology Summit in April in New York. “The Internet was created to be global and should stay global.”

Genes, whose company is a leading purveyor of antivirus and related security products, also noted that prospective customers at trade shows have started conversations by asking where Trend Micro is headquartered. The answer is Tokyo.

“They want to know whether we are a North American company,” Genes said. “North American companies should be concerned.”

Cedric Leighton, head of risk and security consulting firm Cedric Leighton Associates, who has worked in U.S. Air Force intelligence and as the NSA’s deputy director of training, said his involvement in a project in Germany was delayed until he could allay suspicions that he was still NSA-connected.

“U.S. products and services are no longer trusted worldwide,” Bruce Schneier, chief technology officer of emergency-response specialist Co3 Systems, asserted in February at the RSA Conference in San Francisco. A longtime, respected commentator in that field, Schneier later wrote in his blog: “In addition to turning the Internet into a worldwide surveillance platform, the NSA has surreptitiously weakened the products, protocols, and standards we all use to protect ourselves. By doing so, it has destroyed the trust that underlies the Internet. We need that trust back.”

What about lost business or revenue? The evidence is largely anecdotal, but with hints of protectionism and retaliation.

A February Wired article said American roots were becoming a liability for technology start-ups trying to grow internationally. The New York Times on March 21 reported that Microsoft Corp. had lost some customers, including the Brazilian government, which was incensed that the NSA had spied on its leaders. At the same time, Microsoft was inviting worried clients to make use of data centers in countries of their choice, presumably away from prying eyes.

In a similar vein, the intellectual property and science business of New York–based news and information company Thomson Reuters issued a statement April 9 to reassure clients that it relied on “secure EU data hosting” and that its “hosted solutions conform to internationally recognized data security standards.”

Stewart Baker, a onetime NSA general counsel and now partner at law firm Steptoe & Johnson in Washington, says alarmism is not yet justified. He has heard many past predictions “about how security will drive tech decisions,” he explains. “Almost all turned out to be wrong.”

Reuters in January reported on a “Snowden effect” causing revenue declines in China for IBM Corp. and Cisco Systems, among others. Cyberconflicts have certainly been brewing there, and Cisco is a rival of Chinese telecommunications-equipment giant Huawei Technologies Co., which has had a hard time overcoming allegations by some U.S. government officials that it is a national security threat.

Undaunted, Huawei announced on U.S. shores in February the launch of a cyberdefense product called AntiDDoS8000 – complete with an endorsement from Alibaba Group, the Chinese e-commerce colossus that chose New York over Hong Kong for its forthcoming IPO.

The plot thickens. • •