By STEPHEN L. CARTER
So let's see if we can find the thread that connects some recent news from the technology world. Microsoft Corp. has agreed to let users of its forthcoming XBox One game system disable the "always on" motion-sensing camera that was previously described as a fully integrated component that couldn't be turned off. Two companies that offer high-encryption email services, Lavabit and Silent Circle, have announced they will cease providing it. Foreign firms interested in cloud computing, widely viewed as tech's next profit machine, are seriously considering Asian and European providers instead of U.S. ones. In each case, the decision was made after concerns were raised about security. And the concerns in question were about the security policies of the U.S. government.
You can consider the National Security Agency's data-gathering programs a grim necessity to protect the nation or an outrageous violation of privacy. What is unquestionable is that they are reshaping the tech marketplace.
Yet it should have been obvious that so extensive a system of surveillance, no matter how benignly intended, would have unintended consequences. Some of the ill consequences are even predictable.
Consider cloud computing. Worldwide spending on the cloud is expected to double over the next three years to more than $200 billion. U.S. firms have been leaders in developing the technology. According to a new report from the Information Technology & Innovation Foundation, however, global worries about NSA surveillance are likely to reduce U.S. market share.
The report's admittedly loose estimate is that U.S. cloud-computing firms will lose $21 billion to $35 billion in revenue between now and 2016. According to the report, some 10 percent of non-U.S. members of the Cloud Security Alliance said they've canceled a project with a U.S. company since the disclosure of the NSA's surveillance. In addition, 56 percent indicated "that they would be less likely to use a U.S.-based cloud computing service." These are scary numbers for one of the few true growth areas in the tech sector. But they are precisely what should have been expected in the wake of the disclosures. "If I were an American cloud provider, I would be quite frustrated with my government right now," Neelie Kroes, the European Union's commissioner for digital affairs, said in the ITIF report.
It's true that the NSA never intended for its data-collection activities to become public knowledge. It's also true that many of the European allies who are complaining about the programs have fewer legal protections for data than the U.S. does. But optics — the way something looks when at last it's exposed — can also turn out to be an unintended consequence. Remember that all of this controversy is arising at the very moment when the brave knight of Internet security may be dying in his armor. We have learned already that it turns out to be easier than many experts imagined to hack even thoroughly hashed passwords.
At this year's Black Hat USA security conference in Las Vegas, experts said that recent mathematical breakthroughs mean that the major encryption protocols on which Internet security rests are likely to be cracked within five years or less. (The NSA, which should know, recommends that businesses switch to more secure protocols that are based on something called elliptic curve cryptography.)