The data for these assumptions is still thin, it says ("this is a developing story") but it is partly based on figures from the Cloud Security Alliance. A June/July survey of members found that 10% of non-US respondents indicated that they had already canceled a project with a US provider, and more than half said they are less likely to use a US provider in the future.
Practical examples of the evolving problems are already appearing. Last week two US secure email services voluntarily closed because of the current impossibility of offering secure email in the US.
In a subsequent interview with CNET, Ladar Levison went as far as he could to explain why he shut down Lavabit. "I believe that people have the right to know what their government is doing," he said in a telephone interview. "I had an issue with me doing what they wanted me to do without them disclosing it... Are you familiar with the case of Aaron Swartz, familiar with the accusations of prosecutorial misconduct? There may be parallels between that case and this."
Phil Zimmerman, creator of PGP and a co-founder of Silent Circle, told Forbes why he shut down the email part of the company's secure services. "At the very least," he said, the government "would be able to see the plain text headers of the e-mails, [which] would say who the mail is front [sic], who it’s to, the date it’s sent, time stamp, and subject line. If the message body is encrypted to a key that we hold on our server, they could ask for the key, or ask us to decrypt it, or ask for the key so they could decrypt it. That’s what we were afraid could happen."
The problem for the US cloud industry at large is that there are foreign businesses ready to step in. The Local reported from Germany on Saturday, "Germany's three biggest email providers announced on Friday a partnership to bolster the security of messages sent between them in the wake of revelations of US online surveillance scandal... The email services of t-online.de, web.de and gmx.de represent two-thirds of private email accounts used in Germany, or more than 50 million email addresses, according to the companies."
In reality, these services only offer encryption in transit, not when the emails are stored on a server. It has been dismissed by many experts as a marketing exercise – but the point is that non-US companies are ready to take advantage of weaknesses in the US position.
One option that will not be so easily debunked comes from Mega founder Kim Dotcom. It is known that he is working on an end-to-end encrypted email service. Speaking to TorrentFreak, he said, "I expect that more and more Internet businesses will find the hostile US environment unbearable and will move their business elsewhere. Who wants to store any sensitive data on US based servers anymore?
“Over the next 10 years you will see a decline of US Internet giants and the rise of non-US Internet companies that care about user privacy."
His commitment can be seen in current preparations to leave New Zealand, for similar reasons, if necessary. "The NZ government is currently aggressively looking to extend its powers with the GCSB and the TICS act, which will force service providers with encryption capabilities to give them secret decryption access." This is incompatible with how Mega currently works, which is to not handle its users crypto keys.
Dotcom says he will move out of New Zealand if this happens. Iceland seems to be one possible destination, and Mega has already established an Icelandic presence in readiness. But his primary point confirms the Information Technology & Innovation Foundation's conclusion: "The US is on a path of destroying its massive lead in the Internet economy. Mass surveillance and copyright extremism will cost the US economy more than any terrorist attack or piracy,” he said.