Quantifying the Cost of NSA Snooping

In the year since Edward Snowden began disclosing the scope of National Security Agency’s programs to use cell phone networks, the Internet and various commercial websites to spy on both American citizens and foreign nationals, there has been considerable speculation about the cost of these programs to the U.S. information technology industry in terms of money and trust.

The New America Foundation has released a report that attempts to quantify these costs, concluding that over the past 12 months the NSA’s actions “have already begun to, and will continue to, cause significant damage to the interests of the United States and the global Internet community.”

In the executive summary, authors Danielle Kehl, Kevin Bankston, Robyn Greene and Robert Morgus discuss detrimental effects on four specific areas:Direct economic costs to U.S. businesses: American companies have reported declining sales overseas and lost business opportunities, especially as foreign companies turn claims of products that can protect users from NSA spying into a competitive advantage. The cloud computing industry is particularly vulnerable and could lose billions of dollars in the next three to five years as a result of NSA surveillance.

• Potential costs to U.S. businesses and to the openness of the Internet from the rise of data localization and data protection proposals: New proposals from foreign governments looking to implement data localization requirements or much stronger data protection laws could compound economic losses in the long term. These proposals could also force changes to the architecture of the global network itself, threatening free expression and privacy if they are implemented.

• Costs to U.S. foreign policy: Loss of credibility for the U.S. Internet freedom agenda, as well as damage to broader bilateral and multilateral relations, threaten U.S. foreign policy interests. Revelations about the extent of NSA surveillance have already colored a number of critical interactions with nations such as Germany and Brazil in the past year.

• Costs to cybersecurity: The NSA has done serious damage to Internet security through its weakening of key encryption standards, insertion of surveillance backdoors into widely-used hardware and software products, stockpiling rather than responsibly disclosing information about software security vulnerabilities and a variety of offensive hacking operations undermining the overall security of the global Internet.

Among the recommendations the authors make are strengthening privacy protections for both Americans and non-Americans, within and outside the U.S. borders; increased transparency around government surveillance, both from the government and companies; renewed commitment to the Internet freedom agenda in a way that directly addresses issues raised by NSA surveillance, including moving toward international human rights-based standards on surveillance; and development of clear policies about whether, when and under what legal standards it is permissible for the government to secretly install malware on a computer or in a network.

The entire 64-page report can be downloaded here. A summary version is here. Also check out my own R Street white paper on the potential cost of NSA computer spying here.

Steven Titch is an associate fellow of the R Street Institute. This piece originally appeared on R Street's blog.