Despite emphatic predictions of waning business prospects, some of the big Internet companies that the former National Security Agency contractor showed to be closely involved in gathering data on people overseas – such as Google Inc. and Facebook Inc. – say privately that they have felt little if any impact on their businesses. Insiders at companies that offer remote computing services known as cloud computing, including Amazon and Microsoft Corp, also say they are seeing no fallout.
The argument is that because there has been no measurable business impact that people were wrong to predict bad things for US companies. Menn has effectively jumped the gun here. There’s a few things to understand about “businesses”:
- They are incredibly slow to move. Even when IT has been given the directive to “get us off these NSA services” it could take a year or more to do so. IT has to test and try out many services, look into migration, send reports to management, management has to decide on if the cost is worth it, think about it more, ask IT a question that takes a month for IT to get back to management on because the current email server just shit itself… You get the point. Things don’t happen fast in this world — they still use BlackBerries at some companies after all.
- There are very few, if any, better solutions to existing tools. It’s hard to replace Google Apps, Amazon cloud computing, or whatever Microsoft sells people. It really is. Think about it like this: if you are an all Windows company, how long would it actually take to switch to Macs everywhere? That would be a massive undertaking, and there is already a (hopefully) viable solution to switch too. Now imagine instead of Windows to Mac, you are going Windows to Linux — that’s closer to what we are talking about. It is a massive undertaking for most companies.
- For the great majority of companies that use U.S. companies the privacy impact of the NSA and GCHQ programs are not yet of great concern because so far the only bad thing to happen is some bad PR for the NSA. Until there is a real privacy breach, until Snowden or another leaker posts actual data the NSA is storing from a big company — until then there is likely no user demand for companies to change. It’s likely that most privacy conscious companies are looking into other solutions so that when push comes to shove they can move quickly.
So yes, there is a huge potential risk of lost business globally for these U.S. service providers, but it won’t happen immediately. This will be a slow change — not an overnight action. That is where the danger really is, because when change is slow, sometimes you don’t realize you needed to react at all.