Thursday, August 8, 2013

Foreign purchases of U.S. cloud services - are the storms temporary?

While I realize that 94.6% of you have already determined that this is the most informative item that you will read today, I still have to sell the other 5.4% of you on this obvious fact.

Thus we see the power of statistics. If something can be quantified, then it acquires the veneer of truth. But what is truth? We've discussed this before, when looking at the $775 billion figure for piracy losses. And Ashton Kutcher's figure citing hundreds of thousands of sex slaves in the U.S. And the repeated statements about how Windows is being trounced by MacOS and Linux.

So here's today's questionable statistic. Mitch Wagner linked to a Washington Post article that linked to another Washington Post article that linked to a ComputerWorld UK article that talked about a survey that was conducted by the Cloud Security Alliance. The announced objective of the survey, called the Official CSA Snowden/NSA Patriot Act Survey, was as follows:

During June of 2013, news of a whistleblower, US government contractor Eric Snowden has dominated global headlines. Snowden provided evidence of US government access to information from telecommunications and Internet providers via secret court orders as specified by the Patriot Act. As this news became widespread, it has led to a great deal of debate and soul searching about appropriate access to an individual’s digital information, both within the United States and any other country.

The purpose of this survey is to collect a broad spectrum of CSA member opinions about this news, and to understand how this impacts your attitude about using public cloud providers as well as any other broadly available Internet services. Several questions are specifically intended for either US or non-US citizens, please be aware that you must provide your country of residence to participate.

By the time that ComputerWorld UK reported on the survey, the major news was generated by the respondents who reside outside of the United States:

A Cloud Security Alliance (CSA) survey found that 10% of 207 officials at non-U.S. companies have canceled contracts with U.S. service providers following the revelation of the NSA spy program last month. The alliance, a non-profit organization with over 48,000 individual members, said the survey also found that 56% of non-U.S. respondents are now hesitant to work with any U.S.-based cloud service providers.

Those numbers have been extrapolated, quantified, folded, spindled, and mutilated, and the Washington Post article cited by Mitch Wagner put a dollar figure on the cloud providers' losses - "$21.5 to $35 billion over the next three years."

Needless to say, everyone is focusing on the larger number, and people have concluded, based upon the quantified and therefore true evidence, that the U.S. economy has taken a $35 billion hit because our government is snoop-happy.

Hold on. Let's back up, all the way to the ComputerWorld UK report that discussed the initial survey results.

Yes, the survey did show (if you trust the respondents) that U.S. companies HAVE suffered from cancelled contracts from non-U.S. companies.

How many respondents have cancelled contracts?

Well, ten percent of 207 is 21 (more or less).

So each of those 21 people represents over a billion dollars of lost business each.

"But John," you say, "you do not understand the methodology of surveys. A 10 percent contract cancellation rate among this survey sample can be extrapolated into the general population of non-U.S. companies."

Well, naysayer (you must be part of the 5.4%), I clearly understand the methodology of surveys. So I ask you - is this sample representative? The results were based upon respondents who were motivated to respond to the survey. As far as is known, the only requirements to participate in the survey were (1) the ability to see the Cloud Security Alliance announcement, and (2) a willingness to state one's country of residence. While one would hope that the CSA would not attract spurious survey results, it is certainly within the realm of possibility that one, or ten, or even twenty people could see the survey, yell "BUSH OBAMA SUX," and respond with glee.

And how did the Cloud Security Alliance treat the results of the survey? According to ComputerWorld UK, the response was...surprise:

"The level of skepticism was greater than I expected," said Jim Reavis, co-founder and executive director of the CSA. "I had thought that more people would understand that these activities happen all the time in their countries as well."

This would be highlighted in an incident that happened during the survey period. The survey was conducted between June 25 and July 9. In the middle of that survey period, Bolivian President Evo Morales left Russia on a plane, heading toward Bolivia. There was a suspicion that Edward Snowden might be a stowaway on the plane, so one would expect that the plane might run into some trouble if it entered U.S. airspace while traveling between Russia and Bolivia.

But the plane didn't encounter a problem over U.S. airspace. It encountered a problem over French and Portugese airspace, and was forced to land in Austria, where the plane either was or was not searched, and was allowed to continue to the Canary Islands (Spanish territory) either with or without conditions.

And who was the short-term winner in the brouhaha? Finland:

Finland-based security firm F-Secure, which provides a range of hosted security services has felt some of the ripple effect from the recent disclosures.

"Ever since the PRISM scandal started in June, prospects in Europe, Middle East and Asia, are asking whether the ownership of the company is in U.S. or whether we host customer data in U.S.," said Mikko Hypponen, F-Secure's chief research officer.

"Right now, there are many customers who don't want to buy American -- or to buy from a NATO country in general," Hypponen said. "Then again, there are many customers who don't want to buy Chinese, Russian or Israeli either. In a situation like this, it's good to be a solution provider coming from a fairly neutral country."

But before we immediately conclude that Finnish cloud and security providers will get $35 billion in business, let's wait for some actual results. Although I can't talk about it, I've seen enough surveys over the years that took rosy head in, cloud assumptions and restated them as sure things of multiple billions of business. And, when the next year arrived and the rosy predictions didn't come true, the same survey process was repeated and the multiple billions predictions were moved out a year.

Heck, based upon that type of survey method, California's Ontario International Airport is an economic powerhouse.
blog comments powered by Disqus