recommended reading

The Quest to Build an NSA-Proof Cloud

Maksim Kabakou/

BERLIN – If Germany’s special parliamentary session on U.S. surveillance this week was any indication, European politicians are still worked up about former NSA contractor Edward Snowden’s leaks. Chancellor Angela Merkel declared that the revelations had “tested” U.S.-German relations. Green Party politician Hans-Christian Strobele urged the German leader to thank Snowden and offer him asylum for discovering that her cell phone “was probably bugged.” Merkel even got called a “scaredy-cat” for not standing up to Washington.   

The criticism comes as politicians in the region—from Estonia to Germany—are calling for the European Union to create a cloud-computing infrastructure of its own to compete with American providers like Amazon, Google, and Verizon.

The idea is that if the EU has its own cloud—and what form it would take, who would build it, and where it would be based remain unclear—then member states could compel providers to abide by the EU’s (comparatively) stricter data-protection rules. It's part of a backlash against the long arm of the U.S. intelligence community that has echoes everywhere from Brazil to the United Nations.

One of the main proponents of a European cloud is EU Commission Vice President Viviane Reding, who was in Washington earlier this week to hammer out a treaty that would, if signed, assure that any EU citizens’ data stored in the United States be given the same privacy protections as U.S. citizens’ data (in the aftermath of the Snowden leaks, however, policymakers and privacy advocates in the U.S. are questioning the effectiveness of those protections).

Reding’s cloud formation plan essentially calls for EU nations to band together and create a European champion in cloud systems just as France, Germany, and Britain did in the 1960s, when they created aircraft manufacturer Airbus to compete with Boeing.

“For awhile now, I have been saying it’s time for the Europeans to build their own cloud,” Reding told a German radio station last week. “I think data protection needs to be thought of not as some extra cost, but something that makes us more competitive. When a company can guarantee that its customers’ data will remain secure, they will flock to you—it’s a golden business opportunity for European tech companies. It can become a sales argument.”

Indeed, part of the motivation here is a business one. European politicians want to see their companies exploit a gap in trust in U.S. companies as a result of the Snowden leaks. And two recent studies suggest that this is a sensible idea.

In one study of “industry practitioners and cloud-computing stakeholders” based outside the United States, the Cloud Security Alliance found that 56 percent of those polled would be less likely to work with U.S.-based cloud service providers due to data-protection fears. Another report by the Information Technology and Innovation Foundation suggested that the surveillance revelations could cost the U.S. cloud-computing industry $22 to $35 billion in lost revenues over the next three years.

European providers have already been positioning themselves to become the router and storage solution of choice for companies in Africa, which has seen its share of traffic passing through the U.S. drop dramatically over the last 10 years. In 1999, some 70 percent of African Internet traffic went to the United States, according to a 2012 report byAnalysis Mason. By 2011, the study noted, less than 5 percent of that traffic went to the U.S., “having been replaced by bandwidth to Europe.” It is unclear, however, what percentage of this data actually migrated away from American companies, many of which have built data centers in Europe to be closer to customers in the EU and Africa.

Not all Europeans share the outrage voiced by their political leaders over U.S. surveillance. A survey commissioned earlier this month by the magazineWirtschaftswoche, for instance, found that 76 percent of Germans were not bothered by Snowden’s leaks. “Most people didn’t think that anything in their lives would be of interest to the American intelligence service,” the survey’s authors wrote. While the study didn’t ask whether Germans were concerned about charges that U.S. intelligence tapped into their chancellor’s phone, it did reveal that Germans are uneasy about their own officials: only 17 percent of those polled trusted the German government’s handling of their personal data. 

Caught between public apathy and politicians’ anger, some German tech industry figures are calling for a middle path (others, like Deutsche Telekom’s CEO, have eagerly backed Reding’s cloud proposal). They like the data-protection treaty that Reding wants to sign with the U.S., but favor more stringent use of data encryption over rash plans to build EU clouds. The thinking is that stronger and more regular use of encryption could slow, to a degree, apparent U.S. attempts to comb through the world’s Internet traffic.

One German tech industry figure I spoke with felt it would be difficult, if not impossible, for Europeans to migrate completely away from U.S. services. He likened America’s hegemony on the Internet to the control Gulf States wield over oil resources. 

“What you have with oil in the Middle East, you have in the U.S. with information,” said Malte Pollmann of Utimaco Safeware AG. “The U.S. is in a unique position of geopolitical strength in the information age—and there’s no other country like this.”

Pollmann suggested that U.S. and British intelligence services are exploiting gray zones in treaties between nations—and that European diplomats should, first and foremost, push for clarity on this issue.

“What we need right now is a debate,” Pollmann told me. “Two years from now, we will have a better idea of which tactics are clearly illegal, and which are legal, but not what we wanted. There will have to be a rebalance in terms of legal oversight. That’s why you have people like [Google's] Eric Schmidt saying ‘I don’t know’ if it is legal for the U.S. and British intelligence agencies to tap into Google’s cables.”

The CEO of a leading German marketing consultancy described the mood among German executives like this: They’re bothered by the U.S. government’s intelligence-gathering overreach, but they don’t see the U.S. as Europe’s main threat the way some politicians might.

“It’s sad and stupid that Merkel’s phone was listened to,” said this CEO, who asked not to be named because he was critical of some of the countries in which he consults. “But I think most of the economic elites in Germany still see the U.S. as a strong ally. They don’t see economic espionage as the motive. Most economic elites here agree that the real danger and threat is in the emerging powers, like China.”

This CEO said his business stores most of its data on clouds in the United States, and that he wasn’t concerned about the situation because everything the company does is encrypted. 

“We are using fully encrypted hard disks,” he noted. “As for phone communication—it just hasn’t been a topic for us. Many times what we are saying on the phone really isn’t too sensitive. And, if it is sensitive—construction plans or stock market-related transactions—we just don’t talk about it on the phone.”

Pollmann also echoed this sentiment.

“In the end,” he noted, “It’s cheaper to fly someplace and have a conversation in a room than to build elaborate systems for super-secret conversations.”

(Image via Maksim Kabakou/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.