Fallout from the PRISM debate could include financial repercussions for IBM, Red Hat, Amazon and a host of other companies banking heavily on cloud computing for future growth.

The talking heads were all over TV Sunday, debating the pros and cons of the National Security Agency’s PRISM program that was revealed to the world by Edward Snowden, who now has refuge in Russia.

Disclosure of “PRISM” has sparked cries of outrage worldwide with privacy advocates calling for major changes. But businesses are concerned, too, and a new report shows that there is significant financial risk to U.S. “cloud” providers if our government isn’t more forthcoming about just what PRISM does and doesn’t do.

“[W]e might reasonably conclude that given current conditions U.S. cloud service providers stand to lose somewhere between 10 and 20 percent of the foreign market in the next few years,” says the Information Technology & Innovation Foundation, a Washington-based think tank.

“Indeed, some foreign providers are already reporting their success.

“Artmotion, Switzerland’s largest hosting company, reported a 45 percent increase in revenuein the month after Edward Snowden revealed details of the NSA’s PRISM program. And the percentage lost to foreign competitors could go higher if foreign governments enact protectionist trade barriers that effectively cut out U.S. providers.

“Already the German data protection authorities have called for suspending all data transfers to U.S. companies under the U.S.-EU Safe Harbor program because of PRISM.”

Lenovo’s aggressive response to an Australian newspaper’s report about spy agencies reportedly banning its computers reflect the sensitivity of businesses to concerns about their data – who handles it and who has access.

The ITIF says U.S. cloud providers could face bottom-line losses because of PRISM worries.

“The data are still thin—clearly this is a developing story and perceptions will likely evolve—but in June and July of 2013, the Cloud Security Alliance surveyed its members, who are industry practitioners, companies, and other cloud computing stakeholders, about their reactions to the NSA leaks,” ITIF said.

“For non-U.S. residents, 10 percent of respondents indicated that they had cancelled a project with a U.S.-based cloud computing provider; 56 percent said that they would be less likely to use a U.S.-based cloud computing service. For U.S. residents, slightly more than a third (36 percent) indicated that the NSA leaks made it more difficult for them to do business outside of the United States.”

“Mob Action” Reaction?

Former NSA and CIA head Mike Hayden, a retired Air Force General, took to CBS on Sunday to defend PRISM.

He said recent calls to end NSA’s program “looked like mob action” with ”people acting out of emotion with a false sense of urgency and with a great deal of misinformation.”

President Obama on Friday sought to allay concerns about PRISM.

The president “announced a series of steps to make NSA programs more transparent, explaining not only how the programs operate but also releasing the Justice Department’s legal rationale for the programs,” CBS said. “The administration also plans to back various reforms to the programs to strengthen oversight.”

But the ITIF made clear in its report that was published ahead of the president’s remarks that businesses will want plenty of transparency. Its recommendations:

“First, U.S. government needs to proactively set the record straight about what information it does and does not have access to and how this level of access compares to other countries.
To do this effectively, it needs to continue to declassify information about the PRISM program and allow companies to reveal more details about what information has been requested of them by the government. The economic consequences of national security decisions should be part of the debate, and this cannot happen until more details about PRISM have been revealed.

“Second, the U.S. government should work to establish international transparency requirements so that it is clear what information U.S.-based and non-U.S.-based companies are disclosing to both domestic and foreign governments. For example, U.S. trade negotiators should work to include transparency requirements in trade agreements, including the Transatlantic Trade and Investment Partnership (TTIP) currently being negotiated with the EU.”

PRISM is not a unique program, the report points out.

“While the reputations of U.S. cloud computing providers (even those not involved with PRISM) are unfortunately the ones being most tarnished by the NSA leaks, the reality is that most developed countries have mutual legal assistance treaties (MLATs) which allow them to access data from third parties whether or not the data is stored domestically.”

But it also warns that U.S. firms have the most to gain and the most to lose if the PRISM mess is not cleaned up.