Shortly after the Edward Snowden revelations began in June 2013 I wrote a Commentary for Society and Space open site on the costs of security.
One of the issues I addressed had to do with the economic and other costs of surveillance:
What does the US actually pay? One attempt at an answer to this surprisingly difficult question was recently provided by the National Priorities Project (NPP). Their estimate was that the US national security budget was $1.2 trillion a year.
A new report by the New America Foundation has further explored the costs of surveillance in terms of lost business opportunities to US companies, US foreign policy and cybersecurity:
- Direct Economic Costs to U.S. Businesses: American companies have reported declining sales overseas and lost business opportunities, especially as foreign companies turn claims of products that can protect users from NSA spying into a competitive advantage. The cloud computing industry is particularly vulnerable and could lose billions of dollars in the next three to five years as a result of NSA surveillance.
- Potential Costs to U.S. Businesses and to the Openness of the Internet from the Rise of Data Localization and Data Protection Proposals: New proposals from foreign governments looking to implement data localization requirements or much stronger data protection laws could compound economic losses in the long term. These proposals could also force changes to the architecture of the global network itself, threatening free expression and privacy if they are implemented.
- Costs to U.S. Foreign Policy: Loss of credibility for the U.S. Internet Freedom agenda, as well as damage to broader bilateral and multilateral relations, threaten U.S. foreign policy interests. Revelations about the extent of NSA surveillance have already colored a number of critical interactions with nations such as Germany and Brazil in the past year.
- Costs to Cybersecurity: The NSA has done serious damage to Internet security through its weakening of key encryption standards, insertion of surveillance backdoors into widely-used hardware and software products, stockpiling rather than responsibly disclosing information about software security vulnerabilities, and a variety of offensive hacking operations undermining the overall security of the global Internet.
These may end up being upper bounds of the costs (and consequences), but they are very helpful in identifying what is at stake here. I haven’t read the whole report yet, but the executive summary is here (pdf).