Originally posted at ANewDomain.net.
If the business of America is business, which is better for America? A vibrant technology industry that is highly competitive in the global marketplace? Or a highly intrusive police state whose reach into our digital lives puts East Germany's Stasi to shame?
The question of privacy versus police state cost-benefit analysts occurred to me earlier this week when NPR aired a story about the National Security Agency's spying on Americans. "If cybersecurity is, in fact, a big threat, then our government should be doing everything in its power to make sure that [U.S. companies'] systems are as safe and secure as possible against all adversaries," ACLU technologist Christopher Soghoian told NPR. Protecting American business is one of the NSA's self-stated core missions.
Instead, as Edward Snowden has revealed, the NSA is a threat to American businesses online. The agency's operatives don't view the security weaknesses of U.S. companies as problems to be fixed. To the contrary: NSA spooks see holes as opportunities to scoop up data. "When they learn about those vulnerabilities, they have to sit on them and exploit them rather than telling Microsoft or Google or Apple or Facebook," Soghoian said.
As a result, U.S. companies are more vulnerable to industrial espionage than their foreign competitors. Also, because the NSA makes copies of data and moves it through the Internet, it gives hackers more places to intercept and sneak into American corporate secrets.
"This bodes ill for the U.S. economy, as the rest of the world will turn its back on U.S. Internet companies," predicts Phil Zimmermann, creator of the encryption tool PGP (Pretty Good Privacy). "The NSA policies will cause enormous collateral damage to our economy."
Shut Down the NSA?
To someone like me, who is appalled that the U.S. government is listening to my phone calls and reading my emails for no other reason than the fact that they can, one solution keeps rising to the forefront: shut down the NSA. Of course, those are my politics. I don't trust government.
Most Americans agree with me. Cashiering the spooks of Fort Meade would appeal to many of the 74% of Americans who oppose NSA surveillance on them.
But then I began thinking about the vast scale of the post-9/11 police state. Tens of thousands of employees. Hundreds of thousands of private contractors. Many of them, like former CIA contractor Snowden, paid six-figure salaries. That huge data farm in Utah.
That's a lot of economic activity.
For the moment, let's set aside the moral and political ramifications of law-breaking citizens (the NSA's charter prohibits both intentional and accidental data collection in the United States) who spy on law-abiding citizens.
As a simple matter of short-term cost-benefit analysis, what's better for the American economy: privacy or police state?
The Price of NSA Spying
Companies and individuals value their privacy. Which is why, given a choice between trusting their data to American tech outfits like Google and competitors in, say, Europe, a lot of customers are taking their business elsewhere.
Sure, security might be compromised at European Internet corporations. France, Germany and other Europowers have their own NSA-like signals intelligence services. But there's no Edouard Snowden for France. People know the U.S. is completely infested by the NSA (and as we learned recently, the CIA). U.S. companies have lost billions of dollars in contracts and merger opportunities since Edward Snowden revealed the incomprehensibly comprehensive nature of the NSA's interception and storage of digital communications and, more damningly, the willingness of firms like AT&T, Verizon and Apple to cooperate with these illegal violations of privacy (and, in AT&T's case, to sell out their customers' data for cash).
Not that U.S. companies that try to protect their customers are allowed to do so. The USA-Patriot Act specifically prohibits recipients of NSA surveillance demands from disclosing them publicly. The owner of one business shut down his company rather than turn over his encryption keys to the federal government; he is still being pursued and harassed as retribution for his defiance.
The word is out: your data isn't safe in the United States.
The NSA leak stories have been hitting U.S. companies in their balance sheets.
"Cisco Systems warned that its revenues could fall by as much as 10% because of the level of uncertainty or concerns engendered by NSA operations. Cisco saw its new orders fall by 12% in the developing world, 25% in Brazil and 30% in Russia. This is in contrast to the 8% growth Cisco saw in the previous quarter," Republican Congressman Jim Sensenbrenner wrote in The Guardian. He quotes analysis by the Information Technology & Innovation Foundation that says the U.S. cloud computing industry stands to lose between $22 and $35 billion over the next three years.
Forrester Research says ITIF's "estimate is too low" and "could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe."
Wall Street is so concerned about the NSA and CIA as an albatross on the American tech sector's future earnings that institutional investors are pressuring companies like AT&T and Verizon to stop cooperating with the feds. IBM blames its 22% drop in business in China on concerns about NSA spying. (Considering China's sophisticated cyberhacking operations, the irony is thick — but there's a big difference between suspecting you're being spied upon and knowing it.)
The European Union is considering building its own no-Google/no-Apple/no-Verizon cloud to keep the NSA at bay.
There's no way to know for sure whether these fears will be realized. Google claims its bottom line has been unaffected. Some technorati say U.S. dominance of the cloud, coupled with the awkwardness of encryption protocols, will make it impractical for other countries to build a non-U.S. alternacloud. They'll know the cloud is compromised but they'll use it anyway.
Security analyst Richard Stiennon goes so far as to predict a virtuous cycle that would help the U.S.: as more companies will invest in encryption to stymie the NSA, the NSA will invest more to break it. Private industry and the NSA will hire more people. Go, economy, go!
But let's assume the worst-case scenario — Forrester's $180 billion downturn in revenue during the next three years. Would that loss be so disastrous that it would be worth shutting down the NSA?
The Profits of NSA Spying
As in the former Soviet Union, a vast array of government agencies spy on citizens in the United States. In addition to the FBI, CIA and NSA, there's Homeland Security and the DIA (Defense Intelligence Agency). Each of the four branches of the U.S. military has its intelligence unit. There are at least 16 federal intelligence agencies in the U.S., including obscure organizations like the National Geospatial-Intelligence Agency, which makes maps. The warm-and-fuzzy State Department has its innocuous-sounding Bureau of Intelligence and Research. Major police departments like the NYPD have their own intelligence gathering operations.
However, the NSA alone would be the target of our theoretical shutdown. Were President Obama to announce tomorrow that the NSA were going away, the CEOs of American tech firms could call their overseas counterparts and say: "Let's do business! The evildoers are gone!"
$60 billion a year, back in America where they belong.
So let's try to get a handle on how much economic activity the NSA generates.
Recently leaked documents show that the agency receives $1 billion a year off the books, as part of Congress' secret "black budget."
Steve Aftergood, director of the government secrecy program at the Federation of American Scientists guesstimates to CNN that the NSA's share of the annual intelligence budget runs about $10 billion a year. Total, then, let's say $11 billion. Reliable leaks split the difference: $10.5 billion.
The NSA directly employs between 35,000 and 55,000 employees. But that's only a start.
In his book The Shadow Factory, James Bamford says the NSA outsources a lot of spying to private contractors like Booz Allen Hamilton, where Snowden worked. "At the same time [then NSA director] Hayden was building his empire within Fort Meade, he was also creating a shadow NSA: of the $60 billion going to the intelligence community, most of it — about $42 billion, an enormous 70 percent — was going to outside contractors," writes Bamford.
OK, so make that total NSA budget $50.3 billion a year.
But that's not all.
"Of the 4.9 million people with clearance to access 'confidential and secret” government information, 1.1 million, or 21%, work for outside contractors, according to a report from [current NSA chief] Clapper's office," the Associated Press reported in January 2013. "Of the 1.4 million who have the higher 'top secret' access, 483,000, or 34%, work for contractors."
Snowden was one of 500,000 private contractors with access to the NSA's PRISM and other classified domestic surveillance databases.
Slicing the Data: Budgets vs. Employees
Two back-of-the-envelope ways to compare the relative benefits of forms of economic activity are raw business — the total amount of money that goes into it — and total salaries.
The sum of the National Security Agency's native and outsourced/private contractor annual budget is, as we've seen, about $50 billion per annum. Since Forrester Research — the glummest prognosticator — worries that the U.S. tech sector will lose $60 billion over each of the next three years — the raw numbers are roughly a wash. At most, the U.S. economy would be up $10 billion annually by shutting the NSA — a drop in the bucket compared to, say, the three-quarters of a trillion bucks the United States spends on "defense"/war every year.
A more useful measure of economic activity is employment times average salary. Total salaries paid to actual individuals powers spending — and spending is what powers a consumer-based economy. As I wrote in 2012: "General Motors, a company with $39 billion in equity value, directly employs 207,000 people, plus many more indirectly through its suppliers. Facebook has nearly twice the market capitalization ($67 billion) but employs a miserly 1,400 workers. On Wall Street, Facebook is worth more than GM. On Main Street, GM is worth 250 Facebooks."
So which affects more payroll: the post-9/11 security state, or a potential 25% loss of future revenues in the tech sector?
If you're wondering why the recovery doesn't seem too recovery-y, here's why: For a sector that represents the hopes and dreams of the postindustrial economy, America's technology industry doesn't employ that many people. According to TechAmerica Foundation, "the U.S. tech industry added 67,400 net jobs in 2012, for bringing the total number of tech workers to 5.95 million." This is a 1.1% increase. Average salary: $93,800.
Woot.
Let's assume similar growth in 2014, 2015 and 2016. Subtract Forrester's 25% growth cut due to the NSA. That's about 210,000 fewer jobs over the next three years. Total lost salaries: roughly $10 billion.
Lay off those 500,000 Snowden-level NSA employees and contractors, lowballing their average salaries at $80,000 each, and you've got $40 billion in lost wages.
It's not even close. From an economic standpoint, the United States can't afford privacy.