We've now moved beyond mere talk about how the National Security Agency's surveillance programs may hurt U.S. cloud providers, says Matthew Prince, the chief executive of CloudFlare. The companies are already feeling the pain.
CloudFlare, a Web site security firm and network provider with clients that run the gamut from WikiLeaks to the Duke and Duchess of Cambridge, is getting 50 to 100 calls per day from customers demanding more answers about the firm's involvement with the U.S. National Security Agency, Prince says.
But that's information the company can't give out, he explains, and the inability to say anything about government requests is seriously hurting his business.
"We get calls regularly that say, 'CloudFlare must be working with the NSA,' which we're not," Prince said. "We've gone so far as to litigate requests that did not meet with our processes, but I can't tell you anything beyond that, which is insane."
CloudFlare is one of several companies that signed a letter asking the government to let them disclose the number of data requests that they receive from the United States, in the name of transparency with their customers. With more than 70 percent of its business overseas -- not uncommon for companies with cloud-based services -- CloudFlare is fighting a daily battle to keep its clients around the world from jumping ship to foreign competitors.
Prince said that even being able to share the number, not even the content, of U.S. data requests would make his clients more aware of his company's reputation.
"The fundamental thing here is trust. We're in the trust business. These programs threaten that trust," Prince said. "We've lost customers as a result of this and will continue to lose customers as a result of this."
CloudFlare does not oppose all such requests, he said. If the company deems a request to be reasonable -- he brought up the hypothetical situation of a site hosting pornographic pictures of an 8-year-old girl -- then CloudFlare is certainly willing to help.
Prince said the tech community is as much to blame as Washington for these types of problems. The two often have conflicting goals, with tech working to flow around barriers, and law aiming to build them up, he said.
Without more leeway from the government, Prince said, tech companies will have to come up with their own solutions that could cost law enforcement agencies valuable crime-fighting tools. Google has said that it's planning to encrypt its records to hamper government security programs that affect its customers' privacy. And Prince said he may have to do the same, for the good of his clients.
But he still has his reservations about putting up those barriers. "In the macro view, it might be good, but I worry about that eight-year-old girl," Prince said.