Right after the revelations from Edward Snowden about the alleged secret NSA program known as PRISM, there was speculation on ReadWrite about the fallout from the existence of a government program that could with seeming impunity dip its data-gathering hands into anyone’s cloud data at any time.

See also PRISM Fallout: U.S. Internet Companies Stained By Intelligence Actions and PRISM Fallout Part 2: Companies Will Store More Data Behind The Firewall

Now that speculation has some numbers to attach. A new whitepaper from the Information Technology & Innovation Foundation (ITIF) estimates that the U.S. cloud computing sector could stand to lose up to $35 billion over the next three years as a result of companies pulling back from cloud computing.

Update: A blog post from Forrester analyst James Staten indicates that the ITIF estimate of the impact to the cloud sector may be far too low.  

“We think this estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe. That is, if you believe the assumption that government spying is more a concern than the business benefits of going cloud,” Staten wrote.

Since PRISM is supposed to be aimed at non-U.S. citizens, the ITIF postulates, international companies are likely to be the most adverse to using U.S.-based cloud services. If 10% of international business flees U.S. cloud vendors, then the three-year hit will be $21.5 billion. But if 20% of global companies parts ways with U.S. cloud businesses, then the sector would see that $35 billion loss.

The ITIF suspects that many international governments and cloud vendors are bound to try to exploit PRISM. Indeed, European and Asian vendors have already been using the U.S. Patriot Act for quite some time to scare potential customers into basing their data in home-grown cloud services.

Reinhard Clemens, CEO of Deutsche Telekom’s T-systems group, argued in 2011 that creating a German or European cloud computing certification could advantage domestic cloud computing providers. He stated, ‘The Americans say that no matter what happens I’ll release the data to the government if I’m forced to do so, from anywhere in the world. Certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them.’

PRISM, then, is just pouring gasoline on an already burning fire, according to the ITIF.

Staten believes companies may think twice about moving to cloud services anywhere. His reasoning? Government surveillance programs are not just confined to the U.S., which is bad enough. They may be global.

Add it all up and you have a net loss for the service provider space of about $180 billion by 2016 which would be roughly a 25% decline in the overall IT services market by that final year, using Forrester market estimates. All from the unveiling of a single kangaroo-court action called PRISM.

But Staten is not sounding the evacuation alarms. He believes that with careful planning, the benefits of cloud computing will still far outweigh the risk factors for any business.

The fact of the matter is that the IT services market is a part of our portfolios because it provides capabilities we value either against IT or business metrics. And it’s highly likely these values are worth more to you than the potential risk you think your company faces due to government surveillance.

Given the increasing paranoia about surveillance, businesses will need much cooler heads if they are going to actually stick with cloud computing and reap such benefits.

brian proffitt