the price of privacy in the cloud: the economic ... · the economic consequences of mr. snowden...
TRANSCRIPT
The Price of Privacy in the Cloud:
The Economic Consequences of Mr. Snowden∗
Hyojin Song† Simon Wilkie‡
This Draft: February 2017. First Draft: November 2015.
Abstract
Cloud computing involves distributed and shared use of computing facilities in a network.
This offers end users new flexibility and lower sunk costs. As a result, the cloud computing
market has exhibited phenomenal growth. However, Edward Snowden’s revelations of the
NSA’s spying program in 2013 degraded the privacy reputation of the US-based cloud service
providers. We examine the economic impact of the Snowden revelations using a panel dataset
of global cloud revenues across service types and vendors. We assume that the Snowden
revelations are a negative demand-shock “treatment” for US-based providers, and regard
non-US-based firms as the control group. We find that the revelations decreased the growth
rate of revenues of US providers by 11% from Q3 2013 to Q4 2014. The expected losses to the
US cloud industry are at least $18 billion. Following the treatment there is a significant price
cut. We then evaluate how users and cloud service providers changed their behavior using
Microsoft’s free trial database and 18 online service providers’ privacy policies. We show
that firms’ strategic reactions led to lower prices with a higher quality of privacy protection.
Hence paradoxically, Snowden may have lead to greater US market share in the long run.
∗The views expressed are those of the individual authors and do not necessarily reflect official positions ofMicrosoft Corp. We would like to thank John Conley, Amit Gandhi, Dawoon Jung, Daniel Klerman, Ryan Martin,John Matsusaka, Preston McAfee, Ricardo Perez-Truglia, Brijesh Pinto, Brian Quistorff, Justin Rao, Geert Ridder,Goufu Tan, Catherine Tucker, Microsoft Chief Economist team, and Microsoft Azure development team. Wewould like to thank seminar or conference participants at Microsoft Research (Economics Team Lunch Seminar),Microsoft Windows Privacy Offsite, USC Law School Class Workshop, and ACM Workshop on Economics ofCloud Computing 2016.
†[email protected]. Address: Microsoft Research, Office of Chief Economist, Office 4617, 14820 NE 36thSt, Redmond, WA 98052, United States
‡[email protected]. Microsoft Research, Address: Microsoft Research, Office of Chief Economist, Office4618, 14820 NE 36th St, Redmond, WA 98052, United States; Dep. of Economics, University of Southern California;Law School, University of Southern California, Los Angeles, CA 90089
1
JEL Classification: D78, E65, H56, M38, O14
Keywords: Privacy; Snowden Revelation; PRISM; Cloud Industry; Government Surveillance
2
1 Introduction
The transition to cloud-based computing services is widely believed to be the most significant
technological change since the advent of the Internet. In particular, the adoption of cloud
computing lowers sunk costs to end users and facilitates rapid innovation and the development
of new businesses.1 As a consequence, the cloud computing market has exhibited phenomenal
growth since 2009.
On June 5, 2013, the Guardian published a bombshell. Edward Snowden, a National Security
Agency (NSA)2 analyst, had leaked thousands of classified documents that revealed the existence
of the NSA’s domestic spying program.3 Snowden revealed that US telecommunications firms
handed over meta-data on every international phone call to and from the US to the NSA. He
also revealed the existence of a surveillance program called PRISM4 through which major US
technology firms, including AOL, Google, Microsoft, and Yahoo! handed over emails in response
to requests by the NSA. Perhaps even greater concerns was the revelations that the NSA, with
the British Government Communications Headquarters (GCHQ),5 had tapped into 200 undersea
optic fiber cables handling 600 million telephone events each day.6 Since most of the world data
flowing through these pipes, this amounted to spying on an unprecedented scale.7
The international legal blowback8 was significant. In particular, several countries including
Brazil9 and Russia10 passed “data sovereignty” laws requiring that their citizens’ and corporations’
1For example, companies such as Netflix, Uber and Airbnb all reside on AWS, Amazon’s cloud platform.AmazonWeb Service has a dominant market share which accounts for 31% in the worldwide public cloud market in 2015.https://www.srgresearch.com/articles/aws-remains-dominant-despite-microsoft-and-google-growth-surges
This is because cloud services enable users to both store their data and access software with computing power on“virtual machines” that exist in remote data centers.
2https://www.nsa.gov/3http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order4http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data5US and UK intelligence jointly shared collected data with Australia, Canada and New Zealand as the Five
Eyes partnership. http://www.theguardian.com/world/2013/jun/22/nsa-leaks-britain-us-surveillance6NSA and GCHQ have a joint surveillance program from 2008. http://www.theguardian.com/uk/2013/jun/
21/gchq-cables-secret-world-communications-nsa7Appendix A.1 provides more details about the Snowden revelations.8Florek (2014) summarized legal issues related to the PRISM revelations.9On April 23, 2014, the Marco Civil was passed in law and the law includes the ability to re-
quire that data about Brazil be stored in Brazil. https://www.insideprivacy.com/international/
brazil-enacts-marco-civil-internet-civil-rights-bill/10Russia’s new data localization law, Federal Law No. 242-FZ, was adopted in July 2014 and is in effect from
September 1, 2015. Under the data localization law, personal data of Russian citizens must be collected, stored,
3
data be housed in data centers within their territorial borders. The European Court of Appeals
struck down “safe harbor” agreement11 which by default allowed EU data stored in the servers
of US firms to meet EU privacy regulations. We would certainly expect ordinary citizens and
other users to respond to the revelations as an individual.
The aim of this paper is to evaluate the economic impact of the Snowden revelations on the
cloud computing industry and in doing so shed light on the value of privacy. We examine whether
the Snowden revelations affected the rate of adoption of US-based cloud computing services
relative to non-US-based services. To isolate the causal effects, we use difference in differences
(DID) analysis using a unique panel dataset of firm revenues. We hypothesize that the US-based
providers are the treated group and the non-US-based firms are the control group, where the
treatment is the Snowden revelations. Due to customer lock-in and the rapid rapid growth rate
of the cloud computing industry, we use the growth rate as the dependent variable rather than
the level of revenues. One of our challenges is fluctuations in prices arising from the price war
given the rapid growth of the global cloud industry. Our paper includes various specifications
around the price war and we also examine Microsoft’s free trial cloud usage patterns to isolate
the price changes. We then show changes in privacy polices of 18 US technology companies
comparing before and after the Snowden revelations.
The results suggest that the Snowden revelations decreased the growth of revenues of US
providers by 11.3%. The corresponding expected losses to US cloud providers are $17.74 billion in
the Q3 2013 to Q4 2014 period.12 Our finding is robust to the results from alternative techniques,
the fixed effects estimation and the synthetic control. We find that firms’ strategic reactions to
the Snowden revelations led to lower prices with a higher quality of privacy protection.
This paper contributes to a series of recent studies on the economics of privacy.13 The most
and processed in/from databases located in Russia.11On May 31, 2000, the US and the EU reach the “Safe Harbor” agreement on the terms under which privacy
of personal information can be guaranteed in a context of international data flows. Safe Harbor implies that dataheld by US firms was sufficiently secure to comply with the EU “right to privacy.” The details about the originsare explained by Farrell (2003).
12The Q3 2013 to Q4 2014 period is 6 quarters after the Snowden revelations.13Acquisti et al. (2015) summarized various streams of theoretical and empirical issues on the economics of
privacy. Beresford et al. (2012) and Preibusch (2013) measured the value of privacy using a field experimentapproach. The recent studies on the value of privacy include Savage and Waldman (2013), Bonneau and Preibusch(2010), and Acquisti et al. (2006)
4
relevant study on the value of privacy is Marthews and Tucker (2014). The authors estimate
how the Snowden revelations changed users’ search behavior using Google search terms. They
find a significant short-term reduction in the number of sensitive Google search terms such as
various illicit drugs. Although the evidence suggests that privacy concerns affect behavior, it
does not address the impact on the economic agents’ purchasing decisions. Our paper fills the
gap by providing the empirical evidence of economic impact in both consumers’ cloud adoption
decision and firms’ strategic decision changes.
There are a few recent studies about the magnitude of the economic impact of the Snowden
revelations on the US cloud computing industry. Castro (2013) argues that the US cloud
computing industry will lose $21.5 to $35 billion over the period 2014 to 2016. In contrast,
Ferrara et al. (2015) argues a negligible effect of the Snowden revelations using Forrester’s
Business Technographics Global Infrastructure Survey, 2014. Unfortunately, both lacks any
sophisticated research design. Castro (2013) calculated the magnitude based on ad hoc hypothesis
and Ferrara et al. (2015) used subjective survey data. To the best of our knowledge, our paper is
the first to provide economic research design to measure the impact of the Snowden revelations.
The paper is organized as follows. Section 2 presents an overview of the cloud computing
industry and the two main events in the cloud industry relevant to our study. In Section 3, we
specify a discrete choice model of cloud adoption. Section 4 describes the data and our empirical
strategy. Section 5 details our estimation results. Section 6 investigates non-price effects. Our
conclusions are presented in Section 7. Finally, the Appendix shows further empirical evidence
supporting our results.
2 Background
2.1 A Primer on Cloud Computing
While different cloud computing professionals may disagree on the exact definition of cloud
computing, the essential component of the definition is shared access to infrastructure and
computing capabilities. The US National Institute of Standards and technology (NIST) defines
cloud computing as “. . . a model for enabling ubiquitous, convenient, on demand network access
5
to a shared pool of configurable computing resources.” Often cloud service providers are divided
into three categories; Software as a service (SaaS) which include offerings such as Google Apps
or salesforce.com, Infrastructure as a service (IaaS) providing computing infrastructure such as
Amazon’s AWS or Telefonica Cloud, and Platform as a Service (PaaS) which includes network,
operating system and storage access for sale. Examples include Amazon’s AWS Database
Services, Microsoft’s Azure and Google’s Cloud Platform. Cloud offerings are often also broken
into categories of public, private and hybrid. In the public cloud, many users’ workloads are
shared on the common servers and hardware, application and bandwidth costs are covered by the
provider. In the private cloud, a single user has dedicated private racks of servers and thus, users
have the control of maintaining their own data center. Hybrid offering is a mixture of public
and private. Users maintain control of an internally managed private cloud but still rely on the
public cloud. Without a modifier, “cloud” refers to the public cloud.
There are two key developments that have driven the adoption of cloud computing. The
first is the increase in availability and falling price of high capacity connectivity such as gigabit
Ethernet (and higher). The second is the development of “virtualization,” which allowed the
creation of virtual machines that may reside across several physical machines in a data center.
Virtualization yields significant economies of scale: larger server farms with more machines have
a lower marginal cost of adding virtual machines due to scale efficiencies. Thus, the adoption of
cloud computing allows client firms to rent computing power “on demand” rather than incurring
sunk capital costs. Because usage demands are random and heterogeneous, the cloud operator
can, by virtualization, reap increasing returns to scale by “reselling” capacity and computing
powers. Although this ability varies across data centers, the reader could assume that a cluster
of 24 servers can be resold as up to 300 VMs. Papers with relevance to cloud-computing include
Lerner and Rafert (2015), Lerner (2011), Yoo (2011), and Bayrak et al. (2011).
Because of lowered sunk costs and increased flexibility for end users, the introduction of
cloud computing lowers barriers to entry in many industries. According to Etro (2009), the
adoption of cloud computing could lower economy-wide fixed costs by up to 5%, resulting in
an increase in GDP growth of 0.3% across 27 European countries and the creation of around
430,000 new small and medium enterprises. Thus, any impact of the Snowden revelations on the
6
rate of cloud adoption could potentially have significant macroeconomic impacts. These impacts
are of particular concern to European governments, given the lag of new technology adoption in
Europe compared to US-based enterprises, as documented by Bloom et al. (2012). They find
that the greater adoption and more efficient use of information technology by US firms explains
much of the difference in growth between US and Europe in the 1990s.
2.2 Snowden Revelations and Price War
2.2.1 The Snowden Revelations: PRISM
In June 2013, Edward Snowden revealed the existence of a government surveillance program
code-named PRISM.14 The PRISM program collects “audio and video chats, photographs, e-
mails, documents and connection logs”15 via direct access through the servers of US Service
Providers, AOL, Apple, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, Youtube.16
Historically, PRISM was used as a foreign surveillance program implemented to monitor
terrorists’ communications more efficiently following the September 11 attacks.17 The purpose
of this data aggregation program was to allow law enforcement officials to obtain targeted
communications without having to request data from the service providers. However, the
PRISM revelations have raised a number of privacy concerns. There has been significant policy
blowback since then. Several countries, including Brazil, Germany, and Russia, have passed
“data sovereignty” laws which require that citizens’ and domestic corporations’ data are stored
within their national boundaries and thus insulated from the known NSA intrusion points in the
telecommunications infrastructure. More recently, the European Court of Appeals struck down
the privacy “safe harbor” agreement between the US and the EU. In particular, the Court ruled
that it could not be presumed that US-based firms such as Google, Facebook or Microsoft could
14The Snowden revelations contain several disclosure including the PRISM and Tempora starting from June 6,2013. However, we consider the PRISM revelations as a direct causal mechanism to distort people’s bahaviorstoward the cloud computing services.
15Barton Gellman and Laura Poitras, US, British intelligence mining data from nine US Internet companies inbroad secret program, Washington Post, (June 6, 2013).
16NSA Slides explain the PRSIM data-collection program, Washington Post, (June 6, 2013)http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/?tid=a_inl
17PRISM was authorized under the 2008 Amendment of Section 702 of the Foreign Intelligence SurveillanceAct of 1974 (FISA).
7
sufficiently guarantee to protect an European individual’s right to privacy.18
2.2.2 Price War
Our data set contains estimates of firm revenues by class of cloud services. However, within a
class, there may be many product categories and associated prices. We do not have times series
of firm level prices by product line. However, we do observe one significant price change event.
Isolating the reduction in cloud service utilization from the Snowden revelations is complicated
by changes in prices. However, in this paper, the price war refers to the substantial reduction in
prices of cloud services in the March to May, 2014 period by the major US cloud service providers
- Amazon, Google and Microsoft.19 The price war started from Google’s decision on March 25,
2014 to cut prices 32% across all regions, sizes and classes. On the next day, Amazon matched
Google’s price. The price changes of Google and the AWS were effective on April 1. On March
31, Microsoft cut prices on compute by up to 35% and storage by up to 65%, and the lower price
were effective on May 1.20 Controlling for these steep price cuts is important in estimating the
impact of eroded privacy on the adoption decisions of cloud service consumers.
This reduction in prices is consistent with models of intertemporal competition such as Green
and Porter (1984) and Abreu et al. (1986). When the Snowden revelation occurs, the negative
demand shock hits the cloud computing market. The negative shock lowers demand and the
cloud industry entered a reversionary episode and cut prices. Although this effect is significant,
it is of course a “one off” event.
18Most recently the EU and US have negotiated “Safe Harbor Two” which develops a new framework formoving data to the US. See https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.
-eu-safe-harbor-framework19https://www.battery.com/powered/the-real-story-behind-the-awsgooglemicrosoft-cloud-price-war/20https://azure.microsoft.com/en-us/blog/microsoft-azure-innovation-quality-and-price/
8
3 The Model
3.1 Privacy and Discrete Choice Model of Cloud Adoption
In this section, we specify a simple dynamic model of consumer preferences and explain our
research design. Cloud services are a relatively new technology, beginning in 2009 and are thus
subject to significant uncertainty in the optimal decision rule to delay many firms’ adoption.
Firms face a dynamic decision to adopt a new technology (cloud computing) with costly transition.
In each period, t, the alternatives are to adopt a cloud platform such as AWS or Orange. The
outside option is to remain with current in-house server-based technology. This class of problems
– the choice of when to adopt a new technology has a long history in economics.
Notable contributions include Bernanke (1983) who examines the role of uncertainty in
irreversible investment decisions. Although here the choice is not formally irreversible, there are
significant adjustment costs, in particular, porting data out of a platform and any application
incompatible across platforms. Bernanke shows that uncertainty increases the value of waiting
for new information and thus, it decreases the current rate of investment. The Bernanke optimal
decision rule is as follows:
“Invest in an irreversible project in period t if and only if: Cost of delays ≥ Probability that a
current commitment will be revealed to be a mistake in t+1 times expected cost of the mistake,
given that a mistake is revealed in t+1.” Bernanke (1980)
There is a large empirical literature applying this real option logic based to individual choice
data. Significant contributions include Kellogg (2014), Gowrisankaran and Rysman (2009) and
Dube et al. (2014).
If firms are concerned about NSA spying and data breaches, we can think of the Snowden
revelations as an unexpected shift in the distribution of costs. Hence, both the probability that
a commitment to a US cloud platform is a mistake and the expected cost of that mistake are
increased. Thus we would expect a slowdown in cloud adoption and substitution from US to
non-US cloud platforms.
9
3.2 Full Information Case
Consider a consumer who is deciding whether to invest in cloud platform i at time t. The net
utility per period uit is composed of a benefit fit representing the consumers’ valuations toward
product i, a disutility from price pit, and a disutility from privacy concerns qit.
uit = fit − pit − qit
If a consumer chooses the outside option (i.e. i = 0), none of the cloud products are chosen and
we assume that the corresponding utility is normalized to zero (i.e. u0t = 0). Let β = 11+r denote
the real discount factor. There is an adjustment cost, A of changing platform:
A(t) =
A if you swith in time t
0 if you do not switch
The expected utility U from investing in cloud platform i is as follows:
U =∞∑t=1
βt[uit −A(t)].
Consider the case where a fully revealing signal arrives at time 1 and prices are constant. Thus,
net utility is constant for each option. As a simple example, let us consider two cloud platforms,
x and y. The net utility per period, ux and uy, are ux = fx − px − qx and uy = fy − py − qy. If a
consumer chooses the cloud platform x, the expected utility Ux will be given by
Ux =∞∑t=1
βtux −A
=uxr−A
10
Similarly, if y were chosen, the consumer would receive:
Uy =∞∑t=1
βtuy −A
=uyr−A
Recall utility is zero (i.e. u = 0) if the outside option is chosen. Notice that if utility flows are
constant, you will never switch more than once. Under full information, x is chosen if and only if
ux ≥ rA and ux ≥ uy. The optimal platform choice rule at time 1 is
x, if and only if ux ≥ uy and ux ≥ rA
y, if and only if uy ≥ ux and uy ≥ rA
outside option, otherwise
Let us define ci as ci = pi + qi + rA for i = x, y. Due to the Snowden revelations, the threshold
moves from cx to c′x (c′x > cx) while holding cy constant. To illustrate, consider the case where all
consumers’ valuations fit for the good are uniformly distributed on [0, 1]. There are three cases
with respect to the relative prices of cx, c′x and cy: (1) cx < cy and c′x < cy, (2) c′x > cx > cy and
(3) cx < cy and c′x > cy. The optimal rule, illustrated in Figure 1(a) and Figure 1(b), shows the
impact of the Snowden revelations.
11
Figure 1: Case 1 (cx < cy and c′x < cy)
0 1
1
cy
cx
X1O1
Y1Y2 X2
(a)
fy
fx
0 1
1
cy
cx c′x
O2
Y3
(b)
fy
fx
The area Y3 represents the size of consumers’ migration from platform x to platform y. The
area O2 represents the size of consumers moving from platform x to the outside option.
Area(O2) = (c′x − cx)cy
Area(Y3) = (c′x − cx)(1− cy)
Case 2 and 3 are illustrated in Appendix A.2.
3.3 A Model with Signals
More generally, suppose that the true value, (cx, cy) is not known till the last period, T .
Consumers receive a signal, (xt, yt) about the relative value of each platform in period t where
12
t ≤ T .
xt = cx +εxtn
yt = cy +εytn
εx, εyu∼ (m,m)
We assume that εx and εy are uniformly distributed over (m,m). The shaded regions in Figure 2
show the potential area that a signal (xt, yt) can arrive in period t. A deviation from the true
value depends on time t and the speed of convergence, n. xt and yt approach the true value, cx
and cy as t goes to ∞. That is,
xt → cx and yt → cy as t→∞
As t increases, the size of the shaded region shrinks. This illustrates that the level of accuracy
increases via the updating process.
Figure 2: Shrinkage of Regions
0 1
1
cy
cx
fy
fx0 1
1
cy
cx
fy
fx0 1
1
cy
cx
fy
fx
t increases
13
Figure 3: Shrinkage of Regions
0 1
1
cy
cx
fy
fx
To illustrate the Snowden revelations with signals, we consider two characteristics of the
demand shock in a two platform market: (i) Negativity and (ii) Asymmetry.
(i) Negativity
The Snowden revelations are a negative demand shock to both platform x and y which increases
the thresholds for platform x and y to be chosen over outside good. That is,
εx > 0 and εy > 0
(ii) Asymmetry
The shock to each platform is asymmetric and thus the size of a negative shock to platform x
and the size to y are different. Suppose that the negative effect to platform x is greater than
platform y, i.e.
εx > εy
In our empirical analysis, x is the US-based cloud platform and y is the non-US-based platform.
The shaded triangle in Figure 4(a) is the region satisfying the two above conditions.
14
Figure 4: The Effects of Snowden Revelations at time t
0 1
1
cy
cx
(a)
fy
fx
0 1
1
cy
cx
cy + εy/tn
cx + εx/tn
(b)
fy
fx
0 1
1
cy
cx
0y
0x
yy yx
00 xx
(c)
fy
fx
* (a) implies represents two conditions: negativity and asymmetry. (b) shows when the signal arrives in
the shaded region and (c) describes the impact of the Snowden revelations.
Once a signal arrives, consumers choose a platform which reveals their preferences. At T ,
(cx, cy) will be revealed at which time regret among some consumers may ensure. We can define
the following choice set by consumers’ decision at t and their true value at T :
15
{xx, yy, 00, 0x, 0y, x0, y0, xy, yx}
xx, yy, and 00 are the case that adoption in period t is consistent with the true value. Delay is
defined by the subset of choices, {0x, 0y} and Regret is defined as {x0, y0, xy, yx}. The Snowden
case is illustrated in Figure 4(c). In our simple example, the area of Delay can be calculated as
follows:
SizeDelay =εxtncy +
εytncx +
εxεyt2n
Thus, as in the full information model there will be two effects (i) a slow down in the adoption
of cloud services (increased delay) and (ii) substitution to non-US providers.
4 Data and Empirical Strategy
We use data on cloud service providers’ total revenues collected by Synergy Research,21 a sister
company of Telegeography.22 Synergy publishes quarterly market share reports for the cloud
service market using the Synergy Interactive Analysis Data Base and Research Tool. Their
estimates are based on quarterly surveys and data from service providers as well as Telegeography’s
service provider databases, research, and analysis of financial reports.
We construct a unique panel dataset of 111 cloud service providers from the first quarter
of 2009 to the fourth quarter of 2014. We categorize cloud firms based on the location of each
service provider’s headquarters. According to this categorization, there are 51 US-based firms
and 60 non-US-based firms in our dataset.
Synergy breaks the cloud service industry into four sectors: (a) Cloud Infrastructure which
includes IaaS, PaaS and Private/Hybrid, (b) Rental colocation, (c) Managed hosting, and (d)
CDN. Colocation refers to a common space where firms can install cloud hardware such as
server racks. Managed hosting goes beyond colocation to providing the hardware. CDN refers to
content delivery networks such as Akamai. Content delivery networks provide local hosting of
21https://www.srgresearch.com/22https://www.telegeography.com/
16
content in a distributed server network to accelerate the delivery of web-based content (e.g., New
York Times). Table 1 presents total revenues summary statistics in four sectors.
Table 1: Summary Statistics of Quarterly TotalRevenues ($million)
Worldwide
Variable Mean Std. Dev.
Total Sample 73.83 120.749
Cloud Infrastructures 12.989 62.186
IaaS 6.657 45.335
PaaS 3.389 18.469
Private & Hybrid 2.943 9.000
Rental Colocation 22.695 48.679
Managed Hosting 30.981 60.216
CDN 7.165 34.142
Observations 2664
Source: Synergy Quarterly data between Q1,2009 and
Q4, 2014.
We now address the three challenges in estimating the economic impact of the revelations. To
isolate the causal effects, we use difference in differences (DID) analysis. The Snowden revelations
are an exogenous shock to cloud service providers. If the Snowden revelations affected public
trust in the integrity and security of data held with the US-based cloud firms, consumers would
purchase products less from the US-based cloud firms. In this research, we consider the US-based
cloud computing companies as “treated firms” and the non-US-based cloud computing companies
as the set of control firms. Some may concern if the control group contains affected units as
the Snowden revelations include the Five Eyes’ international surveillance programs. The Five
Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom
and the United States and has developed a series of bilateral agreements from 1946. Members
of this group shared certain classified information on an expedited basis. We constructed the
17
alternative control group excluding 19 firms which have their headquarter23 in four countries,
Australia, Canada, New Zealand and the United Kingdom.
Table 2: Size of Cloud Industry over Time ($ billion)
2009 2010 2011 2012 2013 2014
World-wide 31.037 36.908 43.188 49.766 55.984 63.794
US 9.643 11.534 14.636 17.847 21.949 27.193
Non-US 11.550 13.117 15.263 16.784 17.763 19.403
Cloud Services 1.191 2.010 4.169 6.995 10.855 16.078
IaaS 0.660 0.916 1.963 3.298 5.307 7.939
PaaS 0.270 0.631 1.198 1.915 2.868 4.329
Private & Hybrid 0.260 0.464 1.009 1.782 2.680 3.810
Rental Colocation 10.698 12.536 14.437 16.088 17.308 18.919
Managed Hosting 16.751 19.330 20.972 22.326 22.732 22.892
CDN 2.396 3.032 3.611 4.357 5.089 5.905
Source: Synergy quarterly data from Q1,2009 to Q4, 2014.
To address the rapid growth of the cloud computing industry and the lock-in due to high
adjustment costs, we use the growth rate of cloud provider’s revenue as the dependent variable
in our DID analysis. Table 2 shows how fast the cloud computing industry has grown during the
period, 2009-2014.
Using the level variable of total revenues is likely to violate the parallel trend assumption.
The main underlying assumption of the DID estimator is the parallel trend of the treated and
untreated. Figure 5 presents the total revenue patterns of the US-based firms and non-US-based
firms before the Snowden revelations and shows that the US-based firms have much steeper
trend24. If we used the growth rate, the trends would be more likely to be the parallel and pass
23The location of headquarter plays an important role to distinguish between the control group and thetreatment group in this paper. The Snowden revelations contain the NSA’s surveillance activities with Five Eyes.
24As a falsification, we added the result of the difference in differences using the level variable in Appendix B.1.5.The coefficient of our interest is strictly positive and statistically significant. In other words, there is a positive
18
the parallel trends test. Figure 6 shows the growth rate patterns and Figure 7 presents the
residual of growth rate patterns25 before the Snowden revelations. A series of robustness and
specification checks about the parallel trend assumption are included in our Appendix B.1.
Figure 5: Total Revenue Patterns
* The figures are plotted using only Pre Snowden period (i.e. t ≤ 18)
effect of the Snowden revelations to the US cloud industry. We argue that this is an example of falsification as weincluded the lagged dependent variable, the effect became not significant and the size dropped dramatically.
25Different set of control variables are tested and Figure 7 includes only sector fixed effects.
19
Figure 6: Growth Rate Patterns of Total Revenue
Figure 7: Mean of Residual of Growth Rate
(1) Control variables include sector fixed effects (dummy variables for each sector), trend adjusted
country fixed effects (i.e. dummy variable for each country multiplied by time, t).
(2) The figures are plotted using only Pre Snowden period (i.e. t ≤ 18)
There are two main events in the cloud computing industry: (a) the Snowden revelations
in June, 2013 and (b) the price war occurring towards the end of March, 2014. Based on the
20
two main events, we define three different periods: (a) Pre Snowden, (b) Post Snowden and Pre
Price War (Pre PW) and (c) Post Price War (Post PW). We define Pre Snowden as the period
prior to June 2013, Post Snowden and Pre PW as the period from July 2013 to March 2014, and
Post PW as the period from April 2014 to December 2014. We consider Pre Snowden as the
baseline period and the post-intervention periods of interest are Post Snowden period and Post
Snowden X Pre PW.
Figure 8: Timeline: Snowden Revelations and Price War
In the following section, we estimate the impact of Snowden revelaions using difference in
differences. In addition to DID analysis, we added model-free analysis to provide insights and
also use the fixed effects estimation and the synthetic control method to check the robustness.
5 Empirical Analysis
5.1 Model-Free Analysis
Simple non-parametric methods yield insight into the impact of the Snowden revelations before
proceeding to econometric models. Figure 9 is the histogram-style conditional mean before and
after the Snowden revelations and presents that the US-based cloud firms have slowed down after
the Snowden revelations while the non-US-based firms used the revelations as a chance to recover.
We should be cautious in interpreting the figure as we only focus on three quarters before and
after the Snowden revelations. However, the overall patterns still provide us the entire story and
are consistent with the survey results from Castro (2013). He shows that 56 percent of non-US
21
residents would be less likely to use a US-based cloud computing services as a reaction to the
NSA leaks using a survey by the Cloud Security Alliance.
Figure 9: Conditional Mean of Total Revenue
(1) T=18 indicates Q2 2013 and T=19 indicates Q3 2013
(2) Histogram-style conditional mean; based on cmogram command by STATA.
(3) Using linear spline regresssion, the kinked point is tested. The kinked point at the Snowden
revelations is significant at 5%. See Appendix A.5 for further details.
(4) Pre Snowden in this Figure is three quarters before the Snowden and Post Snowden is three quarters
after Snowden and before the price war.
5.2 Difference in Differences
To evaluate the impact of the Snowden revelations, we calculate the differences in outcomes of
the treated firms compared to the control firms. In our baseline results, the US-based cloud
firms are the treated and the non-US-based cloud firms are the control firms. We define the
dependent variable to be the quarterly growth of the cloud firm’s revenue. The baseline period is
Pre Snowden described in Figure 8, and the post-intervention periods are Post Snowden.
The specification is as follows:
4log(TRit) = β0 + β1USi + β2PostSnowdent + β3USi×PostSnowdent + γj + tγj + θk + δt + εi
22
where i denotes firm, t denotes quarter, j denotes cloud sector, k denotes country, US denotes
US-based firm, and β3 is the DID coefficient.
Table 3 presents the baseline results, along with a series of robustness checks. The results
suggest that there exist a negative and significant impact of the Snowden revelations on the
US-based providers. Results in Column (2) presents that the coefficient of US X Post Snowden
is -0.113 and statistically significant at the 1% level. The results indicate that the growth rate of
the US-based cloud firms was lowered by 11.3%. The difference between Column (1) and Column
(2) is the inclusion of the trend adjusted country fixed effects which are controlling tγj .
Since Post Snowden contains the price war, the effects in Column (1) and Column (2) would
be underestimates. During the price war, consumers face a trade-off between price and the value
of privacy. Estimating the model using only data up to Pre Price War (Column (4) and Column
(5)), we find that the growth had been slowed down by 18.9%.
We already mentioned the possibility that the control contain affected units. This also colud
be a source of underestimation. In Column (3) and Column (6), we excluded 19 firms which
have their headquarter in four countries (Five Eyes), Australia, Canada, New Zealand and the
United Kingdom. Results in Column (3) present that the coefficient of US × Post Snowden
decreases by 2.3% compared to Column (2). Similarly, a comparison of Column (2) and column
(6) indicates that the Snowden effect increases by 1.2% by adjusting the control group. To answer
more questions related to the adequate control group, we use the synthetic control methods as a
robustness check.
Column (7) presents the robustness test including the pre-treatment variable followed by Autor
(2003). The coefficient of Pre Snowden is positive and not statistically significant. Additional
pre-treatment effects are tested in Appendix B.1.3. Column (8) in Table 3 presents the results
with the lagged variable of the dependent variable. Compared with column (2), the coefficient of
US × Post Snowden is consistent.
The next question is how we can convert the damage in the growth rate to revenue losses
in dollars. Our strategy is to construct the hypothetical revenue under the circumstances that
there is no Snowden revelations. Appendix A.6 provides more details about the methodology.
The expected revenue losses in the US cloud computing industry over 6 quarters (from Q3 2013
23
to Q4 2014) are $17.742 billion, based on a 11.3% reduction in the growth rate (Column (2)).
Similarly, the expected losses are $22.723 billion when the growth rate was damaged by 13.6%
(Column (3)).
The magnitude of the economic impact of the Snowden revelations can be compared with
previous literature. Castro (2013) argued that the US cloud computing industry would lose $21.5
to $35 billion26 over the period 2014 to 2016. Forrester Research27 estimated the US losses as
high as $180 billion over the same period. In contrast, others28 hypothesize that firms reacted to
the news by beefing up encryption and security, at a relatively low incremental cost, and that
the resulting losses are therefore negligible. Ferrara et al. (2015) also argues a small effect of the
Snowden revelations based on Forrester’s Business Technographics Global Infrastructure Survey,
2014. Thus, the question remains whether there are any broader and lasting economic impacts
of the NSA’s actions. Some may consider the comparison with the magnitude of other privacy
breaches (e.g., Acquisti et al. (2006), Garg et al. (2003))
26$21.5 billion is calculated under the assumption that the US loses about 10 percent of foreign market toEuropean or Asian competitors and retain the current market share in the US. Similarly, 20 percent of losses inthe foreign market assumption derives $35 billion losses for three years.
27Article, ”The Cost of PRISM Will Be Larger Than ITIF Projects” by James Staten, Aug 14, 2013, http://blogs.forrester.com/james_staten/13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects.
28Article, “Revelations of N.S.A. Spying Cost U.S. Tech Companies,” by Claire Miller, March 21, 2014, NewYork Times,http://www.nytimes.com/2014/03/22/business/fallout-from-snowden-hurting-bottom-line-of-tech-companies.
html?_r=1
24
Tab
le3:
Res
ult
s:D
iffer
ence
inD
iffer
ence
s
Vari
ab
le(1
)(2
)(3
)(4
)(5
)(6
)(7
)(8
)
US×
Post
Sn
owd
en-0
.088
***
-0.1
13**
*-0
.136
***
-0.1
90**
*-0
.189
***
-0.2
02**
*-0
.104
***
-0.1
14**
*(0
.023
)(0
.024
)(0
.022
)(0
.010
)(0
.012
)(0
.013
)(0
.024
)(0
.022
)U
S-0
.037
***
-0.1
31**
*-0
.126
***
-0.0
62**
*-0
.048
***
-0.1
14**
*-0
.126
***
-0.1
35**
*(0
.008
)(0
.010
)(0
.009
)(0
.004
)(0
.004
)(0
.004
)(0
.011
)(0
.012
)P
ost
Sn
owd
en-0
.003
0.03
50.
066*
-0.1
33**
-0.1
35**
-0.1
37*
0.02
20.
042
(0.0
30)
(0.0
33)
(0.0
30)
(0.0
61)
(0.0
62)
(0.0
68)
(0.0
36)
(0.0
39)
Pre
Sn
owd
en0.
038
(0.0
24)
∆log(TR
t−1)
0.49
9**
(0.2
24)
Su
b-P
erio
dP
reP
WP
reP
WP
reP
WS
ub
-Gro
up
Non
FV
EY
Non
FV
EY
Tre
nd
Ad
just
edC
ou
ntr
yF
ixed
Eff
ects
No
Yes
Yes
No
Yes
Yes
Yes
Yes
Ob
serv
atio
ns
2413
2413
1998
2102
2102
1742
2413
2302
Exp
ecte
dL
osse
s($
Bil
lion)
13.5
6917
.742
22.7
237.
339
7.29
67.
861
16.4
6918
.357
(1)
The
dep
enden
tva
riable
isth
egro
wth
rate
of
tota
lre
ven
ue,
i.e.
∆log(T
R).
(2)
***,
**,
and
*re
spec
tivel
yden
ote
signifi
cance
at
the
1p
erce
nt,
5p
erce
nt,
and
10
per
cent
level
s.
(3)
Foll
owin
gB
ertr
an
det
al.
(2004),
we
use
clu
ster
edst
an
dard
erro
rsat
the
gro
up
level
top
rote
ctagain
stfa
lse
posi
tives
an
dro
bu
stst
an
dard
erro
rscl
ust
ered
by
conti
nen
tare
pro
vid
edunder
the
OL
Ses
tim
ate
s.
(4)
All
colu
mn
sin
clu
de
sect
or
fixed
effec
ts,
cou
ntr
yfi
xed
effec
tsan
dqu
art
erfi
xed
effec
ts.
See
Ap
pen
dix
B.1
.1fo
rad
dit
ion
al
resu
lts
wit
h/w
ith
ou
t
fixed
effec
ts.
(5)
Pre
Sn
owd
enis
defi
ned
as
1(t
=18)
wh
ere
t=18
den
ote
son
equ
art
erb
efore
the
Sn
owd
enre
vel
aio
ns
(Q2,
2013).
We
test
ad
dit
ion
al
Pre
Snow
den
effec
ts(e
.g.
1(t
=17),
and
1(t
=16))
inA
pp
endix
B.1
.3.
(6)
Tre
nd
Adju
sted
Countr
yE
ffec
tsare
defi
ned
ast∗
1(cou
ntryID
=i)
fort
=1,..2
4
25
5.3 Fixed Effects Estimation
The difference in differences analysis cannot include firm fixed effects because our variable of
interest would cancel out. So, to check the robustness of our analysis against firm level trends,
we model the growth of total revenue for firm i in quarter t using the following specification:
4log(TRijt) = β0 + β1PostSnowdent × PrePWt + β2PostPWt + αi + εi
The results of this estimation are presented in Table 4. The first three columns focus on the
effects of two main events on the cloud industry for all sectors (cloud infrastructure, rental
colocation, managing hosting and CDN). Column (1) presents the results for all countries. The
results suggest that the growth rate of all cloud firms has been damaged by 12 %. Column (2)
shows the results for the US-based firms. The coefficient of Post Snowden X Pre PW equals
-0.233 and is statistically significant at the 1% level. Similarly, Column (3) presents the results
for the non-US-based firms and the coefficient of Post Snowden X Pre PW is -0.02, which is
much smaller, consistent with our results from the difference in differences results in section 5.
The coefficient of Post PW is negative in Columns (1), (2), and (3) but only significant in the
case of the non-US-based firms (Column (3)).
Columns (4), (5) and (6) present results for the cloud infrastructure sector only. We find
that restricting the analysis to this sector yields greater effects of the two events. The coefficient
of Post Snowden x Pre PW period demonstrates a negative and significant effect of the period
on US-based cloud firms relative to non-US-based firms.
26
Table 4: Results: Fixed Effects Estimation
Cloud Infrastructure Sector Only
All US NonUS All US NonUS
Variable (1) (2) (3) (4) (5) (6)
Post Snowden × Pre PW -0.122*** -0.233*** -0.024 -0.287*** -0.397*** -0.191*
(-3.70) (-3.57) (-1.06) (-4.61) (-3.98) (-2.45)
PostPW -0.103** -0.105 -0.100*** -0.203** -0.211* -0.196*
(-3.12) (-1.62) (-4.42) (-3.25) (-2.12) (-2.51)
Observations 2553 1196 1357 2553 1196 1357
(1) Standard errors are provided under the fixed effects estimates.
(2) The dependent variable is the growth rate of total revenue (i.e. ∆log(TR)).
(3) ***, ** and * respectively denote significance at the 1 percent, 5 percent and 10 percent levels.
5.4 Synthetic Control Approach
A natural concern in our difference in differences results is if the control group contains affected
units. In the quasi-experimental research, selecting a comparison group would be subjective. In
this subsection, we applied synthetic control methods (SCM) (Abadie and Gardeazabal, 2003;
Abadie et al., 2012) as a robustness check. SCM uses a weighted average of control groups and
constructs synthetic control units. We can estimate the counterfactual outcome by employing
a weighted average of the past observable characteristics of the countries before the Snowden
revelations took place.
Figure 10 plots the impact of the Snowden revelation on the US cloud industry. The estimates
display per company total revenues in the US cloud industry and its synthetic counterpart during
the period 2009 Q1-2014 Q4. Our SCM results show that there exists a negative and significant
effect of the Snowden revelations on the US-based cloud providers.
27
Figure 10: Synthetic Control Approach: US versus Synthetic US
(1) Per company total revenues for each country were aggregated as a country-level using the main dataset from
Synergy
(2) The natural logarithm was applied to consider the adoption patterns.
(3) Predictors include ln(GDP), broadband subscription rates, telephone subscription rates, percentage of Internet
users, the number of secured Internet, legal right, inflation, the number of labor force, total population, four lagged
dependent variables.
(4) See Appendix B.2.1 for the details including the synthetic weights, the sources of data and predictor variables.
Another concern is if the eroded privacy is the main channel of the Snowden revelations. We
applied SCM to the other industry’s revenues as a placebo test. Results in Figure 11 present that
there are no significant differences between US and Synthetic US using all industry’s sales data.
28
Figure 11: Placebo Test (All Industry): US versus Synthetic US
(1) The main variable is Production and Sales from OECD and The natural logarithm was applied to consider the
adoption patterns.
(2) Predictors include ln(GDP), broadband subscription rates, telephone subscription rates, percentage of Internet
users, the number of secured Internet, legal right, inflation, the number of labor force, total population, four lagged
dependent variables.
(3) See Appendix B.2.2 for the details including the synthetic weights, the sources of data and predictor variables.
6 Non-price Effects
6.1 Free Trial: A Cross Check with Prices Fixed
As we described earlier, one complicating factor in isolating the impact of the Snowden revelations
is the subsequent price war between the major US platforms - AWS, IBM, Google and Microsoft
Azure. Consistent with the repeated game literature, we suggest that the quality shock- by
lowering demand - may have been causal in triggering the price war, but it is impossible to test
29
this hypothesis with limited observations. However, we can gain further insight into the effect of
the Snowden revelations by examining the usage and adoption of free trials. In particular, we
may adopt this strategy because the trials remain priced at zero over the entire period and thus
concentrating on them, we eliminate the effect of the price changes.
We obtained data on free-trial usage patterns from Microsoft’s Azure platform. Microsoft
allows new users to have a free virtual machine and gives them credits that can be used for
computing services. Amazon AWS and Google Compute have similar offerings, although the
length of the free-trial differs across the platforms. The data below is the normalized value of
free trial usage. That is, we multiply the used Gigabyte by a shadow internal cost under the free
trials and then normalize the data on a 0-100 scale. The shadow prices are constant across time
and so invariant to the price war in the market.
The data clearly shows a significant and dramatic “impulse effect” after the Snowden
revelations. Indeed, usage almost plummets to zero, -even at a price of zero. We also use the
data to estimate the delay in adoption rates, i.e., the amount of time until usage recovers to the
pre revelation levels. The recovery time varies across continents, and equals roughly 6 months on
average. The length of this delay is significant in that it is a shorter span than the time until
the price war, the price war onset at roughly 9 months. Thus, it provides an estimate of the
counterfactual; i.e., how much would cloud adoption have slowed down without the confounding
effect of the price war.
30
Figure 12: Free Trial Usage Patterns
Source: Microsoft Azure
Table 5: Average Delays in AdoptionRates
Continent Recovery Period (Months)
All 6.33
US 6.58
Asia 5.61
Europe 6.02
Source: Microsoft Azure
31
6.2 Privacy and Encryption
To explore changes in privacy and transparency practices, we investigate reports by the Electronic
Frontier Foundation (EFF).29 The EFF publishes annual reports to evaluate major tech companies’
privacy and transparency practices regarding government access to user data from 2011 (Cardozo
and Reitman, 2015; Cardozo and Reitman, 2014; Cardozo and Reitman, 2013). We consider the
EFF’s annual evaluations in 2013 as Pre Snowden period evaluations, and those in 2014 as Post
Snowden period evaluations. The EFF used the same evaluation criteria for both years and,
moreover the EFF’s 2013 report was released on April 30, 2013, a month before the Snowden
revelations.
Table 6 summarizes the changes in 18 online service providers’ privacy and transparency
policies before and after the Snowden revelations. The average number of practices increased
from 3.33 to 4.72 stars out of 6, with the biggest changes for Apple, Verizon, and Yahoo!. In
particular, Verizon started to require a warrant for content, publish transparency reports and
law enforcement guidelines, and fight for users’ privacy rights in Congress just after the Snowden
revelations.
In contrast, the average number of practices increased by only 0.38 (from 1 to 1.38 out of
4)30 for 13 tech companies between 2011 and 2012.
29The Electronic Frontier Foundation (EFF) publishes variety of reports regarding technology, privacy andinnovation as a leading nonprofit organization. www.eff.org
30Appendix A.7 provides more details.
32
Table 6: Privacy and Transparency Practices: Pre Snow-den vs Post Snowden
Company Pre Snowden Post Snowden Changes
Amazon 2 2 0
Apple 1 6 5
AT&T 1 2 1
Comcast 2 3 1
Dropbox 5 6 1
Facebook 3 6 3
Foursquare 4 3 -1
Google 5 6 1
Linkedin 5 5 0
Microsoft 4 6 2
Myspace 3 3 0
Sonic.net 6 6 0
SpiderOak 5 5 0
Twitter 6 6 0
Tumblr 3 5 2
Verizon 0 4 4
Wordpress 4 5 1
Yahoo! 1 6 5
Mean 3.33 4.72 1.39
* EFF’s 2013 and 2014 annual reports, Cardozo and Reitman
(2013) and Cardozo and Reitman (2014).
The details of the changes before and after the Snowden revelations can be found in Table 7.
The most frequent two changes were publishing transparency reports and telling users about
government data requests.
33
Table 7: Privacy and Transparency Practices (Criteria): Pre Snowden vs Post Snowden
1 2 3 4 5 6
Company Pre Post Pre Post Pre Post Pre Post Pre Post Pre Post
Amazon 0 1 0 0 0 0 0 0 1 1 1 0
Apple 0 1 0 1 0 1 0 1 0 1 1 1
AT&T 0 0 0 0 0 1 0 1 0 0 1 0
Comcast 0 0 0 0 0 1 1 1 1 1 0 0
Dropbox 1 1 1 1 1 1 1 1 0 1 1 1
Facebook 1 1 0 1 0 1 1 1 0 1 1 1
Foursquare 1 1 1 1 0 0 1 1 0 0 1 0
Google 1 1 0 1 1 1 1 1 1 1 1 1
Linkedin 1 1 1 1 1 1 1 1 0 0 1 1
Microsoft 1 1 0 1 1 1 1 1 0 1 1 1
Myspace 1 1 0 0 0 0 1 1 1 1 0 0
Sonic.net 1 1 1 1 1 1 1 1 1 1 1 1
SpiderOak 1 1 1 1 1 1 1 1 0 0 1 1
Twitter 1 1 1 1 1 1 1 1 1 1 1 1
Tumblr 1 1 0 1 0 1 1 1 0 0 1 1
Verizon 0 1 0 0 0 1 0 1 0 0 0 1
Wordpress 1 1 1 1 0 1 1 1 0 0 1 1
Yahoo! 0 1 0 1 0 1 0 1 1 1 0 1
Mean 0.7 0.9 0.4 0.7 0.4 0.8 0.7 0.9 0.4 0.6 0.8 0.7
* EFF’s 2013 and 2014 annual reports, Cardozo et al (2013) and Cardozo et al (2014).
* Criteria: (1) requires a warrant for content, (2) tells users about government data requests (3) publishes
transparency reports (4) publishes law enforcement guidelines (5) fights for users’ privacy rights in courts (6)
fights for users’ privacy rights in Congress.
The importance of cryptography has been increased after the revelations of the NSA’s spying
on international fiber-optic communication lines. The EFF started to evaluate 18 online service
34
providers’ level of encryption from November, 2013. The evaluation results are in Appendix A.7.
7 Conclusion
We present empirical evidence about the effect of the Snowden revelations on the cloud computing
industry. We find that the revelations decreased the growth rate of US providers’ revenue by
11.3%. The corresponding expected losses are significantly, around $18 billion. We also examine
the non-price effects of the Snowden revelations using Microsoft’s free trial usage database. Even
at a price of zero, cloud adoption and usage plummeted. Many US providers such as Amazon,
Google and Microsoft responded by increasing privacy and security, and cutting prices. Following
these changes, the growth rate of the US cloud revenue recovered relatively quickly.
Our empirical approach has some limitations. Although underlying mechanism is based in
real option theory, we do not see individual choices under the data and could not estimate a
structural dynamic model. Instead, our strategy is to use DID analysis along with the fixed
effects estimation and the synthetic control method. Although our estimate is large, it is still
conservative and likely underestimated because we do not include other costs such as legal
liabilities, restructuring and dislocation of users’ data.
The main justification of the government surveillance program was to protect US citizen from
potential terrorism. We are of course unable to assess social benefits of such an exercise, not
least because any such information is classified. However, there were real costs to these policies
which induced users to seek alternatives to the US cloud providers. This paper presents evidence
that due to the revelations US providers changed policies enhancing privacy and security. Many
US providers approached this problem by increasing transparency to rebuild users’ trust. Thus,
the transitory losses imposed on US providers may very well be small compared to the longer
term welfare gain enjoyed by consumers due to lower prices and enhanced security.
35
References
Abadie, A., Diamond, A. and Hainmueller, J. (2012), ‘Synthetic control methods for comparative
case studies: Estimating the effect of california’s tobacco control program’, Journal of the
American statistical Association .
Abadie, A., Diamond, A. and Hainmueller, J. (2015), ‘Comparative politics and the synthetic
control method’, American Journal of Political Science 59(2), 495–510.
Abadie, A. and Gardeazabal, J. (2003), ‘The economic costs of conflict: A case study of the
basque country’, American economic review 93(1), 113–132.
Abreu, D., Pearce, D. and Stacchetti, E. (1986), ‘Optimal cartel equilibria with imperfect
monitoring’, Journal of Economic Theory 39(1), 251–269.
Acquisti, A., Friedman, A. and Telang, R. (2006), ‘Is there a cost to privacy breaches? an event
study’, ICIS 2006 Proceedings p. 94.
Acquisti, A., Taylor, C. R. and Wagman, L. (2015), ‘The economics of privacy’, Journal of
Economic Literature, forthcoming .
Autor, D. (2003), ‘Outsourcing at will: The contribution of unjust dismissal doctrine to the
growth of employment outsourcing’, Journal of Labor Economics 21(1), 1–42.
Bass, F. M. (1969), ‘A new product growth for model consumer durables’, Management Science
15(5), 215–227.
Bass, F. M., Krishnan, T. V. and Jain, D. C. (1994), ‘Why the bass model fits without decision
variables’, Marketing science 13(3), 203–223.
Bayrak, E., Conley, J. P., Wilkie, S. et al. (2011), ‘The economics of cloud computing’, The
Korean Economic Review 27(2), 203–230.
Beresford, A. R., Kubler, D. and Preibusch, S. (2012), ‘Unwillingness to pay for privacy: A field
experiment’, Economics Letters 117(1), 25–27.
Bernanke, B. S. (1980), ‘Irreversibility, uncertainty, and cyclical investment’.
36
Bernanke, B. S. (1983), ‘Irreversibility, uncertainty, and cyclical investment’, Quarterly Journal
of Economics 98(1), 85–106.
Bertrand, M., Duflo, E. and Mullainathan, S. (2004), ‘How much should we trust difference-in-
differences estimates’, Quarterly Journal of Economics 119(1), 249–275.
Bloom, N., Sadun, R. and Van Reenen, J. (2012), ‘Americans do it better: Us multinationals
and the productivity miracle’, American Economic Review 102(1), 167–201.
Bonneau, J. and Preibusch, S. (2010), The privacy jungle: On the market for data protection in
social networks, in ‘Economics of information security and privacy’, Springer, pp. 121–167.
Cardozo, Nate, C. C. H. P. H. M. and Reitman, R. (2013), Who has your back?: Which
companies help protect your data from the government?, the eff’s third annual report on online
service providers’ privacy and transparency practices regarding government access to user data,
Technical report, Electronic Frontier Foundation.
Cardozo, Nate, C. C. H. P. O. K. and Reitman, R. (2014), Who has your back?: Protecting
your data from government requests, the eff’s fourth annual report on online service providers’
privacy and transparency practices regarding government access to user data, Technical report,
Electronic Frontier Foundation.
Cardozo, Nate, O. K. and Reitman, R. (2015), Who has your back?: Protecting your data from
government requests, the eff’s fifth annual report on online service providers’ privacy and
transparency practices regarding government access to user data, Technical report, Electronic
Frontier Foundation.
Castro, D. (2013), ‘How much will prism cost the us cloud computing industry?’, Information
Technology and Innovation Foundation .
Dube, J.-P., Hitsch, G. J. and Jindal, P. (2014), ‘The joint identification of utility and discount
functions from stated choice data: An application to durable goods adoption’, Quantitative
Marketing and Economics 12(4), 331–377.
37
Etro, F. (2009), ‘The economic impact of cloud computing on business creation, employment
and output in europe. an application of the endogenous market structures approach to a gpt
innovation’, Review of Business and Economic Literature 54(2), 179–209.
Ferrara, E., Staten, J., Burris, P. and Blackborow, J. (2015), ‘Did prism cause an exodus from
us clouds?’, Forrester Research .
Florek, A. (2014), ‘The problems with prism: How a modern definition of privacy necessarily
protects privacy interests in digital communications, 30 j. marshall j. info. tech. & privacy l.
571 (2014)’, The John Marshall Journal of Information Technology & Privacy Law 30(3), 5.
Garg, A., Curtis, J. and Halper, H. (2003), ‘Quantifying the financial impact of it security
breaches’, Information Management & Computer Security 11(2), 74–83.
Gowrisankaran, G. and Rysman, M. (2009), Dynamics of consumer demand for new durable
goods, Technical report, National Bureau of Economic Research.
Green, E. J. and Porter, R. H. (1984), ‘Noncooperative collusion under imperfect price informa-
tion’, Econometrica 52(1), 87–100.
Kellogg, R. (2014), ‘The effect of uncertainty on investment: evidence from texas oil drilling’,
The American Economic Review 104(6), 1698–1734.
Lerner, J. (2011), ‘The impact of copyright policy changes on venture capital investment in cloud
computing companies’, Computers and Communication Industry Association (CCIA). Available
at http://www. ccianet. org/CCIA/files/ccLibraryFilesFilename/000000000559/Cablevision%
20white% 20paper .
Lerner, J. and Rafert, G. (2015), Lost in the clouds: The impact of changing property rights
on investment in cloud computing ventures, Technical report, National Bureau of Economic
Research.
Marthews, A. and Tucker, C. (2014), ‘Government surveillance and internet search behavior’,
Available at SSRN 2412564 .
38
Preibusch, S. (2013), ‘Guide to measuring privacy concern: Review of survey and observational
instruments’, International Journal of Human-Computer Studies .
Savage, S. and Waldman, D. M. (2013), ‘The value of online privacy’, Available at SSRN 2341311
.
Yoo, C. S. (2011), ‘Cloud computing: Architectural and policy implications’, Review of Industrial
Organization 38(4), 405–421.
39
Appendix
A Additional Material
A.1 Further Details about the Snowden Revelations
On June 5, 2013, the Guardian published a bombshell. Edward Snowden, a National Security
Agency (NSA)31 analyst, had leaked thousands of classified documents that revealed the existence
of the NSA’s domestic spying program using the telecommunications infrastructure.32
First Revelations
The first revelations showed that since late 2001, US telecommunications firms handed over
meta-data on every international phone call to and from the US to the NSA. The Foreign
Intelligence Surveillance Act (FISA) courts had granted this unlimited authority to the FBI
under a secret interpretation of the 2001 USA PATROIT Act. The NSA argued that they did
not look at content. However, critics argued that having access to huge volumes of data on every
individual citizen is an invasion of privacy.
Second Revelations: PRISM
The existence of a surveillance program called PRISM was revealed next.33 The PRISM program
allowed the NSA to obtain targeted communications without having a court request. The goal of
PRISM was to overcome the shortcomings of FISA and track suspected foreign terrorists within
the US.34
31https://www.nsa.gov/32http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order33http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data34FISA required both the sender and receiver of a communication were outside of the US.
i
Figure A1: PRISM Slides
Under PRISM major US technology firms, including AOL, Google, Microsoft, and Yahoo!
handed over emails after requests by the NSA.35
Third Revelations: GCHQ
Further leaks revealed that the NSA, with the British Government Communications Headquarters
(GCHQ),36 had tapped into 200 undersea optic fiber cables handling 600 million telephone events
each day since 2008.37 With most of the world data flowing through these pipes, such tapping
amounted to spying on an unprecedented scale.
35A 41-slide PowerPoint presentation obtained by the Guardian shows the details.http://www.theguardian.com/world/interactive/2013/nov/01/prism-slides-nsa-document
36US and UK intelligence jointly shared collected data with Australia, Canada and New Zealand as the FiveEyes partnership. http://www.theguardian.com/world/2013/jun/22/nsa-leaks-britain-us-surveillance
37http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-world-communications-nsa
ii
A.2 Further Details on Model
In Chapter 3.2, we present three cases with respect to the relative prices of cx, c′x and cy. Figure
1 shows Case 1 where cx < cy and c′x < cy. Figure A2 and Figure A3 shows Case 2 and Case 3
respectively.
Figure A2: Case 2 : cx > cy
0 1
1
cy
cx
X1O1
Y1 Y2
X2
(a)
0 1
1
cy
cx c′x
O2
Y3(b)
iii
Figure A3: Case 3: cx < cy and c′x > cy
0 1
1
cy
cx
X1O1
Y1Y2
X2
(a)
0 1
1
cy
cx c′x
O2
B3
(b)
A.3 Bass Model
We consider the Snowden revelations as a negative and unexpected quality shock to the US-based
firms and focus on how the adoption patterns can be slowed down using a Bass diffusion model.
The Bass model (Bass, 1969 ; Bass et al., 1994) is widely used to show how new products or
technologies are adopted by consumers.
The model breaks consumers into two types. First, ”innovators” are those consumers who
try the new technology regardless of who else may be using it. Second, ”imitators” are those
who decide to purchase the good only after a number of other people are already using it. The
general shape of adoption is that of an S-curve: adoption is slow early on while only innovators
are buying; it picks up rapidly as imitators join in; and then it tapers off as the market becomes
saturated.
iv
The adoption patterns are determined by the following equation:
f(T )
1− F (T )= p+ qF (T )
where f(T ) is the likelihood of purchase at T , p is the coefficient of innovation and q is the
coefficient of imitation.
Figure A4: Adoption Patterns by the Bass Model
(1) p denotes the coefficient of innovation and q denotes the coefficient of imitation, and N denotes the
normalized accumulated adopters.
(2) To back up the number of adopters, we divided the revenue by the average prices changes.
(3) Scenario 1 is calculated using the Bass model and data prior to the Snowden revelations setting p=0.0101,
q=0.1435 and N=38110 by Nonlinear least squares.
(4) Scenario 2 is the case when the coefficient of imitation rate, q, drops to 0.08 and p and N are unchanged.
Results in Figure A4 suggest that the cloud computing industry is still growing but the
snowden revelations shift the adoption curve. Due to the shock by the Snowden revelations the
curve moves from Scenario 1 to Scenario 2. To illustrate the shift, we assume that the innovators
v
behavior is unchanged by the Snowden revelations but the adoption rate of imitators entering
the market is slowed down. In other words, the coefficient of innovation, p is the same but the
coefficient of imitation, q decreased.
A.4 Descriptive Statistics about the Cloud Industry
Table A1: Summary Statistics of Quarterly Total Revenues ($million)
US Non-US
Variable Mean Std. Dev. Mean Std. Dev.
Total Sample 82.374 142.122 66.3 97.561
Cloud Infrastructures 21.042 89.119 5.892 13.075
IaaS 10.868 65.735 2.946 5.518
PaaS 6.607 26.435 0.553 2.987
Private & Hybrid 3.587 11.131 2.375 6.523
Rental Colocation 23.081 61.961 22.354 32.803
Managed Hosting 27.968 61.117 33.636 59.304
CDN 10.283 48.612 4.418 9.753
Observations 1248 1416
Source: Synergy Quarterly data between Q1,2009 and Q4, 2014.
A.5 Spline Regression: Snowden Revelations and Price War
In the body of the paper, we present conditional mean of total revenue before and after the
Snowden revelations. Table A2 shows the results of spline regression. The kinked point at the
Snowden revelations is significant at 5% and the kinked point at the price war is significant at
10% level.
vi
Table A2: Spline Regression
Variable Coefficient St. Dev t stat
Pre Developed -0.004 0.005 -0.81
Pre Snowden 0.003 0.009 0.33
Post Snowden X Pre PW -0.051** 0.026 -1.95
Post PW 0.083 0.047* 1.78
Constant 0.112 0.031** 3.61
(1) Pre developed period is defined as “2009 Q1-2012 Q2.”
(2) Pre Snowden is defined as “2012 Q3-2013 Q1.”
(3) Post Snowden X Pre PW is “2013 Q2-2014 Q1.”
(4) Post PW is “2014 Q2- 2014 Q4.”
(5) Dependent variable is ∆log(TR)
A.6 Methodology: Converting the Damage in Dollars
To convert the damage in the growth rate to revenue loss in dollars, we use the following
methodology.
Suppose that the Snowden revelations occurs at time t0. The actual flows of total revenues for
the US-based cloud firm i are defined as {. . . , yi,t0−1, yi,t0 , yi,t0+1, . . . }. We define the hypothetical
sequence of revenues, {yi,t} for t = t0, t0 + 1, . . . assuming no Snowden revelations. The expected
loss brought about by the Snowden revelations is the differences between the hypothetical flows
of total revenues and the actual flows of total revenues. Let L denote this loss. Then
L =
N∑i=1
T∑t=t0
yi,t −N∑i=1
T∑t=t0
yi,t
Let gi,t denote the the actual growth rate and gi,t denote the hypothetical growth rate that would
would occur if there were no Snowden revelations. Then
gi,t =yi,t − yi,t−1yi,t−1
≈ ∆log(yi,t)
vii
yi,t0 = yi,to−1(1 + gt0)
˜yi,t0 is the hypothetical total revenue for firm i when the Snowden revelations arrive.
˜yi,t0 = yi,t0−1(1 + gt0)
= yi,t0−1(1 + gt0 + γ)
where γ is the growth lost by the Snowden revelations. Based on the results of Table 3, our
estimates for γ are 11.3% (Column (2)) and 18.9% (Column (5)) respectively. The expected
revenue loss in the US cloud computing industry due to the Snowden revelations can thus be
calculated as $18.072 billion, based on a 11.3% reduction in the growth rate. Similarly, the
expected loss from Q3 2013 to Q1 2014 is $11.094 billion when the growth rate was damaged by
18.9% before the price war.
A.7 Further Details on the Changes in Practices, Policies and Encryption
In this subsection, we provide further details on the changes in practices, polices, and encryption.
There are slight changes in EFF’s criteria between 2012 and 2013 and listed in Table A3.
In Table 7, there was a huge improvement in privacy and transparency practices before and
after the Snowden revelations. Table A4 presents the changes between 2011 and 2012. The
evaluations have been conducted by the EFF and the changes are negligible.
The EFF started to evaluate 18 online service providers’ level of encryption from November,
2013. Table A5 shows the evaluation results based on five criteria: (1) encryption of data center
links, (2) supporting HTTPS, (3) supporting HTTPS Strict (HSTS), (4) forward secrecy, and (5)
STARTTLS. The results reveal that only 44 % of 18 tech companies encrypt data center links,
and that “supporting https” has been relatively well completed.
viii
Table A3: EFF’s Criteria to Access Company Practices and Policies
2011 & 2012 2013 & 2014
1 Tell users about data demand Requires a warrant for content
2 Be transparent about government requests Tells users about government data requests
3 Fight for user privacy in the court Publishes transparency reports
4 Fight for user privacy in Congress Publishes law enforcement guidelines
5 Fights for users’ privacy rights in courts
6 Fights for users’ privacy rights in Congress
ix
Table A4: Privacy and Transparency Practices: 2011 vs. 2012
2011 2012 changes 1 2 3 4 1 2 3 4
Amazon 2 2 0 0 0 1 1 0 0 1 1
Apple 1 1 0 0 0 0 1 0 0 0 1
AT&T 1 1 0 0 0 0 1 0 0 0 1
Comcast 0 1 1 0 0 0 0 0 0 1 0
Dropbox 1 3 2 0 0 0 1 1 1 0 1
Facebook 1 1.5 0.5 0 0 0 1 0 0.5 0 1
Google 3 3 0 0.5 0.5 1 1 0.5 0.5 1 1
Microsoft 1 1 0 0 0 0 1 0 0 0 1
Myspace 0 0 0 0 0 0 0 0 0 0 0
Skype 0 0 0 0 0 0 0 0 0 0 0
twitter 2 3.5 1.5 1 0.5 0.5 0 1 0.5 1 1
Verizon 0 0 0 0 0 0 0 0 0 0 0
Yahoo! 1 1 0 0 0 1 0 0 0 1 0
Mean 1.00 1.38 0.4 0.1 0.1 0.3 0.5 0.2 0.2 0.4 0.6
EFF’s Annual Report in 2012: https://www.eff.org/who-has-your-back-2012
EFF’s Annual Report in 2011: https://www.eff.org/who-has-your-back-2011
x
Table A5: Crypto Survey Results from EFF’ encrypt the web report
1 2 3 4 5 Score
Encrypt data Supports HTTPS Strict Forward STARTLS
center links HTTPS (HSTS) Secrecy
Amazon 0 0 0 0 0 0
Apple 0 1 0 0 0 1
AT&T 0 0 0 0 0 0
Comcast 0 0 0 0 0 0
Dropbox 1 1 1 1 1 5
Facebook 1 1 1 1 1 5
Foursquare 0 1 1 0 0 2
Google 1 1 1 1 1 5
Linkedin 0 1 1 1 1 4
Microsoft 1 1 1 1 1 5
Myspace 0 1 0 0 0 1
Sonic.net 1 1 1 1 1 5
SpiderOak 1 1 1 1 1 5
twitter 1 1 1 1 1 5
tumblr 0 1 1 1 0 3
Verizon 0 0 0 0 0 0
Wordpress 0 1 0 0 0 1
Yahoo! 1 1 1 1 1 5
Mean 0.44 0.78 0.61 0.56 0.50 2.89
* Source: EFF’s encrypt the web reports
xi
B Additional Results and Robustness Checks
B.1 General Robustness and Specification Checks
This section provides a series of robustness and specification checks to our baseline results.
Robustness and specification checks mainly focus on testing DID’s underlying assumptions
including parallel trends.
B.1.1 Additional Results to the Main Results
Table B1: Results: Difference in Differences (Entire Periods)
Variable (1) (2) (3) (4) (5)
US 0.001 -0.026* -0.037*** -0.037*** -0.131***
(0.011) (0.014) (0.008) (0.008) (0.010)
Post Snowden -0.054** -0.052** -0.053** -0.003 0.035
(0.022) (0.022) (0.023) (0.030) (0.033)
US × Post Snowden -0.075*** -0.088*** -0.087*** -0.088*** -0.113***
(0.022) (0.023) (0.023) (0.023) (0.024)
Sector Fixed Effects No Yes Yes Yes Yes
Country Fixed Effects No No Yes Yes Yes
Quarter Fixed Effects No No No Yes Yes
t × Country Fixed Effects No No No No Yes
Observations 2413 2413 2413 2413 2413
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue, i.e. ∆log(TR).
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
xii
Table B2: Results: Difference in Differences (Pre PW Periods)
Variable (1) (2) (3) (4) (5)
US 0.001 -0.025* -0.062*** -0.062*** -0.048***
(0.011) (0.013) (0.004) (0.004) (0.004)
Post Snowden -0.017* -0.016* -0.016* -0.133** -0.135**
(0.008) (0.009) (0.009) (0.061) (0.062)
US × Post Snowden -0.178*** -0.190*** -0.190*** -0.190*** -0.189***
(0.008) (0.010) (0.010) (0.010) (0.012)
Sector Fixed Effects No Yes Yes Yes Yes
Country Fixed Effects No No Yes Yes Yes
Quarter Fixed Effects No No No Yes Yes
t × Country Fixed Effects No No No No Yes
Observations 2102 2102 2102 2102 2102
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue, i.e. ∆log(TR).
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
B.1.2 Robustness to the Inclusion of the Lagged Dependent Variables
The DID estimator requires the average outcome for treated and untreated have the same parallel
trends. One of our concerns is that differences in observed characteristics create non-parallel
outcomes dynamics for the treated and controls. To test it, we included lagged dependent
variables as robustness checks. If the variable of our interest changes significantly, we can consider
the semi-parametric DID suggested by Abadie et al. (2015).
Table B3 presents the results for robustness checks to the inclusion of the lagged dependent
variables. Column (1) is the main results with the baseline specification. In Column (2), we
included ∆log(TRt−1). The coefficient on US × Post Snowden slightly decreases but there
is no noticeable difference between Column (1) and (2). In Column (3), both ∆log(TRt−1)
and ∆log(TRt−2) are included and in Column (4), we include ∆log(TRt−1), ∆log(TRt−2),
xiii
∆log(TRt−3). In terms of the statistical significance and the size of coefficient on US × Post
Snowden, The results are robust.
We conducted the similar robustness checks focusing on Pre PW. Table B4 presents the
results for the robustness to the inclusion of the lagged dependent variables. The difference of
the coefficients on US × Post Snowden is even smaller and the results are robust.
Table B3: Robustness to the Inclusion of the Lagged Dependent Variables(Entire Periods)
Variable (1) (2) (3) (4)
US -0.131*** -0.135*** -0.145*** -0.188***
(0.010) (0.012) (0.013) (0.015)
Post Snowden 0.035 0.042 0.043 0.101
(0.033) (0.039) (0.033) (0.032)
US × Post Snowden -0.113*** -0.114*** -0.118*** -0.127***
(0.024) (0.022) (0.020) (0.020)
∆log(TRt−1) 0.499** 0.466 0.516
(0.224) (0.278) (0.303)
∆log(TRt−2) 0.168* 0.189*
(0.096) (0.093)
∆log(TRt−3) -0.025
(0.074)
Sector Fixed Effects Yes Yes Yes Yes
Country Fixed Effects Yes Yes Yes Yes
Quarter Fixed Effects Yes Yes Yes Yes
t × Country Fixed Effects Yes Yes Yes Yes
Observations 2413 2302 2191 2080
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue, i.e. ∆log(TRt).
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
xiv
Table B4: Robustness to the inclusion of the Lagged Dependent Variable (PrePrice War)
Variable (1) (2) (3) (4)
US -0.048*** -0.044*** -0.037*** -0.061***
(0.004) (0.005) (0.005) (0.006)
Post Snowden -0.135** -0.137*** -0.142** -0.093*
(0.062) (0.045) (0.057) (0.054)
US × Post Snowden -0.189*** -0.187*** -0.191*** -0.196***
(0.012) (0.014) (0.013) (0.013)
∆log(TRt−1) 0.444 0.399 0.445
(0.257) (0.322) (0.355)
∆log(TRt−2) 0.168* 0.185**
(0.094) (0.085)
∆log(TRt−3) -0.032
(0.060)
Sector Fixed Effects Yes Yes Yes Yes
Country Fixed Effects Yes Yes Yes Yes
Quarter Fixed Effects Yes Yes Yes Yes
t × Country Fixed Effects Yes Yes Yes Yes
Observations 2102 1991 1880 1769
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue, i.e. ∆log(TRt).
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
xv
B.1.3 Robustness Check: Pretreatment
To check the robustness, results in Table B5 present the pre-treatment effect. Column (1) presents
our baseline results. In Column (2), we evaluate if there exists any pre-treatment effects one
quarter before the Snowden revelations took place. The coefficient of US × Pre Snowden (T=18)
is 0.038 and it is not statistically significant. Similar results are shown in Column (3) and (4).
Table B5: Robustness Check with Pretreatment
Variable (1) (2) (3) (4)
US -0.131*** -0.126*** -0.123*** -0.123***
(0.010) (0.011) (0.012) (0.013)
Post Snowden 0.035 0.022 0.015 0.014
(0.033) (0.036) (0.039) (0.043)
US × Post Snowden (t > 18) -0.113*** -0.104*** -0.098*** -0.097***
(0.024) (0.024) (0.025) (0.028)
US × Pre Snowden (t = 18) 0.038 0.043 0.044
(0.024) (0.026) (0.031)
US × Pre Snowden (t = 17) 0.021 0.022
(0.014) (0.017)
US × Pre Snowden (t = 16) 0.002
(0.022)
Observations 2413 2413 2413 2413
(1) T=18 implies Q2, 2013, T=17 denotes Q1, 2013 and T=16 is Q4, 2012.
(2) Robust standard errors clustered by continent are provided under the OLS estimates.
(3) The dependent variable is the growth rate of total revenue, i.e. ∆log(TR).
(4) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
(5) All results include sector FE, country FE, quarter FE and trend adjusted country FE
xvi
B.1.4 Robustness Checks without the Five Eyes
In this section, we have a different control group as robustness checks. Some concern that the
Snowden revelations include the Five Eyes’ international surveillance programs. The Five Eyes
is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and
the United States and has developed a series of bilateral agreements from 1946. If a fraction
of the control group is under effect of the Snowden revelations, our baseline results would be
underestimated. In our data, there are 19 firms which have their headquarter in four countries,
Australia, Canada, New Zealand and the United Kingdom and we excluded them from the
control group in the following table.
Table B6: Robustness Checks with Non-Five Eyes from the Control group
Entire Pre PW
Control NonUS NonFVEY NonUS NonFVEY
Variable (1) (2) (3) (4)
US -0.131*** -0.126*** -0.048*** -0.114***
(0.010) (0.009) (0.004) (0.004)
Post Snowden 0.035 0.066** -0.135** -0.137*
(0.033) (0.030) (0.062) (0.068)
US × Post Snowden -0.113*** -0.136*** -0.189*** -0.202***
(0.024) (0.022) (0.012) (0.013)
Observations 2413 1998 2102 1742
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the total revenue.
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
(4) All results include sector fixed effects, country fixed effects, quarter fixed effects and trend adjusted
country fixed effects.
xvii
B.1.5 Specification Checks: Alternative Regression Model
In our baseline results, we use the growth rate of total revenues instead of level variables since the
total revenue patterns are different between US-based firms and non-US-based firms before the
Snowden revelations. Table B7 and Table B8 present the results with the level variable of firm’s
total revenue as the dependent variable. Due to a violation of the parallel trend assumption, the
results are opposite and there is a positive and significant effect of the Snowden revelations on
the US-based firms. This is one example of the incorrect specification. Table B9 also provides
some evidence of the incorrect specifications as the results change dramatically with the lagged
dependent variables.
Table B7: Specification Check with the Different Dependent Variable (Entire Periods)
Variable (1) (2) (3) (4) (5)
US 12.685 24.490** 55.282*** 55.900*** 27.404***
(14.798) (9.641) (5.277) (5.321) (7.783)
Post Snowden 18.513*** 17.813*** 17.785*** 54.177*** 89.251***
(5.532) (5.054) (5.195) (12.124) (10.670)
US × Post Snowden 43.066*** 50.804*** 51.101*** 51.744*** 29.461***
(7.070) (5.444) (5.587) (5.561) (9.244)
Sector Fixed Effects No Yes Yes Yes Yes
Country Fixed Effects No No Yes Yes Yes
Quarter Fixed Effects No No No Yes Yes
T × Country Fixed Effects No No No No Yes
Observations 2524 2524 2524 2524 2524
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the total revenue
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
xviii
Table B8: Specification Check with the Different Dependent Variable (Pre PW Periods)
Variable (1) (2) (3) (4) (5)
US 13.110 27.420*** 59.765*** 59.765*** 31.622***
(13.988) (8.920) (5.308) (5.308) (5.864)
Post Snowden 17.522*** 17.032*** 44.188*** 44.188*** 76.255***
(5.199) (4.676) (8.216) (8.216) (3.376)
US × Post Snowden 26.885*** 34.542*** 35.579*** 35.579*** 14.877***
(5.181) (4.605) (4.675) (4.675) (4.156)
Sector Fixed Effects No Yes Yes Yes Yes
Country Fixed Effects No No Yes Yes Yes
Quarter Fixed Effects No No No Yes Yes
Trend Adjusted Country Fixed Effects No No No No Yes
Observations 2102 2102 2102 2102 2102
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue.
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
xix
Table B9: Specification Check with the Lagged Dependent Variable ofTR (Entire Period)
Variable (1) (2) (3) (4)
US 55.900*** -2.232 -2.564* -2.400
(5.321) (1.681) (1.345) (1.394)
Post Snowden 54.177*** -1.144 -2.909 -2.628
(12.124) (1.062) (1.964) (2.054)
US × Post Snowden 51.744*** 1.020** 1.095 0.796
(5.561) (0.464) (0.730) (0.625)
∆log(TRt−1) 1.057*** 0.969*** 0.986***
(0.018) (0.212) (0.179)
∆log(TRt−2) 0.094 0.203
(0.207) (0.251)
∆log(TRt−3) -0.133
(0.084)
Sector Fixed Effects Yes Yes Yes Yes
Country Fixed Effects Yes Yes Yes Yes
Quarter Fixed Effects Yes Yes Yes Yes
Observations 2524 2413 2302 2191
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the total revenue.
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
B.1.6 Patterns of Firm Entry and Exit and Additional Results
During the periond from Q1, 2009 to Q4, 2014, there are 9 exiting firms. Among 9 exiting firms,
7 firms (2 Non-US-based firms and 5 US-based firms) exited after the Snowden revelations. When
firms exit the cloud computing market at time t, the total revenue at time t is captured as 0 in
our data set. In that case, the dependent variable, ∆log(TRt) is a missing variable as log(TRt)
xx
cannot be defined. We consider that firm’s decision to exit the cloud computing market could be
affected by the Snowden revelations. In the baseline results, we treat the dependent variable
for the exited firms as −log(TRt−1). In this robustness section, Table B10 presents additional
results to treat the exited firms’ growth as missing values. The results show the Snowden effect
is still negative and statistically significant to the US cloud computing industry. However, the
size of losses is smaller than our baseline results.
xxi
Table B10: Additional Results without Exiting Firms
Variable (1) (2) (3) (4) (5) (6)
US × Post Snowden -0.021** -0.017 -0.030*** -0.028** -0.015* -0.019*
(0.009) (0.010) (0.008) (0.012) (0.008) (0.010)
US -0.036*** -0.036*** -0.110*** -0.114*** -0.033*** -0.033***
(0.005) (0.005) (0.003) (0.003) (0.005) (0.006)
Post Snowden -0.007 -0.006 0.010 0.011 -0.015 -0.011
(0.019) (0.024) (0.016) (0.027) (0.017) (0.015)
Pre Snowden 0.024
(0.021)
∆log(TRt−1) 0.149
(0.103)
Sub-Period Pre PW Pre PW
Sub-Group Non FVEY Non FVEY
Observations 2404 2096 1990 1736 2404 2293
(1) Robust standard errors clustered by continent are provided under the OLS estimates.
(2) The dependent variable is the growth rate of total revenue, i.e. ∆log(TR).
(3) ***, **, and * respectively denote significance at the 1 percent, 5 percent, and 10 percent levels.
(4) All columns include sector fixed effects, country fixed effects, quarter fixed effects and trend adjusted
country fixed effects.
(5) Pre Snowden is defined as 1(t = 18) where t=18 denotes one quarter before the Snowden revelaions
(Q2, 2013).
xxii
B.2 Further Details on the Synthetic Control Method
B.2.1 Additional Results on the Synthetic Control Method
In Section 6.2, we used synthetic control methods as the robustness checks. We construct
the aggregated country-level data using the original firm-level dataset from Synergy. Table
B11 describes the number of firms in each country and revenue per firm. In our analysis,
natural logarithm was used to consider the characteristics of adoption patterns and mitigate the
differences between the control and the treated.
xxiii
Table B11: Summary Statistics for Synthetic Control Method (Pre Snowden)
Country Number of Firms Revenue per Firm (TR) log(TR)
Australia 7 22.16 6.12
Canada 3 22.76 7.61
China 8 42.44 7.45
France 2 121.27 8.45
Germany 2 120.40 7.89
Hong Kong 1 13.59 7.03
India 5 20.67 7.48
Italy 3 55.81 7.90
Japan 9 135.16 8.97
Korea (South) 2 43.51 8.14
Luxembourg 1 9.59 6.76
Netherlands 2 100.75 9.18
Russia 1 1.29 4.70
Singapore 1 134.53 9.46
Spain 1 117.69 9.34
Switzerland 1 60.82 8.59
Taiwan 1 19.48 7.50
United Kingdom 9 58.13 7.20
United States 52 75.00 7.15
Table B12 presents the synthetic weights for the US cloud industry and Table B13 shows the
predictor variables.
xxiv
Table B12: Synthetic Weights for the United States
Synthetic Synthetic
Country Control Weight Country Control Weight
Australia 0.157 Korea 0
Canada 0 Luxembourg 0
China 0.18 Netherlands 0
France 0 Russia 0.007
Germany 0 Singapore 0
Hong Kong (China) 0 Spain 0
India 0 Switzerland 0
Italy 0 Taiwan 0
Japan 0.16 United Kingdom 0.656
xxv
Table B13: Predictor Means Before the Snowden Revelations
US Average of
Variables Real Synthetic 18 control countries
Ln(GDP) 30.38 28.64 28.00
Broadband Subscription 28.04 27.41 27.05
Telephone Subscription 45.65 46.31 43.86
Internet Users 74.58 76.01 70.10
Secured Internet 448166.30 66249.95 30985.95
Legal Right 9.25 8.72 6.27
Inflation 1.86 3.13 2.62
Labor Force (million) 312 164 134
Total Population (million) 312 288 259
Ln(Total Revenue), 2013 Q2 7.97 7.87 8.11
Ln(Total Revenue), 2013 Q1 7.89 7.75 8.08
Ln(Total Revenue), 2012 Q4 7.62 7.70 8.08
Ln(Total Revenue), 2009 Q3 6.34 6.51 7.46
Sources of Data: OECD
xxvi
B.2.2 Additional Results: Placebo Test
Some may concern if the channel of our results would not be the eroded privacy due to the
Snowden revelations. As a robustness check, we applied the Synthetic Control Method to the all
other industry’s revenues.
Table B14: Synthetic Weights for the United States
Synthetic Synthetic
Country Control Weight Country Control Weight
Australia 0 Korea 0
Canada 0 Luxembourg 0
France 0 Netherlands 0
Germany 0.807 Russia 0.007
India 0.184 Spain 0
Italy 0 Switzerland 0
Japan 0.009 United Kingdom 0
xxvii
Table B15: Predictor Means Before the Snowden Revelations
US Average of
Variables Real Synthetic 14 control countries
Ln(GDP) 30.375 28.774 28.130
Broadband Subscription 28.044 26.761 28.082
Telephone Subscription 45.650 50.978 46.654
Internet Users 74.580 68.587 73.366
Secured Internet 448166.300 64724.670 64749.530
Legal Right 9.250 7.026 6.406
Inflation 1.855 3.115 2.580
Labor Force (million) 158 121 66.3
Total Population (million) 312 291 150
Ln(Revenue), 2013 Q2 4.678 4.676 4.613
Ln(Revenue), 2013 Q1 4.675 4.669 4.611
Ln(Revenue), 2012 Q4 4.668 4.667 4.641
Ln(Revenue), 2009 Q3 4.548 4.513 4.548
xxviii