A summer-long drumbeat of revelations about government online spying has put some of Silicon Valley's biggest companies in an increasingly uncomfortable bind: While national security rules limit what they can say, Google (GOOG), Facebook and other tech giants are struggling to reassure customers that their information is secure.
Last week's reports about U.S. and British efforts to crack Internet encryption only added more pressure on the industry to distance itself from those government programs -- whether by quietly beefing up internal security defenses or publicly suing the United States government, say analysts and industry officials.
"Consumers are concerned. No matter what the companies say, the question is going to be: 'Is there something you're not telling us?' And they can't answer that question," said Daniel Castro, a senior analyst at the nonprofit Information Technology and Innovation Foundation. He estimates the spying revelations could cost U.S. tech companies up to $35 billion in lost revenue because of eroding customer trust.
Leading Internet companies pushed back on Monday, as Facebook and Yahoo (YHOO) followed Google and Microsoft in filing lawsuits that seek court permission to reveal more information about the quantity and kinds of data they have been required to share with the National Security Agency or other authorities.
News reports about the NSA programs have included many "false and misleading stories about Google's alleged involvement in such activities," the Internet search giant complained in a new legal filing, which said the reports are causing "substantial harm to Google's reputation and business."
"The actions and statements of the U.S. government have not adequately addressed the concerns of people around the world about whether their information is safe and secure with Internet companies," added Colin Stretch, Facebook's general counsel, in a blog post announcing a similar filing.
The legal petitions expand on earlier lawsuits filed in June by Google and Microsoft, which initially sought permission to disclose how many national security-related demands they receive. All four companies are now asking to report on more aspects of those demands, such as how many times the government sought the contents of Internet communications as opposed to message times, user names or IP addresses.
In part, the companies say they want to show that such demands involve a very small number of users and data, relative to the billions of people around the world who use their services.
Internet companies have vehemently denied initial news reports that said the government's PRISM surveillance program gave authorities the ability to tap "directly" into the companies' networks or servers. But subsequent reports, mostly based on documents leaked by former NSA contractor Edward Snowden, have implied that intelligence agencies somehow get access to a wide range of Internet communications -- although those reports generally haven't specified how the information is obtained.
Those reports are "absolutely a concern" because they may lead to an erosion of trust in the Internet and in "the global credibility" of U.S.-based Internet companies, said Ed Black, CEO of the Computer and Communications Industry Association, a leading trade group.
Some foreign tech companies are already touting privacy and security features as an alternative to U.S.-based services, said Joseph Lorenzo Hall, a senior staff technologist at the nonprofit Center for Democracy and Technology. He added: "If U.S. products or services are seen to be fundamentally tainted, competent businesses will seek those services elsewhere."
New reports last week revealed the U.S. and British governments have found ways to crack Internet encryption methods used around the world. The reports said those efforts involved a combination of cooperation, legal coercion and even secret hacking into the systems of unnamed tech companies.
That prompted more expressions of outrage by tech firms. "We are unaware of and do not participate in such an effort, and if it exists, it offers substantial potential for abuse," a Yahoo spokesperson said.
Just days after the New York Times and Guardian newspapers revealed the government's encryption-cracking program, the Washington Post reported last week that Google has accelerated an internal effort to encrypt all data traffic between its server farms.
Sources familiar with Google's effort said it's a year-old program intended to guard against rogue hackers and criminals as well as unauthorized incursions by any nation's government. Google, however, decided to speed up installing the encryption system in June, after the company was rocked by the initial NSA leaks.
Various encryption systems, which have also been adopted by Facebook and other companies, can be a barrier to surveillance, analysts agree. But as Hall noted, the technology may not stop government data demands that come with the force of law.
Last week's reports, meanwhile, also described government efforts to exploit vulnerabilities or even build "back doors" in encryption chips, computer hardware and networking software from unnamed tech companies. Castro said that expands the field of companies whose products are potentially tainted by implication.
"So now it's not just Internet companies that have a target on their backs," he added.
Mercury News staff writer Steve Johnson contributed to this report. Contact Brandon Bailey at 408-920-5022; follow him at Twitter.com/BrandonBailey