But where would these multinationals go? Haven't we seen that the arms of the US Government stretch across the globe? Wouldn't continued lobbying of the government and eventual reform be a simpler and cheaper solution?
It's extremely unlikely imho that surveillance capabilities will be ceded by any of the nations that now possess them. More importantly, the trust that's been lost can't be regained even if the wheels of politics eventually grind out some kind of compromise. So waiting for a political resolution doesn't look like a great option. What I expect to happen is for the engineering community to push more secure protocols forward (for example, a rejuvenation or successor of IPsec) to guarantee more secure communication. Individual nations will then need to decide if their citizens have a right to real privacy, or just the right to be lied to about privacy. Multinational corporations have some flexibility in terms of where and how they do business, but they have to acquiesce to whatever local laws apply in the countries where they operate - with their own statement of ethics being some kind of baseline, hopefully. One protection afforded companies based in say, the EU, is that they're under less obligation to backdoor their products under threat of the US et al. That gives them a better position of trust with the EU market base. Of course, their products destined for the US market may well be customised to accommodate CALEA etc. Open source projects and foundations on the other hand operate practically outside the purview of traditional government, it seems. They're decentralized, and the source is open, so... although it has happened but it's quite hard to get a backdoor into the codebase. It will take a long time to sort out but basically I expect things like Firefox OS, Ubuntu Mobile, and self-hosted "cloud" solutions (cozy.io) to take at least some market share from proprietary predecessors.