NSA surveillance program scares US cloud users

The Cloud Security Alliance (CSA) survey found that 10% of the 207 executives of non-US companies had canceled contracts with U.S. service providers and 56% of the non-US respondents were hesitant about working with us cloud service providers after the U.S. Security Agency's surveillance program was exposed last month. CSA is a non-profit organization with more than 48,000 individual members.

According to the CSA survey, more than half of the 456 company representatives in the US, Europe and Asia said they did not want to use the US cloud services because they feared the US government would steal their data through cloud services.

The US surveillance program, known as the prism, was leaked to reporters last month by Edward Snowden, a former U.S. security agency employee, who is now seeking political asylum from Russia and other countries to escape the US prosecution.

Only three of the 10 respondents said the Snowden leaks would not affect their use of US cloud services.

From June 25 to July 9, CSA launched a network survey to understand the impact of the Snowden leaks on US cloud companies.

"People are more skeptical than I thought, I thought people knew exactly what was happening in their country," said Jim Reavis, partner and director of CSA. "The vast majority of respondents think the government should disclose the Foreign Intelligence Surveillance Act (FISA), and announce what user data the government gets from US internet companies.

Both American and foreign respondents agreed that the United States should publish more information about specific service providers that provide government users with data.

Google, Microsoft, Yahoo and other companies have been involved in the U.S. "Prism Gate" incident, now these companies for their own interests, the government to allow them to disclose the details of the FISA. Cloud service providers are still barred from publishing the information.

From the CSA survey, users expect cloud service providers to exert pressure on the U.S. government to publicize the process of acquiring user data. Most respondents said they should be allowed to disclose how much user information the NSA and the FBI have received from them, what information they have, and how much information the cloud companies have provided them. In fact, Reavis says, every respondent feels that cloud companies should at least provide some information about their work at this stage.

The June Snowden leaks revealed a global focus on US surveillance by the US National Security Agency, which collects large amounts of phone metadata and user records from large web companies. The NSA, the FBI and the Obama administration insist that data monitoring complies fully with U.S. legal provisions and is also an important U.S. initiative to combat terrorism.

Others argue that such data-monitoring practices in the United States are a threat to privacy, and that the Constitution has the right to oppose such unwarranted investigative actions.

The revelations have again raised concerns in Europe and elsewhere about the US Patriot Act and other anti-terrorism bills, which are mainly used by the US government to obtain user data from ISPs.

FISA authorization of the monitoring scope is not limited to communication interception. In a European Union report, which says it covers all data in the cloud, EU policymakers believe FISA's threat to EU data sovereignty has so far been more serious than other bills.

Following the revelations, the European Parliament voted to investigate the impact of the NSA's monitoring program on the privacy and civil rights of European citizens involved in the incident, and to get more information from U.S. authorities.

--f-secure, a Finnish vendor offering a range of security services, has also been affected by the leaks.

"Since the Prism Gate incident of June, prospective analysts in Europe, the Middle East and Asia have been concerned about whether our company is still operating in the United States, or whether we keep our customer data in the US," F's chief investigator, Mikko Hypponen said.

"Many users now do not want to buy cloud services from the US or NATO member states," Hypponen said. "There are also many users who do not want to buy the cloud services in China, Russia or Israel, which is the best option for a program provider from a completely neutral country." (Compile/Wang Ne)