That's according to an independent survey of 300 British and Canadian small businesses, commissioned by cloud hosting firm Peer 1 Hosting. The study finds over a fifth of UK firms and one-third of their Canadian counterparts are relocating their information away from US-based data centres because of the NSA intelligence agency scandal, revealed last summer by whistleblower Edward Snowden.
The survey comes ahead of US President Obama announcing a new policy on mass data surveillance on Friday, although this alone may not be enough to reassure British firms. German media, which has followed the case closely since news emerged on the NSA hacking Chancellor Angela Merkel's phone, this week reports that a senior government source believes the clampdown is likely to stop short of promising to end NSA spying on ‘allies'.
The Peer 1 Hosting survey charts fear and confusion among cloud service users. The top hosting concerns defined by the survey were security (96 percent) and data privacy (82 percent). Despite this, many UK and Canadian cloud users don't fully understand current data privacy laws - 60 percent admitted that they don't know as much as they should and another 44 percent were confused by the laws.
The survey also suggests the spying scandal has had a significant impact on non-US cloud service providers. Nearly seven out of 10 (69 percent) of decision makers say the mass surveillance has made them more sceptical of data hosting providers everywhere and 57 percent are less likely to use a public cloud as a result.
Steve Durbin, global vice president of the Information Security Forum (ISF) user group, believes that this confirms that the NSA scandal has encouraged cloud users to “ask the right questions about how their information is being stored, managed and handled”.
“We're starting to see businesses taking a very much more open-eyed approach,” he told SCMagazineUK.com. “The whole NSA thing has actually served a useful purpose – it's getting people to think much more about what information they're putting into the cloud, where it's being stored, how it's being accessed, and asking questions of the providers as to what exactly they are obliged to do under in this case US federal law.
“As a result, I think businesses are saying that from a risk point of view it might make more sense for us to be storing some of this information in Europe, in the UK or within our own borders, if we can't get satisfactory answers from cloud providers or indeed if the answers from a risk perspective just seem too high for our business.”
Meanwhile, independent privacy researcher Caspar Bowden questioned whether President Obama's impending review will add any significant protection to British citizens, let alone UK businesses.
Bowden, a former chief privacy adviser to Microsoft, told SCMagazineUK.com: “The rights of foreigners simply haven't been part of the US debate - so far.”
“The key international question regarding Obama's NSA reforms is whether he will recognise the human right to privacy of non-Americans, who currently have no protection whatsoever under the FISA law,” he explained. “Both the EU Commission and Parliament have demanded equal treatment with US citizens.
“However, Obama's NSA review panel did not go anywhere near as far, only recommending that non-US citizens are covered by the US Privacy Act 1974. We know that after numerous exemptions and exclusions an EU citizen will only be able to access data they themselves have supplied, everything else will be ‘redacted'. It's a hollow non-solution, very far from the idea of giving EU citizens full legal rights in US courts.”
The survey shows UK and Canadian firms trust the US far less than they do many other countries. Yet despite that, the US still remains the most popular country to host their data, outside of their own country.
‘Security of my data' ranked highest among all factors considered by decision makers when selecting a hosting provider, even over performance. More than three-quarters (77 percent) of decision makers would rather host their data in a highly secure but latent facility, rather than in a facility that guarantees top speeds but which is less secure (9 percent).
Meanwhile, a related report from the New America Foundation this week found that the NSA's surveillance programmes have had a “minimal” contribution in catching terrorists.