Titled "Government Access to Information," CSA initiated the survey in June to collect member opinions about the revelations from Edward Snowden the US whistleblower.
In Spring 2013, the National Security Agency subcontractor provided evidence of the PRISM program, involving US government access to information from telecommunications and internet providers via secret court orders under by the USA Patriot Act.
With the survey, CSA also aimed to understand how it impacted attitudes about using public cloud providers and other broadly available internet services.
According to CSA in its survey report, Snowden's incident “led to a great deal of debate and soul searching about appropriate access to an individual's digital information, both within the US and any other country.”
The CSA survey was conducted online via SurveyMonkey from 25 June 2013 to 9 July 2013. It received close to 500 responses from CSA members worldwide.
Of the 207 responses from self-identified non-US residents, 56% of them were now less likely to use US-based cloud providers, in light of recent revelations about government access to customer information.
Close to one-third of the respondents found no impact on their usage of US-based cloud providers. Notably, 10% cancelled a project that would use US-based cloud providers. (See figure 1 below)
Figure 1. (For non-US residents only) Does the Snowden Incident make your company more or less likely to use US-based cloud providers?Source: "Government Access to Information 2013 survey," Cloud Security Alliance
CSA asked US-based respondents whether the Snowden Incident has made it more difficult for their companies to conduct business outside of the US.
Of the 220 responses received from self-identified US residents, 64% indicated "No," and the remaining 36% said "Yes."
In one question, CSA asked all respondents what they thought would be the best course to mitigate concerns regarding the USA Patriot Act.
Of 423 responses collected, 41% thought the USA Patriot Act 2001 should be repealed in its entirety; and 45% thought the Patriot Act should be modified to tighten the oversight of permitted activities and to provide greater transparency as to how often it is enacted.
On contrast, just 13% stated the Patriot Act was fine as is, as they appreciated that identifying terrorists was a very difficult job and the government simply needed to provide more education about the Patriot Act and its counterparts within other countries.
Out of 438 responses, an overwhelming 91% of respondents said that companies who have been subpoenaed through provisions of the Patriot Act should be able to publish summary information about the amount of responses they have made. Nine percent of the respondents disagreed.
The full results of the CSA survey can be accessed here