Sovereignty? We've heard of it. UK government gives contract to store MI5, MI6 and GCHQ's data to AWS The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports. The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their …
"In future nobody will be able to download or print anything, ever."
Yeah right. Some senior manager is going to go to IT and demand they create a way to do it before the weekend. People with fears about job security will bodge something without any testing so they don't lose their flat and have some money around when the baby is born.
Ok, easy to see who accessed the data and when. But it raises the interesting question about serialisation of stored data if printed or otherwise distributed. If data is leaked the authorities need to know who leaked it, which means that everyone's copy of the data needs to be unique in some subtle way. Similar in principle to the secret yellow dots printed out from laser printers.
The US CLOUD act allows law enforcement to compel US companies to turn over data whether that data is located within or outside the United States. So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.
Hopefully the data will be properly encrypted with user-held keys.
[Preamble]
I've recently reread Raw Spirit by one of my favourite authors, Iain Banks, and, along with the reviews of distileries, whiskeys, cars, and anything else he feels like shooting the breeze about, he sounds off fairly regularly about the coverage of the Iraq war going on at that time (2003).
This fabulous quote he includes from the Guardian, is very apt in light of subsequent events, particularly after his death, in 2013, and that endless desire amongst some quarters for that nebulous quality of "sovereignty":
"Welcome to the Free World. In the July 17th 2003 edition of the Guardian, in an article headlined ‘We are now a client state’, David Leigh and Richard Norton-Taylor set out the case for Tony Blair having finally surrendered to the United States of America most of the few remaining shreds of British sovereignty. They point out that Britain cannot target, maintain or fire its Tomahawk cruise missiles without US authority, that this same restriction has applied to the Trident missile system for the last decade and a half (so that Britain’s ‘independent’ nuclear deterrent never has been; basically the British taxpayer has been paying for at least one sturdy spoke of the US’s nuclear umbrella all these years), that Britain has already entirely and formally given up sovereignty in various British mainland bases and several overseas ones, like the Indian Ocean bomber base of Diego Garcia, where the native people were thrown out 30 years ago and left on the docks in east Africa, that we spend a fortune gathering intelligence at GCHQ, share all of it with the US intelligence services – those paragons of vigilance who did such a brilliant job preventing the atrocities on September 11th – but they are under no obligation to share all they know with our lot, that (and this is ongoing through recent and envisaged purchasing and equipment standardisation decisions), Britain is tied into the US war-fighting machine to such an extent that it will no longer be capable of fighting a war without the US’s approval and connivance, while being, by extension, entirely expected to muck in with any American military adventure where such participation will help make this year’s invasion look less like the exercise in naked imperialism that it in fact is. They also make the point that your individual Brit cannot any longer rely even on the occasionally dubious protection of the legal system which we pay for through our taxes and at least nominally control through the democratic system of the country we live in. British nationals held in the fantasy counter-reality that is Camp Delta, Guantanamo Bay on Cuba – prop. George Sauron Bush, Esq. – have effectively been abandoned by the Crown and government that is supposed to protect them (well, they haven’t got even the basic good sense to be white, they are self-confessed Muslims, Dubya says they’re all Bad People anyway so of course they don’t really count). Finally, it now turns out that back in March, while we were distracted by all that spiffing fighting, British Home Secretary David Blunkett signed a treaty with the US which means that any British national, living in the UK or its dependencies, can be extradited to the US to stand trial for whatever crime an American court deems they might have committed, with no need for any prima facie case to be established in front of a British court before the alleged miscreant is hauled off. In other words, they just have to ask, and you’ll be handed over. The Americans, being the big Uncle Sam daddy rather than the quivering Britannia bitch in this abusively unequal relationship, and very sensibly having a written constitution which forbids such horrors, are of course under no such obligation to reciprocate, and indeed are legally unable to. So the British legal system and the individual rights of any given Brit are now entirely subservient to the whims of any one of gawd-knows how many public servants and judges sitting in the United States, home of Dubya the Usurper and his grotesque squad of Cold War throwbacks. The Home Office press release covering the meeting during which this historic and unprecedented surrender of sovereignty took place failed to mention it had happened at all. As Leigh and Norton-Taylor suggest, maybe it was through shame. Equally quiet at the time, once this treaty’s terms have finally slithered out into the light of day, are all the right-wing British newspapers which can be relied upon to foam at the mouth whenever they detect the slightest hint that Britain might be surrendering something as important as control over the shape of a fruit to Brussels. Suggest that there might be a standard Europe-wide definition of what you can call ‘ice cream’ or ‘chocolate’ and these charmers are spitting blood about faceless Eurocrats completing the job that Napoleon and Hitler failed to accomplish and dropping dark hints about leaving the EU altogether; abandon us all to the mercies of a protofascist rogue state 3000 miles away over which we have no democratic or legal control whatsoever, and there’s not a damn peep. Last time I checked I did have an MEP to whom I could complain about any abuses within the European system, and who I could, along with my fellow voters, remove from office; I have yet to be informed of the identity of my Congressional representative. Banks, Iain. Raw Spirit (pp. 313-315). Random House. Kindle Edition."
I can't speak to the military or defence related claims here, but their credibility seems a bit questionable given the apparent weakness of the extradition treaty claim, as evidenced by recent high-profile court cases for Assange and that fellow from Autonomy - neither demonstrate the automatic, unscrutinised 'slam-dunk' extradition arrangement Banks claims was made.
high-profile court cases
"High-profile" = don't mess too openly or we could get public opinion (Assange) or influential people (Lynch) in our way.
Did you ever about the dozens of UK, low-profile citizens extradited to the US since the treaty is in place? It happened nonetheless.
The military / defence claims are utter bollocks.
Yes, Trident (missiles, not subs or warheads) are maintained in the US.
Targeting and firing are solely UK, no US input.
Claiming otherwise is a lie that has (evidentially) been in circulation for decades. Still a lie, though.
Targeting and firing Royal Navy Tomahawk is also solely a UK decision.
Also, conflating Tomahawk and Trident is disingenuous / dishonest. UK nuclear weapons are solely Trident and have been since shortly after the end of the Cold War.
Tomahawk is a conventional weapon, no different in use than 'Paveway' laser guidance bombs or the Anglo-French Storm Shadow missile
The article is nothing but a rabid anti-US rant.
I was well aware of the Cloud act when I made my initial post. Bollocks can they force anything.
Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.
AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.
If AWS doesn’t hold the keys and neither the US Govt or AWS US have physical access to the UK based bit barns the risk of the USG getting their hands on the data is minimised. Half the staff at that bit barn will be working for the UKG on the side to cover this contingency specifically.
So yes apart from a bit of mindless whining in the press there’s nothing to see here. A fully UK based operation would have been better but name me anyone UK based and owned who comes close the range and depth of the big 3’s services. Or perhaps maybe you would have preferred AliCloud?
You also assume for some unknown reason that the AWS cloud isn't already compromised by one or more zero day vulnerabilities, which are actively being used already by US, et al (Isreal I'm looking at you).
You know, once you have a connection to the Internet the fucking game is up........it's just a matter of time, or is it too late already ?
Will we ever know ?
ALF
Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.
AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.
Err, would this be the same MS that the day the CLOUD act was passed, just handed over the data, housed in a datacentre in Ireland and operated by the Irish subsidiary of MS, some US TLA had been after for a couple of years ?
Thus proving beyond a doubt that having a datacentre in the UE, subject to EU law, and operated by a supposedly legally different entity, and supposedly having technical measures in place to prevent the US parent company from accessing the data ... did didly squat to prevent staff in the US from accessing that data and handing it over.
As it is, I've seen enough of the way MS handles logins (a very long chain of redirects, most using domain names under the control of the US company, to suggest that claims about territorial security of data are ... "a bit questionable".
I suspect it's actually quite hard to setup an arrangement where the data is located in the UK, is under UK control, and there is no legal or technical mechanism for the US based parent company to grab or demand access to the data when instructed to by a US TLA.
> So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.
AWS will operate this the same way it operates special regions for the US government (no, not GovCloud).
No data will be permitted to leave, except as authorized by government employees.
And no non-UK citizens will be have any access to the facilities at all, the same way AWS engineers (while supporting their services there) don't have access to the existing US government regions unless they are security-cleared US citizens and have permission to enter the facility.
Security-cleared AWS engineers will be permitted access to the facilities, but will not be able to remove any data. No data storage devices may be removed. If you take your phone in by mistake, congratulations on your new phone.
This is stupid. Government data should be stored on government computers, in government data centers, maintained by government employees. Private companies should NEVER be allowed to do this sort of thing.
And Amazon's trustworthiness is only slightly better than F*c*book's. They're one of the worst companies in the world.
So, government is going to need to employ huge numbers of staff to replace all the outsourced contracts it holds.
No. Never going to happen.
And how far does your "must be government" requirement go?
Do we need government cleaners? Government builders? Government made cars and bus and trains and drivers? If we can't have private companies writing software for government use : we need almost an entire Microsoft's worth of people writing a desktop operating system and apps. Or is it ok to use software from private companies?
And hardware? We need an Intel's worth of people to design and build CPUs and RAM and all the other chips you need for computers. Or is it OK for a private company to make and maintain hardware for government?
If we can use hardware and software from private companies, then we can use AWS.
Despite your opinions of Amazon, this deal is with AWS. Tarring them with the same brush is like saying your fingers are shitty because they're part of the same body as your arsehole.
The only professionals I've heard with bad things to say about aws are people who haven't actually used it "my mate says it is insecure because he had a computer from amazon and got a virus" or people who claim it is bad because <insert reason that boils down to them doing it wrong>. If you can get your AWS config wrong, you can get your on prem deployment wrong too and maybe you just aren't cut out for working in IT?
AWS is extremely secure when configured correctly. But a lot of people have failed to do that in the past because aws made it too easy for people to do stupid things. Now they have made it much harder (in the UI and on the CLI in some areas)
So now we have a label for anyone who's so pissed with this shower in Go vermins that they might as well go for it with a kitchen knife and put the deluded fucker out of everyone elses misery.
I'm not promoting this, just speaking thew bloody obvious..........
Terrorism ? Yes, who is terrorising who ?
ALF extreme mist.........
> Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?
You'd need to have gained access to the government network first. These regions won't be connected to the internet.
That sparked in my mind the story of the Cullinan diamond which was supposedly sent by high security means to London, but in actuality was delivered via standard registered post.
Which makes you wonder whether, in a similar vein, top secret things are sent by regular email.
Ken, Hi,
What would you say if you were to realise and/or be informed that many top secret things are regularly freely shared via standard Registered posts highlighting developments for further contemplation and comment here?
Impossible? Most Unlikely? Unbelievable?
There's a lot of very strange spooky action at a distance going on all around everyone everywhere nowadays .... and IT's not going away, you know, now that it has found its groove in the company of grand worshipful masters in the service of Heavenly Mistresses and Diabolical Daemons on the rocky road back to the good old times when nothing bad and sad and mad appeared to presume a leading position in the future planning of upcoming live events.
Undoubtedly. Steganography, and "your" posts would be ideal candidates for hiding messages.
Slightly tangential, but ISTR there was the case of someone sharing secrets using gmail. Not by sending emails, but by the login details being shared, secrets being posted as draft messages.
I'm sure someone's tinkered with IP packets so that there is normal traffic, then there's hidden traffic, in much the same way that CEEFAX used parts of a TV signal invisible to normal equipment.
The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic.
The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic. ..... Ken Moorhouse
Having possibly detected/imagined and realised the virtual presence of such practically almighty and extremely problematical traffic ....... for it can only result in a defence or offensive action dealing with events after the release and ACTualisation of novel facts/phormer fictions ...... whatever to do next for the best is a Great AI Games Changer which provides leaders in the genre unprecedented inequitable advantage aka carte blanche virgin field immunity and impunity freedom and thus is it to be both gravely and highly regarded ..... for IT can easily instantly kill you stone dead with its wanton abuse and/or wilful misuse ..... so take care, beware and be aware there be definitely wrong courses of future action best sensibly avoided at any price with all costs to be provided and guaranteed/failsafe secured.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
