back to article Sovereignty? We've heard of it. UK government gives contract to store MI5, MI6 and GCHQ's data to AWS

The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports. The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their …

Page:

  1. Pascal Monett Silver badge
    Trollface

    "store their secret files in the AWS cloud"

    Have they sent their logon credentials to Moscow yet ?

    No matter, Moscow will have that when it needs it.

    1. Chris G

      Re: "store their secret files in the AWS cloud"

      This is great because anyone with log in details should be able to access the info they want, print it out and leave it on a train seat or behind a bus stop.

      1. veti Silver badge

        Re: "store their secret files in the AWS cloud"

        No, that's what they do now. In future nobody will be able to download or print anything, ever.

        1. MachDiamond Silver badge

          Re: "store their secret files in the AWS cloud"

          "In future nobody will be able to download or print anything, ever."

          Yeah right. Some senior manager is going to go to IT and demand they create a way to do it before the weekend. People with fears about job security will bodge something without any testing so they don't lose their flat and have some money around when the baby is born.

      2. Ken Moorhouse Silver badge

        Re: anyone with log in details should be able to access the info they want

        Ok, easy to see who accessed the data and when. But it raises the interesting question about serialisation of stored data if printed or otherwise distributed. If data is leaked the authorities need to know who leaked it, which means that everyone's copy of the data needs to be unique in some subtle way. Similar in principle to the secret yellow dots printed out from laser printers.

    2. RobThBay

      Re: "store their secret files in the AWS cloud"

      Don't forget about spectre.

      This setup reminds of the previous Jame Bond film where the intelligence services were going to house their data in the cloud.

      Hmmm... did the JB writers know this plan was in the works??

      1. Jedit Silver badge
        Joke

        "did the JB writers know this plan was in the works?"

        Yes, they downloaded the information from the cloud.

      2. Strahd Ivarius Silver badge

        Re: Colin Wilson 2 - Apple have got this right!

        They got the information from Professor Moriarty

  2. Gordon 10 Silver badge

    not sure what the point of this story is. Any agreement with AWS would have been for UK onshore.

    1. englishr
      Meh

      The US CLOUD act allows law enforcement to compel US companies to turn over data whether that data is located within or outside the United States. So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.

      Hopefully the data will be properly encrypted with user-held keys.

      1. Woodnag

        US CLOUD act

        Exactly. So since the US TLAs can legally force access to the info, this incredibly stupid idea can only mean that the USA forced the UK to do it this way.

        1. skein

          Re: US CLOUD act

          [Preamble]

          I've recently reread Raw Spirit by one of my favourite authors, Iain Banks, and, along with the reviews of distileries, whiskeys, cars, and anything else he feels like shooting the breeze about, he sounds off fairly regularly about the coverage of the Iraq war going on at that time (2003).

          This fabulous quote he includes from the Guardian, is very apt in light of subsequent events, particularly after his death, in 2013, and that endless desire amongst some quarters for that nebulous quality of "sovereignty":

          "Welcome to the Free World. In the July 17th 2003 edition of the Guardian, in an article headlined ‘We are now a client state’, David Leigh and Richard Norton-Taylor set out the case for Tony Blair having finally surrendered to the United States of America most of the few remaining shreds of British sovereignty. They point out that Britain cannot target, maintain or fire its Tomahawk cruise missiles without US authority, that this same restriction has applied to the Trident missile system for the last decade and a half (so that Britain’s ‘independent’ nuclear deterrent never has been; basically the British taxpayer has been paying for at least one sturdy spoke of the US’s nuclear umbrella all these years), that Britain has already entirely and formally given up sovereignty in various British mainland bases and several overseas ones, like the Indian Ocean bomber base of Diego Garcia, where the native people were thrown out 30 years ago and left on the docks in east Africa, that we spend a fortune gathering intelligence at GCHQ, share all of it with the US intelligence services – those paragons of vigilance who did such a brilliant job preventing the atrocities on September 11th – but they are under no obligation to share all they know with our lot, that (and this is ongoing through recent and envisaged purchasing and equipment standardisation decisions), Britain is tied into the US war-fighting machine to such an extent that it will no longer be capable of fighting a war without the US’s approval and connivance, while being, by extension, entirely expected to muck in with any American military adventure where such participation will help make this year’s invasion look less like the exercise in naked imperialism that it in fact is. They also make the point that your individual Brit cannot any longer rely even on the occasionally dubious protection of the legal system which we pay for through our taxes and at least nominally control through the democratic system of the country we live in. British nationals held in the fantasy counter-reality that is Camp Delta, Guantanamo Bay on Cuba – prop. George Sauron Bush, Esq. – have effectively been abandoned by the Crown and government that is supposed to protect them (well, they haven’t got even the basic good sense to be white, they are self-confessed Muslims, Dubya says they’re all Bad People anyway so of course they don’t really count). Finally, it now turns out that back in March, while we were distracted by all that spiffing fighting, British Home Secretary David Blunkett signed a treaty with the US which means that any British national, living in the UK or its dependencies, can be extradited to the US to stand trial for whatever crime an American court deems they might have committed, with no need for any prima facie case to be established in front of a British court before the alleged miscreant is hauled off. In other words, they just have to ask, and you’ll be handed over. The Americans, being the big Uncle Sam daddy rather than the quivering Britannia bitch in this abusively unequal relationship, and very sensibly having a written constitution which forbids such horrors, are of course under no such obligation to reciprocate, and indeed are legally unable to. So the British legal system and the individual rights of any given Brit are now entirely subservient to the whims of any one of gawd-knows how many public servants and judges sitting in the United States, home of Dubya the Usurper and his grotesque squad of Cold War throwbacks. The Home Office press release covering the meeting during which this historic and unprecedented surrender of sovereignty took place failed to mention it had happened at all. As Leigh and Norton-Taylor suggest, maybe it was through shame. Equally quiet at the time, once this treaty’s terms have finally slithered out into the light of day, are all the right-wing British newspapers which can be relied upon to foam at the mouth whenever they detect the slightest hint that Britain might be surrendering something as important as control over the shape of a fruit to Brussels. Suggest that there might be a standard Europe-wide definition of what you can call ‘ice cream’ or ‘chocolate’ and these charmers are spitting blood about faceless Eurocrats completing the job that Napoleon and Hitler failed to accomplish and dropping dark hints about leaving the EU altogether; abandon us all to the mercies of a protofascist rogue state 3000 miles away over which we have no democratic or legal control whatsoever, and there’s not a damn peep. Last time I checked I did have an MEP to whom I could complain about any abuses within the European system, and who I could, along with my fellow voters, remove from office; I have yet to be informed of the identity of my Congressional representative. Banks, Iain. Raw Spirit (pp. 313-315). Random House. Kindle Edition."

          1. sbt
            WTF?

            Re: "David Blunkett signed a treaty with the US"

            I can't speak to the military or defence related claims here, but their credibility seems a bit questionable given the apparent weakness of the extradition treaty claim, as evidenced by recent high-profile court cases for Assange and that fellow from Autonomy - neither demonstrate the automatic, unscrutinised 'slam-dunk' extradition arrangement Banks claims was made.

            1. Potemkine! Silver badge

              Re: "David Blunkett signed a treaty with the US"

              high-profile court cases

              "High-profile" = don't mess too openly or we could get public opinion (Assange) or influential people (Lynch) in our way.

              Did you ever about the dozens of UK, low-profile citizens extradited to the US since the treaty is in place? It happened nonetheless.

              1. Ididntbringacoat

                Re: "David Blunkett signed a treaty with the US"

                So low profile you cannot post any examples?

            2. Anonymous Coward
              Anonymous Coward

              Re: "David Blunkett signed a treaty with the US"

              The military / defence claims are utter bollocks.

              Yes, Trident (missiles, not subs or warheads) are maintained in the US.

              Targeting and firing are solely UK, no US input.

              Claiming otherwise is a lie that has (evidentially) been in circulation for decades. Still a lie, though.

              Targeting and firing Royal Navy Tomahawk is also solely a UK decision.

              Also, conflating Tomahawk and Trident is disingenuous / dishonest. UK nuclear weapons are solely Trident and have been since shortly after the end of the Cold War.

              Tomahawk is a conventional weapon, no different in use than 'Paveway' laser guidance bombs or the Anglo-French Storm Shadow missile

              The article is nothing but a rabid anti-US rant.

        2. Gordon 10 Silver badge
          FAIL

          Re: US CLOUD act

          I was well aware of the Cloud act when I made my initial post. Bollocks can they force anything.

          Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.

          AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.

          If AWS doesn’t hold the keys and neither the US Govt or AWS US have physical access to the UK based bit barns the risk of the USG getting their hands on the data is minimised. Half the staff at that bit barn will be working for the UKG on the side to cover this contingency specifically.

          So yes apart from a bit of mindless whining in the press there’s nothing to see here. A fully UK based operation would have been better but name me anyone UK based and owned who comes close the range and depth of the big 3’s services. Or perhaps maybe you would have preferred AliCloud?

          1. Al fazed
            Facepalm

            Re: US CLOUD act

            You also assume for some unknown reason that the AWS cloud isn't already compromised by one or more zero day vulnerabilities, which are actively being used already by US, et al (Isreal I'm looking at you).

            You know, once you have a connection to the Internet the fucking game is up........it's just a matter of time, or is it too late already ?

            Will we ever know ?

            ALF

          2. SImon Hobson Silver badge

            Re: US CLOUD act

            Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.

            AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.

            Err, would this be the same MS that the day the CLOUD act was passed, just handed over the data, housed in a datacentre in Ireland and operated by the Irish subsidiary of MS, some US TLA had been after for a couple of years ?

            Thus proving beyond a doubt that having a datacentre in the UE, subject to EU law, and operated by a supposedly legally different entity, and supposedly having technical measures in place to prevent the US parent company from accessing the data ... did didly squat to prevent staff in the US from accessing that data and handing it over.

            As it is, I've seen enough of the way MS handles logins (a very long chain of redirects, most using domain names under the control of the US company, to suggest that claims about territorial security of data are ... "a bit questionable".

            I suspect it's actually quite hard to setup an arrangement where the data is located in the UK, is under UK control, and there is no legal or technical mechanism for the US based parent company to grab or demand access to the data when instructed to by a US TLA.

            1. EnviableOne

              Re: US CLOUD act

              UK Cloud is the best option:- https://ukcloud.com/our-platform/

        3. Roj Blake Silver badge

          Re: US CLOUD act

          You seem to be working under the assumption that the UK government doesn't already grant the US authorities access to all of this data.

          1. Clausewitz 4.0
            Devil

            Re: US CLOUD act

            UK is know to be a lapdog of USA since a long time

      2. streaky

        At a loss

        "Hopefully the data will be properly encrypted with user-held keys."

        As opposed to what? AWS just providing the platform..

      3. Anonymous Coward
        Anonymous Coward

        Not possible

        > So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.

        AWS will operate this the same way it operates special regions for the US government (no, not GovCloud).

        No data will be permitted to leave, except as authorized by government employees.

        And no non-UK citizens will be have any access to the facilities at all, the same way AWS engineers (while supporting their services there) don't have access to the existing US government regions unless they are security-cleared US citizens and have permission to enter the facility.

        Security-cleared AWS engineers will be permitted access to the facilities, but will not be able to remove any data. No data storage devices may be removed. If you take your phone in by mistake, congratulations on your new phone.

  3. Ceyarrecks

    Sooo,...

    in a statement I think will be easily understood: "So, you are storing /your/ Crown Jewels,... in someone's Coffers." What could possibly go wrong,...

  4. Anonymous Coward
    Anonymous Coward

    :popcorn: ready for the comments on this one.

    1. werdsmith Silver badge

      "popcorn" eh? That's original.

      Never saw that on a web comments page before, that must have been an inspired moment when you came up with that idea.

      1. Kane
        Joke

        ""popcorn" eh? That's original."

        I'll go with the Nachos with what is laughingly called "cheese" if you don't mind.

  5. VicMortimer Silver badge

    This is stupid. Government data should be stored on government computers, in government data centers, maintained by government employees. Private companies should NEVER be allowed to do this sort of thing.

    And Amazon's trustworthiness is only slightly better than F*c*book's. They're one of the worst companies in the world.

    1. dogcatcher

      Does that mean that as a Prime member I can get delivery of what I want tomorrow?

    2. Woodnag

      Amexit?

      Perhaps UK need to do an Amexit, and stop being a minion of the US. The US doesn't have friend countries, just servant ones with a public pretense.

      1. Dr Paul Taylor

        Re: Amexit?

        Some States tried to do Amexit c1860. Look what happened to them.

    3. Al fazed
      Megaphone

      It is

      USA Government computers, for a start, don't forget Isreal et al............

      ALF

    4. max allan

      So, government is going to need to employ huge numbers of staff to replace all the outsourced contracts it holds.

      No. Never going to happen.

      And how far does your "must be government" requirement go?

      Do we need government cleaners? Government builders? Government made cars and bus and trains and drivers? If we can't have private companies writing software for government use : we need almost an entire Microsoft's worth of people writing a desktop operating system and apps. Or is it ok to use software from private companies?

      And hardware? We need an Intel's worth of people to design and build CPUs and RAM and all the other chips you need for computers. Or is it OK for a private company to make and maintain hardware for government?

      If we can use hardware and software from private companies, then we can use AWS.

      Despite your opinions of Amazon, this deal is with AWS. Tarring them with the same brush is like saying your fingers are shitty because they're part of the same body as your arsehole.

      The only professionals I've heard with bad things to say about aws are people who haven't actually used it "my mate says it is insecure because he had a computer from amazon and got a virus" or people who claim it is bad because <insert reason that boils down to them doing it wrong>. If you can get your AWS config wrong, you can get your on prem deployment wrong too and maybe you just aren't cut out for working in IT?

      AWS is extremely secure when configured correctly. But a lot of people have failed to do that in the past because aws made it too easy for people to do stupid things. Now they have made it much harder (in the UI and on the CLI in some areas)

      1. SImon Hobson Silver badge

        ... is like saying your fingers are shitty because they're part of the same body as your arsehole

        I wish I could upvote you more than once for that. Luckily I'd already finished my cup of tea.

  6. scrubber
    Trollface

    Google yourself on AWS

    At least now we can check whether the latest terrorist was known to authorities before the powers that be use their act to justify yet another grab at the few liberties we have left.

    1. Al fazed
      Coat

      Re: Google yourself on AWS

      So now we have a label for anyone who's so pissed with this shower in Go vermins that they might as well go for it with a kitchen knife and put the deluded fucker out of everyone elses misery.

      I'm not promoting this, just speaking thew bloody obvious..........

      Terrorism ? Yes, who is terrorising who ?

      ALF extreme mist.........

  7. Frank Zuiderduin

    LOL!

    Priceless.

    Stupidity of the variety "you can't make this up".

  8. Anonymous Coward
    Anonymous Coward

    Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?

    1. Pen-y-gors

      So easy too...

      1. Kidnap senior spook with laptop

      2. Cut off their finger to login with fingerprint (also works on phone if they have 2FA)

      3. Start the petabyte downloads...

      Security? We've heard of it.

      The only secure data storage is write-only.

      1. Alumoi Silver badge

        Re: So easy too...

        I beg to differ. The only secure data storage is the one nobody can access.

      2. Clausewitz 4.0
        Devil

        Re: So easy too...

        <joke>

        You forgot the sodium thiopental to "try" to make him tell his password. It doesn't work always.

        </joke>

    2. Al fazed
      Happy

      Too late

      It's happened already, you just didn't get told about it.

      ALF

    3. buchan

      > Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?

      You'd need to have gained access to the government network first. These regions won't be connected to the internet.

    4. chrisw67

      Perhaps the logic is that it is harder to carry an AWS data centre to the strip club; therefore the security is better?!

  9. arkhangelsk

    Hopefully, for the UK's own sake, they will only be storing information of low to medium importance on that cloud, with the true crown jewels being kept off the cloud.

    1. Ken Moorhouse Silver badge

      RE: the true crown jewels

      That sparked in my mind the story of the Cullinan diamond which was supposedly sent by high security means to London, but in actuality was delivered via standard registered post.

      Which makes you wonder whether, in a similar vein, top secret things are sent by regular email.

      1. amanfromMars 1 Silver badge

        Re: RE: the true crown jewels

        Ken, Hi,

        What would you say if you were to realise and/or be informed that many top secret things are regularly freely shared via standard Registered posts highlighting developments for further contemplation and comment here?

        Impossible? Most Unlikely? Unbelievable?

        There's a lot of very strange spooky action at a distance going on all around everyone everywhere nowadays .... and IT's not going away, you know, now that it has found its groove in the company of grand worshipful masters in the service of Heavenly Mistresses and Diabolical Daemons on the rocky road back to the good old times when nothing bad and sad and mad appeared to presume a leading position in the future planning of upcoming live events.

        1. Ken Moorhouse Silver badge

          Re: RE: Impossible? Most Unlikely? Unbelievable?

          Undoubtedly. Steganography, and "your" posts would be ideal candidates for hiding messages.

          Slightly tangential, but ISTR there was the case of someone sharing secrets using gmail. Not by sending emails, but by the login details being shared, secrets being posted as draft messages.

          I'm sure someone's tinkered with IP packets so that there is normal traffic, then there's hidden traffic, in much the same way that CEEFAX used parts of a TV signal invisible to normal equipment.

          The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic.

          1. amanfromMars 1 Silver badge

            Re: RE: Impossible? Most Unlikely? Unbelievable?

            The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic. ..... Ken Moorhouse

            Having possibly detected/imagined and realised the virtual presence of such practically almighty and extremely problematical traffic ....... for it can only result in a defence or offensive action dealing with events after the release and ACTualisation of novel facts/phormer fictions ...... whatever to do next for the best is a Great AI Games Changer which provides leaders in the genre unprecedented inequitable advantage aka carte blanche virgin field immunity and impunity freedom and thus is it to be both gravely and highly regarded ..... for IT can easily instantly kill you stone dead with its wanton abuse and/or wilful misuse ..... so take care, beware and be aware there be definitely wrong courses of future action best sensibly avoided at any price with all costs to be provided and guaranteed/failsafe secured.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like