back to article Sovereignty? We've heard of it. UK government gives contract to store MI5, MI6 and GCHQ's data to AWS

The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports. The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their …

Page:

  1. werdsmith Silver badge

    I am dealing with business that won't put stuff on any cloud, because it's financially sensitive.

    So this must be some special arrangement that keeps the data secure until it has reached the client desktop. It's no use decrypting at source, might was go back to cash payroll deliveries.

    1. Anonymous Coward
      Anonymous Coward

      I know there's comedy value in assuming otherwise, but it's not like Dido Harding's involved - there's an assumed basic level of competence. The security services can probably use a service securely.

      I'm using tarsnap to back up our business (including IP and financials) to the cloud - I presume it's based on Amazon, but as it's encrypted before it leaves our site and I don't actually care. I suspect your client is a bit too focused on the headlines when it goes wrong (which, to be fair, it does quite a bit).

  2. Conundrum1885
    Facepalm

    Random

    I once tried to contact a FLA to "discuss something"

    Hint: If you do this, ensure the following.

    1) make sure the idea or concept isn't on some paper behind a paywall you don't have access to

    2) If it isn't, ensure at the very least you've done a patent search.

    3) if 1) and 2) = TRUE then congrats.

    4) ...

    5) ...

    6) ...

    98) Profit!! Oh and you can't talk about it to anyone, ever.

    1. amanfromMars 1 Silver badge
      Mushroom

      Re: Random

      In a Postmodern New More Orderly World Order where/when one might want to contact and "discuss something" with the likes of terrified and terrorising Five Eyed monsters and/or their Swarms of Sworn Opposing Enemies, or be such a Subject of Interest that might require of them to make positive contact with you because of the dire catastrophic negative consequences guaranteed to ensue because of their failings to so act upon the intelligence both previously and currently presented to them, the accepted successful course of rapid and rabid and rapacious premium action, to result in a similar conclusion to your own 98 steps, Conundrum1885, ... [Profit!! Oh and you shouldn't talk about it to anyone, never ever.] ...... is as follows .....

      1) Ensure in a paper/series of threads, the idea or concept is deliverable on paper but certainly, most definitely also maintain and retain and entertain the vital informative records that have been previously freely shared and earlier easily made universally available to any and all interested on an increasing number of Prime and Sublime Internet Networking Sites/Deep and Dark Web Clusters and which the a priori action guarantees patent pending ownership.

      And if ever you discover that fails to deliver positive contact and meaningful Future JOINT Engagement/Systemic Virtual Entanglement, is the Private and Personally Profitable Factor significantly increased, pushing as it does in the things to be discussed, everything towards the exponential and existential end of the scale[s]. ...... so Who Dares Win Wins even should Extant Systems Administrations Spectacularly Fail in their dealings with Advancing IntelAIgents.

  3. Ken Moorhouse Silver badge

    There is another aspect to this...

    There's the encryption of the data , which has been discussed. But there is something else... What happens in the event of outages? If a coup is planned, the first thing to take control of is the media, and in this day and age would include the internet. No doubt in the past the TLA/FLA's had their own robust channels for disseminating information when all else fails. Using the Cloud seems to imply off-loading responsibility for timely access on the Cloud provider. Surely that isn't good enough in this instance?

    1. Al fazed Bronze badge
      Happy

      Re: There is another aspect to this...

      The ISP is gonna be held liable not GCHQ ?

      ALF

  4. Howard Sway Silver badge

    The nice thing for Amazon.....

    ....... is that once they've got all the vital data from a government running on their servers, that government is going to be more or less unable to regulate them too harshly, especially when it comes to worker's rights, unfair competition and acting as a monopoly in other sectors.

    Nevermind, I'm sure the initial price looked very attractive, as Amazon would be able to take a massive loss at first, in order to get these organisations totally dependent on them before the contract renewals next come up.

  5. Paul Crawford Silver badge

    If it is *only* storage then they can have it encrypted with their own keys, so the only risk is it being deleted if the payments don't keep up.

    But if they plan on AWS related processing/indexing then it is bend-over time for Mr Blackadder as the USA's Bishop of Bath and Wells has a poker for him.

  6. spold

    Forget breaches

    ...the real danger is if someone deploys an AI across everything. Why not add in ANPR and mobile provider data, then we really will know where you are, and we are coming to get you, a drone is on its way. OK, probably bindun. ;-)

    1. Al fazed Bronze badge
      WTF?

      Re: Forget breaches

      Hasn't it already been agreed that the MoD can now assist Local Authorities prosecute dwellers who drop degradable food waste into the none recyclable waste bin ?

      ANPR ?

      Been there, done that.............

      ALF

  7. Anonymous Coward
    Anonymous Coward

    It's funny how quickly people have forgotten prism. They got access to data anyway. What difference does this make?

  8. Teejay

    The New English Way Of Doing Things™

    Yes, I know the Americans are doing it too, some of it. But with Microsoft and AWS they are using US companies under their control.

    The UK, on the other hand, will be outsourcing data *to* US companies - under the control *of* the US.

    That the data is apparently stored in the UK is like saying you trust Huawei because they say they're nice.

    It all started when beancounters began to rule the world, and it's going to end badly.

    1. Al fazed Bronze badge
      Thumb Up

      Re: The New English Way Of Doing Things™

      Very badly for some.

      Wonder which one's will come off worst ?

      The words of Jimmy cliff, "the bigger they come the harder they fall", spring into to my mind.

      ALF

  9. Pen-y-gors Silver badge

    Yay!

    Putin, he very happy man. All his plans coming to fruition. And it's costing him peanuts in salaries for UK Cabinet members.

    1. seven of five Silver badge

      Re: Yay!

      Yes, Putin made the UK government do it. No chance they came up with such an idea themselves.

  10. Phil Kingston

    "access from anywhere in the world to authorised staff"

    WCGW

  11. Potemkine! Silver badge

    What's the problem? UK is on track to become the 51st State anyway.

    In the mean time, SVR rubs it hands. So many valuable data in the Cloud? Yum!

    1. amanfromMars 1 Silver badge

      What's not to like whenever a Strategic Intelligence Service in/with/for/from AI ‽ .

      In the mean time, SVR rubs it hands. So many valuable data in the Cloud? Yum! .... Potemkine!

      If you are referring Systemic Virtual Resistance, Potemkine!, we couldn't agree more. And if you aren't, at least you are somewhat wiser than before, as be anyone/anything else happening upon this webpage and commentary thread.

  12. Anonymous Coward
    Anonymous Coward

    I have fears

    This will end in tears….

    1. Ken Moorhouse Silver badge

      Re: I have fears. This will end in tears….

      Data in Chains

    2. Al fazed Bronze badge
      Meh

      Re: I have fears

      Server racks in ruins ..........

  13. Rich 11 Silver badge

    Eternal off-site backups for all

    no UK-based public cloud could provide the scale or capabilities needed for the security services data storage requirements.

    So that definitely does include all our phone calls and emails then.

  14. amanfromMars 1 Silver badge

    What an extremely sorry, pathetic state of current affairs and monumental vulnerability to admit to.

    Is to so freely surrender sovereignty to a foreign nation and alienating power not akin to being responsible and accountable for a cowardly act of high treason and rank state betrayal ?

    And why would an MI5 or MI6 or GCHQ tolerate and permit and assist in such a perverse activity and affront to home based intelligence ...... other than the fact that they are not in possession of any worth having, of course ...... which itself is also inexcusable given the costs imposed and prices received for the intelligence they are contracted to provide ?

    1. Al fazed Bronze badge
      Flame

      Re: What an extremely sorry, pathetic state ....

      This is just the active end of a very corrupt security system snake that's been feeding it's pet Intelligence Service (GCHQ) with loads none nutritious grub, full of tasty stuff bulked out with buzz words that are included to get the information addict back for more of the real stuff.

      You should see the real stuff being currently fed into the UK court system by employees of other/supplier organisations who's underpaid and overworked employees display very questionable attitudes to data integritty. Sexual biggotry and other personal biases abound.

      Local Authorities using all sorts of incompatible systems abusively.

      Anyway, it's a bit like Christopher Hodder Williams novel "The Egg Shaped Thing", the system is a runaway corporate monster and the nation states Go Vermins will soon be running after it with pitch forks and blazing torches .........

      ALF

  15. Ididntbringacoat

    Cloud. Restictions? Sure anything, just sign here.

    If anyone really believes that any agreement with a "cloud provider" is any protection at all against them doing whatever they damned well please with your data . . .

    well, there is this nice bridge in Brooklyn, NY that you can buy for a song. Plus cash, of course.

    1. max allan

      Re: Cloud. Restictions? Sure anything, just sign here.

      On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?

      As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem.

      Maybe the odd individual would steal data, but it is all pretty well tracked and logged, so the individual can be punished. Just like an individual in your org could steal data. But I have worked for banks and governments and telcos and never seen anything anywhere near as good as the protection/logging/monitoring/etc. that AWS claim to have.

      So yes, if you want a substandard solution that doesn't address the most likely risk, help yourself.

      1. Clausewitz 4.0
        Devil

        Re: Cloud. Restictions? Sure anything, just sign here.

        Actually it is a bit of the opposite. How paranoid senior executives from cloud company X need to be, knowing they are handling the data of an organization full of folks who enjoy quite a lot to shoot things and drink blood?

        Usually, only other organizations who also like to shoot things and drink blood go after the former, otherwise, it is almost suicide.

      2. amanfromMars 1 Silver badge

        Re: Cloud. Restictions? Sure anything, just sign here.

        On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?

        As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem. ..... max allan

        That sort of multi billion dollar corporation is at risk more easily than I’m sure they would not like to admit, max allan, for as soon as someone can demonstrate "data was stolen from aws”, is their business collapse entirely possible.

  16. MachDiamond Silver badge

    You had one job

    The three-letter agencies are data miners. Everything they do is to acquire data, analyze it, summarize it and let a few politicians know about it once the news channels have broken the story. Any prattle about cost efficiency with regards to a government agency is entirely laughable. It's even less applicable if revealing secret knowledge might lead to trade embargoes, military actions or assignations. If the stored information isn't secret, what's the point in the government securely warehousing it at taxpayer expense. When it is very sensitive, why would it be a good idea to store it with a third party? Those companies might find it interesting to try decrypting it with their quantum computer projects.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022