Really handy
UK data centre with everything freely available to the NSA *AND* GCHQ. Who wouldn't want that?
How about an Icelandic region?
Amazon Web Services (AWS) is to build a UK region, alongside existing regions in Dublin and Frankfurt. A region is a high-level concept which is formed from multiple "availability zones," requiring several physical data centers. This represents a substantial commitment from Amazon. Amazon CTO Werner Vogels announced the new …
Companies paying Irish taxes while extensively using services funded by taxpayers in responsible countries.
Pay taxes in Ireland and depend on US and UK communications, transportation, health, educational, diplomatic and military services to enable their commerce.
It'd only be more blindingly obvious if they said they were opening it in Cheltenham. Amazon would be obliged to decrypt everything they've got the keys for if asked to.
Don't these things also automatically replicate data to other regions in case they fall over? Perhaps after popular demand they'll need to put a tickbox on the control panel saying don't replicate to the UK.
Suppose if I had encrypted data on a US region that either accidentally or intentionally replicated to the UK region. GCHQ has an interest in the contents, for whatever reason. So, can I be extradited and be forced to give up the key? This can't happen in my state since the 9th Circuit has found it unconstitutional. Still, ...
Yeah, far fetched but I've seen some odder events.
"It'd only be more blindingly obvious if they said they were opening it in Cheltenham. Amazon would be obliged to decrypt everything they've got the keys for if asked to.
Don't these things also automatically replicate data to other regions in case they fall over? Perhaps after popular demand they'll need to put a tickbox on the control panel saying don't replicate to the UK."
The level of ignorance in these comments is staggering, but this epitomises it. Just to pick it apart:
- Amazon don't have the keys. Instances are protected by a keypair the customer creates and owns; data storage is encrypted with whatever method (or none) the customer chooses to implement themselves, or in the case of EBS with an additional native method where, again, the keypair is created and owned by the customer. Even if the UK AWS Region was *inside* GCHQ the data would be as safe (or not) as the customer chooses.
- No, AWS Regions DO NOT automatically replicate data between themselves. Availability Zones (AZs) *within* a Region do, to ensure resiliency in the event an AZ falls off the grid.
Here's an idea: RTFM
I think it is perfectly charming that some people actually believe the published manuals and other sales material describing how their data is protected from spy agencies by fool-proof impregnable unbreakable measures.
Regular Reg readers should all be aware by not that there is no such thing as an implementable encryption method that cannot be broken by state-funded spy agencies.
Dull comment. If you are going to add snide comments, make them original or failing that, at least funny.
If you want to secure your data on S3 and in your instances, use a certificate. Sure, you will have to provide it if required by a warrant but your data will be secure from casual viewing even by the NSA and GCHQ.
No, AWS is opening 2 or 3 UK datacentres, and they'll be readily configurable to replicate only to the UK. This is a major play on AWS' part to go after public sector accounts, though most UK companies are fine from a data protection perspective because they can already configure replication within the Dublin data centre, and soon Germany (which is also getting more than one).
"However, the fact that data resides in the UK may be false reassurance from a data protection perspective, since the US government argues that if it is in data centers belonging to US corporations, it still has right of access to that data."
Under the current structure the US government claims this right. If Amazon wants the option in the future to relocate and escape this problem it can probably do so quicker than it can build a data-center.
The other issue is the network. Amazon marketing will tell you that you can place your data anywhere in the world and access it over the internet. This won't work for anything latency critical and if everyone moves to amazon the owners of the trans oceanic cables will know exactly where to go to ask for more money.
Everyone knows that Amazon gets huge economies of scale with large data-centers. There must be a point of diminishing returns after they get to a certain size (amazon must have the best handle on where this point is). Once you get to that point you open additional centers at places of good network connectivity (and cheap power) the uk scores highly on the first of these less so on the second. Maybe they they have some clever idea about how to power it.
Maybe they they have some clever idea about how to power it.
Probably doesn't matter that much, unless there's places with similar low latency high bandwidth connectivity AND cheaper grid power - and if there were then that's where you'd build your data centre.
UK energy policy is intentionally pushing end user prices ever upwards (eg the ridiculous price that our clueless government are offering for Hinkley Point C, the vastly inflated "feed in tariffs" for crappy solar PV, and the various subsidies for wind), and for this reason alone electricity costs will climb year on year for the forseeable future, regardless of wholesale gas, coal or oil prices. But so long as all competing data centres are subject to the same costs, it just becomes a pass through to the DC customers.
There's a few things you can do to reduce DC energy costs, like running your standby generators across peak demand periods, bidding into capacity and auxiliary services markets, but this usually means giving control of your standby plant to somebody else, could become a diversion from the core business, involves far more regular cycling of the engines with impacts on maintenance costs and reliability. If you're running a Tier 4 data centre, the chances of this really affecting your uptime are really, really low, but why go to all the trouble of export connections and metering to make what is a fairly paltry additional income? It'd be like connecting your car alternator output to an inverter and selling it to the grid - entirely feasible, an additional income on an asset your already own, but really not worth the effort.
Something AWS and the big boys can do to reduce power costs is load shift less critical tasks onto data centres elsewhere that aren't in peak power periods, but the task needs to be suitable for high latency, and if you're taking tasks out of a data centre then it has an impact on technical and financial asset utilisation.
and probably have all sorts of hedging strategies that give them an effective price well under that of retail.
I work in the energy sector, I can assure you that your presumptions are right about big power consumers purchasing wholesale and hedging themselves are 100% right. But that actually makes my argument stronger because these big consumers are exposed to the full heat of the wholesale power market, and (again, unlike domestic users) they take the full pain of DNO charging structures. You can hedge, but that costs money, and in the long term it has to net off - a bit like domestic car insurance, that on a long term basis has to cover the average claim cost and turn a profit for the insurer).
The price they pay may or may not be under the retail level, the key driver is the profile of their demand. If data centre demand had a similar load profile to overall electricity system demand, they'd pay a very similar price to retail, if they have flat demand curve its a lot cheaper, if they can bias usage to off peak then they'll have really cheap power.
That is, until the ever growing renewable generation inputs start to become the wholesale price setter. Then your wholesale price becomes partially randomised, and any fixed demand profile is worth less than a responsive demand profile. So you'd get much cheaper average power prices for a data centre that agreed to stop running when there was no wind, for example, but the overall economics of that data centre might be a real problem for the owners.
If energy prices were the only important factor data centers would locate in countries with cheap renewable hydro electric power, like most parts of southern Canada (although Canada is also a Five Eyes country).
I'm thinking they also want to minimize communications distances to the main parties they communicate with, and simply GCHQ is a bigger user than CSEC, to say nothing of the locations of their paying customers.
This wikipedia article has a table of electricity costs by country:
https://en.wikipedia.org/wiki/Electricity_pricing#Price_comparison
There is also the tables here:
http://www.statista.com/statistics/263492/electricity-prices-in-selected-countries/
http://www.theenergycollective.com/lindsay-wilson/279126/average-electricity-prices-around-world-kwh
There is also this table of industrial (wholesale) energy prices:
http://www.isi.fraunhofer.de/isi-wAssets/docs/x/de/projekte/Comparison_industrial_electricity_prices_final.pdf
As you can see, Amazon could reduce its electricity costs by over 60% by locating outside the UK.
Better to assume they'll have your data anyway, and get on with assuming a mega corp isn't going to do your work for you.
As for adding a UK centre, why not? Amazon make money from AWS by offering a good service and price, and this'll just make the UK speeds better.
Editors, excuse me, but by placing a photo of a Cotswold village at the head of this article are you trying to kick-start a campaign by Gloucestershire NIMBYs to prevent the site from being built there? Was this pure chance in selecting a photo, or are you really trying to make things hard for GCHQ? After all they are in Gloucestershire........
Carry on like that and El Reg is going to be in the firing line
If Amazon were motivated by shareholder interests Amazon would take customer concerns seriously remove data centers from Five Eyes countries. Amazon would only be building data centers in countries outside the Five Eyes, because data centers outside of the Five Eyes countries (and outside of Russia and China) are worth more to customers than data centers inside Five Eyes countries (and Russian and China).
So what is motivating Amazon?
Why doesn't Amazon.com care about shareholder value?
Why doesn't Amazon.com care about protecting customers from state sponsored corporate espionage?
Amazon has a Govt. Cloud in the USA. Perhaps this buildup is to try to capture that possible market share?
Maybe another redundancy zone? And obviously profit. They would not invest in another datacenter if their was no $ (sorry, don't know how to add British pound symbol) to be made.