back to article Sovereignty? We've heard of it. UK government gives contract to store MI5, MI6 and GCHQ's data to AWS

The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports. The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their …

  1. Pascal Monett Silver badge
    Trollface

    "store their secret files in the AWS cloud"

    Have they sent their logon credentials to Moscow yet ?

    No matter, Moscow will have that when it needs it.

    1. Chris G Silver badge

      Re: "store their secret files in the AWS cloud"

      This is great because anyone with log in details should be able to access the info they want, print it out and leave it on a train seat or behind a bus stop.

      1. veti Silver badge

        Re: "store their secret files in the AWS cloud"

        No, that's what they do now. In future nobody will be able to download or print anything, ever.

        1. MachDiamond Silver badge

          Re: "store their secret files in the AWS cloud"

          "In future nobody will be able to download or print anything, ever."

          Yeah right. Some senior manager is going to go to IT and demand they create a way to do it before the weekend. People with fears about job security will bodge something without any testing so they don't lose their flat and have some money around when the baby is born.

      2. Ken Moorhouse Silver badge

        Re: anyone with log in details should be able to access the info they want

        Ok, easy to see who accessed the data and when. But it raises the interesting question about serialisation of stored data if printed or otherwise distributed. If data is leaked the authorities need to know who leaked it, which means that everyone's copy of the data needs to be unique in some subtle way. Similar in principle to the secret yellow dots printed out from laser printers.

    2. RobThBay

      Re: "store their secret files in the AWS cloud"

      Don't forget about spectre.

      This setup reminds of the previous Jame Bond film where the intelligence services were going to house their data in the cloud.

      Hmmm... did the JB writers know this plan was in the works??

      1. Jedit
        Joke

        "did the JB writers know this plan was in the works?"

        Yes, they downloaded the information from the cloud.

      2. Strahd Ivarius Silver badge

        Re: Colin Wilson 2 - Apple have got this right!

        They got the information from Professor Moriarty

  2. Gordon 10 Silver badge

    not sure what the point of this story is. Any agreement with AWS would have been for UK onshore.

    1. englishr
      Meh

      The US CLOUD act allows law enforcement to compel US companies to turn over data whether that data is located within or outside the United States. So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.

      Hopefully the data will be properly encrypted with user-held keys.

      1. Woodnag Silver badge

        US CLOUD act

        Exactly. So since the US TLAs can legally force access to the info, this incredibly stupid idea can only mean that the USA forced the UK to do it this way.

        1. skein

          Re: US CLOUD act

          [Preamble]

          I've recently reread Raw Spirit by one of my favourite authors, Iain Banks, and, along with the reviews of distileries, whiskeys, cars, and anything else he feels like shooting the breeze about, he sounds off fairly regularly about the coverage of the Iraq war going on at that time (2003).

          This fabulous quote he includes from the Guardian, is very apt in light of subsequent events, particularly after his death, in 2013, and that endless desire amongst some quarters for that nebulous quality of "sovereignty":

          "Welcome to the Free World. In the July 17th 2003 edition of the Guardian, in an article headlined ‘We are now a client state’, David Leigh and Richard Norton-Taylor set out the case for Tony Blair having finally surrendered to the United States of America most of the few remaining shreds of British sovereignty. They point out that Britain cannot target, maintain or fire its Tomahawk cruise missiles without US authority, that this same restriction has applied to the Trident missile system for the last decade and a half (so that Britain’s ‘independent’ nuclear deterrent never has been; basically the British taxpayer has been paying for at least one sturdy spoke of the US’s nuclear umbrella all these years), that Britain has already entirely and formally given up sovereignty in various British mainland bases and several overseas ones, like the Indian Ocean bomber base of Diego Garcia, where the native people were thrown out 30 years ago and left on the docks in east Africa, that we spend a fortune gathering intelligence at GCHQ, share all of it with the US intelligence services – those paragons of vigilance who did such a brilliant job preventing the atrocities on September 11th – but they are under no obligation to share all they know with our lot, that (and this is ongoing through recent and envisaged purchasing and equipment standardisation decisions), Britain is tied into the US war-fighting machine to such an extent that it will no longer be capable of fighting a war without the US’s approval and connivance, while being, by extension, entirely expected to muck in with any American military adventure where such participation will help make this year’s invasion look less like the exercise in naked imperialism that it in fact is. They also make the point that your individual Brit cannot any longer rely even on the occasionally dubious protection of the legal system which we pay for through our taxes and at least nominally control through the democratic system of the country we live in. British nationals held in the fantasy counter-reality that is Camp Delta, Guantanamo Bay on Cuba – prop. George Sauron Bush, Esq. – have effectively been abandoned by the Crown and government that is supposed to protect them (well, they haven’t got even the basic good sense to be white, they are self-confessed Muslims, Dubya says they’re all Bad People anyway so of course they don’t really count). Finally, it now turns out that back in March, while we were distracted by all that spiffing fighting, British Home Secretary David Blunkett signed a treaty with the US which means that any British national, living in the UK or its dependencies, can be extradited to the US to stand trial for whatever crime an American court deems they might have committed, with no need for any prima facie case to be established in front of a British court before the alleged miscreant is hauled off. In other words, they just have to ask, and you’ll be handed over. The Americans, being the big Uncle Sam daddy rather than the quivering Britannia bitch in this abusively unequal relationship, and very sensibly having a written constitution which forbids such horrors, are of course under no such obligation to reciprocate, and indeed are legally unable to. So the British legal system and the individual rights of any given Brit are now entirely subservient to the whims of any one of gawd-knows how many public servants and judges sitting in the United States, home of Dubya the Usurper and his grotesque squad of Cold War throwbacks. The Home Office press release covering the meeting during which this historic and unprecedented surrender of sovereignty took place failed to mention it had happened at all. As Leigh and Norton-Taylor suggest, maybe it was through shame. Equally quiet at the time, once this treaty’s terms have finally slithered out into the light of day, are all the right-wing British newspapers which can be relied upon to foam at the mouth whenever they detect the slightest hint that Britain might be surrendering something as important as control over the shape of a fruit to Brussels. Suggest that there might be a standard Europe-wide definition of what you can call ‘ice cream’ or ‘chocolate’ and these charmers are spitting blood about faceless Eurocrats completing the job that Napoleon and Hitler failed to accomplish and dropping dark hints about leaving the EU altogether; abandon us all to the mercies of a protofascist rogue state 3000 miles away over which we have no democratic or legal control whatsoever, and there’s not a damn peep. Last time I checked I did have an MEP to whom I could complain about any abuses within the European system, and who I could, along with my fellow voters, remove from office; I have yet to be informed of the identity of my Congressional representative. Banks, Iain. Raw Spirit (pp. 313-315). Random House. Kindle Edition."

          1. sbt Silver badge
            WTF?

            Re: "David Blunkett signed a treaty with the US"

            I can't speak to the military or defence related claims here, but their credibility seems a bit questionable given the apparent weakness of the extradition treaty claim, as evidenced by recent high-profile court cases for Assange and that fellow from Autonomy - neither demonstrate the automatic, unscrutinised 'slam-dunk' extradition arrangement Banks claims was made.

            1. Potemkine! Silver badge

              Re: "David Blunkett signed a treaty with the US"

              high-profile court cases

              "High-profile" = don't mess too openly or we could get public opinion (Assange) or influential people (Lynch) in our way.

              Did you ever about the dozens of UK, low-profile citizens extradited to the US since the treaty is in place? It happened nonetheless.

              1. Ididntbringacoat

                Re: "David Blunkett signed a treaty with the US"

                So low profile you cannot post any examples?

            2. Anonymous Coward
              Anonymous Coward

              Re: "David Blunkett signed a treaty with the US"

              The military / defence claims are utter bollocks.

              Yes, Trident (missiles, not subs or warheads) are maintained in the US.

              Targeting and firing are solely UK, no US input.

              Claiming otherwise is a lie that has (evidentially) been in circulation for decades. Still a lie, though.

              Targeting and firing Royal Navy Tomahawk is also solely a UK decision.

              Also, conflating Tomahawk and Trident is disingenuous / dishonest. UK nuclear weapons are solely Trident and have been since shortly after the end of the Cold War.

              Tomahawk is a conventional weapon, no different in use than 'Paveway' laser guidance bombs or the Anglo-French Storm Shadow missile

              The article is nothing but a rabid anti-US rant.

        2. Gordon 10 Silver badge
          FAIL

          Re: US CLOUD act

          I was well aware of the Cloud act when I made my initial post. Bollocks can they force anything.

          Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.

          AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.

          If AWS doesn’t hold the keys and neither the US Govt or AWS US have physical access to the UK based bit barns the risk of the USG getting their hands on the data is minimised. Half the staff at that bit barn will be working for the UKG on the side to cover this contingency specifically.

          So yes apart from a bit of mindless whining in the press there’s nothing to see here. A fully UK based operation would have been better but name me anyone UK based and owned who comes close the range and depth of the big 3’s services. Or perhaps maybe you would have preferred AliCloud?

          1. Al fazed
            Facepalm

            Re: US CLOUD act

            You also assume for some unknown reason that the AWS cloud isn't already compromised by one or more zero day vulnerabilities, which are actively being used already by US, et al (Isreal I'm looking at you).

            You know, once you have a connection to the Internet the fucking game is up........it's just a matter of time, or is it too late already ?

            Will we ever know ?

            ALF

          2. SImon Hobson Silver badge

            Re: US CLOUD act

            Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.

            AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.

            Err, would this be the same MS that the day the CLOUD act was passed, just handed over the data, housed in a datacentre in Ireland and operated by the Irish subsidiary of MS, some US TLA had been after for a couple of years ?

            Thus proving beyond a doubt that having a datacentre in the UE, subject to EU law, and operated by a supposedly legally different entity, and supposedly having technical measures in place to prevent the US parent company from accessing the data ... did didly squat to prevent staff in the US from accessing that data and handing it over.

            As it is, I've seen enough of the way MS handles logins (a very long chain of redirects, most using domain names under the control of the US company, to suggest that claims about territorial security of data are ... "a bit questionable".

            I suspect it's actually quite hard to setup an arrangement where the data is located in the UK, is under UK control, and there is no legal or technical mechanism for the US based parent company to grab or demand access to the data when instructed to by a US TLA.

            1. EnviableOne Silver badge

              Re: US CLOUD act

              UK Cloud is the best option:- https://ukcloud.com/our-platform/

        3. Roj Blake

          Re: US CLOUD act

          You seem to be working under the assumption that the UK government doesn't already grant the US authorities access to all of this data.

          1. Clausewitz 4.0
            Devil

            Re: US CLOUD act

            UK is know to be a lapdog of USA since a long time

      2. streaky

        At a loss

        "Hopefully the data will be properly encrypted with user-held keys."

        As opposed to what? AWS just providing the platform..

      3. Anonymous Coward
        Anonymous Coward

        Not possible

        > So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.

        AWS will operate this the same way it operates special regions for the US government (no, not GovCloud).

        No data will be permitted to leave, except as authorized by government employees.

        And no non-UK citizens will be have any access to the facilities at all, the same way AWS engineers (while supporting their services there) don't have access to the existing US government regions unless they are security-cleared US citizens and have permission to enter the facility.

        Security-cleared AWS engineers will be permitted access to the facilities, but will not be able to remove any data. No data storage devices may be removed. If you take your phone in by mistake, congratulations on your new phone.

  3. Ceyarrecks

    Sooo,...

    in a statement I think will be easily understood: "So, you are storing /your/ Crown Jewels,... in someone's Coffers." What could possibly go wrong,...

  4. Anonymous Coward
    Anonymous Coward

    :popcorn: ready for the comments on this one.

    1. werdsmith Silver badge

      "popcorn" eh? That's original.

      Never saw that on a web comments page before, that must have been an inspired moment when you came up with that idea.

      1. Kane Silver badge
        Joke

        ""popcorn" eh? That's original."

        I'll go with the Nachos with what is laughingly called "cheese" if you don't mind.

  5. VicMortimer

    This is stupid. Government data should be stored on government computers, in government data centers, maintained by government employees. Private companies should NEVER be allowed to do this sort of thing.

    And Amazon's trustworthiness is only slightly better than F*c*book's. They're one of the worst companies in the world.

    1. dogcatcher

      Does that mean that as a Prime member I can get delivery of what I want tomorrow?

    2. Woodnag Silver badge

      Amexit?

      Perhaps UK need to do an Amexit, and stop being a minion of the US. The US doesn't have friend countries, just servant ones with a public pretense.

      1. Dr Paul Taylor

        Re: Amexit?

        Some States tried to do Amexit c1860. Look what happened to them.

    3. Al fazed
      Megaphone

      It is

      USA Government computers, for a start, don't forget Isreal et al............

      ALF

    4. max allan

      So, government is going to need to employ huge numbers of staff to replace all the outsourced contracts it holds.

      No. Never going to happen.

      And how far does your "must be government" requirement go?

      Do we need government cleaners? Government builders? Government made cars and bus and trains and drivers? If we can't have private companies writing software for government use : we need almost an entire Microsoft's worth of people writing a desktop operating system and apps. Or is it ok to use software from private companies?

      And hardware? We need an Intel's worth of people to design and build CPUs and RAM and all the other chips you need for computers. Or is it OK for a private company to make and maintain hardware for government?

      If we can use hardware and software from private companies, then we can use AWS.

      Despite your opinions of Amazon, this deal is with AWS. Tarring them with the same brush is like saying your fingers are shitty because they're part of the same body as your arsehole.

      The only professionals I've heard with bad things to say about aws are people who haven't actually used it "my mate says it is insecure because he had a computer from amazon and got a virus" or people who claim it is bad because <insert reason that boils down to them doing it wrong>. If you can get your AWS config wrong, you can get your on prem deployment wrong too and maybe you just aren't cut out for working in IT?

      AWS is extremely secure when configured correctly. But a lot of people have failed to do that in the past because aws made it too easy for people to do stupid things. Now they have made it much harder (in the UI and on the CLI in some areas)

      1. SImon Hobson Silver badge

        ... is like saying your fingers are shitty because they're part of the same body as your arsehole

        I wish I could upvote you more than once for that. Luckily I'd already finished my cup of tea.

  6. scrubber
    Trollface

    Google yourself on AWS

    At least now we can check whether the latest terrorist was known to authorities before the powers that be use their act to justify yet another grab at the few liberties we have left.

    1. Al fazed
      Coat

      Re: Google yourself on AWS

      So now we have a label for anyone who's so pissed with this shower in Go vermins that they might as well go for it with a kitchen knife and put the deluded fucker out of everyone elses misery.

      I'm not promoting this, just speaking thew bloody obvious..........

      Terrorism ? Yes, who is terrorising who ?

      ALF extreme mist.........

  7. Frank Zuiderduin

    LOL!

    Priceless.

    Stupidity of the variety "you can't make this up".

  8. Anonymous Coward
    Anonymous Coward

    Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?

    1. Pen-y-gors Silver badge

      So easy too...

      1. Kidnap senior spook with laptop

      2. Cut off their finger to login with fingerprint (also works on phone if they have 2FA)

      3. Start the petabyte downloads...

      Security? We've heard of it.

      The only secure data storage is write-only.

      1. Alumoi Silver badge

        Re: So easy too...

        I beg to differ. The only secure data storage is the one nobody can access.

      2. Clausewitz 4.0
        Devil

        Re: So easy too...

        <joke>

        You forgot the sodium thiopental to "try" to make him tell his password. It doesn't work always.

        </joke>

    2. Al fazed
      Happy

      Too late

      It's happened already, you just didn't get told about it.

      ALF

    3. buchan

      > Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?

      You'd need to have gained access to the government network first. These regions won't be connected to the internet.

    4. chrisw67

      Perhaps the logic is that it is harder to carry an AWS data centre to the strip club; therefore the security is better?!

  9. arkhangelsk

    Hopefully, for the UK's own sake, they will only be storing information of low to medium importance on that cloud, with the true crown jewels being kept off the cloud.

    1. Ken Moorhouse Silver badge

      RE: the true crown jewels

      That sparked in my mind the story of the Cullinan diamond which was supposedly sent by high security means to London, but in actuality was delivered via standard registered post.

      Which makes you wonder whether, in a similar vein, top secret things are sent by regular email.

      1. amanfromMars 1 Silver badge

        Re: RE: the true crown jewels

        Ken, Hi,

        What would you say if you were to realise and/or be informed that many top secret things are regularly freely shared via standard Registered posts highlighting developments for further contemplation and comment here?

        Impossible? Most Unlikely? Unbelievable?

        There's a lot of very strange spooky action at a distance going on all around everyone everywhere nowadays .... and IT's not going away, you know, now that it has found its groove in the company of grand worshipful masters in the service of Heavenly Mistresses and Diabolical Daemons on the rocky road back to the good old times when nothing bad and sad and mad appeared to presume a leading position in the future planning of upcoming live events.

        1. Ken Moorhouse Silver badge

          Re: RE: Impossible? Most Unlikely? Unbelievable?

          Undoubtedly. Steganography, and "your" posts would be ideal candidates for hiding messages.

          Slightly tangential, but ISTR there was the case of someone sharing secrets using gmail. Not by sending emails, but by the login details being shared, secrets being posted as draft messages.

          I'm sure someone's tinkered with IP packets so that there is normal traffic, then there's hidden traffic, in much the same way that CEEFAX used parts of a TV signal invisible to normal equipment.

          The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic.

          1. amanfromMars 1 Silver badge

            Re: RE: Impossible? Most Unlikely? Unbelievable?

            The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic. ..... Ken Moorhouse

            Having possibly detected/imagined and realised the virtual presence of such practically almighty and extremely problematical traffic ....... for it can only result in a defence or offensive action dealing with events after the release and ACTualisation of novel facts/phormer fictions ...... whatever to do next for the best is a Great AI Games Changer which provides leaders in the genre unprecedented inequitable advantage aka carte blanche virgin field immunity and impunity freedom and thus is it to be both gravely and highly regarded ..... for IT can easily instantly kill you stone dead with its wanton abuse and/or wilful misuse ..... so take care, beware and be aware there be definitely wrong courses of future action best sensibly avoided at any price with all costs to be provided and guaranteed/failsafe secured.

  10. werdsmith Silver badge

    I am dealing with business that won't put stuff on any cloud, because it's financially sensitive.

    So this must be some special arrangement that keeps the data secure until it has reached the client desktop. It's no use decrypting at source, might was go back to cash payroll deliveries.

    1. Anonymous Coward
      Anonymous Coward

      I know there's comedy value in assuming otherwise, but it's not like Dido Harding's involved - there's an assumed basic level of competence. The security services can probably use a service securely.

      I'm using tarsnap to back up our business (including IP and financials) to the cloud - I presume it's based on Amazon, but as it's encrypted before it leaves our site and I don't actually care. I suspect your client is a bit too focused on the headlines when it goes wrong (which, to be fair, it does quite a bit).

  11. Conundrum1885
    Facepalm

    Random

    I once tried to contact a FLA to "discuss something"

    Hint: If you do this, ensure the following.

    1) make sure the idea or concept isn't on some paper behind a paywall you don't have access to

    2) If it isn't, ensure at the very least you've done a patent search.

    3) if 1) and 2) = TRUE then congrats.

    4) ...

    5) ...

    6) ...

    98) Profit!! Oh and you can't talk about it to anyone, ever.

    1. amanfromMars 1 Silver badge
      Mushroom

      Re: Random

      In a Postmodern New More Orderly World Order where/when one might want to contact and "discuss something" with the likes of terrified and terrorising Five Eyed monsters and/or their Swarms of Sworn Opposing Enemies, or be such a Subject of Interest that might require of them to make positive contact with you because of the dire catastrophic negative consequences guaranteed to ensue because of their failings to so act upon the intelligence both previously and currently presented to them, the accepted successful course of rapid and rabid and rapacious premium action, to result in a similar conclusion to your own 98 steps, Conundrum1885, ... [Profit!! Oh and you shouldn't talk about it to anyone, never ever.] ...... is as follows .....

      1) Ensure in a paper/series of threads, the idea or concept is deliverable on paper but certainly, most definitely also maintain and retain and entertain the vital informative records that have been previously freely shared and earlier easily made universally available to any and all interested on an increasing number of Prime and Sublime Internet Networking Sites/Deep and Dark Web Clusters and which the a priori action guarantees patent pending ownership.

      And if ever you discover that fails to deliver positive contact and meaningful Future JOINT Engagement/Systemic Virtual Entanglement, is the Private and Personally Profitable Factor significantly increased, pushing as it does in the things to be discussed, everything towards the exponential and existential end of the scale[s]. ...... so Who Dares Win Wins even should Extant Systems Administrations Spectacularly Fail in their dealings with Advancing IntelAIgents.

  12. Ken Moorhouse Silver badge

    There is another aspect to this...

    There's the encryption of the data , which has been discussed. But there is something else... What happens in the event of outages? If a coup is planned, the first thing to take control of is the media, and in this day and age would include the internet. No doubt in the past the TLA/FLA's had their own robust channels for disseminating information when all else fails. Using the Cloud seems to imply off-loading responsibility for timely access on the Cloud provider. Surely that isn't good enough in this instance?

    1. Al fazed
      Happy

      Re: There is another aspect to this...

      The ISP is gonna be held liable not GCHQ ?

      ALF

  13. Howard Sway Silver badge

    The nice thing for Amazon.....

    ....... is that once they've got all the vital data from a government running on their servers, that government is going to be more or less unable to regulate them too harshly, especially when it comes to worker's rights, unfair competition and acting as a monopoly in other sectors.

    Nevermind, I'm sure the initial price looked very attractive, as Amazon would be able to take a massive loss at first, in order to get these organisations totally dependent on them before the contract renewals next come up.

  14. Paul Crawford Silver badge

    If it is *only* storage then they can have it encrypted with their own keys, so the only risk is it being deleted if the payments don't keep up.

    But if they plan on AWS related processing/indexing then it is bend-over time for Mr Blackadder as the USA's Bishop of Bath and Wells has a poker for him.

  15. spold

    Forget breaches

    ...the real danger is if someone deploys an AI across everything. Why not add in ANPR and mobile provider data, then we really will know where you are, and we are coming to get you, a drone is on its way. OK, probably bindun. ;-)

    1. Al fazed
      WTF?

      Re: Forget breaches

      Hasn't it already been agreed that the MoD can now assist Local Authorities prosecute dwellers who drop degradable food waste into the none recyclable waste bin ?

      ANPR ?

      Been there, done that.............

      ALF

  16. Anonymous Coward
    Anonymous Coward

    It's funny how quickly people have forgotten prism. They got access to data anyway. What difference does this make?

  17. Teejay

    The New English Way Of Doing Things™

    Yes, I know the Americans are doing it too, some of it. But with Microsoft and AWS they are using US companies under their control.

    The UK, on the other hand, will be outsourcing data *to* US companies - under the control *of* the US.

    That the data is apparently stored in the UK is like saying you trust Huawei because they say they're nice.

    It all started when beancounters began to rule the world, and it's going to end badly.

    1. Al fazed
      Thumb Up

      Re: The New English Way Of Doing Things™

      Very badly for some.

      Wonder which one's will come off worst ?

      The words of Jimmy cliff, "the bigger they come the harder they fall", spring into to my mind.

      ALF

  18. Pen-y-gors Silver badge

    Yay!

    Putin, he very happy man. All his plans coming to fruition. And it's costing him peanuts in salaries for UK Cabinet members.

    1. seven of five Silver badge

      Re: Yay!

      Yes, Putin made the UK government do it. No chance they came up with such an idea themselves.

  19. Phil Kingston

    "access from anywhere in the world to authorised staff"

    WCGW

  20. Potemkine! Silver badge

    What's the problem? UK is on track to become the 51st State anyway.

    In the mean time, SVR rubs it hands. So many valuable data in the Cloud? Yum!

    1. amanfromMars 1 Silver badge

      What's not to like whenever a Strategic Intelligence Service in/with/for/from AI ‽ .

      In the mean time, SVR rubs it hands. So many valuable data in the Cloud? Yum! .... Potemkine!

      If you are referring Systemic Virtual Resistance, Potemkine!, we couldn't agree more. And if you aren't, at least you are somewhat wiser than before, as be anyone/anything else happening upon this webpage and commentary thread.

  21. Anonymous Coward
    Anonymous Coward

    I have fears

    This will end in tears….

    1. Ken Moorhouse Silver badge

      Re: I have fears. This will end in tears….

      Data in Chains

    2. Al fazed
      Meh

      Re: I have fears

      Server racks in ruins ..........

  22. Rich 11 Silver badge

    Eternal off-site backups for all

    no UK-based public cloud could provide the scale or capabilities needed for the security services data storage requirements.

    So that definitely does include all our phone calls and emails then.

  23. amanfromMars 1 Silver badge

    What an extremely sorry, pathetic state of current affairs and monumental vulnerability to admit to.

    Is to so freely surrender sovereignty to a foreign nation and alienating power not akin to being responsible and accountable for a cowardly act of high treason and rank state betrayal ?

    And why would an MI5 or MI6 or GCHQ tolerate and permit and assist in such a perverse activity and affront to home based intelligence ...... other than the fact that they are not in possession of any worth having, of course ...... which itself is also inexcusable given the costs imposed and prices received for the intelligence they are contracted to provide ?

    1. Al fazed
      Flame

      Re: What an extremely sorry, pathetic state ....

      This is just the active end of a very corrupt security system snake that's been feeding it's pet Intelligence Service (GCHQ) with loads none nutritious grub, full of tasty stuff bulked out with buzz words that are included to get the information addict back for more of the real stuff.

      You should see the real stuff being currently fed into the UK court system by employees of other/supplier organisations who's underpaid and overworked employees display very questionable attitudes to data integritty. Sexual biggotry and other personal biases abound.

      Local Authorities using all sorts of incompatible systems abusively.

      Anyway, it's a bit like Christopher Hodder Williams novel "The Egg Shaped Thing", the system is a runaway corporate monster and the nation states Go Vermins will soon be running after it with pitch forks and blazing torches .........

      ALF

  24. Ididntbringacoat

    Cloud. Restictions? Sure anything, just sign here.

    If anyone really believes that any agreement with a "cloud provider" is any protection at all against them doing whatever they damned well please with your data . . .

    well, there is this nice bridge in Brooklyn, NY that you can buy for a song. Plus cash, of course.

    1. max allan

      Re: Cloud. Restictions? Sure anything, just sign here.

      On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?

      As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem.

      Maybe the odd individual would steal data, but it is all pretty well tracked and logged, so the individual can be punished. Just like an individual in your org could steal data. But I have worked for banks and governments and telcos and never seen anything anywhere near as good as the protection/logging/monitoring/etc. that AWS claim to have.

      So yes, if you want a substandard solution that doesn't address the most likely risk, help yourself.

      1. Clausewitz 4.0
        Devil

        Re: Cloud. Restictions? Sure anything, just sign here.

        Actually it is a bit of the opposite. How paranoid senior executives from cloud company X need to be, knowing they are handling the data of an organization full of folks who enjoy quite a lot to shoot things and drink blood?

        Usually, only other organizations who also like to shoot things and drink blood go after the former, otherwise, it is almost suicide.

      2. amanfromMars 1 Silver badge

        Re: Cloud. Restictions? Sure anything, just sign here.

        On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?

        As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem. ..... max allan

        That sort of multi billion dollar corporation is at risk more easily than I’m sure they would not like to admit, max allan, for as soon as someone can demonstrate "data was stolen from aws”, is their business collapse entirely possible.

  25. MachDiamond Silver badge

    You had one job

    The three-letter agencies are data miners. Everything they do is to acquire data, analyze it, summarize it and let a few politicians know about it once the news channels have broken the story. Any prattle about cost efficiency with regards to a government agency is entirely laughable. It's even less applicable if revealing secret knowledge might lead to trade embargoes, military actions or assignations. If the stored information isn't secret, what's the point in the government securely warehousing it at taxpayer expense. When it is very sensitive, why would it be a good idea to store it with a third party? Those companies might find it interesting to try decrypting it with their quantum computer projects.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021