"store their secret files in the AWS cloud"
Have they sent their logon credentials to Moscow yet ?
No matter, Moscow will have that when it needs it.
The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports. The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their …
"In future nobody will be able to download or print anything, ever."
Yeah right. Some senior manager is going to go to IT and demand they create a way to do it before the weekend. People with fears about job security will bodge something without any testing so they don't lose their flat and have some money around when the baby is born.
Ok, easy to see who accessed the data and when. But it raises the interesting question about serialisation of stored data if printed or otherwise distributed. If data is leaked the authorities need to know who leaked it, which means that everyone's copy of the data needs to be unique in some subtle way. Similar in principle to the secret yellow dots printed out from laser printers.
The US CLOUD act allows law enforcement to compel US companies to turn over data whether that data is located within or outside the United States. So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.
Hopefully the data will be properly encrypted with user-held keys.
[Preamble]
I've recently reread Raw Spirit by one of my favourite authors, Iain Banks, and, along with the reviews of distileries, whiskeys, cars, and anything else he feels like shooting the breeze about, he sounds off fairly regularly about the coverage of the Iraq war going on at that time (2003).
This fabulous quote he includes from the Guardian, is very apt in light of subsequent events, particularly after his death, in 2013, and that endless desire amongst some quarters for that nebulous quality of "sovereignty":
"Welcome to the Free World. In the July 17th 2003 edition of the Guardian, in an article headlined ‘We are now a client state’, David Leigh and Richard Norton-Taylor set out the case for Tony Blair having finally surrendered to the United States of America most of the few remaining shreds of British sovereignty. They point out that Britain cannot target, maintain or fire its Tomahawk cruise missiles without US authority, that this same restriction has applied to the Trident missile system for the last decade and a half (so that Britain’s ‘independent’ nuclear deterrent never has been; basically the British taxpayer has been paying for at least one sturdy spoke of the US’s nuclear umbrella all these years), that Britain has already entirely and formally given up sovereignty in various British mainland bases and several overseas ones, like the Indian Ocean bomber base of Diego Garcia, where the native people were thrown out 30 years ago and left on the docks in east Africa, that we spend a fortune gathering intelligence at GCHQ, share all of it with the US intelligence services – those paragons of vigilance who did such a brilliant job preventing the atrocities on September 11th – but they are under no obligation to share all they know with our lot, that (and this is ongoing through recent and envisaged purchasing and equipment standardisation decisions), Britain is tied into the US war-fighting machine to such an extent that it will no longer be capable of fighting a war without the US’s approval and connivance, while being, by extension, entirely expected to muck in with any American military adventure where such participation will help make this year’s invasion look less like the exercise in naked imperialism that it in fact is. They also make the point that your individual Brit cannot any longer rely even on the occasionally dubious protection of the legal system which we pay for through our taxes and at least nominally control through the democratic system of the country we live in. British nationals held in the fantasy counter-reality that is Camp Delta, Guantanamo Bay on Cuba – prop. George Sauron Bush, Esq. – have effectively been abandoned by the Crown and government that is supposed to protect them (well, they haven’t got even the basic good sense to be white, they are self-confessed Muslims, Dubya says they’re all Bad People anyway so of course they don’t really count). Finally, it now turns out that back in March, while we were distracted by all that spiffing fighting, British Home Secretary David Blunkett signed a treaty with the US which means that any British national, living in the UK or its dependencies, can be extradited to the US to stand trial for whatever crime an American court deems they might have committed, with no need for any prima facie case to be established in front of a British court before the alleged miscreant is hauled off. In other words, they just have to ask, and you’ll be handed over. The Americans, being the big Uncle Sam daddy rather than the quivering Britannia bitch in this abusively unequal relationship, and very sensibly having a written constitution which forbids such horrors, are of course under no such obligation to reciprocate, and indeed are legally unable to. So the British legal system and the individual rights of any given Brit are now entirely subservient to the whims of any one of gawd-knows how many public servants and judges sitting in the United States, home of Dubya the Usurper and his grotesque squad of Cold War throwbacks. The Home Office press release covering the meeting during which this historic and unprecedented surrender of sovereignty took place failed to mention it had happened at all. As Leigh and Norton-Taylor suggest, maybe it was through shame. Equally quiet at the time, once this treaty’s terms have finally slithered out into the light of day, are all the right-wing British newspapers which can be relied upon to foam at the mouth whenever they detect the slightest hint that Britain might be surrendering something as important as control over the shape of a fruit to Brussels. Suggest that there might be a standard Europe-wide definition of what you can call ‘ice cream’ or ‘chocolate’ and these charmers are spitting blood about faceless Eurocrats completing the job that Napoleon and Hitler failed to accomplish and dropping dark hints about leaving the EU altogether; abandon us all to the mercies of a protofascist rogue state 3000 miles away over which we have no democratic or legal control whatsoever, and there’s not a damn peep. Last time I checked I did have an MEP to whom I could complain about any abuses within the European system, and who I could, along with my fellow voters, remove from office; I have yet to be informed of the identity of my Congressional representative. Banks, Iain. Raw Spirit (pp. 313-315). Random House. Kindle Edition."
I can't speak to the military or defence related claims here, but their credibility seems a bit questionable given the apparent weakness of the extradition treaty claim, as evidenced by recent high-profile court cases for Assange and that fellow from Autonomy - neither demonstrate the automatic, unscrutinised 'slam-dunk' extradition arrangement Banks claims was made.
high-profile court cases
"High-profile" = don't mess too openly or we could get public opinion (Assange) or influential people (Lynch) in our way.
Did you ever about the dozens of UK, low-profile citizens extradited to the US since the treaty is in place? It happened nonetheless.
The military / defence claims are utter bollocks.
Yes, Trident (missiles, not subs or warheads) are maintained in the US.
Targeting and firing are solely UK, no US input.
Claiming otherwise is a lie that has (evidentially) been in circulation for decades. Still a lie, though.
Targeting and firing Royal Navy Tomahawk is also solely a UK decision.
Also, conflating Tomahawk and Trident is disingenuous / dishonest. UK nuclear weapons are solely Trident and have been since shortly after the end of the Cold War.
Tomahawk is a conventional weapon, no different in use than 'Paveway' laser guidance bombs or the Anglo-French Storm Shadow missile
The article is nothing but a rabid anti-US rant.
I was well aware of the Cloud act when I made my initial post. Bollocks can they force anything.
Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.
AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.
If AWS doesn’t hold the keys and neither the US Govt or AWS US have physical access to the UK based bit barns the risk of the USG getting their hands on the data is minimised. Half the staff at that bit barn will be working for the UKG on the side to cover this contingency specifically.
So yes apart from a bit of mindless whining in the press there’s nothing to see here. A fully UK based operation would have been better but name me anyone UK based and owned who comes close the range and depth of the big 3’s services. Or perhaps maybe you would have preferred AliCloud?
You also assume for some unknown reason that the AWS cloud isn't already compromised by one or more zero day vulnerabilities, which are actively being used already by US, et al (Isreal I'm looking at you).
You know, once you have a connection to the Internet the fucking game is up........it's just a matter of time, or is it too late already ?
Will we ever know ?
ALF
Personally I would have chosen M$ as they have history of fighting overreach from the Cloud Act. But the same arguments apply about AWS.
AWS UK will be operating as UK entity and the ability of the US Govt to compel that entity is limited in exactly the same way M$‘s US entity was unable to compel its Irish entity.
Err, would this be the same MS that the day the CLOUD act was passed, just handed over the data, housed in a datacentre in Ireland and operated by the Irish subsidiary of MS, some US TLA had been after for a couple of years ?
Thus proving beyond a doubt that having a datacentre in the UE, subject to EU law, and operated by a supposedly legally different entity, and supposedly having technical measures in place to prevent the US parent company from accessing the data ... did didly squat to prevent staff in the US from accessing that data and handing it over.
As it is, I've seen enough of the way MS handles logins (a very long chain of redirects, most using domain names under the control of the US company, to suggest that claims about territorial security of data are ... "a bit questionable".
I suspect it's actually quite hard to setup an arrangement where the data is located in the UK, is under UK control, and there is no legal or technical mechanism for the US based parent company to grab or demand access to the data when instructed to by a US TLA.
> So even if the data is stored in AWS solely within the UK, US law enforcement can still get their hands on it.
AWS will operate this the same way it operates special regions for the US government (no, not GovCloud).
No data will be permitted to leave, except as authorized by government employees.
And no non-UK citizens will be have any access to the facilities at all, the same way AWS engineers (while supporting their services there) don't have access to the existing US government regions unless they are security-cleared US citizens and have permission to enter the facility.
Security-cleared AWS engineers will be permitted access to the facilities, but will not be able to remove any data. No data storage devices may be removed. If you take your phone in by mistake, congratulations on your new phone.
This is stupid. Government data should be stored on government computers, in government data centers, maintained by government employees. Private companies should NEVER be allowed to do this sort of thing.
And Amazon's trustworthiness is only slightly better than F*c*book's. They're one of the worst companies in the world.
So, government is going to need to employ huge numbers of staff to replace all the outsourced contracts it holds.
No. Never going to happen.
And how far does your "must be government" requirement go?
Do we need government cleaners? Government builders? Government made cars and bus and trains and drivers? If we can't have private companies writing software for government use : we need almost an entire Microsoft's worth of people writing a desktop operating system and apps. Or is it ok to use software from private companies?
And hardware? We need an Intel's worth of people to design and build CPUs and RAM and all the other chips you need for computers. Or is it OK for a private company to make and maintain hardware for government?
If we can use hardware and software from private companies, then we can use AWS.
Despite your opinions of Amazon, this deal is with AWS. Tarring them with the same brush is like saying your fingers are shitty because they're part of the same body as your arsehole.
The only professionals I've heard with bad things to say about aws are people who haven't actually used it "my mate says it is insecure because he had a computer from amazon and got a virus" or people who claim it is bad because <insert reason that boils down to them doing it wrong>. If you can get your AWS config wrong, you can get your on prem deployment wrong too and maybe you just aren't cut out for working in IT?
AWS is extremely secure when configured correctly. But a lot of people have failed to do that in the past because aws made it too easy for people to do stupid things. Now they have made it much harder (in the UI and on the CLI in some areas)
So now we have a label for anyone who's so pissed with this shower in Go vermins that they might as well go for it with a kitchen knife and put the deluded fucker out of everyone elses misery.
I'm not promoting this, just speaking thew bloody obvious..........
Terrorism ? Yes, who is terrorising who ?
ALF extreme mist.........
> Given how many times the spooks seem to leave official laptops in strip clubs or in the back of taxis, how long do we think it will be before top secret data is found in a misconfigured S3 bucket?
You'd need to have gained access to the government network first. These regions won't be connected to the internet.
That sparked in my mind the story of the Cullinan diamond which was supposedly sent by high security means to London, but in actuality was delivered via standard registered post.
Which makes you wonder whether, in a similar vein, top secret things are sent by regular email.
Ken, Hi,
What would you say if you were to realise and/or be informed that many top secret things are regularly freely shared via standard Registered posts highlighting developments for further contemplation and comment here?
Impossible? Most Unlikely? Unbelievable?
There's a lot of very strange spooky action at a distance going on all around everyone everywhere nowadays .... and IT's not going away, you know, now that it has found its groove in the company of grand worshipful masters in the service of Heavenly Mistresses and Diabolical Daemons on the rocky road back to the good old times when nothing bad and sad and mad appeared to presume a leading position in the future planning of upcoming live events.
Undoubtedly. Steganography, and "your" posts would be ideal candidates for hiding messages.
Slightly tangential, but ISTR there was the case of someone sharing secrets using gmail. Not by sending emails, but by the login details being shared, secrets being posted as draft messages.
I'm sure someone's tinkered with IP packets so that there is normal traffic, then there's hidden traffic, in much the same way that CEEFAX used parts of a TV signal invisible to normal equipment.
The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic.
The ways are endless, there's so much data passing through a NIC these days that investigators are no doubt having to use sophisticated techniques to detect the presence of such traffic. ..... Ken Moorhouse
Having possibly detected/imagined and realised the virtual presence of such practically almighty and extremely problematical traffic ....... for it can only result in a defence or offensive action dealing with events after the release and ACTualisation of novel facts/phormer fictions ...... whatever to do next for the best is a Great AI Games Changer which provides leaders in the genre unprecedented inequitable advantage aka carte blanche virgin field immunity and impunity freedom and thus is it to be both gravely and highly regarded ..... for IT can easily instantly kill you stone dead with its wanton abuse and/or wilful misuse ..... so take care, beware and be aware there be definitely wrong courses of future action best sensibly avoided at any price with all costs to be provided and guaranteed/failsafe secured.
I know there's comedy value in assuming otherwise, but it's not like Dido Harding's involved - there's an assumed basic level of competence. The security services can probably use a service securely.
I'm using tarsnap to back up our business (including IP and financials) to the cloud - I presume it's based on Amazon, but as it's encrypted before it leaves our site and I don't actually care. I suspect your client is a bit too focused on the headlines when it goes wrong (which, to be fair, it does quite a bit).
I once tried to contact a FLA to "discuss something"
Hint: If you do this, ensure the following.
1) make sure the idea or concept isn't on some paper behind a paywall you don't have access to
2) If it isn't, ensure at the very least you've done a patent search.
3) if 1) and 2) = TRUE then congrats.
4) ...
5) ...
6) ...
98) Profit!! Oh and you can't talk about it to anyone, ever.
In a Postmodern New More Orderly World Order where/when one might want to contact and "discuss something" with the likes of terrified and terrorising Five Eyed monsters and/or their Swarms of Sworn Opposing Enemies, or be such a Subject of Interest that might require of them to make positive contact with you because of the dire catastrophic negative consequences guaranteed to ensue because of their failings to so act upon the intelligence both previously and currently presented to them, the accepted successful course of rapid and rabid and rapacious premium action, to result in a similar conclusion to your own 98 steps, Conundrum1885, ... [Profit!! Oh and you shouldn't talk about it to anyone, never ever.] ...... is as follows .....
1) Ensure in a paper/series of threads, the idea or concept is deliverable on paper but certainly, most definitely also maintain and retain and entertain the vital informative records that have been previously freely shared and earlier easily made universally available to any and all interested on an increasing number of Prime and Sublime Internet Networking Sites/Deep and Dark Web Clusters and which the a priori action guarantees patent pending ownership.
And if ever you discover that fails to deliver positive contact and meaningful Future JOINT Engagement/Systemic Virtual Entanglement, is the Private and Personally Profitable Factor significantly increased, pushing as it does in the things to be discussed, everything towards the exponential and existential end of the scale[s]. ...... so Who Dares Win Wins even should Extant Systems Administrations Spectacularly Fail in their dealings with Advancing IntelAIgents.
There's the encryption of the data , which has been discussed. But there is something else... What happens in the event of outages? If a coup is planned, the first thing to take control of is the media, and in this day and age would include the internet. No doubt in the past the TLA/FLA's had their own robust channels for disseminating information when all else fails. Using the Cloud seems to imply off-loading responsibility for timely access on the Cloud provider. Surely that isn't good enough in this instance?
....... is that once they've got all the vital data from a government running on their servers, that government is going to be more or less unable to regulate them too harshly, especially when it comes to worker's rights, unfair competition and acting as a monopoly in other sectors.
Nevermind, I'm sure the initial price looked very attractive, as Amazon would be able to take a massive loss at first, in order to get these organisations totally dependent on them before the contract renewals next come up.
If it is *only* storage then they can have it encrypted with their own keys, so the only risk is it being deleted if the payments don't keep up.
But if they plan on AWS related processing/indexing then it is bend-over time for Mr Blackadder as the USA's Bishop of Bath and Wells has a poker for him.
Yes, I know the Americans are doing it too, some of it. But with Microsoft and AWS they are using US companies under their control.
The UK, on the other hand, will be outsourcing data *to* US companies - under the control *of* the US.
That the data is apparently stored in the UK is like saying you trust Huawei because they say they're nice.
It all started when beancounters began to rule the world, and it's going to end badly.
In the mean time, SVR rubs it hands. So many valuable data in the Cloud? Yum! .... Potemkine!
If you are referring Systemic Virtual Resistance, Potemkine!, we couldn't agree more. And if you aren't, at least you are somewhat wiser than before, as be anyone/anything else happening upon this webpage and commentary thread.
Is to so freely surrender sovereignty to a foreign nation and alienating power not akin to being responsible and accountable for a cowardly act of high treason and rank state betrayal ?
And why would an MI5 or MI6 or GCHQ tolerate and permit and assist in such a perverse activity and affront to home based intelligence ...... other than the fact that they are not in possession of any worth having, of course ...... which itself is also inexcusable given the costs imposed and prices received for the intelligence they are contracted to provide ?
This is just the active end of a very corrupt security system snake that's been feeding it's pet Intelligence Service (GCHQ) with loads none nutritious grub, full of tasty stuff bulked out with buzz words that are included to get the information addict back for more of the real stuff.
You should see the real stuff being currently fed into the UK court system by employees of other/supplier organisations who's underpaid and overworked employees display very questionable attitudes to data integritty. Sexual biggotry and other personal biases abound.
Local Authorities using all sorts of incompatible systems abusively.
Anyway, it's a bit like Christopher Hodder Williams novel "The Egg Shaped Thing", the system is a runaway corporate monster and the nation states Go Vermins will soon be running after it with pitch forks and blazing torches .........
ALF
If anyone really believes that any agreement with a "cloud provider" is any protection at all against them doing whatever they damned well please with your data . . .
well, there is this nice bridge in Brooklyn, NY that you can buy for a song. Plus cash, of course.
On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?
As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem.
Maybe the odd individual would steal data, but it is all pretty well tracked and logged, so the individual can be punished. Just like an individual in your org could steal data. But I have worked for banks and governments and telcos and never seen anything anywhere near as good as the protection/logging/monitoring/etc. that AWS claim to have.
So yes, if you want a substandard solution that doesn't address the most likely risk, help yourself.
Actually it is a bit of the opposite. How paranoid senior executives from cloud company X need to be, knowing they are handling the data of an organization full of folks who enjoy quite a lot to shoot things and drink blood?
Usually, only other organizations who also like to shoot things and drink blood go after the former, otherwise, it is almost suicide.
On the flip side, how paranoid do you need to be that you think your data is so valuable, that a multi billion dollar corporation is going to put their entire business at risk to steal it?As soon as someone can demonstrate "aws stole our data" their business collapses as everyone goes back to on prem. ..... max allan
That sort of multi billion dollar corporation is at risk more easily than I’m sure they would not like to admit, max allan, for as soon as someone can demonstrate "data was stolen from aws”, is their business collapse entirely possible.
The three-letter agencies are data miners. Everything they do is to acquire data, analyze it, summarize it and let a few politicians know about it once the news channels have broken the story. Any prattle about cost efficiency with regards to a government agency is entirely laughable. It's even less applicable if revealing secret knowledge might lead to trade embargoes, military actions or assignations. If the stored information isn't secret, what's the point in the government securely warehousing it at taxpayer expense. When it is very sensitive, why would it be a good idea to store it with a third party? Those companies might find it interesting to try decrypting it with their quantum computer projects.