Britain's spy agencies -- GCHQ, MI5 and MI6 -- have signed a contract with Amazon where Amazon will host their top-secret data (archive here):
The UKâs three spy agencies have contracted AWS, Amazonâs cloud computing arm, to host classified material in a deal aimed at boosting the use of data analytics and artificial intelligence for espionage.
The procurement of a high-security cloud system has been championed by GCHQ, the UKâs signals intelligence body, and will be used by sister services MI5 and MI6, as well as other government departments such as the Ministry of Defence during joint operations.
The contract is likely to ignite concerns over sovereignty given that a vast amount of the UKâs most secret data will be hosted by a single US tech company. The agreement, estimated by industry experts to be worth ÂŁ500m to ÂŁ1bn over the next decade, was signed this year, according to four people familiar with the discussions. However, the details are closely guarded and were not intended to be made public.
This is so obviously a security risk that I can only conclude the people doing it are either completely clueless idiots or deliberate conscious traitors. Or maybe both.
The article claims that:
Although AWS is a US company, all the agenciesâ data will be held in Britain, according to those with knowledge of the deal. Amazon will not have any access to information held on the cloud platform, those people said.
This is obvious bollocks. Does anyone seriously believe that the NSA cannot get hold of data on Amazons servers whenever they want to? Of course they can.
The article continues:
The UKâs move to contract a US company surprised some experts. âSovereignty matters and thereâs a reason why, historically, security technology has always been built and maintained in-house,â one security veteran said. GCHQ initially wanted to find a UK cloud provider but it became clear in recent years that domestic companies would be unable to offer either the scale or capabilities needed, said two people familiar with the deal.
The way to do it would be for GCHQ to create an in-house solution, which could then be used by all UK government agencies (or at lest the ones where secrecy or confidentially is important, which in practise is most of all of them). Indeed this appears to be what France is doing:
The French government this year backed the creation of a new âsovereign cloudâ which will be used by the countryâs public sector to handle sensitive data using government-approved security methods. Dubbed Bleu, it is expected to join the Gaia-X project, which aims to foster a European cloud industry capable of competing with US companies such as Google and AWS.
When Scotland becomes independent we should obviously not put foreign state or non-state actors in charge of our top-secret data, or our computing and communications infrastructure in general. To do so would be to give up our independence, because software is eating the world.