UK spy agencies give their top secret data to Amazon
Are they idiots or traitors?
Britain's spy agencies -- GCHQ, MI5 and MI6 -- have signed a contract with Amazon where Amazon will host their top-secret data (archive here):
The UK’s three spy agencies have contracted AWS, Amazon’s cloud computing arm, to host classified material in a deal aimed at boosting the use of data analytics and artificial intelligence for espionage.
The procurement of a high-security cloud system has been championed by GCHQ, the UK’s signals intelligence body, and will be used by sister services MI5 and MI6, as well as other government departments such as the Ministry of Defence during joint operations.
The contract is likely to ignite concerns over sovereignty given that a vast amount of the UK’s most secret data will be hosted by a single US tech company. The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade, was signed this year, according to four people familiar with the discussions. However, the details are closely guarded and were not intended to be made public.
This is so obviously a security risk that I can only conclude the people doing it are either completely clueless idiots or deliberate conscious traitors. Or maybe both.
The article claims that:
Although AWS is a US company, all the agencies’ data will be held in Britain, according to those with knowledge of the deal. Amazon will not have any access to information held on the cloud platform, those people said.
This is obvious bollocks. Does anyone seriously believe that the NSA cannot get hold of data on Amazons servers whenever they want to? Of course they can.
The article continues:
The UK’s move to contract a US company surprised some experts. “Sovereignty matters and there’s a reason why, historically, security technology has always been built and maintained in-house,” one security veteran said. GCHQ initially wanted to find a UK cloud provider but it became clear in recent years that domestic companies would be unable to offer either the scale or capabilities needed, said two people familiar with the deal.
The way to do it would be for GCHQ to create an in-house solution, which could then be used by all UK government agencies (or at lest the ones where secrecy or confidentially is important, which in practise is most of all of them). Indeed this appears to be what France is doing:
The French government this year backed the creation of a new “sovereign cloud” which will be used by the country’s public sector to handle sensitive data using government-approved security methods. Dubbed Bleu, it is expected to join the Gaia-X project, which aims to foster a European cloud industry capable of competing with US companies such as Google and AWS.
When Scotland becomes independent we should obviously not put foreign state or non-state actors in charge of our top-secret data, or our computing and communications infrastructure in general. To do so would be to give up our independence, because software is eating the world.