Sovereignty? We've heard of it. UK government gives contract to store MI5, MI6 and GCHQ's data to AWS

Hands up who wants to do that info migration

The UK's intelligence services are to store their secret files in the AWS cloud in a deal inked earlier this year, according to reports.

The GCHQ organisation (electrical/radio communications eavesdropping), MI5 (domestic UK intelligence matters), MI6 (external UK intel) and also the Ministry of Defence (MoD) will access their data in the cloud, albeit in UK-located AWS data centres.

The news was first reported in the Financial Times newspaper (paywall), which said GCHQ drove the deal that was signed earlier this year, and the data will be stored in a high-security way. It is claimed by unknown sources that AWS itself will not have access to the data. 

Apparently the three agencies plus the MoD will be able to access information faster and share it more quickly when needed. This is presumably in contrast to each agency storing its own information on its own on-premises computer systems. The source information could be uploaded to AWS from both domestic UK and foreign locations, with access from anywhere in the world to authorised staff.

One might conceive of a searchable spies' data warehouse that could enable searches across the three agencies' files in a single process. However the individual agency's data would clearly need indexing and migrating to AWS in some organised and planned way to make this possible.

Another concern raised by some is the spectre of GCHQ using AWS's AI-based tools, such as translation and speech recognition technology, to bear on vast data sources it holds.

Apparently, according to a quoted Ciaran Martin, an ex-GCHQ branch head, the agencies will be able "to get information from huge amounts of data in minutes, rather than in weeks and months." This doesn't say a lot about their existing computer systems. 

Since AWS is elastic in capacity terms it could hold greater amounts of data than the existing agencies store. Martin didn't think storing even more information was an aim of the system: "The obvious business case is to use existing large amounts of data more effectively."

The US's CIA signed a $600m AWS Cloud contract in 2013. That contract was upgraded in 2020 and involved AWS, Google, IBM, Microsoft and Oracle in a consortium.

Of course, for the US, AWS is a domestic firm. The French government is setting up its own sovereign public cloud called Bleu for sensitive government data. This "Cloud de Confiance" will be based on Microsoft's Azure platform – and will include Microsoft 365 – but will apparently be "delivered via an independent environment" that has "immunity from all extraterritorial legislation and economic independence" from within an "isolated infrastructure that uses data centres located in France."

In GCHQ's reported view, no UK-based public cloud could provide the scale or capabilities needed for the security services data storage requirements.

The UK government already spends plenty of cash with AWS, and last year the UK's Home Office signed a four-year hosting contract worth up to £120m with the US cloud biz. TechMarketView pegged AWS as the fastest-rising services and software player in the UK public sector in 2018 and since then it has also bagged a three-year cloud MoU with Crown Commercial Services.

Neither AWS nor the UK agencies involved have commented on the story. ®

Other stories you might like

  • Ex-Qualcomm Snapdragon chief turns CEO at AI chip startup MemryX

    Meet the new boss

    A former executive leading Qualcomm's Snapdragon computing platforms has departed the company to become CEO at an AI chip startup.

    Keith Kressin will lead product commercialization for MemryX, which was founded in 2019 and makes memory-intensive AI chiplets.

    The company is now out of stealth mode and will soon commercially ship its AI chips to non-tech customers. The company was testing early generations of its chips with industries including auto and robotics.

    Continue reading
  • Aircraft can't land safely due to interference with upcoming 5G C-band broadband service

    Expect flight delays and diversions, US Federal Aviation Administation warns

    The new 5G C-band wireless broadband service expected to rollout on 5 January 2022 in the US will disrupt local radio signals and make it difficult for airplanes to land safely in harsh weather conditions, according to the Federal Aviation Administration.

    Pilots rely on radio altimeter readings to figure out when and where an aircraft should carry out a series of operations to prepare for touchdown. But the upcoming 5G C-band service beaming from cell towers threatens to interfere with these signals, the FAA warned in two reports.

    Flights may have to be delayed or restricted at certain airports as the new broadband service comes into effect next year. The change could affect some 6,834 airplanes and 1,828 helicopters. The cost to operators is expected to be $580,890.

    Continue reading
  • Canadian charged with running ransomware attack on US state of Alaska

    Cross-border op nabbed our man, boast cops and prosecutors

    A Canadian man is accused of masterminding ransomware attacks that caused "damage" to systems belonging to the US state of Alaska.

    A federal indictment against Matthew Philbert, 31, of Ottawa, was unsealed yesterday, and he was also concurrently charged by the Canadian authorities with a number of other criminal offences at the same time. US prosecutors [PDF] claimed he carried out "cyber related offences" – including a specific 2018 attack on a computer in Alaska.

    The Canadian Broadcasting Corporation reported that Philbert was charged after a 23 month investigation "that also involved the [Royal Canadian Mounted Police, federal enforcers], the FBI and Europol."

    Continue reading

Biting the hand that feeds IT © 1998–2021