- is subject to appropriate oversight by UK nationals
- excludes really sensitive intelligence data
Sure this adds a dependency on a non UK company but is it a security risk - possibly not. Is GCHQ dependent on US / Taiwanese manufactured semiconductors? Is that a risk - maybe but it’s a manageable one.
The irony that a UK `spy agency` is hosting with a foreign provider born out of selling books like "The Catcher in the Rye" is a level of humour nobody expected.
"The Catcher in the Rye" is a terrible, harmful book. I have no pretenses that that book is the romantic, rebellious, subversive story it pretends to be. What it is, is a stereotype cartoon of being mad (this is the proper, polite term, euphemisms like "mentally unwell" are insulting). The outcome, is when you hear about a patient with a disagreement with his psychiatrist, you always take sides against the patient. So that you never accept the testimony of that patient. The moral of the story of "the Catcher in the Rye" is contempt.
Readers of that book treat any imperfection in your mental health---for instance, side effects of a pill a patient is taking against their will, such as temporary brain damage, which can easily make said patient seem off kilter---as a plot twist, like "oh, he's not 100% sane like I am, it's like in the Catcher in the Rye, my favorite book, in the end you find out it was all lies, and that's what this is."
Factually, in the Middle Ages, fools (the mad) were considered more truthful, and their testimony more reliable, than that of the sane. Recall the saying, "only a fool can speak the truth in court." In part this is because they had a harder time keeping their lies consistent, so they had to just tell the truth.
Ironically, it was UK (former) intelligence, not Russians, that had the most impactful attempts at meddling with our 2016 elections.
See...Christopher Steele.
Great, AWS is gonna have a bunch of Operational Relay Boxes which GCHQ would use to siphon & store personal data. One good reason to block AWS at the IP level, although that would break using the Internet, since so many sites rely on AWS. I can see the cleverness of that tactic: people can't so easily block AWS as it makes using the Internet painful or outright impossible.
The US should return the favor and ask Britain to help us build a properly functioning healthcare system at half the price of our existing system (Britain spends sub $5,000 per capita on healthcare, the US spends closer to $11k-$12k per capita).
At $6,000 per capita, we could just about expand Medicaid to cover half of the population with our existing annual healthcare outlays. That would solve a huge number of problems for the US in healthcare.
In every thread on HN with very many comments you'll find comments that tangent off from the core for one reason or another. It's extraordinarily common here. You've been here for nine years, so you already know that.
The reason I wrote that specific comment, dear pc86, is because there was wide discussion in this thread about Britain not being able to do their own version of AWS in-nation or not being able to do it cost effectively. So it only makes sense we, the US, might consider returning the favor with Britain on something they do far better than the US does (cost effective healthcare). Especially given they're an exceptionally important economic partner to the US and Amazon getting that contract is valuable to a US company.
Did you happen to see Zenst's comment? They mentioned "The Catcher in the Rye," the audacity. What does that have to do with datacenters or software?
Just a guess, but maybe they’re getting tired of paying suppliers excessive amounts to build inferior and slower-moving versions of what exists already?
If the UK is anything like the US the contractor would need to be UK citizens, servers in the UK in special data centers, and most, if not all, of the work would need to be done by UK citizens. There might be some very very high level talks with non UK citizens.
I am curious how it would work using the AWS tech that is probably built by a lot of non UK/US citizens. Maybe the UK will allow work done by US citizens.
Most big-name cloud providers have needed to do this in the past half decade because the GDPR necessitated that they warehouse EU-sourced data in a different infrastructure with different privacy and national exfiltration guarantees then the ones US law requires.
Rackspace are US-based but have a large UK office in West London that could offer these services. They have their own data centres there and UK data privacy laws restrict what can be sent abroad. No idea if there are any UK-incorporated cloud companies of a similar size though.
Oracle has UK datacentres in Scotland, used precisely in circumstances where location is important. Needless to say that not all operators are UK based though - Oracle's business model requires cheap manpower from developing countries...
What's the point of "awarding a cloud contract" to a single entity when from the perspective of commodification when the government can instead use all cloud providers (maybe in different proportions though) at the same time?
The point of the cloud is treating it like a commodity.
Unfortunately this smells very much like favoritism.
> What's the point of "awarding a cloud contract" to a single entity when from the perspective of commodification when the government can instead use all cloud providers (maybe in different proportions though) at the same time?
Because it's really hard to train technical staff, certify the security of, and harden your attack vectors on one platform let alone doing it for 10 of them. These providers that handle gov data generally have isolated data-centers with more stringent security protocols, like making every employee have a security clearance. Doing that for more providers would increase costs exponentially for very little gain.
I think cloud providers let the "you can use anybody, it's so freeing!" myth go on, so people would feel safe moving into the cloud. In practice, each cloud is its own technology stack. You have to be a very large player to be useful "at scale" in multiple clouds, and you have to have separate teams.
It's like having your Windows server department, Linux department, mainframe department, SQL server admins, DB2 admins, Postgres admins, NFS team and SAN team.
> The point of the cloud is treating it like a commodity.
Is it? The article is pretty unclear on what exactly GCHQ is trying to achieve (not unusual for intelligence agencies of course!) I think it's hard to comment on whether awarding the contract to AWS was reasonable when we don't know what any of the requirements are.
- the contract is with a UK AWS subsidiary
- uses UK based datacenters
- is subject to appropriate oversight by UK nationals
- excludes really sensitive intelligence data
Sure this adds a dependency on a non UK company but is it a security risk - possibly not. Is GCHQ dependent on US / Taiwanese manufactured semiconductors? Is that a risk - maybe but it’s a manageable one.