American cloud giant Amazon Web Services wins contract to host the UK’s most sensitive national security data, but Labour wants answers
The UK government is being asked to explain the decision of GCHQ, MI5 and MI6 to use Amazon Web Services to host its classified data.
The Financial Times (citing people familiar with the discussions) reported that the agreement, thought to worth £500m to £1bn over the next decade, was signed this year. However details of the deal are secret and were not intended to be made public.
The FT reported that the procurement of a high-security cloud system was championed by GCHQ, and the US platform will be used by sister services MI5 and MI6, as well as other government departments such as the Ministry of Defence during joint operations.
The contract has highlighted data sovereignty concerns, given that a vast amount of the UK’s most secret data will be hosted by a single US tech company.
However, the FT reported that despite AWS being an American company, the British data will be held in the United Kingdom, according to those with knowledge of the deal.
Amazon will not have any access to information held on the cloud platform, those people told the FT.
The idea of the AWS contract is that top secret data can be held securely, and will allow personnel within the UK intelligence agencies to easily share data from overseas field locations. It will also allow power specialist apps such as speech recognition which can “spot” and translate particular voices from hours’ worth of intercept recordings.
The deal will also allow GCHQ, MI5 and MI6 to conduct faster searches on each other’s databases.
Ciaran Martin, who last year stepped down as head of the UK’s National Cyber Security Centre, told the FT the cloud deal would allow the security services “to get information from huge amounts of data in minutes, rather than in weeks and months”.
And Martin dismissed suggestions that the system would affect the amount of information held by intelligence agencies.
“This is not about collecting or hoarding more data,” he said. “The obvious business case is to use existing large amounts of data more effectively.”
Intelligence cloud contracts
It should be noted that the UK is not alone is doing a deal such as this.
The CIA signed its first $600m cloud contract with AWS in 2013, on behalf of all the US intelligence agencies.
Then in 2020 the CIA split up its Commercial Cloud Enterprise contract between five companies, namely Microsoft, Amazon, Google, Oracle, and IBM.
In August 2021, AWS won a $10bn contract code named ‘WildandStormy’ from the National Security Agency (NSA), as it sought to transition away from on-premises servers to a commercial provider.
However Microsoft has filed an official complaint with the US Government Accountability Office about the contract award to AWS.
The Labour party is, according to the Guardian newspaper, pressing Home Secretary Priti Patel to explain award of spy agencies cloud contract to Amazon.
It should be noted that the day-to-day ministerial responsibility for SIS (Secret Intelligence Service, aka MI6) lies with the Foreign Secretary.
Labour however is demanding that the home secretary explain why GCHQ, MI5 and MI6 will use a high-security system provided by the US-based firm, and whether any risk assessment was undertaken before the deal was signed.
Gus Hosein, the executive director of Privacy International, meanwhile told the FT there were many things parliament, regulators and the public needed to know about the deal.
“This is yet another worrying public-private partnership, agreed in secret,” he reportedly said. “If this contract goes through, Amazon will be positioned as the go-to cloud provider for the world’s intelligence agencies. Amazon has to answer for itself which countries’ security services it would be prepared to work for.”