Will The CIA Treat Amazon's Cloud The Same Way It Treated Drives It Shared With The Senate?
from the we-steal-working-documents dept
The US intelligence community's $600 million cloud computing deal with Amazon was finalized roughly a year ago, but recent revelations about the CIA's behavior in shared virtual spaces is raising questions about the government's move to virtual computing.Two organizations -- RootsAction.org and ExposeFacts.org -- have just planted the following billboard at the doorstep of Amazon's Seattle headquarters.
While there are 17 total intelligence agencies being connected through Amazon's services, the CIA is the one generating the most concern at the moment. Marcy Wheeler (of emptywheel) asks some perfectly valid questions.
Marcy Wheeler — who writes widely on the legal aspects of the “war on terror” and its effects on civil liberties including her “Right to Know” column for ExposeFacts.org — said Wednesday that Amazon should answer a number of key questions before its customers and the general public can be assured that personal information from the company’s commercial operations is not finding its way into the CIA’s hands.If you'll recall, accusations that the CIA "impersonated" Senate personnel in order to access Torture Report-related documents came to light late last month. Unnamed sources close to the action presented the CIA's moves as the misuse of Senate staffer credentials to obtain in-progress documents related to the still-unreleased Torture Report. Another unnamed source closer to the intelligence side of things spun the agency's alleged impersonation this way:
For instance, she said, Bezos and Amazon should answer the question: “Will there be any overlap between the physical hardware serving Amazon’s commercial cloud service and what is provided to the CIA?”
Referring to the CIA’s machinations over the still-unreleased Senate torture report, she added that Bezos should also be asked: “The CIA has admitted accessing documents made available to the Senate Intelligence Committee on shared space — what provisions have you made to prevent similar spying on Amazon’s commercial customers?”
“CIA simply attempted to determine if its side of the firewall could have been accessed through the Google search tool. CIA did not use administrator access to examine [Intelligence Committee] work product,” the source said.Peering back "in" using borrowed credentials is a good way to check for leaks, but it also allows the agency to look "out" at anything else stored on shared drives. It's a very handy excuse, and one Marcy Wheeler thinks the agency might be tempted to deploy again within Amazon's cloud service.
How thick is the wall separating the intelligence community and private businesses? Does this wall even exist outside of virtual barriers? Intelligence officials seem to be sold on Amazon's ability to protect its assets from outsiders, but don't appear to be nearly as concerned about internal compartmentalization. Will the IC's servers be physically or virtually shared with the general public?
Amazon's not saying. And quite obviously, neither are intelligence officials. Adding to the opacity is the fact that Amazon is one of the few tech companies not issuing periodic transparency reports detailing the frequency and number of requests for customer data by law enforcement and intelligence agencies.
Amazon continues to seek more government contracts, which will result in even more potential intermingling of public and private data in shared virtual spaces. The company hasn't exactly been forthcoming on these government deals, and its ongoing lack of a transparency report isn't much of a confidence builder.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cia, cloud, privacy, shared servers, surveillance
Companies: amazon
Reader Comments
The First Word
“1. The CIA, NSA, etc. has no need to be using Amazon's cloud in order to hack it if that's what they intend to do.
2. Being a customer of the cloud in no way gives you any special access to other cloud customers' data.
3. Sharing hardware does not create an increased danger of sharing data. These clouds have thousands of cores and everything is virtualized and distributed.
So these fact exposers aren't exposing anything besides their own ignorance. I'd have thought TechDirt would recognize that.
Subscribe: RSS
View by: Time | Thread
here's my rule of thumb...
i've been reading about this shit for DECADES, and now that not only does all the koo-koo-kwazy konspiracy krap turn out to be true, AND it is MUCH WORSE THAN WE IMAGINED, NOT ONE status quo puke, NOT ONE apologist for Empire, NOT ONE law-and-order-repeating jerkoff has come out to say "Whoa, I guess I was a stupid fucktard for not thinking this through and figuring out that this kind of shit had to be going on."
NOT ONE.
[ link to this | view in chronology ]
Re: here's my rule of thumb...
Is anybody who did think (is thinking) things through still around?
[ link to this | view in chronology ]
Re: Re: here's my rule of thumb...
[ link to this | view in chronology ]
Re: Re: Re: here's my rule of thumb...
[source: all the lawsuits]
[ link to this | view in chronology ]
Re: here's my rule of thumb...
I seem to remember one or two over the decades, but your point stands nonetheless.
However, in all fairness, this is pretty much a universal human trait. When someone has invested themselves heavily in a particular worldview, admitting the worldview was faulty (even to themselves) is psychologically as painful and terrifying as death itself.
This is why we see oddities like the fact that such people's beliefs are reinforced by evidence that they're wrong, rather than it changing their beliefs.
Every one of us, regardless of our worldviews, biases, and beliefs, need to be on guard for this effect in ourselves. It's a notoriously tricky thing.
As Robert Anton Wilson said: belief is the death of intelligence.
[ link to this | view in chronology ]
Apples vs Oranges?
Amazon Cloud computers certainly aren't stored at a CIA site.
It's certainly not a huge stretch to believe the CIA would hack their way into Amazon Cloud but that's an entirely different thing than the 'Senate' computer issue.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Of course there's overlap. If not, we wouldn't call it a cloud.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Amazon runs an operation LOADED with data of interest to the CIA. Who's buying what? Who's reading what? Who has what credit cards? Who lives where? And so on.
The CIA, the NSA, the DHS, everyone wants that data, and no doubt by now they've got it.
But Amazon also runs an operation LOADED not only with data of interest, but network traffic of interest -- as everyone should know realize, even if that traffic is encrypted, the metadata is extremely revealing. Amazon's cloud is one of the motherlodes and so OF COURSE the CIA (and the NSA and the DHS) wants to have its fingers wrapped around it.
It's just too tempting. There is no way in hell that they can look at an operation of that size under US jurisdiction and keep their hands off it.
And why should they? There's no due process, no checks-and-balances, no sunshine, no hearings, no NOTHING to stop them.
So maybe before you leap to the conclusion that this is exactly what the paperwork claims it is, you should consider the source and the context of recent history.
[ link to this | view in chronology ]
Re: Re:
You sound a whole lot gullible in this. There'd be no purpose to access without being able to know what's there.
[ link to this | view in chronology ]
I know that many sites depend on Amazon Cloud to offset DDoS attacks but surely there are other cloud businesses that come without the NSA add-on.
[ link to this | view in chronology ]
Silence
No-one with any sense should trust Amazon with anything confidential.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
1. The CIA, NSA, etc. has no need to be using Amazon's cloud in order to hack it if that's what they intend to do.
2. Being a customer of the cloud in no way gives you any special access to other cloud customers' data.
3. Sharing hardware does not create an increased danger of sharing data. These clouds have thousands of cores and everything is virtualized and distributed.
So these fact exposers aren't exposing anything besides their own ignorance. I'd have thought TechDirt would recognize that.
[ link to this | view in chronology ]
Re:
Eg. I'm not saying that just because the CIA is Amazon's customer - to the tune of a 650 million dollar contract - that Amazon is in bed with the CIA, nor am i saying that Amazon is giving the CIA access to all your data, i'm just asking questions.
Leaving aside any potential moral implications or ends justify the means arguments, playing on people's fears is a very effective tool for all sorts of purposes. The CIA does this shit day and night, why not use their own tactics against them?
[ link to this | view in chronology ]
Re: Re:
Frankly, the only thing about this contract that is somewhat atypical is that it cuts across several agencies, as opposed to being associated with a single agency. Not that this never happens, but only that it is not commonplace.
[ link to this | view in chronology ]
Re: Re: Re:
I don't have a crystal ball i'm afraid, so i can't say whether it would have been a noteworthy story or not.
I would argue however that Amazon is not typically thought of as a company the average Dick and Jane would expect to be involved in 650 million dollar covert CIA contracts. Amazon are their goto guys for retail - as harmless as the day is long and oh have i told you how much i just adore my prime membership!
So in that sense Amazon is a far better target for this type of campaign than boring old IBM would be because no one expects grandpa Amazon - the one who's just so polite and always there when i need him - to be in bed with a shadowy and impenetrable government agency currently embroiled in a disgraceful torture scandal. So I'd argue that this type of reveal makes a much bigger splash in their consciousness than an IBM story would. Afterall, they know and trust Amazon... or at least they thought they did... Now they're quite so sure.
[ link to this | view in chronology ]
queer bedfellows and pillowtalk
But who knows where this 'special' relationship will lead. Perhaps Amazon will end up more sympathetic to the government's privacy-crushing War On Terror. Perhaps, as with with the RSA dupes before, the CIA will offer Amazon help and friendly advice that's really a Trojan horse.
Whatever the case, it's never a good sign when companies start cozying up to the government. I certainly won't be buying anything from Amazon any more, and if enough people do likewise, maybe they'll get the hint.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
All it takes is one 'rogue' (yeah right!) agent to 'accidentally' run a few ethernet cables from the spare socket of a few corporations into their own server....
Then just redact and try to FUD your way out of any accountability.
If *I* had anything at all, valuable or not on Amazons Cloud I'd be laying down the ultimatum of CIA or me...
[ link to this | view in chronology ]
There were clouds of dust during 9-11
Therefore Amazon's service is related to terrorism therefore under a court-sealed double-pinky swear secret court order, the CIA will be given access to anything in Amazon's system they want.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
This is one issue where the government is positively anal, as it should be, in attempting to ensure that only authorized personnel have access to such systems...and in this case this is especially true given the nature of the information being stored.
[ link to this | view in chronology ]
Re: Re:
-- all using a double-secret super-spy court that's only accountable to the voices in the CIA directors head.
[ link to this | view in chronology ]
[ link to this | view in chronology ]