Will The CIA Treat Amazon's Cloud The Same Way It Treated Drives It Shared With The Senate?

from the we-steal-working-documents dept

The US intelligence community's $600 million cloud computing deal with Amazon was finalized roughly a year ago, but recent revelations about the CIA's behavior in shared virtual spaces is raising questions about the government's move to virtual computing.

Two organizations -- RootsAction.org and ExposeFacts.org -- have just planted the following billboard at the doorstep of Amazon's Seattle headquarters.

While there are 17 total intelligence agencies being connected through Amazon's services, the CIA is the one generating the most concern at the moment. Marcy Wheeler (of emptywheel) asks some perfectly valid questions.
Marcy Wheeler — who writes widely on the legal aspects of the “war on terror” and its effects on civil liberties including her “Right to Know” column for ExposeFacts.org — said Wednesday that Amazon should answer a number of key questions before its customers and the general public can be assured that personal information from the company’s commercial operations is not finding its way into the CIA’s hands.

For instance, she said, Bezos and Amazon should answer the question: “Will there be any overlap between the physical hardware serving Amazon’s commercial cloud service and what is provided to the CIA?”

Referring to the CIA’s machinations over the still-unreleased Senate torture report, she added that Bezos should also be asked: “The CIA has admitted accessing documents made available to the Senate Intelligence Committee on shared space — what provisions have you made to prevent similar spying on Amazon’s commercial customers?”
If you'll recall, accusations that the CIA "impersonated" Senate personnel in order to access Torture Report-related documents came to light late last month. Unnamed sources close to the action presented the CIA's moves as the misuse of Senate staffer credentials to obtain in-progress documents related to the still-unreleased Torture Report. Another unnamed source closer to the intelligence side of things spun the agency's alleged impersonation this way:
“CIA simply attempted to determine if its side of the firewall could have been accessed through the Google search tool. CIA did not use administrator access to examine [Intelligence Committee] work product,” the source said.
Peering back "in" using borrowed credentials is a good way to check for leaks, but it also allows the agency to look "out" at anything else stored on shared drives. It's a very handy excuse, and one Marcy Wheeler thinks the agency might be tempted to deploy again within Amazon's cloud service.

How thick is the wall separating the intelligence community and private businesses? Does this wall even exist outside of virtual barriers? Intelligence officials seem to be sold on Amazon's ability to protect its assets from outsiders, but don't appear to be nearly as concerned about internal compartmentalization. Will the IC's servers be physically or virtually shared with the general public?

Amazon's not saying. And quite obviously, neither are intelligence officials. Adding to the opacity is the fact that Amazon is one of the few tech companies not issuing periodic transparency reports detailing the frequency and number of requests for customer data by law enforcement and intelligence agencies.

Amazon continues to seek more government contracts, which will result in even more potential intermingling of public and private data in shared virtual spaces. The company hasn't exactly been forthcoming on these government deals, and its ongoing lack of a transparency report isn't much of a confidence builder.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cia, cloud, privacy, shared servers, surveillance
Companies: amazon


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    art guerrilla (profile), 3 Nov 2014 @ 1:50pm

    here's my rule of thumb...

    think up the weirdest, craziest, nastiest shit you can do to people while in the mindset of a 10 year old bad boy, and you will find the alphabet soup spooks have done twice as bad with half the results...

    i've been reading about this shit for DECADES, and now that not only does all the koo-koo-kwazy konspiracy krap turn out to be true, AND it is MUCH WORSE THAN WE IMAGINED, NOT ONE status quo puke, NOT ONE apologist for Empire, NOT ONE law-and-order-repeating jerkoff has come out to say "Whoa, I guess I was a stupid fucktard for not thinking this through and figuring out that this kind of shit had to be going on."
    NOT ONE.

    link to this | view in thread ]

  2. icon
    pixelpusher220 (profile), 3 Nov 2014 @ 1:55pm

    Apples vs Oranges?

    The 'Senate' computers the CIA spied on were housed and maintained by the CIA at CIA Headquarters.

    Amazon Cloud computers certainly aren't stored at a CIA site.

    It's certainly not a huge stretch to believe the CIA would hack their way into Amazon Cloud but that's an entirely different thing than the 'Senate' computer issue.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 3 Nov 2014 @ 1:57pm

    They have the keys to the kingdom , no forced entry needed.

    link to this | view in thread ]

  4. identicon
    jackn2, 3 Nov 2014 @ 2:06pm

    For instance, she said, Bezos and Amazon should answer the question: “Will there be any overlap between the physical hardware serving Amazon’s commercial cloud service and what is provided to the CIA?”

    Of course there's overlap. If not, we wouldn't call it a cloud.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 3 Nov 2014 @ 2:11pm

    Re: here's my rule of thumb...

    ...not thinking this through...


    Is anybody who did think (is thinking) things through still around?

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 3 Nov 2014 @ 2:27pm

    Just the history of the procurement and who bid strongly suggests that Amazon is constructing a "cloud" service using government-dedicated hardware installed at various government facilities. Not at all clear why the hand-wringing and the almost certain waste of money on billboards.

    link to this | view in thread ]

  7. identicon
    jackn, 3 Nov 2014 @ 2:35pm

    Re:

    Verbs dude. What are you saying?

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 3 Nov 2014 @ 3:11pm

    Re:

    The level of naivete' displayed here is charming.

    Amazon runs an operation LOADED with data of interest to the CIA. Who's buying what? Who's reading what? Who has what credit cards? Who lives where? And so on.

    The CIA, the NSA, the DHS, everyone wants that data, and no doubt by now they've got it.

    But Amazon also runs an operation LOADED not only with data of interest, but network traffic of interest -- as everyone should know realize, even if that traffic is encrypted, the metadata is extremely revealing. Amazon's cloud is one of the motherlodes and so OF COURSE the CIA (and the NSA and the DHS) wants to have its fingers wrapped around it.

    It's just too tempting. There is no way in hell that they can look at an operation of that size under US jurisdiction and keep their hands off it.

    And why should they? There's no due process, no checks-and-balances, no sunshine, no hearings, no NOTHING to stop them.

    So maybe before you leap to the conclusion that this is exactly what the paperwork claims it is, you should consider the source and the context of recent history.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 3 Nov 2014 @ 3:13pm

    How about I don't do business with Amazon any more than possible as a sign of my displeasure? I wonder how many others might think this way and seek other clouds outside the US to dodge all the NSA spying?

    I know that many sites depend on Amazon Cloud to offset DDoS attacks but surely there are other cloud businesses that come without the NSA add-on.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 3 Nov 2014 @ 3:16pm

    Re: Re:

    If they have access whatever gives you the idea that they would be content to access what they can't read? There'd be no purpose to that. You have to assume if they can access it then they have the keys or have gone the route of government demanding they have access to it.

    You sound a whole lot gullible in this. There'd be no purpose to access without being able to know what's there.

    link to this | view in thread ]

  11. icon
    DocGerbil100 (profile), 3 Nov 2014 @ 3:26pm

    Silence

    Sometimes, the absence of an answer is most telling.

    No-one with any sense should trust Amazon with anything confidential.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 3 Nov 2014 @ 3:32pm

    Cue the cries to break up Amazon from the commentariat

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 3 Nov 2014 @ 4:12pm

    Re:

    ???

    link to this | view in thread ]

  14. identicon
    Travis, 3 Nov 2014 @ 4:12pm

    The current federal rules require all gov data systems to be physically separate from non-gov systems, even when housed in the same data center. Separate hardware, separate cabling, separate external data link. My understanding is that the work Amazon is doing is setting up data centers at gov sites using a modified version of Amazon's cloud management system.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 3 Nov 2014 @ 6:03pm

    Re:

    This is almost certainly true if the Lavabit case is any indication.

    link to this | view in thread ]

  16. icon
    Groaker (profile), 3 Nov 2014 @ 6:13pm

    At most it takes is an NSL, probably less.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 3 Nov 2014 @ 6:57pm

    Re: Re:

    See 14 below for what I believe to be an accurate statement of what is being installed and where. It is the norm for private contractors to design and install IT systems for the USG. What makes this somewhat unusual is that the procurement contemplates the participation of several agencies that operate independently of each other and tend to be quite "turf conscious".

    link to this | view in thread ]

  18. icon
    BentFranklin (profile), 3 Nov 2014 @ 7:47pm

    This article is absurd:

    1. The CIA, NSA, etc. has no need to be using Amazon's cloud in order to hack it if that's what they intend to do.

    2. Being a customer of the cloud in no way gives you any special access to other cloud customers' data.

    3. Sharing hardware does not create an increased danger of sharing data. These clouds have thousands of cores and everything is virtualized and distributed.

    So these fact exposers aren't exposing anything besides their own ignorance. I'd have thought TechDirt would recognize that.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 3 Nov 2014 @ 8:09pm

    queer bedfellows and pillowtalk

    Although the CIA and Amazon appear to be in bed together, that's not to say that there's necessarily anything scandalous taking place under the covers.

    But who knows where this 'special' relationship will lead. Perhaps Amazon will end up more sympathetic to the government's privacy-crushing War On Terror. Perhaps, as with with the RSA dupes before, the CIA will offer Amazon help and friendly advice that's really a Trojan horse.

    Whatever the case, it's never a good sign when companies start cozying up to the government. I certainly won't be buying anything from Amazon any more, and if enough people do likewise, maybe they'll get the hint.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 3 Nov 2014 @ 9:39pm

    Re:

    Ehh none of that matters, the point is to raise eyebrows and awareness that the CIA is on Amazon's cloud. It's spreading a combination of useful information and FUD for a good cause.

    Eg. I'm not saying that just because the CIA is Amazon's customer - to the tune of a 650 million dollar contract - that Amazon is in bed with the CIA, nor am i saying that Amazon is giving the CIA access to all your data, i'm just asking questions.

    Leaving aside any potential moral implications or ends justify the means arguments, playing on people's fears is a very effective tool for all sorts of purposes. The CIA does this shit day and night, why not use their own tactics against them?

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 3 Nov 2014 @ 9:46pm

    Re: Re:

    Would this have even been a noteworthy story had IBM been the winning bidder for the contract? I think not. It would have been just another story about yet another run-or-the-mill government contract.

    Frankly, the only thing about this contract that is somewhat atypical is that it cuts across several agencies, as opposed to being associated with a single agency. Not that this never happens, but only that it is not commonplace.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 3 Nov 2014 @ 10:08pm

    Re: Re: Re:

    Would this have even been a noteworthy story had IBM been the winning bidder for the contract?

    I don't have a crystal ball i'm afraid, so i can't say whether it would have been a noteworthy story or not.

    I would argue however that Amazon is not typically thought of as a company the average Dick and Jane would expect to be involved in 650 million dollar covert CIA contracts. Amazon are their goto guys for retail - as harmless as the day is long and oh have i told you how much i just adore my prime membership!

    So in that sense Amazon is a far better target for this type of campaign than boring old IBM would be because no one expects grandpa Amazon - the one who's just so polite and always there when i need him - to be in bed with a shadowy and impenetrable government agency currently embroiled in a disgraceful torture scandal. So I'd argue that this type of reveal makes a much bigger splash in their consciousness than an IBM story would. Afterall, they know and trust Amazon... or at least they thought they did... Now they're quite so sure.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 3 Nov 2014 @ 10:47pm

    Re: Re: here's my rule of thumb...

    Yes...at places like Lockheed Martin.

    link to this | view in thread ]

  24. icon
    toyotabedzrock (profile), 4 Nov 2014 @ 12:42am

    They are doing password cracking is my guess.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 4 Nov 2014 @ 10:25am

    CIA co-sharing physical space?
    All it takes is one 'rogue' (yeah right!) agent to 'accidentally' run a few ethernet cables from the spare socket of a few corporations into their own server....

    Then just redact and try to FUD your way out of any accountability.

    If *I* had anything at all, valuable or not on Amazons Cloud I'd be laying down the ultimatum of CIA or me...

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 4 Nov 2014 @ 10:28am

    Re: Re: Re: here's my rule of thumb...

    Good old lockheed..they dont even pretend to have 'accidents' they just straight up social engineer access to their external contracts email accounts and data and steal whatever they hell they feel like.

    [source: all the lawsuits]

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 4 Nov 2014 @ 10:29am

    Amazon's service is a cloud.
    There were clouds of dust during 9-11
    Therefore Amazon's service is related to terrorism therefore under a court-sealed double-pinky swear secret court order, the CIA will be given access to anything in Amazon's system they want.

    link to this | view in thread ]

  28. icon
    M. Alan Thomas II (profile), 4 Nov 2014 @ 10:55pm

    If there's shared hardware with any kind of vulnerability, how much do you want to bet that we find out about it when someone hacks the CIA?

    link to this | view in thread ]

  29. identicon
    Anonymous Coward, 5 Nov 2014 @ 5:34am

    Re:

    How much do you want to be that the likelihood of shared hardware borders somewhere in the neighborhood of "zip" and "zero"?

    This is one issue where the government is positively anal, as it should be, in attempting to ensure that only authorized personnel have access to such systems...and in this case this is especially true given the nature of the information being stored.

    link to this | view in thread ]

  30. icon
    John Fenderson (profile), 5 Nov 2014 @ 7:52am

    Re: here's my rule of thumb...

    "NOT ONE apologist for Empire, NOT ONE law-and-order-repeating jerkoff has come out to say "Whoa, I guess I was a stupid fucktard for not thinking this through and figuring out that this kind of shit had to be going on.""

    I seem to remember one or two over the decades, but your point stands nonetheless.

    However, in all fairness, this is pretty much a universal human trait. When someone has invested themselves heavily in a particular worldview, admitting the worldview was faulty (even to themselves) is psychologically as painful and terrifying as death itself.

    This is why we see oddities like the fact that such people's beliefs are reinforced by evidence that they're wrong, rather than it changing their beliefs.

    Every one of us, regardless of our worldviews, biases, and beliefs, need to be on guard for this effect in ourselves. It's a notoriously tricky thing.

    As Robert Anton Wilson said: belief is the death of intelligence.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 6 Nov 2014 @ 12:23pm

    Re: Re:

    How much do you want to be that the likelihood of shared hardware borders somewhere in the neighborhood of "annexed by the CIA" once they declare the servers (or the companies hosted on the server) to be enemy combatants?
    -- all using a double-secret super-spy court that's only accountable to the voices in the CIA directors head.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 6 Nov 2014 @ 12:26pm

    If the US government was any MORE anal, the TSA would start douching passengers to flush out any terrorist-related material....

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.