Forgot your password?
typodupeerror
Privacy Encryption Government United States

Amazon Vows To Fight Government Requests For Data 104

Posted by samzenpus
from the why-don't-you-make-me dept.
itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."
This discussion has been archived. No new comments can be posted.

Amazon Vows To Fight Government Requests For Data

Comments Filter:
  • Silence is Golden (Score:2, Insightful)

    by Anonymous Coward

    I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.

    • by noh8rz10 (2716597) on Wednesday June 19, 2013 @10:08PM (#44056659)

      I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.

      lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !

      • by Virtucon (127420)

        Use the Ceasar Cipher.. If that fails pig latin may do the trick. Iway inkthay ethay USWAY overnmentgay eedsnay otay etgay outway
        ofway ourway ivatepray iveslay.

        L fdq vhh lw qrz, Dpdcrq zloo irog zkhq wkh mxgjh wkurzv klv iluvw lqmxqfwlrq dw wkhp.

        I can see it now, Amazon will fold the first time a judge throws an injunction at them.
        They are right, encrypt your shizzle wherever you store it off of your premises.

        • "... overnmentgay eedsnay..."

          I think you may be onto something there.

      • by Anonymous Coward

        > lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'

        I totally agree!

        > DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !

        There's no need to shout.

    • Nah, we'll just have to start speaking Klingon
  • by RyoShin (610051) <tukaroNO@SPAMgmail.com> on Wednesday June 19, 2013 @10:14PM (#44056707) Homepage Journal

    How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?

    (Of course, without the public knowledge it would be a lot easier for the government to silence businesses or influential people who did try to fight this stuff, but something tells me that all of this is about trying to re-establish consumer trust and loyalty, and is shit-all about trying to protect our Fourth Amendment rights.)

    • by Ziest (143204) on Wednesday June 19, 2013 @10:45PM (#44056911) Homepage

      Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.

    • by stephanruby (542433) on Thursday June 20, 2013 @12:01AM (#44057361)

      How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?

      In the case of Amazon, it cut off [cnet.com] its services to Wikileaks at the request of Sen. Joseph Lieberman (Chairman of the Homeland Security and Governmental Affairs Committee). That's what Amazon was doing before Snowden. They didn't wait for an injunction, they didn't wait for Wikileaks or Assange to be brought upon charges (they've helped the US government deal with Wikileaks, without having to enter the messy US court system and all the rights that could possibly imply for the defendant).

      And now suddenly, Amazon is getting this big fat 10-year contract [itworld.com] from the CIA for a private cloud (that IBM is challenging every which way). Oh thanks Senator Lieberman!! And thank you US taxpayers!!! Amazon may not like to pay taxes, but it sure likes benefiting from them!

    • Re: (Score:3, Insightful)

      by Drakonblayde (871676)

      I too have my doubts about the sincerity of corporate entities who are in the business of relieving folks of their money. I also think they're in spin control mode.

      But, when you get right down to it, their advice is not wrong. It behooves us brainy type peoples to ignore the political and social connotations that prompted such announcements and distill the subject matter down to it's essence and ultimately determine whether or the information is correct or not.

    • Many companies had appealed and had lawsuits. The difference is that now that the program is public their lawyers are letting them talk about the lawsuits. Yahoo for instance it was revealed had a 3 year long lawsuit fighting it.

      • by RyoShin (610051)

        From what I've read, Google is the only one claiming to have tried to fight these before the reveal. Everyone else is playing damage control.

  • That's good. They do not need to know just how many Anime DVDs I bought, okay? It's enough to flag anyone as abnormal, lol.
  • I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."
    • Re: (Score:3, Interesting)

      by Thantik (1207112)

      Just a heads up, if you buy that much lube, they don't arrive like the lube you'd buy in a tube. They come as a dry powder with mixing instructions....

      • by jelizondo (183861) *

        Well, well, well...

        Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...

        tsk, tsk, tsk, children need to learn to keep their traps shut, lest they embarrass themselves.

        • Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...

          I wouldn't type a query like that into Google, but privacy-respecting search engine DuckDuckGo [duckduckgo.com] reveals several sources for inflatable sex goats.

          • by jelizondo (183861) *

            Mr. Slippery joins the discussion about lube and sex goats; I'm sure there is good joke material there but I'm too tired to explore it.

            Please forgive me and just ROL like I made a good joke...

          • by Anonymous Coward

            You don't even need to leave Amazon. They got what you want, http://www.amazon.com/Pipedream-Products-Blow-Billy-Goat/dp/B0016399DY

      • The description of the following item seems to suggest that is not the case:
        http://www.amazon.com/Passion-Natural-Water-Based-Lubricant-Gallon/dp/B005MR3IVO [amazon.com]

      • Yes, I... heard about that, too.

    • I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."

      Until that day comes that they DO care. Like say, you end up a prominent civil rights leader. [cnn.com]

      Ever wonder how much of the Occupy movement was derailed by quiet government pressure on key people?

  • In Soviet Russia, the soldering iron solders YOU!

    Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.

    But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your

  • by wickerprints (1094741) on Wednesday June 19, 2013 @10:40PM (#44056867)

    Amazon's position may be principled, but it won't do any good to fight the subpoena. We have already seen that the FISC (FISA court) is just a rubber stamp operation, and that the legislative, executive, and judicial branches of the government want ever greater power and authority under the guise of the "war on terror." Indeed, according to the government, it would be illegal for Amazon to inform the individual(s) whose information is being requested that a request even exists.

    The problem isn't merely that warrantless surveillance exists. The problem is that there are no checks in place, no means by which the people themselves, can directly hold the government accountable for such programs. Constitutionality is a farce, easily overcome in the name of "national security." And this is precisely what the terrorists hope to achieve--the use of guerrilla tactics to provoke a government to enact increasingly draconian laws and curtail basic civil liberties, until the government becomes the oppressor against its people. Their eventual goal is to cause the collapse of that government. To this end, such surveillance programs play into the hands of the terrorists.

    Also, the proper word is "ciphertext." Not "cypher text."

    • by Anonymous Coward

      Alright then, Captain Fussbudget Wickerprints, "cypher text" it is.

    • Actually, cyphertext is perfectly reasonable. But I agree that it should (probably) be one word.

    • by Mitreya (579078)

      Amazon's position may be principled, but it won't do any good to fight the subpoena.

      You are assuming that they actually intend to fight the requests. Just because a company comes forward and claims something...

      They'll probably only fight the non-secret, regular requests (i.e. the ones from the 90s).

    • Typical corporate hipocrisy and damage control measures. They realized their "principles" only after it has been revealed but were happy to ignore those "principles" earlier. Everyone, (especially non-US companies) should consider moving out of their (and Google's, and others) wiretapped clouds.
    • by Tokolosh (1256448)

      'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena."

      How does this work if Amazon are served with a secret order? They are gagged and cannot reveal that it even exists. The customer cannot sue, because he cannot prove the government is snooping on him. And it is no use asking, because the existence of snooping is secret. This is the most outrageous aspect of the whole sorry saga.

    • by C0C0C0 (688434)
      RE: "We have already seen that the FISC (FISA court) is just a rubber stamp operation"

      I just want to point out that this is not necessarily as bad as it sounds. Assuming we don't think the courts have gone over to the dark side, just the fact that the request has to be approved by someone outside the agency and will not be kept a *complete* secret is a *very* good thing. I suspect that a great many requests are never made because they would have to be explained. Even if the threshold is low (which is

    • They don't have a great track record of following through with their promises, anyway. Look at the California sales tax ordeal. All up in arms over it vowing to fight it and then overnight they just change their mind and welcome the change.

  • by RoknrolZombie (2504888) on Wednesday June 19, 2013 @10:56PM (#44056959)
    ...you only get data from Amazon if you PAY for it!!!
  • Ahem... (Score:5, Insightful)

    by SJ (13711) on Wednesday June 19, 2013 @11:07PM (#44057005)

    This is the same Amazon that just won an $800m bid to host the CIA's cloud computing system?

    Uh huh.

  • by HerculesMO (693085) on Wednesday June 19, 2013 @11:11PM (#44057033)

    It tells the rest of the world that your data is not safe in the USA, and our cloud service providers are not to be trusted (along with our banks, our ISPs in general, our telecom companies, etc).

    There will be a boom to companies who are situated in more open societies in the next few years providing these services without the watchful thumb (presumably) of the NSA and other organizations. Right now Amazon and everybody else, even if they didn't cooperate with the NSA, are now subject to the US government's stupidity in proposing big brother and not realizing how it may harm our trade.

    But you know... freedom rah rah rah.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I'm going to go out on a limb, post as AC, and ask: what open societies?

      If you put servers in China, you KNOW they do the same thing as the NSA, not to mention worse (Great Firewall of China.) In fact, China, by law, owns 51% of any extension of a firm doing business there.

      Russia? Perhaps, except the shadow of the old Soviet Union still is present.

      Europe? Right now, they are the pinnacle of global civilization and freedom now, but who knows how long that will stand. Germany is subject to Russia's whims,

      • Switzerland, which is not in the EU and is very strict about privacy.

        Yes, their banking sector is starting to crack a bit, but they are being dragged kicking and screaming and it is not even clear if they will be turning over data. Most of the banks, unless you are a giant customer I would guess, are just refusing accounts to US citizens. I know they closed my crappy bank account.

        There are several hosting services in Switzerland that offer privacy protecting hosting and services.

        • by heypete (60671)

          Considering that the Swiss have a well-developed satellite monitoring system [wikipedia.org], it wouldn't surprise me if they had monitoring of domestic and international phone and internet traffic going through the country.

          They may have very strong data protection laws that help prevent the misuse of data by private entities (the EU has similar laws), but do they have strong laws that protect data from misuse by the government? (If so, I'd appreciate a link, as that'd be really useful to know.) I know that the EU mandates

          • I don't know the answers to your questions, nor did I know about the system in your link.

            All I know about is all the crap they put me through as a small business with privacy and data collection and what I see on the news about the government blocking a lot of the data requests from other countries.

            Thanks for the link.

    • The irony is that back when cloud storage started to become a big buzzword, folks were worried about things like their data coming to rest in China.

      Honestly, the NSA scandal just provides me with some vindication when I argue for encrypting all data, no matter how inconvenient it may be, and to avoid the cloud unless it's a cloud you built and control yourself.

    • by turp182 (1020263) on Thursday June 20, 2013 @07:55AM (#44059169) Journal

      The rest of the world has known for a long time that their data isn't safe in the US, in fact they legislate that personal data cannot be stored in the US (various data privacy acts relating to multinational corporations).

      When I worked at a multinational insurance company our international data storage was in Canada, UK (we served data to/from India from the UK, insanity from a performance perspective), South Africa, and Australia. No data regarding foreign citizens could be stored in the US.

      This has been the case for at least 7 years or so, probably longer.

    • Do you honestly believe every country government on the planet with indoor plumbing, electricity , and a broadband connection are not interested in monitoring their citizens online activities for all kinds of reasons? The shear amount of hyperventilating over this NSA secret spying is just uncovering just how stupid and gullible people can really be. This secret NSA program was outed over 11 years ago when the NSA fired and investigated the employee who designed the first edition of the software because he

  • It's probably all just empty posturing; but these companies know the recent revelations regarding the US government's reckless behavior has the potential to single-handedly kill their nascent cloud businesses.

    And, perversely, that may be our only hope. Congress will cow-tow to big businesses a lot more readily than it will listen to the citizens they purport to represent. If it's a danger to profits, they may slam on the brakes.

  • by Jah-Wren Ryel (80510) on Wednesday June 19, 2013 @11:27PM (#44057137)

    The CIA is one of Amazon's biggest customers. [wired.com]

    After what they did to the CEO of Qwest [reddit.com] for refusing to cooperate [usatoday.com] I doubt Bezos is going to put those big contracts and his personal freedom at risk.

    • by Tr3vin (1220548)
      The CIA is not associated with the NSA. The CIA is an independent organization while the NSA is part of the Department of Defense. So no, Amazon did not bite the hand that feeds it. If anything, based on how the various government bureaucracies view each other, the CIA loves Amazon even more.
      • by Ost99 (101831)

        Amazon scored their CIA brownie-points by taking down Wikileaks without any legal requirement to do so.

      • by cdrudge (68377)

        They are both part of the Intelligence Community, The CIA is headed by the Director of National Intelligence who reports to the President. The NSA is part of the US Intelligence Community which is also headed by teh Director of National Intelligence. The NSA itself is headed by the DoD who reports to the President.

        Saying they aren't associated with the NSA is saying that two grandkids of the same grandparent aren't related to each other. They are cousins on the same branch of the US Government family tree.

  • So, tell us, how does a company that insists it didn't give the NSA complete access and coincidentally uses cloud hosting providers like Amazon wind up giving the NSA it's entire database, plus updates in real time? Does anyone want to guess if S3 has a rule that states it must be replicated to one or more of the DCs in the US?

    No, Bezos, I don't believe you when you say you would fight it, and I don't believe you when you say they NSA don't have complete access to each and every one of your systems at w
  • by Anonymous Coward

    Having a VM in the cloud with disk encryption is really only as effective as your cloud provider deems. Since encryption keys can be relatively easily obtained from a snapshot of the VM's memory, it really depends on if someone like AWS informs you to turn off your VM before making a snapshot to give to the government. In my opinion, if you have data that you don't want the government to see, don't rely on the cloud.

  • That'd be a neat trick since they are busily building a huge, private AWS cloud for the CIA right now.

  • The CIA chose Amazon's cloud services over the cheaper tender from IBM [smh.com.au]. Maybe IBM couldn't demonstrate the experience in IT delivery that Amazon can - or, maybe it's because Amazon plans to deliver everything to consumers (and IBM already has many CIA contracts). Would that mean I should take the Amazon's claims with a big fucking bucket of salt??

    Just joking! Only a paranoid would think the CIA has an agenda.

  • by MacTO (1161105) on Thursday June 20, 2013 @01:28AM (#44057747)

    ... I can't speak for everyone, but I find that the books I read are amongst the most private things in my life. It would be nice if the websites that I read were private, but the fact is that involves so many third parties that it's absurd so privacy isn't an expectation. It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free). But books I obtain from a limited number of sources, and I pay for directly or through my taxes. They are also, in a way, more intimate. So it is nice to think that my reading of books is private.

    Then again, I choose my book vendors carefully and purchase with cash when I expect it to be private.

    • It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free).

      https://duckduckgo.com/ [duckduckgo.com]

  • Mobile morals (Score:3, Insightful)

    by boundary (1226600) on Thursday June 20, 2013 @02:01AM (#44057853)
    All of a sudden these huge companies that own all our data are vowing to fight this, divulge that, release this, resist that. Shame they weren't willing to do all that ethical shit before the middle of last week when they were all caught with their pants down.
  • Back in 2008, Obama said he was going to stop all these warrantless wiretapping. Now we have private corporations supposedly fighting the government for the privacy of private customers. I thought it should have been the other way around.

  • It seems like a lot of people don't realize that amazon has recently released a Hardware Security Module product [amazon.com]. If you want to encrypt your data in "the cloud" such that it is not available to your cloud provider, but is usable by your application, this is pretty much the only way to do it.

    As far as I know, amazon is the only major cloud provider that has an HSM option -perhaps this is a subtle advertisement of their (not cheap) new service to people who are *really* concerned about encrypting their d

No amount of careful planning will ever replace dumb luck.

Working...