Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cloud Google Government Privacy United Kingdom Your Rights Online

Amazon and Google Barred From UK Government Cloud 79

judgecorp writes "Amazon and Google both applied for a role in the U.K. government's 'G-Cloud' for public services, but were rejected, a FOI request has revealed. It is most likely this was because of concerns about where data was hosted and backed up. Amazon Web Services has a dedicated cloud service for the government in the U.S., but has not been able to duplicate that in Britain."
This discussion has been archived. No new comments can be posted.

Amazon and Google Barred From UK Government Cloud

Comments Filter:
  • by Black Parrot ( 19622 ) on Wednesday November 28, 2012 @12:25AM (#42113815)

    How could a government possibly turn down a chance to offshore a major chunk of its IT operations?

    Apparently some governments have better sense than some businesses.

    • by zevans ( 101778 )

      Apparently some governments have better sense than some businesses.

      Indeed. I know it doesn't look like it sometimes, but the purpose of Government is to prevent Tragedy of the Commons, and to my mind "buy the lowest cost irrespective of value delivered" is very much Tragedy of the Commons when discussing tax dollars.

      In a similar way, current stock market behaviour actively encourages "reduce cost at all cost" and there's yer problem. Many companies in the UK have begun moving services back onshore once the revenue impact of the customer backlash started to bite. It's a pit

    • by aug24 ( 38229 )
      Don't count your chickens... they've still got the option of MS Azure =:-/
  • Why cloud? (Score:4, Insightful)

    by fufufang ( 2603203 ) on Wednesday November 28, 2012 @12:30AM (#42113841)

    Why don't they run their own datacenter and have centralised IT services, rather than relying on some third party private company? Is it because they want to have someone to blame if things do go wrong?

    • by Anonymous Coward

      Why don't they run their own datacenter and have centralised IT services, rather than relying on some third party private company? Is it because they want to have someone to blame if things do go wrong?

      You'd be amazed at how often companies need someone to blame if something goes wrong.
      I work for a datacenter which offers IT services solely to the government in the country I'm in (in Europe) and no, I'm not gonna mention the country because it'd be pretty obvious for whom I work*.

      In any case, I often wonder why some decisions are made in terms of hiring external companies or consultants (we have plenty of in-house project managers, programmers, etc.) and sometimes I get the feeling that we need external g

    • by Kugrian ( 886993 )

      Hiring a company that already knows how to do this stuff is probably a hell of a lot cheaper in the short run than funding a new one.

    • Why? It is something i see regularly in public services: When you get budgets cuts (generally on the workforce budget line), you spend more on external services/companies to do the same work with worst SLAs. As it is not the same budget line all is ok :(

    • by 1s44c ( 552956 )

      Why don't they run their own datacenter and have centralised IT services, rather than relying on some third party private company? Is it because they want to have someone to blame if things do go wrong?

      That sounds perfectly sensible and it's exactly what most companies would do, however it doesn't work in practice for government organizations. Governments have a kind of corrosive ineptitude that creeps into everything they do. I think it's something to do with the fact that no matter how bad they screw up they can't go bust and they can't fire permanent staff.

      In some cases it's better to let people who know what they are doing do the work. Even if they are making a fat profit they may still charge less th

      • I'm calling shenanigans on this one. Here in the US, KBR and Halliburton along with other defense contractors put out the lowest budget product with the largest profit margin possible... that does not make for responsible uses of our tax dollars. Hold your government accountable for its ineptitude and change the culture sounds like a pipe dream, but why go for the easy targets that give us short term roi and long term continued failings? I don't want my government perverted by a profit motive. Its been hap
        • by 1s44c ( 552956 )

          What do you suggest? Somehow changing governments who have historically been low performing sink-employers and by design can't go bust and by design are not really accountable to their customers?

          What way can that be fixed except by taking as much as possible away from them and giving it to companies which can either perform or be replaced?

      • Governments have a kind of corrosive ineptitude that creeps into everything they do. I think it's something to do with the fact that no matter how bad they screw up they can't go bust and they can't fire permanent staff.

        It's a problem with right-wing government, where the idea is to get everything making a profit, keep as many of your friends in highly-paid government jobs as much as possible, and keep making government bigger and bigger and keep makings taxes higher and higher.

    • The UK Gov actually has the Government Gateway which is a secure system that was meant to be all encompassing.

      Originally there was a large budget approved to set up a skeleton network which would eventually be extended to replace the many legacy systems in the NHS and all government departments. I seem to recall that there was a mirrored multi-petabyte storage array for records to begin with.

      However, part way through the implementation someone pulled the plug and left a partly implemented system which

  • US Law Everywhere (Score:5, Insightful)

    by ebonum ( 830686 ) on Wednesday November 28, 2012 @12:48AM (#42113921)

    If a company has any operations in the US, they are expected to follow US law worldwide. Even if the parent is in Germany and the offense occurred by a subsidiary in the Philippines, the US government has no qualms about going after their US arm. If this wasn't bad enough, it isn't always the Federal government. If the NY State attorney general thinks a foreign company has some dealings with Iran, he will not hesitate to pursue legal action.

    If I was the UK government, how would I feel about the possibility of some low level government guy in Seattle saying, I can get to everything in the UK cloud without a warrant?

    Obama administration is "arguing that you lose your property rights by storing something on a cloud computing service"
    Source: https://www.eff.org/deeplinks/2012/10/governments-attack-cloud-computing [eff.org]

    If you use the cloud, only do it for data you are willing to openly publish.

    • by matunos ( 1587263 ) on Wednesday November 28, 2012 @01:07AM (#42113995)

      Or, you know, encrypt it.

      • by ebonum ( 830686 )

        Google can read your gmail. A lot of cloud services involve using someone's application.

        Yes, if you view he cloud as nothing more than a remote hard drive you can TrueCrypt it. Make sure TrueCrypt is running locally. If it is running on the cloud machine, the machine's admin can log your keystrokes.

        Anyone who has physical access to the machine can get root.

        • by Anonymous Coward

          I stopped using Google search (switch to Duck Duck Go), because I'd search for one thing (Divorce lawyer) and they'd start showing adverts for divorce lawyers to me soon to be ex wife and every other computer on my NAT. At some point, you'll draw the line and say enough, and you'll divorce them too.

          I know its not the same thing with their online office apps, but once they started down the Facebook route, you only need to look at FB and see where Google will end up.

          If UK.gov has data on UK citizens, then it

          • I'd search for one thing (Divorce lawyer) and they'd start showing adverts for divorce lawyers to me soon to be ex wife and every other computer on my NAT

            So use an actual Google account, and separate logins on your PC. I thought even fairly computer illiterate families preferred having separate logon accounts, so why don't you guys? You should also be using adblock everywhere you can too. And I'd think that if you're thinking of divorce, your wife would already have a pretty good idea anyway, unless it's because you're cheating..

            • +1 I've never had a problem with Google, especially the one mentioned. I think to many see danger in shadows that aren't there to distract them from the real issues at hand.
          • by johanw ( 1001493 )

            and they'd start showing adverts for divorce lawyers to me soon to be ex wife

            Use decent adblock software.

      • by Sabriel ( 134364 )

        You know, "encrypt it" might work for an individual, but no amount of encryption can make storing your entire nation's digital infrastructure in a foreign country's server farms a reasonable idea.

      • by fantomas ( 94850 ) on Wednesday November 28, 2012 @04:21AM (#42114805)

        I am sure national governments will be really happy about storing their private/ secret data in another country's territory "because it's encrypted so it will be safe".

        Would the US government network be happy about a Chinese commercial provider supplying their network provision on Chinese territory? without auditing the network? From the article: "Amazon had concerns over the stipulation that the UK government could audit US data centres" - Amazon were asking the UK government to store their data on another country's territory, and not even be given permission to check how the centres were secured? Not surprised the UK government weren't too keen on this deal.

      • Would that mean if Liz (you know, the queen) ever visited the US, the border people would say "Right, hand over the encryption keys"?

      • by Anonymous Coward

        By US law, you have to hand over encryption keys on demand. US judges already show they have no respect for borders. No government should trust another country for anything more than simple trade.

        • by Anonymous Coward

          And the UK doesn't? RIPA gives people life sentences for not handing over encryption keys on request.

          Just look at cases where an English judge asks a defendant 20-30 times for a key, and each refusal is three more years in the slammer.

          At least in the US, there are court cases that consider that it is part of the Fifth Amendment about not divulging passwords.

          • Last time I checked, a maximum of a two-year custodial sentence is not a life sentence.

            Just look at cases where an English judge asks a defendant 20-30 times for a key, and each refusal is three more years in the slammer.

            Yeah, that didn't happen.

            But your unnecessary hyperbole aside, I entirely agree that RIPA is utter rubbish, and I wish it would go die in a fire.

    • by deniable ( 76198 )
      US hosted or owned become subject to the Patriot act and friends as well. We're not allowed to use offshore hosting and we also exclude anything owned or run by US companies even if it's a local datacentre.
    • by Anonymous Coward

      And let's face it - why should British taxpayers money go to Google or Amazon when they do all they can not to pay tax in the UK...

  • by justsomecomputerguy ( 545196 ) on Wednesday November 28, 2012 @12:57AM (#42113963) Homepage
    I'll bet is was because both of them had unacceptable policies regarding privacy, security/integrity and/or what they are responsible to do if a breach does occur. I'll also bet that those same policies were/are acceptable to various branches of American government, because our standards for those issues here in The United States lag waaaaay behind European standards.
    • Yeah because I'm sure the companies would never negotiate separate data confidentiality policies when setting up services segmented specifically for a government.

      • Companies can't agree to ignore court judgements in their country.

      • The problem is simply that Amazon and Google servers in the US fall under the US Patriot Act. This means that the US Government ALWAYS has access to the hosted files, if it wants. It is not possible for a company and foreign government to negotiate on this: Amazon and Google are bound by US law.

        Of course, as a government you don't want another other government to have complete access to anything you put in the cloud. And in some countries (e.g. the Netherlands where I live) it is explicitly forbidden to
    • by deniable ( 76198 )
      The US government DCs are hosted in the US and subject only to US law. See how far they'd get running a US government DC in Europe or Singapore.
  • by theodp ( 442580 ) on Wednesday November 28, 2012 @01:01AM (#42113971)

    THE ROLLING STONES GET OFF MY CLOUD [youtube.com]
    Hey, you, get off of my cloud
    Hey, you, get off of my cloud
    Hey, you, get off of my cloud
    Don't hang around, baby two's a crowd
    On my cloud

  • Amazon doesn't have a dedicated cloud service for the government in the UK which has rejected Amazon's application to provide cloud services for the government.

    Will wonders never cease?!

    And um, regarding comments on off-shoring data/services, Amazon certainly does have cloud services that run on hosts in the UK... Dublin mostly. (There may be open questions about the parent company being US-based, but those wouldn't have to do with the geographic location of the services and data, which surely would be host

    • Re:Imagine that... (Score:5, Informative)

      by isaac ( 2852 ) on Wednesday November 28, 2012 @01:25AM (#42114061)

      And um, regarding comments on off-shoring data/services, Amazon certainly does have cloud services that run on hosts in the UK... Dublin mostly. (There may be open questions about the parent company being US-based, but those wouldn't have to do with the geographic location of the services and data, which surely would be hosted from the Dublin data centers.)

      I feel compelled to point out that Dublin, Republic of Ireland (where Amazon does indeed have datacenters) is most definitely not in the UK.

    • by martin ( 1336 )

      Since when was Dublin in the UK??? Not since Irish independance in the early 1920s.

      Eire is a soverign state and given rhe history I can see why CESG wont entertain this level of offshoring

    • So when did the UK invade and seize Ireland?
    • by dkf ( 304284 )

      Amazon certainly does have cloud services that run on hosts in the UK...

      That's almost as misleading as saying that Havana is in the USA.

    • Dublin hasn't been part of the UK since 1922.

  • All down to current CESG guidance on data soveriegnty. Until the new data classifications are fully launched (replacing the IL based system) this wont change, and event then its down to the accreditor to assess the risk so still doubtfull we'll be seeing any major offshoring

  • Patriot act? (Score:4, Informative)

    by plankrwf ( 929870 ) on Wednesday November 28, 2012 @02:52AM (#42114393)

    Actually read the article (I know, against /. policy ;-0), read most of the comments, and nowhere read anything about it possible being related to the patriot act. I happen to know that the patriot act is (one of) the reason(s) the Dutch government will not enter into an agreement with American hosting providers, surely the British have similar reservations?
    (And yes, the article is scarce on facts, so cannot check whether all American companies are excluded, but heck: so could none of the other people posting a reply).

    So:
    MY guess is that the patriot act played a mayor role in letting this business opportunity slip trough the fingers of american companies...

  • I'm sure these companies would love to give them what they want but thanks to US laws they can't be trusted. Europeans should give preference to hosts with no ties to the US if they have sensitive information.

    The Governments in particular should avoid big large corporations because of that and because they're avoiding tax.
  • It's a totally fair and free process, however all companies except for three will be eliminated from the process due to various concerns, sadly this will include all major industry players. Two the the last three will be clearly unable to provide this service and will be eliminated in the last round.

    They already know who they are giving this deal too and the decision has nothing to do with common sense or sound financial management. They will award this contract to a low quality provider with a history of d

  • Seeing several comments here that seem to be treating this as an either/or discussion. Thought I'd post for the benefit of US & global readers: the UK already outsources plenty to service providers, and many of those service providers either run their own data centres or in turn consume managed capacity in one form or another from their own suppliers in turn.

    For instance:
    DVLA (vehicle / driver licensing) - Capita
    Many civil service departments, including Highways Agency and significant chunks of what is

  • The organization that I work for is building up our data center presence in the UK specifically to target that market, and to some extend, the whole of the EU. They do not want their data kept in the States. I do not blame them. With a global network like the Internet, it still strikes me as odd that it matters where the servers are physically located and why that matters for law. I mean, I get it... physical presence, search and seizure and all of that. But when you are dealing with encrypted SAN arra

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...