Amazon Vows To Fight Government Requests For Data 104
itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."
Silence is Golden (Score:2, Insightful)
I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.
Re:Silence is Golden (Score:4, Funny)
I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.
lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !
Re: (Score:2)
Use the Ceasar Cipher.. If that fails pig latin may do the trick. Iway inkthay ethay USWAY overnmentgay eedsnay otay etgay outway
ofway ourway ivatepray iveslay.
L fdq vhh lw qrz, Dpdcrq zloo irog zkhq wkh mxgjh wkurzv klv iluvw lqmxqfwlrq dw wkhp.
I can see it now, Amazon will fold the first time a judge throws an injunction at them.
They are right, encrypt your shizzle wherever you store it off of your premises.
Re: (Score:2)
I find that the one of the most secure versions of that is to cascade the shift(5) and shift(8) together. The only other one more secure is cascading shift(6), shift(9) and shift(11) together.
This message has been encrypted with a cascade of shift(9), shift(10) and shift(7).
Also there's this bit of fun: lolcryption.master5o1.com [master5o1.com]
Re: (Score:2)
"... overnmentgay eedsnay..."
I think you may be onto something there.
Re: (Score:1)
> lxkvz;j;ldfkja;lskdfjas;lkfja';ldf'
I totally agree!
> DJFAS;LDFNASLKBF.A,EMFNW;OIHZPIVBWEF !
There's no need to shout.
Re: (Score:3)
Re: (Score:2)
Nah, we'll just have to start speaking Klingon
jatlh, chonayta' wIghaj!
Re: (Score:2)
Nah, we'll just have to start speaking Klingon
i prefer drow to klingon or should i say; usstan hull'phir ilythiiri ulu klingon
Re:Yeah, this is normal (Score:5, Interesting)
It's news for nerds because the government paying attention to electronic data has been in the limelight for awhile now.
Since we nerds are the kinds of folks who are tasked with the implementation and maintenance of the systems that store and process said electronic data, this is the kind of thing that could have an effect on our livelihoods.
Sure, it's obvious that you should encrypt your data, especially if it's at rest on equipment you don't personally control. It's also somewhat of an unmitigated pain in the ass to actually setup and maintain, especially if you inherited infrastructure that you didn't build from the ground up. Or maybe you're a lazy sumbitch.
In the same vein, it's obvious that if you eat a shit load of junk food, you'll get fat and have health issues. Despite the fact that it's obvious, there's a severe problem with obesity in the US, hence we have health groups trying to spread awareness, whether it's through scare tactics or just trying to inform people and at least get them to acknowledge a problem they pretend doesn't exist.
In the same vein, the folks who post about this kind of thing are treated somewhere between polite acknowledgement, with nods of 'yup, he/she's right, we should do that', or viewed as the mad prophet raving in the town square. In both cases, folks pretty much forget about it after theyr'e done and go back to the status quo.
While I'm not in the habit of defending large corporations, I understand why they put out stuff like this. On the one hand, if they want to legally continue to do business without suffering censure by local governments, they have to comply with legal requests for data. If they simply do it, they're viewed as being in collusion by the general public. If they try and provide the information to their customers on how to mitigate their risk, their words tend to fall on deaf ears.
While I'm certain Amazon probably doesn't give a shit about handing over a customers data, they recognize that it's a touchy subject, and a potential PR nightmare, hence they spend some time trying to encourage their customers to do what's in their own best interests. I don't think it's a good idea to try and curb that.
Re: (Score:1)
This tool is basically going "We are going to follow the letter of the law." as if it's something new that nobody else is doing.
If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.
And, huge surprise, the subpoena's that would be most concerning to a significant portion of the population have been hit with this stamp.
Re: (Score:2)
If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.
I thought the point was "but if you encrypt it, you will know about it". Not because Amazon will violate the "tell no one" order, but because if the government actually wants to know what the encrypted data is, they will have no choice but to try going through you, since Amazon won't be able to turn over that piece of information.
Re: (Score:1)
That's in the future. This surveillance has been going on for awhile, and Amazon has been responding to these warrants/subpoenas for quite some time.
This is just a PR to make it seem like "they've got your back".
Re:In Contrast... (Score:4, Funny)
Re: (Score:2)
And... Your mother was a hamster and your father smelled of elderberries...
Re:In Contrast... (Score:4, Funny)
It's "smelt", not "smelled". Now go away or I shall taunt you a second time!
You Brave Companies, You (Score:5, Insightful)
How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?
(Of course, without the public knowledge it would be a lot easier for the government to silence businesses or influential people who did try to fight this stuff, but something tells me that all of this is about trying to re-establish consumer trust and loyalty, and is shit-all about trying to protect our Fourth Amendment rights.)
Re:You Brave Companies, You (Score:5, Informative)
Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.
Re:You Brave Companies, You (Score:5, Funny)
Excuse me, but WHO'S data?
An android character on Star Trek.
Re:You Brave Companies, You (Score:4, Funny)
Once again we prove the principle, Sunlight is the best disinfection. These guys, the NSA and the big internet companies, were happy to share your data UNTIL the light was shone on them. Then they scattered like cockroaches when you turn the lights on.
Don't you mean Snowlight?
Re:You Brave Companies, You (Score:4, Interesting)
How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?
In the case of Amazon, it cut off [cnet.com] its services to Wikileaks at the request of Sen. Joseph Lieberman (Chairman of the Homeland Security and Governmental Affairs Committee). That's what Amazon was doing before Snowden. They didn't wait for an injunction, they didn't wait for Wikileaks or Assange to be brought upon charges (they've helped the US government deal with Wikileaks, without having to enter the messy US court system and all the rights that could possibly imply for the defendant).
And now suddenly, Amazon is getting this big fat 10-year contract [itworld.com] from the CIA for a private cloud (that IBM is challenging every which way). Oh thanks Senator Lieberman!! And thank you US taxpayers!!! Amazon may not like to pay taxes, but it sure likes benefiting from them!
Re: (Score:3, Insightful)
I too have my doubts about the sincerity of corporate entities who are in the business of relieving folks of their money. I also think they're in spin control mode.
But, when you get right down to it, their advice is not wrong. It behooves us brainy type peoples to ignore the political and social connotations that prompted such announcements and distill the subject matter down to it's essence and ultimately determine whether or the information is correct or not.
Re: (Score:3)
Many companies had appealed and had lawsuits. The difference is that now that the program is public their lawyers are letting them talk about the lawsuits. Yahoo for instance it was revealed had a 3 year long lawsuit fighting it.
Re: (Score:3)
From what I've read, Google is the only one claiming to have tried to fight these before the reveal. Everyone else is playing damage control.
alright (Score:2)
Re: (Score:2)
That's funny, I didn't know Amazon Web Services sold DVDs.
Mostly Harmless (Score:1)
Re: (Score:3, Interesting)
Just a heads up, if you buy that much lube, they don't arrive like the lube you'd buy in a tube. They come as a dry powder with mixing instructions....
Re: (Score:2)
Well, well, well...
Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...
tsk, tsk, tsk, children need to learn to keep their traps shut, lest they embarrass themselves.
Re: (Score:1)
I wouldn't type a query like that into Google, but privacy-respecting search engine DuckDuckGo [duckduckgo.com] reveals several sources for inflatable sex goats.
Re: (Score:2)
Mr. Slippery joins the discussion about lube and sex goats; I'm sure there is good joke material there but I'm too tired to explore it.
Please forgive me and just ROL like I made a good joke...
Re: (Score:1)
Ranting Out Loud? :-)
Re: (Score:1)
You don't even need to leave Amazon. They got what you want, http://www.amazon.com/Pipedream-Products-Blow-Billy-Goat/dp/B0016399DY
Re: (Score:2)
The description of the following item seems to suggest that is not the case:
http://www.amazon.com/Passion-Natural-Water-Based-Lubricant-Gallon/dp/B005MR3IVO [amazon.com]
Re: (Score:2)
Yes, I... heard about that, too.
Re: (Score:3)
I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."
Until that day comes that they DO care. Like say, you end up a prominent civil rights leader. [cnn.com]
Ever wonder how much of the Occupy movement was derailed by quiet government pressure on key people?
Re: (Score:2)
So, Google, now I want client-side email encryption in Gmail. What? You won't do that? Oh, I forgot, YOU want to snoop on my stuff too, right.
Google doesn't prevent you from using Thunderbird + enigmail. You have options, you know
Re:Now all I want is (Score:4, Interesting)
Thunderbird and EnigMail actually work very nicely as well. Someone has mentioned that there is actually a browser add-on or something that will allow you to do it with webmail as well, but I'm not familiar with it. K9 supports encryption on Android as well. Using encryption is really not that much trouble. The only inconvenient part is getting non-techies to set up their keys.
In Soviet Russia... (Score:2)
In Soviet Russia, the soldering iron solders YOU!
Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.
But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your
Don't make promises you can't keep (Score:5, Interesting)
Amazon's position may be principled, but it won't do any good to fight the subpoena. We have already seen that the FISC (FISA court) is just a rubber stamp operation, and that the legislative, executive, and judicial branches of the government want ever greater power and authority under the guise of the "war on terror." Indeed, according to the government, it would be illegal for Amazon to inform the individual(s) whose information is being requested that a request even exists.
The problem isn't merely that warrantless surveillance exists. The problem is that there are no checks in place, no means by which the people themselves, can directly hold the government accountable for such programs. Constitutionality is a farce, easily overcome in the name of "national security." And this is precisely what the terrorists hope to achieve--the use of guerrilla tactics to provoke a government to enact increasingly draconian laws and curtail basic civil liberties, until the government becomes the oppressor against its people. Their eventual goal is to cause the collapse of that government. To this end, such surveillance programs play into the hands of the terrorists.
Also, the proper word is "ciphertext." Not "cypher text."
Re: (Score:1)
Alright then, Captain Fussbudget Wickerprints, "cypher text" it is.
Re: (Score:2)
Local law applies when you do business in that region. You can't relocate your servers to the fucking moon and then claim immunity to all earthly laws. The only way MS can evade US law is to relocate and to stop doing business in the US.
Re: (Score:2)
Actually, cyphertext is perfectly reasonable. But I agree that it should (probably) be one word.
Re: (Score:2)
Amazon's position may be principled, but it won't do any good to fight the subpoena.
You are assuming that they actually intend to fight the requests. Just because a company comes forward and claims something...
They'll probably only fight the non-secret, regular requests (i.e. the ones from the 90s).
Huh ? (Score:2)
Re: (Score:2)
'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena."
How does this work if Amazon are served with a secret order? They are gagged and cannot reveal that it even exists. The customer cannot sue, because he cannot prove the government is snooping on him. And it is no use asking, because the existence of snooping is secret. This is the most outrageous aspect of the whole sorry saga.
Re: (Score:1)
I just want to point out that this is not necessarily as bad as it sounds. Assuming we don't think the courts have gone over to the dark side, just the fact that the request has to be approved by someone outside the agency and will not be kept a *complete* secret is a *very* good thing. I suspect that a great many requests are never made because they would have to be explained. Even if the threshold is low (which is
Re: (Score:2)
They don't have a great track record of following through with their promises, anyway. Look at the California sales tax ordeal. All up in arms over it vowing to fight it and then overnight they just change their mind and welcome the change.
And then there's this... (Score:3)
http://qz.com/95994/amazon-is-staffing-up-for-its-600-million-cloud-for-spooks/ [qz.com]
Damn right.. (Score:3)
Ahem... (Score:5, Insightful)
This is the same Amazon that just won an $800m bid to host the CIA's cloud computing system?
Uh huh.
Re: (Score:2)
$600M. But yeah.
Re: (Score:1)
Running the CIA's cloud will give Amazon access to the CIA's data, not the other way round.
This is truly the problem with NSA spying.. (Score:3, Insightful)
It tells the rest of the world that your data is not safe in the USA, and our cloud service providers are not to be trusted (along with our banks, our ISPs in general, our telecom companies, etc).
There will be a boom to companies who are situated in more open societies in the next few years providing these services without the watchful thumb (presumably) of the NSA and other organizations. Right now Amazon and everybody else, even if they didn't cooperate with the NSA, are now subject to the US government's stupidity in proposing big brother and not realizing how it may harm our trade.
But you know... freedom rah rah rah.
Re: (Score:2, Insightful)
I'm going to go out on a limb, post as AC, and ask: what open societies?
If you put servers in China, you KNOW they do the same thing as the NSA, not to mention worse (Great Firewall of China.) In fact, China, by law, owns 51% of any extension of a firm doing business there.
Russia? Perhaps, except the shadow of the old Soviet Union still is present.
Europe? Right now, they are the pinnacle of global civilization and freedom now, but who knows how long that will stand. Germany is subject to Russia's whims,
Re: (Score:2)
Switzerland, which is not in the EU and is very strict about privacy.
Yes, their banking sector is starting to crack a bit, but they are being dragged kicking and screaming and it is not even clear if they will be turning over data. Most of the banks, unless you are a giant customer I would guess, are just refusing accounts to US citizens. I know they closed my crappy bank account.
There are several hosting services in Switzerland that offer privacy protecting hosting and services.
Re: (Score:2)
Considering that the Swiss have a well-developed satellite monitoring system [wikipedia.org], it wouldn't surprise me if they had monitoring of domestic and international phone and internet traffic going through the country.
They may have very strong data protection laws that help prevent the misuse of data by private entities (the EU has similar laws), but do they have strong laws that protect data from misuse by the government? (If so, I'd appreciate a link, as that'd be really useful to know.) I know that the EU mandates
Re: (Score:1)
I don't know the answers to your questions, nor did I know about the system in your link.
All I know about is all the crap they put me through as a small business with privacy and data collection and what I see on the news about the government blocking a lot of the data requests from other countries.
Thanks for the link.
Re: (Score:3)
The irony is that back when cloud storage started to become a big buzzword, folks were worried about things like their data coming to rest in China.
Honestly, the NSA scandal just provides me with some vindication when I argue for encrypting all data, no matter how inconvenient it may be, and to avoid the cloud unless it's a cloud you built and control yourself.
Re:This is truly the problem with NSA spying.. (Score:4, Interesting)
The rest of the world has known for a long time that their data isn't safe in the US, in fact they legislate that personal data cannot be stored in the US (various data privacy acts relating to multinational corporations).
When I worked at a multinational insurance company our international data storage was in Canada, UK (we served data to/from India from the UK, insanity from a performance perspective), South Africa, and Australia. No data regarding foreign citizens could be stored in the US.
This has been the case for at least 7 years or so, probably longer.
Re: (Score:2)
Do you honestly believe every country government on the planet with indoor plumbing, electricity , and a broadband connection are not interested in monitoring their citizens online activities for all kinds of reasons? The shear amount of hyperventilating over this NSA secret spying is just uncovering just how stupid and gullible people can really be. This secret NSA program was outed over 11 years ago when the NSA fired and investigated the employee who designed the first edition of the software because he
Re: (Score:2)
Yeeeeeeaaaaahhhh... take your stuff to a foreign country to be secure from the NSA. A real open one with weak counter intelligence too, pure genius.
The NSA isn't getting all of this data via inteligence. They're just asking for it and companies send them what they ask for.
We're gonna see more of this (Score:2)
It's probably all just empty posturing; but these companies know the recent revelations regarding the US government's reckless behavior has the potential to single-handedly kill their nascent cloud businesses.
And, perversely, that may be our only hope. Congress will cow-tow to big businesses a lot more readily than it will listen to the citizens they purport to represent. If it's a danger to profits, they may slam on the brakes.
Bite the Hand that Feeds You? (Score:5, Informative)
The CIA is one of Amazon's biggest customers. [wired.com]
After what they did to the CEO of Qwest [reddit.com] for refusing to cooperate [usatoday.com] I doubt Bezos is going to put those big contracts and his personal freedom at risk.
Re: (Score:2)
Re: (Score:2)
Amazon scored their CIA brownie-points by taking down Wikileaks without any legal requirement to do so.
Re: (Score:2)
They are both part of the Intelligence Community, The CIA is headed by the Director of National Intelligence who reports to the President. The NSA is part of the US Intelligence Community which is also headed by teh Director of National Intelligence. The NSA itself is headed by the DoD who reports to the President.
Saying they aren't associated with the NSA is saying that two grandkids of the same grandparent aren't related to each other. They are cousins on the same branch of the US Government family tree.
Already got a feed into Amazon (Score:2)
No, Bezos, I don't believe you when you say you would fight it, and I don't believe you when you say they NSA don't have complete access to each and every one of your systems at w
Encryption of VMs in the cloud (Score:1)
Having a VM in the cloud with disk encryption is really only as effective as your cloud provider deems. Since encryption keys can be relatively easily obtained from a snapshot of the VM's memory, it really depends on if someone like AWS informs you to turn off your VM before making a snapshot to give to the government. In my opinion, if you have data that you don't want the government to see, don't rely on the cloud.
That'd be a neat trick (Score:2)
That'd be a neat trick since they are busily building a huge, private AWS cloud for the CIA right now.
Hmmmm (Score:2)
The CIA chose Amazon's cloud services over the cheaper tender from IBM [smh.com.au]. Maybe IBM couldn't demonstrate the experience in IT delivery that Amazon can - or, maybe it's because Amazon plans to deliver everything to consumers (and IBM already has many CIA contracts). Would that mean I should take the Amazon's claims with a big fucking bucket of salt??
Just joking! Only a paranoid would think the CIA has an agenda.
Great if true ... (Score:3)
... I can't speak for everyone, but I find that the books I read are amongst the most private things in my life. It would be nice if the websites that I read were private, but the fact is that involves so many third parties that it's absurd so privacy isn't an expectation. It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free). But books I obtain from a limited number of sources, and I pay for directly or through my taxes. They are also, in a way, more intimate. So it is nice to think that my reading of books is private.
Then again, I choose my book vendors carefully and purchase with cash when I expect it to be private.
Re: (Score:2)
It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free).
https://duckduckgo.com/ [duckduckgo.com]
Mobile morals (Score:3, Insightful)
I am quite disappointed by American politics... (Score:2)
Back in 2008, Obama said he was going to stop all these warrantless wiretapping. Now we have private corporations supposedly fighting the government for the privacy of private customers. I thought it should have been the other way around.
Subtle advertisement for their HSM product? (Score:1)
As far as I know, amazon is the only major cloud provider that has an HSM option -perhaps this is a subtle advertisement of their (not cheap) new service to people who are *really* concerned about encrypting their d