Slashdot Mirror
Amazon Vows To Fight Government Requests For Data
itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."
I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.
It is the blind subpoena problem. If you have your data hosted at a third party and you are sued about "widget XYZ," they can get a subpoena about "widget XYZ", and your attorneys will never know. However, if you control the encryption keys, they either hand over nothing (since "widget XYZ" returns nothing in the data search) or they get the key from you to decrypt it and you know.
How is this news for nerds? This is a thing that's existed for... Well, at least the 15 years of my life and I've only been out of my MBA since 98.
Yeah, but my company admitted to fighting government voyeurism before it was cool. As if the fat lazy PigMericans would actually get up and do anything about it.
Look and laugh at all of the disingenuous chickenshit corporations' apologies - It's like they were caught by the teacher cheating, so they ran to the principal's office to admit their cheating because that's what people of good character do.
-- Ethanol-fueled
How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?
(Of course, without the public knowledge it would be a lot easier for the government to silence businesses or influential people who did try to fight this stuff, but something tells me that all of this is about trying to re-establish consumer trust and loyalty, and is shit-all about trying to protect our Fourth Amendment rights.)
That's good. They do not need to know just how many Anime DVDs I bought, okay? It's enough to flag anyone as abnormal, lol.
I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
So, Google, now I want client-side email encryption in Gmail. What? You won't do that? Oh, I forgot, YOU want to snoop on my stuff too, right.
In Soviet Russia, the soldering iron solders YOU!
Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.
But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your 1984-esque joke here]
Amazon's position may be principled, but it won't do any good to fight the subpoena. We have already seen that the FISC (FISA court) is just a rubber stamp operation, and that the legislative, executive, and judicial branches of the government want ever greater power and authority under the guise of the "war on terror." Indeed, according to the government, it would be illegal for Amazon to inform the individual(s) whose information is being requested that a request even exists.
The problem isn't merely that warrantless surveillance exists. The problem is that there are no checks in place, no means by which the people themselves, can directly hold the government accountable for such programs. Constitutionality is a farce, easily overcome in the name of "national security." And this is precisely what the terrorists hope to achieve--the use of guerrilla tactics to provoke a government to enact increasingly draconian laws and curtail basic civil liberties, until the government becomes the oppressor against its people. Their eventual goal is to cause the collapse of that government. To this end, such surveillance programs play into the hands of the terrorists.
Also, the proper word is "ciphertext." Not "cypher text."
http://qz.com/95994/amazon-is-staffing-up-for-its-600-million-cloud-for-spooks/
...you only get data from Amazon if you PAY for it!!!
This is the same Amazon that just won an $800m bid to host the CIA's cloud computing system?
Uh huh.
It tells the rest of the world that your data is not safe in the USA, and our cloud service providers are not to be trusted (along with our banks, our ISPs in general, our telecom companies, etc).
There will be a boom to companies who are situated in more open societies in the next few years providing these services without the watchful thumb (presumably) of the NSA and other organizations. Right now Amazon and everybody else, even if they didn't cooperate with the NSA, are now subject to the US government's stupidity in proposing big brother and not realizing how it may harm our trade.
But you know... freedom rah rah rah.
The price is always right if someone else is paying.
It's probably all just empty posturing; but these companies know the recent revelations regarding the US government's reckless behavior has the potential to single-handedly kill their nascent cloud businesses.
And, perversely, that may be our only hope. Congress will cow-tow to big businesses a lot more readily than it will listen to the citizens they purport to represent. If it's a danger to profits, they may slam on the brakes.
#DeleteChrome
The CIA is one of Amazon's biggest customers.
After what they did to the CEO of Qwest for refusing to cooperate I doubt Bezos is going to put those big contracts and his personal freedom at risk.
When information is power, privacy is freedom.
So, tell us, how does a company that insists it didn't give the NSA complete access and coincidentally uses cloud hosting providers like Amazon wind up giving the NSA it's entire database, plus updates in real time? Does anyone want to guess if S3 has a rule that states it must be replicated to one or more of the DCs in the US?
No, Bezos, I don't believe you when you say you would fight it, and I don't believe you when you say they NSA don't have complete access to each and every one of your systems at will. Encryption or no, Amazon is a honey pot. People pay them for the privilege of being snooped on by the NSA.
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Having a VM in the cloud with disk encryption is really only as effective as your cloud provider deems. Since encryption keys can be relatively easily obtained from a snapshot of the VM's memory, it really depends on if someone like AWS informs you to turn off your VM before making a snapshot to give to the government. In my opinion, if you have data that you don't want the government to see, don't rely on the cloud.
That'd be a neat trick since they are busily building a huge, private AWS cloud for the CIA right now.
Kriston
They probably already have most of this data if you used a credit card for your purchases
The CIA chose Amazon's cloud services over the cheaper tender from IBM. Maybe IBM couldn't demonstrate the experience in IT delivery that Amazon can - or, maybe it's because Amazon plans to deliver everything to consumers (and IBM already has many CIA contracts). Would that mean I should take the Amazon's claims with a big fucking bucket of salt??
Just joking! Only a paranoid would think the CIA has an agenda.
Typical corporate hipocrisy and damage control measures. They realized their "principles" only after it has been revealed but were happy to ignore those "principles" earlier. Everyone, (especially non-US companies) should consider moving out of their (and Google's, and others) wiretapped clouds.
... I can't speak for everyone, but I find that the books I read are amongst the most private things in my life. It would be nice if the websites that I read were private, but the fact is that involves so many third parties that it's absurd so privacy isn't an expectation. It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free). But books I obtain from a limited number of sources, and I pay for directly or through my taxes. They are also, in a way, more intimate. So it is nice to think that my reading of books is private.
Then again, I choose my book vendors carefully and purchase with cash when I expect it to be private.
All of a sudden these huge companies that own all our data are vowing to fight this, divulge that, release this, resist that. Shame they weren't willing to do all that ethical shit before the middle of last week when they were all caught with their pants down.
Yes... they vow to do that... just like they did it with wikileaks....
Back in 2008, Obama said he was going to stop all these warrantless wiretapping. Now we have private corporations supposedly fighting the government for the privacy of private customers. I thought it should have been the other way around.
good
This story was released to divert your attention from the story that Amazon has a $600million dollar government contract to build the CIA a private cloud.
http://qz.com/95994/amazon-is-staffing-up-for-its-600-million-cloud-for-spooks/
Never happen. Bozos will welcome the cool butt zillion in cash the NSA can cough up with his gay laugh.
But this does show the NSA is targeting U.S.A. citizens for blackmail and extortion.
So how much cash does the General in charge of NSA get under the table from bogus credit card transactions each day ?
Maybe more than his 120K/yr government salary.
It seems like a lot of people don't realize that amazon has recently released a Hardware Security Module product. If you want to encrypt your data in "the cloud" such that it is not available to your cloud provider, but is usable by your application, this is pretty much the only way to do it.
As far as I know, amazon is the only major cloud provider that has an HSM option -perhaps this is a subtle advertisement of their (not cheap) new service to people who are *really* concerned about encrypting their data.
Food for thought at least..
How is that, regarding our Constitutional Law, that a 'Court' can exist in secret, whose 'Judges' exist in secret, whose deliberations exist in secret, whose opinions regarding Federal Government actions against U.S.A. citizens exist in secret but by whose secrecy the Federal Government relies upon to attack U.S.A. citizens?