Slashdot Mirror
Amazon Vows To Fight Government Requests For Data
itwbennett writes "Speaking at a cloud panel discussion hosted by Reuters on Wednesday, Terry Wise, head of global partner ecosystem for Amazon Web Services, explained how the company handles government requests for data stored on Amazon's cloud: 'If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena.' But Wise's best advice to customers is to encrypt their data: 'If the data is encrypted, all we'd be handing over would be the cypher text,' he said."
I can foresee a time when it won't be safe to even talk among ourselves. We'll need to send encrypted text messages to the person next to us.
How nice that, after these revelations, suddenly all of these companies are coming forward with data and vows to fight or announcing requests to reveal information, etc. Where were these Brave Defenders of Consumers^H^H^H^H^H^H^H^H^HCitizens before Snowden?
(Of course, without the public knowledge it would be a lot easier for the government to silence businesses or influential people who did try to fight this stuff, but something tells me that all of this is about trying to re-establish consumer trust and loyalty, and is shit-all about trying to protect our Fourth Amendment rights.)
That's good. They do not need to know just how many Anime DVDs I bought, okay? It's enough to flag anyone as abnormal, lol.
And... Your mother was a hamster and your father smelled of elderberries...
Harrison's Postulate - "For every action there is an equal and opposite criticism"
In Soviet Russia, the soldering iron solders YOU!
Seriously, here is a Russian analog to US Rubberhose Decryptor. It's named a Rectothermal Crypto Analyzer. We Russians mean a hot soldering iron in suspect's anus. And after some policemen sodomized their suspects with batons and Champaigne bottles (In Kazan, the region police station has been closed after this) this lore becomes just a reality.
But we Russians are not the first. In Great Britain you either disclose your keys or just go to prison. [Insert your 1984-esque joke here]
Amazon's position may be principled, but it won't do any good to fight the subpoena. We have already seen that the FISC (FISA court) is just a rubber stamp operation, and that the legislative, executive, and judicial branches of the government want ever greater power and authority under the guise of the "war on terror." Indeed, according to the government, it would be illegal for Amazon to inform the individual(s) whose information is being requested that a request even exists.
The problem isn't merely that warrantless surveillance exists. The problem is that there are no checks in place, no means by which the people themselves, can directly hold the government accountable for such programs. Constitutionality is a farce, easily overcome in the name of "national security." And this is precisely what the terrorists hope to achieve--the use of guerrilla tactics to provoke a government to enact increasingly draconian laws and curtail basic civil liberties, until the government becomes the oppressor against its people. Their eventual goal is to cause the collapse of that government. To this end, such surveillance programs play into the hands of the terrorists.
Also, the proper word is "ciphertext." Not "cypher text."
http://qz.com/95994/amazon-is-staffing-up-for-its-600-million-cloud-for-spooks/
...you only get data from Amazon if you PAY for it!!!
The Millenium Falcon, because Han would shoot first.
This is the same Amazon that just won an $800m bid to host the CIA's cloud computing system?
Uh huh.
Just a heads up, if you buy that much lube, they don't arrive like the lube you'd buy in a tube. They come as a dry powder with mixing instructions....
It tells the rest of the world that your data is not safe in the USA, and our cloud service providers are not to be trusted (along with our banks, our ISPs in general, our telecom companies, etc).
There will be a boom to companies who are situated in more open societies in the next few years providing these services without the watchful thumb (presumably) of the NSA and other organizations. Right now Amazon and everybody else, even if they didn't cooperate with the NSA, are now subject to the US government's stupidity in proposing big brother and not realizing how it may harm our trade.
But you know... freedom rah rah rah.
The price is always right if someone else is paying.
So, Google, now I want client-side email encryption in Gmail. What? You won't do that? Oh, I forgot, YOU want to snoop on my stuff too, right.
Google doesn't prevent you from using Thunderbird + enigmail. You have options, you know
It's probably all just empty posturing; but these companies know the recent revelations regarding the US government's reckless behavior has the potential to single-handedly kill their nascent cloud businesses.
And, perversely, that may be our only hope. Congress will cow-tow to big businesses a lot more readily than it will listen to the citizens they purport to represent. If it's a danger to profits, they may slam on the brakes.
#DeleteChrome
Well, well, well...
Now that we know about the lube, pray tell us, where you can get an inflatable sex goat...
tsk, tsk, tsk, children need to learn to keep their traps shut, lest they embarrass themselves.
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
It's "smelt", not "smelled". Now go away or I shall taunt you a second time!
Thunderbird and EnigMail actually work very nicely as well. Someone has mentioned that there is actually a browser add-on or something that will allow you to do it with webmail as well, but I'm not familiar with it. K9 supports encryption on Android as well. Using encryption is really not that much trouble. The only inconvenient part is getting non-techies to set up their keys.
The CIA is one of Amazon's biggest customers.
After what they did to the CEO of Qwest for refusing to cooperate I doubt Bezos is going to put those big contracts and his personal freedom at risk.
When information is power, privacy is freedom.
I wouldn't type a query like that into Google, but privacy-respecting search engine DuckDuckGo reveals several sources for inflatable sex goats.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
The description of the following item seems to suggest that is not the case:
http://www.amazon.com/Passion-Natural-Water-Based-Lubricant-Gallon/dp/B005MR3IVO
So, tell us, how does a company that insists it didn't give the NSA complete access and coincidentally uses cloud hosting providers like Amazon wind up giving the NSA it's entire database, plus updates in real time? Does anyone want to guess if S3 has a rule that states it must be replicated to one or more of the DCs in the US?
No, Bezos, I don't believe you when you say you would fight it, and I don't believe you when you say they NSA don't have complete access to each and every one of your systems at will. Encryption or no, Amazon is a honey pot. People pay them for the privilege of being snooped on by the NSA.
Work like no one is watching. Dance like you've never been hurt. Make love like you don't need the money.
Mr. Slippery joins the discussion about lube and sex goats; I'm sure there is good joke material there but I'm too tired to explore it.
Please forgive me and just ROL like I made a good joke...
Be very, very careful what you put into that head, because you will never, ever get it out. - Cardinal Wolsey
Having a VM in the cloud with disk encryption is really only as effective as your cloud provider deems. Since encryption keys can be relatively easily obtained from a snapshot of the VM's memory, it really depends on if someone like AWS informs you to turn off your VM before making a snapshot to give to the government. In my opinion, if you have data that you don't want the government to see, don't rely on the cloud.
That'd be a neat trick since they are busily building a huge, private AWS cloud for the CIA right now.
Kriston
The CIA chose Amazon's cloud services over the cheaper tender from IBM. Maybe IBM couldn't demonstrate the experience in IT delivery that Amazon can - or, maybe it's because Amazon plans to deliver everything to consumers (and IBM already has many CIA contracts). Would that mean I should take the Amazon's claims with a big fucking bucket of salt??
Just joking! Only a paranoid would think the CIA has an agenda.
It's news for nerds because the government paying attention to electronic data has been in the limelight for awhile now.
Since we nerds are the kinds of folks who are tasked with the implementation and maintenance of the systems that store and process said electronic data, this is the kind of thing that could have an effect on our livelihoods.
Sure, it's obvious that you should encrypt your data, especially if it's at rest on equipment you don't personally control. It's also somewhat of an unmitigated pain in the ass to actually setup and maintain, especially if you inherited infrastructure that you didn't build from the ground up. Or maybe you're a lazy sumbitch.
In the same vein, it's obvious that if you eat a shit load of junk food, you'll get fat and have health issues. Despite the fact that it's obvious, there's a severe problem with obesity in the US, hence we have health groups trying to spread awareness, whether it's through scare tactics or just trying to inform people and at least get them to acknowledge a problem they pretend doesn't exist.
In the same vein, the folks who post about this kind of thing are treated somewhere between polite acknowledgement, with nods of 'yup, he/she's right, we should do that', or viewed as the mad prophet raving in the town square. In both cases, folks pretty much forget about it after theyr'e done and go back to the status quo.
While I'm not in the habit of defending large corporations, I understand why they put out stuff like this. On the one hand, if they want to legally continue to do business without suffering censure by local governments, they have to comply with legal requests for data. If they simply do it, they're viewed as being in collusion by the general public. If they try and provide the information to their customers on how to mitigate their risk, their words tend to fall on deaf ears.
While I'm certain Amazon probably doesn't give a shit about handing over a customers data, they recognize that it's a touchy subject, and a potential PR nightmare, hence they spend some time trying to encourage their customers to do what's in their own best interests. I don't think it's a good idea to try and curb that.
Typical corporate hipocrisy and damage control measures. They realized their "principles" only after it has been revealed but were happy to ignore those "principles" earlier. Everyone, (especially non-US companies) should consider moving out of their (and Google's, and others) wiretapped clouds.
You don't even need to leave Amazon. They got what you want, http://www.amazon.com/Pipedream-Products-Blow-Billy-Goat/dp/B0016399DY
I'm pretty sure the government doesn't care about your purchase history of... an inflatable love goat and a 55 gallon drum of lube. Nice. Your file still says "Mostly Harmless."
Until that day comes that they DO care. Like say, you end up a prominent civil rights leader.
Ever wonder how much of the Occupy movement was derailed by quiet government pressure on key people?
When information is power, privacy is freedom.
This tool is basically going "We are going to follow the letter of the law." as if it's something new that nobody else is doing.
If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.
And, huge surprise, the subpoena's that would be most concerning to a significant portion of the population have been hit with this stamp.
Sleep your way to a whiter smile...date a dentist!
... I can't speak for everyone, but I find that the books I read are amongst the most private things in my life. It would be nice if the websites that I read were private, but the fact is that involves so many third parties that it's absurd so privacy isn't an expectation. It would be wonderful if my search queries were private, but I recognize that the businesses involved make their money by selling my data (such is the perils of demanding a service for free). But books I obtain from a limited number of sources, and I pay for directly or through my taxes. They are also, in a way, more intimate. So it is nice to think that my reading of books is private.
Then again, I choose my book vendors carefully and purchase with cash when I expect it to be private.
All of a sudden these huge companies that own all our data are vowing to fight this, divulge that, release this, resist that. Shame they weren't willing to do all that ethical shit before the middle of last week when they were all caught with their pants down.
Ranting Out Loud? :-)
The Tao of math: The numbers you can count are not the real numbers.
Yes, I... heard about that, too.
Back in 2008, Obama said he was going to stop all these warrantless wiretapping. Now we have private corporations supposedly fighting the government for the privacy of private customers. I thought it should have been the other way around.
It seems like a lot of people don't realize that amazon has recently released a Hardware Security Module product. If you want to encrypt your data in "the cloud" such that it is not available to your cloud provider, but is usable by your application, this is pretty much the only way to do it.
As far as I know, amazon is the only major cloud provider that has an HSM option -perhaps this is a subtle advertisement of their (not cheap) new service to people who are *really* concerned about encrypting their data.
Food for thought at least..
If they get a warrant/subpoena with the "Thou shalt tell no other" stamp on it, they can't tell anybody about it, in particular, they can't tell the subject/victim of it.
I thought the point was "but if you encrypt it, you will know about it". Not because Amazon will violate the "tell no one" order, but because if the government actually wants to know what the encrypted data is, they will have no choice but to try going through you, since Amazon won't be able to turn over that piece of information.
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
That's in the future. This surveillance has been going on for awhile, and Amazon has been responding to these warrants/subpoenas for quite some time.
This is just a PR to make it seem like "they've got your back".
Sleep your way to a whiter smile...date a dentist!