Will The CIA Treat Amazon's Cloud The Same Way It Treated Drives It Shared With The Senate?

from the we-steal-working-documents dept

The US intelligence community’s $600 million cloud computing deal with Amazon was finalized roughly a year ago, but recent revelations about the CIA’s behavior in shared virtual spaces is raising questions about the government’s move to virtual computing.

Two organizations — RootsAction.org and ExposeFacts.org — have just planted the following billboard at the doorstep of Amazon’s Seattle headquarters.

While there are 17 total intelligence agencies being connected through Amazon’s services, the CIA is the one generating the most concern at the moment. Marcy Wheeler (of emptywheel) asks some perfectly valid questions.

Marcy Wheeler — who writes widely on the legal aspects of the “war on terror” and its effects on civil liberties including her “Right to Know” column for ExposeFacts.org — said Wednesday that Amazon should answer a number of key questions before its customers and the general public can be assured that personal information from the company’s commercial operations is not finding its way into the CIA’s hands.

For instance, she said, Bezos and Amazon should answer the question: “Will there be any overlap between the physical hardware serving Amazon’s commercial cloud service and what is provided to the CIA?”

Referring to the CIA’s machinations over the still-unreleased Senate torture report, she added that Bezos should also be asked: “The CIA has admitted accessing documents made available to the Senate Intelligence Committee on shared space — what provisions have you made to prevent similar spying on Amazon’s commercial customers?”

If you’ll recall, accusations that the CIA “impersonated” Senate personnel in order to access Torture Report-related documents came to light late last month. Unnamed sources close to the action presented the CIA’s moves as the misuse of Senate staffer credentials to obtain in-progress documents related to the still-unreleased Torture Report. Another unnamed source closer to the intelligence side of things spun the agency’s alleged impersonation this way:

“CIA simply attempted to determine if its side of the firewall could have been accessed through the Google search tool. CIA did not use administrator access to examine [Intelligence Committee] work product,” the source said.

Peering back “in” using borrowed credentials is a good way to check for leaks, but it also allows the agency to look “out” at anything else stored on shared drives. It’s a very handy excuse, and one Marcy Wheeler thinks the agency might be tempted to deploy again within Amazon’s cloud service.

How thick is the wall separating the intelligence community and private businesses? Does this wall even exist outside of virtual barriers? Intelligence officials seem to be sold on Amazon’s ability to protect its assets from outsiders, but don’t appear to be nearly as concerned about internal compartmentalization. Will the IC’s servers be physically or virtually shared with the general public?

Amazon’s not saying. And quite obviously, neither are intelligence officials. Adding to the opacity is the fact that Amazon is one of the few tech companies not issuing periodic transparency reports detailing the frequency and number of requests for customer data by law enforcement and intelligence agencies.

Amazon continues to seek more government contracts, which will result in even more potential intermingling of public and private data in shared virtual spaces. The company hasn’t exactly been forthcoming on these government deals, and its ongoing lack of a transparency report isn’t much of a confidence builder.

Filed Under: cia, cloud, privacy, shared servers, surveillance
Companies: amazon