The UK’s three spy agencies; GCHQ, MI5 and MI6 have contracted AWS, Amazon’s cloud computing arm to host their classified material in a deal aimed at boosting the use of data analytics and artificial intelligence for espionage. Other government departments, such as the Ministry of Defense, will also use the system during joint operations.
According to The Financial Times, the details of the deal are closely guarded and were never intended to be made public. It is estimated to be worth £500m to £1bn over the next decade and was signed this year.
Gus Hosein, the executive director of Privacy International, told the FT there were many things parliament, regulators and the public needed to know about the deal. “This is yet another worrying public-private partnership, agreed in secret,” he said. “If this contract goes through, Amazon will be positioned as the go-to cloud provider for the world’s intelligence agencies. Amazon has to answer for itself which countries’ security services it would be prepared to work for.”
Government officials claim that the arrangement will allow spies to share data more easily and quickly, as well as allow for the use of specialist applications such as speech recognition. GCHQ, MI5 and MI6 will also be able to conduct faster searches on each others databases.
The revelation of the contract has since ignited serious concerns of data sovereignty, with many concerned about the implications of outsourcing the UK’s most secret data to a single US company.
Data sovereignty is the concept that digital data is subject to the laws of the country in which it is processed. This could be an issue due to the fact it gives value to peoples data – with the concern of what if the data was ever held to ransom?
However, the FT also reported that though AWS was a US company, all the agencies data would be held in Britain and amazon would not have access to information on the cloud platform.
There are growing concerns regarding digital sovereignty for Europe, with worries that the citizens, businesses and member states of the EU are losing control over their data. Support has been growing for a new policy approach designed to enhance Europe’s strategic autonomy in the digital field, requiring the European Union to update and adapt a number of its current legal, regulatory and financial instruments. The quest for digital sovereignty is being discussed currently, with measures proposed to enhance European autonomy and Europe’s ability to act independently in the digital world.
A solution to this issue of data sovereignty could come from factors such as the Gaia-X standard, which “facilitates the interlinking of all participants in the digital economy in accordance with European values and standards.”
Gaia-X’s main goal is to achieve innovation through digital sovereignty by establishing an ecosystem in which data is made available, collated and shared in a trustworthy environment. The users always retain sovereignty over their data, so what emerges is not a cloud but a federated system that links many cloud services, producers and users together.
Gaia-X standards could be adopted across Europe and beyond, becoming the global standard for data protection. The Gaia-X European Association for Data and Cloud AISBL has over 300 members globally, including Mastercard Europe, Microsoft NV and Amazon Europe Core S.a.r.l.