There is already a AWS GovCloud (US) Region [1], which is segregated from the conventional/general regions. This region is specific to US government agencies with improved security. Maybe the CIA would like something special for US intelligence agencies (i.e. an AWS GovCloud (classified/top secret) Region)? There is obvious advantages to the cloud when it comes to government procurement/life cycle management headaches. There is also an Introducing AWS GovCloud on YouTube [2], it's worth a watch if you are interested.
Look at it this way: the CIA/NSA are pretty much the only parts of the government who know enough about computer security to properly assess the risks of using something like AWS, and therefore declare it safe for them to use.
Any other department would just say "nope that sounds unsafe and I have no idea what to look into to decide otherwise", and so ignore AWS (or basically any other modern technology) completely.
The NSA's IT (overall, and security) has gone way downhill, by all accounts I've seen, in the past 20 years. It's no longer superior to good commercial practice in theory, just has more money for the same mission.
There have been lots of accounts of how badly they've botched acquisition problems, and it's all essentially run by contractors now.
William Binney, and other reports about Trailblazer.
I've also talked to a lot of NSA IT employees. They obviously can't divulge anything classified or even sensitive, but are always happy to get back to the commercial world.
You might be interested in Parallel Homomorphic Encryption [PDF: http://eprint.iacr.org/2011/596.pdf], a Microsoft Research paper covering MapReduce on encrypted data.
It's entirely possible to move encrypted data into the cloud, process it, retrieve the results, then decrypt. Welcome to the future.
Yeah but… If you had a $600million budget, wouldn't you just call up Amazon and say "Hey, you know your Availability Zones and Regions? How much to build me a couple of them, along with all your management and accounting software, so we can run pretty much all of AWS (front and back end) inside our own data centers?"
It'd be much easier for recruitment, to be able to advertise for developers/data-scientists/sysadmins with AWS experience, than just about _any_ alternative…
That's probably what someone asked for. By the time it got approved, GSA signoff, and past contracts and vendor management, they have a micro instance in us-east-1 to run www.cia.gov off of.
It's "possible". The problem is that the number of known operations that works with homomorphic encryption is so far so small as to be mostly useless. It'll take a lot of research before it becomes practical, if it ever does, for anything but very specialised operations.
"The cloud" in this case is simply a private data centre with whatever management and provisioning tools Amazon can provide. It's not the CIA using public resources on AWS.
It means very little for Oracle/IBM etc. Oracle has their own virtualization solutions in Solaris support for Zones, KVM etc. (and other cloud vendors have built on that - see e.g. Joyent's "SmartOS") but might be more interested in selling application appliances that can run on these solutions. IBM would love to sell in expensive consulting services to build private clouds like these too and have a lot of experience at scale with massive systems (and have existing deployments of mainframes of theirs with 1000+ Linux VM's on a single mainframe, as well as plenty of smaller solutions, as well as hybrid setups).
I think we'll start seeing more deals like this. It is no secret that the government(at least the Obama administration) is, rightfully so, moving in a forward and open direction regarding technology. They are starting to accept the fact that government solutions can be found externally, and many times through citizens' softwares/ideas. If you don't agree, look at these facts: President Obama hired a CTO, the CTO opened up a fellowship program that is an applied-to program which purely looks to solving government problems. Now a CIA deal with Amazon. To me, this is all positive and forward-thinking...they can use everyday citizens and companies to enhance their operations securely and quickly.
And yes, we just have to hope it is not used to spy but hey, I'd take the risk in trusting that they care more about our safety than spying on us all the time.
> we just have to hope it is not used to spy but hey, I'd take the risk in trusting that they care more about our safety than spying on us all the time.
Given the federal government's past behavior regarding domestic communication, I think it might be more prudent to behave on the assumption that they ARE spying on us all the time. They tell us that they only look at the info they've collected about us if is connected with communications with overseas persons of interest -- but that implies that they will have already collected it. It's the only convenient way to have a well-populated history of activity for $Person.
We sell to many federal/intel agencies and are seeing customers choose Amazon GovCloud over on-site storage 3:1.
While security is of great importance, it has more to do with the trust in your business relationship than where bits are stored at the end of the day.
Three Letter Agency. It's a generic term to refer to CIA, FBI and NSA. Though these days it can probably refer to many other members of Homeland Security.
BarackObama.com is hosted with Amazon Web Services as well. We can know by examining the domain servers when you look at the [whois record](http://whois.domaintools.com/barackobama.com) for that domain. (On a related note, the domain registrar used is GoDaddy)
It makes sense - government needs to host their files somehow, as we are moving into this digital age.
I don't see anything wrong with it, though it will further cement Amazon's standing as a big business superpower.
Thank you! I've been wondering how people do italics and the like. Your post helped me find an HN comment [1] which discussed the Arc source code for highlighting.
Something I find darkly humorous about cloud data centers marketed to certain government agencies is how prominently they advertise that they are "outside the 50-mile blast zone" from DC. Do they know something we don't?
"I came in here expecting firm proof that the CIA was using Amazon to spy on my Prime subscription."
While that's no doubt already happening, it's also abundantly obvious that Amazon is one of very few organisations that anyone, CIA or not, would go to for consulting/professional-services when setting up a large-scale in-house "cloud computing" infrastructure.
There's not a large pool of companies with demonstrated experience, apart from Amazon there's maybe Google, Facebook, Microsoft, Rackspace - I wouldn't add Apple to that list (since their "cloud" track record is pretty poor), from there you end up with vendor-lockin from options like IBM, Dell, and perhaps to a lesser extent Cisco.
Out of all of those options, Amazon seem to easily be the "best choice" if I were to be setting up a decade-long partnership to deploy a multi-data-center scale private cloud.
Most of the time government hires (and has for a long time) the traditional defense contractors or government-specialized small contractors to do their IT work. It is actually mildly impressive that a 'normal business' IT provider like AWS has broken into the government field.
Often these contractors, with experience in getting and administering federal contractors, will hire other contractors to do some of the other work. It's quite possible that's what's happened here.
The fox was always inside the henhouse. The fox just agreed to pay discount prices for some of the chickens.
Kidding aside, doesn't this seem like exactly the sort of move you would want your government agencies to make? Take advantage of free-market services where appropriate, and not get all "NIH"?
At one point in time I knew some people that did contract work at National Institutes of Health, and the way they talked about it, NIH might as well stand for Not Invented Here.
I don't think the fox/henhouse analogy is as foregone as you describe. Say what you will about the CIA and the law, but there are lots of restrictions on their work inside US borders (where much AWS infrastructure is located).
Furthermore, while I'm acting mostly on assumption here, I doubt the agency is going to Amazon because they can't build and/or afford their own setup.
I doubt the agency is going to Amazon because they can't build and/or afford their own setup
I can build and I can afford my own versions of a great many things. I still buy from vendors.
Anyway, AWS is heavily segregated. Simply having consumer instances is not going to enable them to snoop your traffic, and simply having consumer instances is not going to enable them to make Amazon give them your traffic if they couldn't make Amazon give it to them before.
I am a bit of a recovering hatter, CSPAN junkie, misanthrope. It's pretty debilitating. Reality is too broad to fully grasp, just get a sense of it and filter if necessary.
While they might lose the extreme tin foil hat customers, this deal will only serve to enhance their trustworthiness as a company. "The CIA trusts Amazon with THEIR data...heck, so should I." etc.
That's utterly unrealistic. There is no way there would ever be only a factor of 15 cost/performance difference in IT between a CIA contract and a leading commercial entity in a competitive market. :)
I think he's assuming that since the CIA is now a big customer, Amazon will bend the rules and give the CIA access to data from other customers, or at the very least the CIA will now have better experience in how AWS works so they'll be able to attack AWS customers more effectively themselves.
If they wanted to experience how it works, wouldn't they just be able to sign up under an alias? Also, I am not American, so I might be out of the loop a little, but why does everyone consider CIA to be some big bad wolf like in the films? There are probably people risking their lives (maybe not in an action movie way) right now, trying to make the world a safer place from terrorist ducks.
Because the CIA has a long history of directly and indirectly supporting assassinations, drug trafficking, propping up dictators and other unsavoury actions that puts the CIA very high on the list of organisations that have carried out the most terror activities worldwide.
Sure, they also do good / important work. And it's hard to say if they're still as bad as they used to be, as it'll take decades before the most important details about what they're doing now gets declassified. But their history doesn't exactly give a lot of confidence.
If you think the CIA wasn't able to get access to any information they wanted.... I mean, this doesn't change that. They were able to before, and can now. All major cloud providers work with various levels of government for law enforcement and anti-terrorism stuff.
If anything, this tells me that the CIA didn't actually have enough computing power and/or competency before to do it on their own.
[1] http://aws.amazon.com/govcloud-us/
[2] http://www.youtube.com/watch?v=S0av2mvYq5I