Priti Patel is under pressure to disclose whether the UK’s most sensitive national security secrets could be at risk after the disclosure that its spy agencies signed a cloud contract with Amazon Web Services (AWS).
Labour is demanding that the home secretary should explain why GCHQ, MI5 and MI6 will use a high-security system provided by the US-based firm, and whether any risk assessment was undertaken before the deal was signed.
The agreement, estimated by industry experts to be worth £500m to £1bn over the next decade, was signed this year, the Financial Times first reported, citing people familiar with the discussions.
Other government departments such as the Ministry of Defence will also use the system during joint operations.
Conor McGinn, the shadow security minister, wrote to his counterpart in government, Damian Hinds, on Tuesday demanding a parliamentary statement from Patel to explain the possible security implications and the contingencies in place if Amazon’s systems fail.
“These reports are deeply concerning and raise serious questions about the wider security safeguards in place when it comes to the potential risks of outsourcing critical elements of UK national security infrastructure to non-UK-based companies,” he said in a letter seen by the Guardian.
The letter goes on to pose a series of questions for the government, including why Amazon was awarded the contract; whether the decision was discussed by the national security council; what the implications are of outsourcing data to a “non-British” company; whether any assessment has been made as to the impact on the UK’s cyber resilience; what risks this brings; and what contingencies are in place should Amazon’s systems fail.
Government officials insist that the arrangement will allow spies to share data more easily and allow for the use of specialist applications such as speech recognition to spot and translate voices from hours of intercepted communications.
Downing Street would not confirm the reported deal but defended the use of private technology by the security services. The prime minister’s official spokesperson said: “I’m not going to comment on the technology used by intelligence services for both security and commercial sensitivity reasons.”
The contract has ignited concerns over sovereignty because the UK’s most secret data will be hosted by a single US company. GCHQ told news agencies it would not comment on reports about its relationships with tech suppliers. AWS declined to comment on the report.
In February British spies at GCHQ said they had fully embraced artificial intelligence (AI) to uncover patterns in global data to counter hostile disinformation and catch child abusers. GCHQ has been using basic forms of AI such as translation technology for years but is stepping up its use, partly in response to the use of AI by hostile states and partly due to the data explosion that makes it effective.
Gus Hosein, the executive director of Privacy International, told the FT there were many things parliament, regulators and the public needed to know about the deal. “This is yet another worrying public-private partnership, agreed in secret,” he said. “If this contract goes through, Amazon will be positioned as the go-to cloud provider for the world’s intelligence agencies. Amazon has to answer for itself which countries’ security services it would be prepared to work for.”