Tech

German watchdog says Amazon cloud vulnerable to US snooping

BERLIN — Amazons cloud hosting services are not suitable for storing German police data due to a risk of U.S. snooping, Germanys top data protection officer told POLITICO.

Ulrich Kelber, Germanys federal commissioner for data protection and freedom of information, said that U.S. authorities could invoke the CLOUD Act to demand access to data held by Amazon Web Services — creating a risk for German government bodies that store data with them.

The CLOUD Act, passed last year by Donald Trumps administration, allows American authorities to compel U.S.-based tech companies to provide requested data, regardless of whether that data is stored in the U.S. or abroad.

Kelbers warning comes in response to plans to equip thousands of federal police officers with Motorola recording devices that upload data to Amazon Web Services, the Seattle-based tech giants cloud hosting business.

That would expose the officers to potential snooping and violate domestic data protection laws as U.S. authorities could use the CLOUD Act to gain access to the police recordings, said Kelber, a member of the center-left Social Democratic Party (SPD).

“For the storage of such sensitive data, we need a cloud provider that is exclusively subject to European data protection law — not a provider that is also subject to the U.S. CLOUD Act,” he said during a telephone interview.

“We cant understand why the German Federal Police does not follow this clear legal assessment” — Ulrich Kelber

His criticism mirrors arguments in a broader transatlantic standoff — the debate over Huawei and 5G network security.

U.S. officials have pressed Berlin to take a tougher stand against the Chinese giant over 5G network security, arguing that Chinas 2017 Intelligence Law makes Huawei equipment unsafe because it allows the government to ask for data held by private firms. Huawei has repeatedly denied that its equipment poses such a risk.

Kelbers warning about the CLOUD Act effectively echoes the American argument against Huawei: That Berlin cannot be sure its data will be secure from snooping with Amazon, due to U.S. legislation.

“We made that assessment clear as early as last year,” Kelber said. “And we cant understand why the German Federal Police does not follow this clear legal assessment.”

Germanys federal commissioner for data protection and freedom of information said that U.S. authorities could invoke the CLOUD Act to demand access to data held by Amazon Web Services | Spencer Platt/Getty Images

Amazon did not comment, but an American legal expert said that the tech giant could resist any U.S. government order to hand over data by citing a conflict with local law.

No choice but to use Amazon

Under the plan, 475 federal police departments across Germany are set to be equipped by the end of 2020 with 2,300 camera systems that will record what officers see and do on the job. Currently, 285 such bodycams are already in use.

The hardware in question is a smartphone-like device manufactured by U.S. company Motorola Solutions, which for maximum capability is paired up with Amazons cloud services.

Spokespeople for the interior ministry and the federal police, in charge of borders, railways and airports, defended using the tech giants cloud services until a domestic equivalent becomes available.

The German interior ministry said the federal police has no choice but to use Amazon for hosting the footage. “It [Amazon Web Services] is the only suitable cloud provider because the Motorola software cannot be used on any other cloud infrastructure without significant modifications,” a ministry spokesperson said.

The spokesperson added that using Amazon, which controls 32 percent of the global cloud storage market, does not violate German law. The spokesperson did not provide details on its assessment that Amazon hosting was safe.

But in a letter to a member of the German parliament, seen by POLITICO, an interior ministry official stated that the data stored in the cloud is encrypted and that raw footage is not linked to any personal information — an argument Kelber rejected.

“Amazon itself sells facial recognition software in the U.S. Such a program can analyze video footage, identify faces and match it with databases” — Benjamin Strasser

He said the body camera data would be available “in an unencrypted state within the cloud” at least for a short time. It would also be easy to “analyze … and draw certain conclusions from footage and match it with high probability to a certain place and time and, potentially, to single individuals, as well,” added Kelber, a former deputy justice minister.

Privacy advocates are particularly alarmed about arguments that raw video footage stored in the cloud cannot directly be linked to individuals.

“Amazon itself sells facial recognition software in the U.S,” said Benjamin Strasser, a member of the German parliament for the liberal opposition Free Democrats (FDP). “Such a program can analyze video footage, identify faces and match it with databases.”

The case also underscores challenges posed by artificial intelligence and other emerging technologies to governments when it comes to defending their citizens privacy and data.

Waiting for the Bundes-Cloud

Kelber has only limited means to stop the federal police from using Amazon cloud services. He could publicly reprimand the fedRead More – Source