What could go wrong
Probably not a lot as I suspect NSA probably already has access to it all anyway
The UK Parliament is migrating to Office 365, which will become the default option for email, file-sharing, hosted apps and storage services for MPs and parliamentary staff from May 2015. Like many organisations, Parliament has decided that moving to the cloud offers the potential for financial savings. A January meeting of …
Obama gets most of his morning digest from the PRISM program.
NSA leaks show it has a secret policy of keeping UK information even despite the no-spy gentlemans agreement.
Snowden leaks show Britain allowed it to keep email data on Brits.
Merkel/Sarkozy leaks shows they spy on politicians.
Snowden interview shows they use data to leverage control of political and economic figures.
Despite this, they're migrating to a US controlled cloud. That will mean that Obama can monitor policies at the fledgling stage, before they're discussed, before they're voted on, and work to eliminate those at an early stage, or work to marginalize any politician with policies he doesn't like.
The job of securing British political emails, and protect them from foreign spies is GCHQs. Are they really so broken and 'turned' that they permitted this cloud move???
Really?
What next? US based cloud voting?
Are they really so broken and 'turned' that they permitted this cloud move???
What I do not see yet is which cloud this will sit in. I don't think government standards will allow a foreign hosted cloud, so I would assume that there is at least some containment - that's where I would ask the questions.
Not that it matters much, they're using Microsoft. That's game over right there.
"What I do not see yet is which cloud this will sit in"
The Azure/Office 365 EU cloud I'd imagine in Ireland and Netherlands which, given that it's not sensitive data will be absolutely fine and (apparently) not subject to the Patriot Act. All this info is on the MS website if you choose to read it, the solution is actually pretty good now albeit still with a few limitations. The data centre will certainly not be in England (or UK) though, they don't have one which has been publicly disclosed for the cloud here and given how specific the documentation is I doubt they have an undisclosed cloud DC here either. There's an outside chance they might add an Azure pod to one of the Microsoft Corp DCs just for government of course, MS love to win government contracts one way or another :)
"IT'S THE CLOUD - IT'S EVERYWHERE AND NOWHERE".
It's everywhere and no where, baby
That's where it's at
[]
Saying everything is groovy
When your tyres are flat
[]
Files are in your pea soup, baby
They're waving at me
Anything you want is yours now
Only nothing is for free
Lies are gonna get you some day
Just wait and see
So open up your beach umbrella
While you're watching TV
[Can you tell what it is yet? 1967, if that helps - how did he know?]
So when they can't pay the (possibly substantial) subscription, all parliamentary procedures stop, yes?
"I'm sorry, UK Government Procurement Advisor, Microsoft have to increase your subscription by 1000% this year, and we project the same or greater for the next 5 years. OK, you don't want to pay? Well, we'll generously give you 28 days to extract your data from our services. You still have some legacy in-house services left, don't you?"
I must admit that I see this whole policy as full of risk. I just hope that they can specify that the data must not be stored anywhere in US juristriction. Imagine someone doing a "Bradley (or should that be Chelsea) Manning" on the MPs email and official correspondence.
....from the whole snowden thing? (not his leaking of documents but what he actually leaked) - the spooks of all nations seem to have infiltrated a lot of big companies either by hook or crook. Either way it makes no jeffin' difference - this is not a secure way for *any* government to do business with data. I don't care if its the MP's paper clip expenses or nuclear weapons purchases it shouldn't be in the cloud.
And as for letting M$ get the gig, jeezus. We need to get out of bed with that one. (I'm not suggesting google would be better btw) - but thats one supplier that needs to be removed from their far too powerful position within gov. Then again your average MP is a bit simple and probably couldn't cope with anything else or understand why alternatives may actually be cheaper.
Anyway, if they move gov data to cloud and this will end in tears I predict.... (not least from our own hacking newspapers :) [though I hope I am proved wrong]
Friends ONLY spy on friends.
Whats the point of knowing the launch codes for the Russian missiles? Unless there is a WWIII there is little value in knowing ANY enemy military info.
Now whats the value in knowing the other Eu ministers position on agricultural subsidy cuts or on whether Scotland would be allowed into the Eu without the Euro?
"Unless there is a WWIII there is little value in knowing ANY enemy military info"
It's worth knowing that Vlad at the missile base will not under any circumstances push the button to kill millions of civilians and has secretly cut the wires to make sure nothing happens if he does.
(You think this hasn't happened?)
"It's all right. Friends don't spy on friends".
Which would be very reassuring, except that NATIONS DON'T HAVE FRIENDS. They have interests. (Ideally, those would be interests different from those of the ruling clique and their rich cronies... but let's try to live in the real world).
"Can you seriously expect them to learn something other than Microsoft Office and Windows?"
We already expect them (or their staff) to re-learn radically different UIs and behaviours every time MS decide to radically change UIs and behaviours. Where's the problem (in that respect anyway)?
Well, the main story isn't a big surprise. What would have been a surprise would be Parliament adopting an open source solution with RDP into secure servers to cover BYOD - thus promoting a locally designed system from software houses near at hand...
What I am interested in is what the Hansard gang are up to? If they wanted independence from MS, why on earth not just coopt existing open source software and put a bit of dosh into it?
The tramp: I'll be selling the Big Issue if I don't get back to my paperwork, all done on a laptop running CentOS with Libreoffice. And yes, the hard drive is encrypted just to stop that 'data found on laptop left on the bus' issue.
Yes, exactly, have your own cloud, if you like the name or your own servers, if you understand anything. Move to LibreOffice, skip MS, skip being lambs, skip supporting something you have absolutely no reason to support. Using the web, I have sometimes been ordered to upgrade to this or that MS product/version. Consider how much easier and more honest it would be to refer to a product that is free to download and works on almost any OS. Consider the independence and the savings you would achieve. Use your power, your brains, why a lamb for no reasons. Ask for help if you need it, support and take part in LibreOffice.
You seriously expect them to be able to operate an alternative office suite?
I doubt that more than a handful of them are actually competent at using the tools they're allegedly already familiar with, so I can't see them being any less able with any alternative.
It's not as though LibreOffice was staggeringly dissimilar from Microsoft Office, especially Microsoft Office 2003 which is what they've all been using until very recently. I should think the ribbon has proved more of a challenge than switching to LibreOffice would have been.
"Move to LibreOffice, skip MS"
The difficulty there is alluded to in the article where it's mentioned they are using Word templates. Based on my very limited experience with a single Govt. dept, these are not just simple templates but programmed (VBScript??) templates which lead the user through filling out forms or reports in a specific way, often for legal reasons.
"these are not just simple templates but programmed (VBScript??)"
Actually Munich had a lot of trouble with those, however they managed and were able to get those scripts out there and replace them with self written software.
>keep the data in your OWN cloud
Yes this would seem sensible, particularly as MS Office 365 with IL2 accreditation is available via G-Cloud and so Parliament would avoid all those data sovereignty and security issues that need to be tackled just because Parliament has decided not to use the G-Cloud procurement framework.
Giving Ms credit for being sharp salesmen, it wouldn't surprise me for MS to wrapper the G-Cloud service up and resell it to Parliament as MS Office 365P ('P' for Parliament) at a suitable price premium.
But yes agree it does look like yet another opportunity for the government to reinvest taxpayer's monies in UK-based software expertise has been missed.
"So you want to keep data which is local, only ever going to be local, only needed locally, never accessed remotely, not WANTED to be made available outside our building, which can only WEAKEN our security by being off site, hosted offsite."
"On the cloud. Yes."
"Why?"
"Well, because it's the way of the future."
So 80% can be stored in the cloud... Surely that is just DUMB, with MP's leaving documents on the train, you just know they will save the wrong thing in the cloud, and that will end up in the hands of the NSA anyway you look at it... 300k savings? that is peanuts compared to keeping data safe...
Two problems. Firstly, you are relying on researchers and assistants to decide whether the topic under discussion falls in the 80% or the 20%. Secondly, in the latter case you are relying on them to know where the pigeon hole is for the secure stuff.
It sounds to me like the IT department has just punted responsibility for data security over to the end-users. Just as well that Parliament doesn't do anything important.
offers IL2 and IL3 cloud services in a very secure data centre (somewhere in darkest Engerland near the M1, just north of Newport Pagnell and left a bit) and no other dept appears willing to buy from them. Joined up warfare. I've just have an image of 2 male bonobo dept heads penis fencing.
Because its not core business for them and when their field of dreams is still not visited and a change of policy/direction occurs, everyone who made what appeared to be a sensible choice is left hanging in the wind. Oh and all govt depts hate each other natch so it is just that, a field of dreams.
Never mind all the fluff and flurry about the NSA / other foreign intelligence services, Office365 has been shown to be unreliable at best, with a number of outages this year, as well as losing various client's data.
What a good idea to entrust it with government internal communications, how long before they break it?
What's particularly ironic, is that the Tory boys on the committee that grilled the Guardian's editor accused him of treason because he sent some of the Snowden files aborad. Yet here we have the unelected Lords permitting nearly all parliamentary data to be stored wherever MicroSoft want to (currently Ireland and the Netherlands). At least the Guardian used what they termed "military grade" encryption.
That the government selects a Micro$haft solution. I'm pretty sure everyone involved in the procurement process is a M$ flunky.
>> Office 365 would ensure greater resilience against connection
>> problems causing delays to emails as there were more access points to
>> Microsoft’s servers than to Parliamentary servers.
Obviously they haven't heard of all the downtime Azure, 365, and Outlook.com have been experiencing.
>> Templates across both Houses would need to be redeveloped to
>> work with Office 365. Training would be needed to realise the
>> additional benefits of the software.
So there's absolutely no benefit to using 365 other than lining the pockets of "certified" contractors and Micro$haft. Everyone will have to be retrained anyway.
I'm sure the procurement officials enjoyed the wining and dining courtesy of M$.
our organisation has just done this and availability of the email system has dropped from 99.9% under the old 'nix regime to only 95%. Add that to the frustrations people are having with the web access version of Outlook, which doesn't seem to work properly on Firefox, and the random daily incompatibility quirks with Apple devices, and there are certain people in ISS who are beginning to wonder if it was such a good move after all. Particularly as the Microsoft rep ate all the Jammy Dodgers.
1) Check Calender, nope it's not April 1st.
2) Slap self to make sure it's not a nightmare.
3) Check glasses just in case someone hasn't swapped them for Google glasses and I'm watching an episode of Monty Python.
4) Check ashtray, nope only cigarette dimps.
Holy shit this must be for real.
I thought that the people who ran this country were a bunch of incompetent twats, now I know it.
"Office 365 had a slightly higher risk relating to data sovereignty, but Microsoft’s and the Houses’ lawyers had considered the issue and felt that the chance of the risk materialising was low."
"Office 365 would ensure greater resilience against connection problems causing delays to emails as there were more access points to Microsoft’s servers than to Parliamentary servers."
And the NSA promise never-ever to read your email or listen-in to your Skype phone calls, even though the peer-to-peer calls are inexplicably routed through super-nodes in North America.
Well, since GCHQ and NSA share all their knowledge anyway (at least in one direction...), this won't make a difference.
A few years ago, long before Snowden, a UK University I know of decided to outsource their email. The students' accounts went to Google, but staff email is done by a local company who could guarantee that data won't end up on US servers. They are producing IP. They may do business with US companies of strategic interest (anybody big enough to afford a lobbyist in DC) or these companies' competitors, and the Patriot Act gives half the US public service access to any data they ask for.
Good thing Westminster doesn't produce any information worth keeping secret.
"ring-ring"
"Hallo, PM Beardsly-Smythe here."
"Mr. Beardsly-Smythe, this is Microsoft Support Services calling. Sir, we've had a request from the White House."
"I say, the White House!? You mean, the President?"
"Yes, sir. I'm not at liberty to disclose how this happened, sir, but it concerns certain words you've added to your spell-checker in your Office 365 personal dictionary."
"My dictionary! You mean, you blokes are peering into my personal word processor?"
"Not exactly, sir. I mean, it's not exactly personal, sir, being in the 'cloud' and all ... but as I said earlier, I'm not at liberty to discuss the technical issues. I'm simply passing along a request from the President of the United States."
"And what would that be, precisely?"
"Sir, please ... you are requested to immediately delete the term "Barass Osama" from your Office 365 personal word-substitution dictionary. The President finds it quite offensive!"
If they still have to maintain in house servers with access for the secure stuff, where are there any savings?
It is a hell of a lot cheaper to put on extra disc space in house than it is to also pay extra licences for cloud access products. With the speed of internet connections nowadays it is also trivial to house remotely accessed systems inhouse and well protected.
The only drawback is that someone needs to know what they are doing.
Our rights and freedoms derive from Statute law and case law. Statute law is ultimately based on Magna Carta first written in 1215, (the original is still readable and three clauses remain unrepealed). Case law stretches back even earlier than Magna Carta. Statutes used to be written on goatskin parchment using a special ink in acknowledgement of the need for longevity of the record.
It is unlikely we are going to be so lucky with digital recordings of democracy in action (cf the BBC's Domesday project and the subsequent efforts required to preserve it) unless they focus on interoperability, which at a minimum requires unencumbered open standards, probably requires open source software and most certainly is threatened by remote hosting.
BTW: Government <> Parliament so G-Cloud brings its own problems about separation of powers.
"It is unlikely we are going to be so lucky with digital recordings of democracy in action (cf the BBC's Domesday project and the subsequent efforts required to preserve it)"
One of the positive outcomes of that project being so bloody hard to recover is that we use it as an object lesson for anyone who tries to pooh-pooh the importance of keeping data in readable formats AND on readable media.
This has saved us (mostly) from having data lost when various proprietary database companies which XYZ reserch group insissted on using went titsup with no hope of ever getting the code to run on hardware and OSes less than 10 years old.
(UK space science has lost a LOT of data over the years because of this. Many academics explicitly only think about data retention to the end of their paycheck and "don't give a flying fuck" about future researchers trying to use past data - those exact words when the subject is brought up - given it's kinda hard to refly a spac probe, that's a mindbogglingly selfish attitude and I only wish I was allowed to name'n'shame the dickheads concerned.)
Our judicial system has been under US control for years now, so why not add our Parliamentary document management system to that as well; that way we are saving the NSA time and paperwork in filing requests to access MP's private documents.
While we are on the subject, why don't we let Paypal's Russian equivalent handle all government finance - hell, it can't be any worse than Treasury losing £120Bn per annum and at least we would KNOW that the money has gone to a good cause since it generally comes back to the UK and gets invested in football teams and the occasional (UK made) luxury yacht?
Creating a custom word processor for specialist tasks (as mentioned in the article) is easier than you think.
One of the best examples, created in house cheaply, is ALMA (Automated Letter Management) from Lancashire Teaching Hospitals NHS Foundation Trust. It manages all the clinical correspondence from the doctors, even automatically injecting them into the right part of the electronic notes, and has an additional spell checker covering medical terminology.
Take a look at http://alma.io/ for an example of IT Done Right for Once.