Sir David Davis raises concerns in The Telegraph on the concentration of Government contracts awarded to Amazon Web Services


As published in The Telegraph:

Highly sensitive biometric data belonging to millions of Britons is in line to be stored on Amazon’s systems, amid questions over why details of the contract have been shrouded in secrecy.

The Home Office is currently working on a wide-ranging programme to combine its police and immigration biometric databases, giving it “a strategic and central bureau platform” of fingerprints, DNA and facial-matching information.

This platform could, eventually, be used by a whole host of bodies including law enforcement, border force or passport office staff, making it easier for them to access such data. The project is thought to be worth £300m over 10 years.

According to the Home Office, its biometrics programme contract is still in the tender process, and no supplier to combine the databases has yet been chosen.

However, The Daily Telegraph understands that bidders include US companies IBM, Leidos and DXC Technology, and that suppliers were being leaned on to use Amazon’s cloud business AWS.

Speaking to The Daily Telegraph, Sir David Davis, questioned why there may have been “a covert instruction to prefer one host over another”.

“I see no objective reason for it. There might be one, but it’s not obvious to me.”

Mr Davis said it should be clear “what exactly is going on, why exactly these requirements have been put in place and what the logic behind them is”.

A spokesman for the Home Office said it considers “all bids that meet the technical requirements set out in the contract and does not stipulate the use of a certain hosting provider”.

“All contracts are awarded on the capability of the supplier to meet the requirements and provide value for money.”

A spokesman for AWS added that: “When customers, including the UK Government, use AWS they always own their data, their data stays in the AWS Region they choose, and it does not move without their consent. They can choose to encrypt their content for added security and content that has been encrypted is rendered useless without the applicable decryption keys.

“Because AWS has a world-class team of security experts, monitoring systems 24/7 to protect customer content, UK government departments are choosing AWS for their most sensitive workloads.”

The claims come amid growing concern over whether small and medium businesses are being given enough opportunities to secure government cloud contracts, which are agreed with providers under the G-Cloud framework.

This framework means departments can essentially search for suppliers, without having to put a contract out to public tender, as all those selling their services through the framework have already been approved by Government.

Last year, around 11pc of the Home Office’s total G-Cloud spend was with AWS, equal to around £16.8m, although it has also been spending heavily with other large technology businesses such as Accenture, which won more than £18m worth of contracts with the Home Office last year.

Tim Colman, head of the Federation of Small Businesses, said: “We’re in a situation where the process appears to be flawed.

“It flies in the face of procurement legislation and best practice, and is specifically in the case of some of the cloud services detrimental to British SMEs which of course therefore damages the Government.”

Mr Colman added that the biometrics case was “extremely concerning, as there doesn’t appear to have been a comprehensive tendering process and this is on the back of various government departments placing a range of cloud services with AWS again in many cases without tenders”.

A spokesman for AWS said: “By choosing AWS, the UK Government is also supporting a vast ecosystem of small and medium sized Systems Integrators and Independent Software Vendors — many of them based in or with large offices in the UK — that offer products and services that complement and help customers take full advantage of AWS.”