HMRC boss defends shift to AWS, says they got 50% knocked off HMRC's Permanent Secretary has defended the UK tax authority's decision to ditch a British cloud slinger in favour of tax-efficient multinational Amazon, citing bumper savings. As exclusively revealed by The Reg, the taxman moved its data out of Manchester-based Datacentred six months ago. HMRC was the firm's biggest client …
@Tom 64
...is paying a tax-dodging foreign company.
The following happened when Gordon Brown was Chancellor
"Inland Revenue's property sold to company in tax haven"
"AWS took a large loss on this"
Apparently data is worth something, AWS getting HMRC's entire dataset would be pretty valuable as far as random datasets go. Even if Amazon don't want the data themselves, I'm sure lots of organisations of varying degree of shadyness would like to buy it. Win win for everyone but the tax payer.
"or AWS took a large loss on this"
Yep, you wouldn't believe the "free credit" and discount you can get from Amazon if you're serious about using their services, they'll practically give you a year's free use of their services if you're deadly serious about signing up with them. Although personally I think it's like a drug dealer, it's all rainbows and happy visions to start with but once the honeymoon period is over I can imagine the freebies are long gone and you're going to be fronting up for a lot of services you've been playing with and can't easily extract yourself from.
"and the price reduction on this was more than 50 per cent for us."
"AWS took a large loss on this"
That's only part of it. Sure, for reasons of reliability, scalability etc it does make sense to rely on a big cloud provider, but it's not all about money. HMRC put themselves in a position where their critical infrastructure depends on a company who it shuuld be looking very closely at for playing "jump-the-tax-loopholes".
Incidentally, it strikes me as curious that Amazon along with Google, Apple, Starbucks and a few others are often mentioned as great tax dodgers but Miscrosoft rarely gets a mention...
"So either cloud margin is stupendous (which seems rather unlikely bearing in mind the large amount of competition)"
That's the thing thought isn't it, exactly how many firms do you think were certified to hold HMRC data? Given that AWS and Azure only just got certified there probably wasn't much in the way of competition before.
Or to put it another way, this is a government contract, do you really think that HMRC were paying normal commercial rates?
ROFL
I soon won't matter what that [redacted] says. Once the USSC says yes to the Feds then it will be open season on all data held by US companies anywhere in the world. They'll be able to collect it all and Amazon/MS/Google/Oracle/Rackspace/Apple/whoever won't be able to stop them.
Uncle (sic) Sam is indeed the top Big Brother these days. Google and Facebork are mere also rans.
The only difference is that the clock won't strike 13 as US times never go beyond 12.
"Uncle (sic) Sam is indeed the top Big Brother these days. Google and Facebork are mere also rans."
Perhaps. But they do have the excuse of stopping bombers, organized crime, and other criminal activities. Whereas Google, facebook et al, slurp up your life firstly the better google up your bandwidth in order to try to sell you shit you don't need, and secondly to manipulate your opinions and dull your senses.
The CIA do not need a court approval to spy abroad they will just ask MI5/6 to install the necessary equipment and then start monitoring. The UK Government will be happy because when they ask MI5/6:
- have any foreign governments accessed the UK AWS data centers? the answer will be NO!
- are you accessing data held in the UK AWS data centers? again the answer will be NO!
This is a crucial point. US judges can order US companies to release data even though it is held on servers entirely outside the US and have done so in the past (search for Microsoft Dublin).
- 50% savings are good
- Outsourced infrastructure good
- UK tax payer data at the mercy of the US Trumptatorship - sad. Very, very sad.
Also, is this just IaaS, or are HMRC locking themselves in to the entire proprietary Amazon application stack, in which case two suppliers just narrowed down to one. Bend over the barrel HMRC .... this is going to hurt. That 50% was just an introductory offer.
"US judges can order US companies to release data even though it is held on servers entirely outside the US and have done so in the past (search for Microsoft Dublin)."
Microsoft refused to release that data and subsequently redesigned their security so that remote access to local data requires local approval. So it doesn't matter anymore what a judge in the US says about data in Ireland. If a request isn't legal in Ireland, it's not happening...
Unlike Google who's security isn't as good (presumably largely because they are built on *Nix and you can't block root access to a file system like you can block admin access in Windows as *Nix doesn't have a very good ACL / security model in comparison) and they CAN access remote data from the US...
" If a request isn't legal in Ireland, it's not happening..."
Maybe. Unfortunately Ireland is not the UK. Remember, the UK like the US is part of the "Five Eyes" intelligence group and it's a good bet that if one of the members wants data held by another member it will be passed on.
Being a smaller, non-aligned country certainly has its advantages when you want to say no to the likes of the US.
The Microsoft Dublin case isn't over - its just been accepted by the US Supreme Court. It also only concerns interpretation of the US Stored Communications Act. The US has an arsenal of legislation that enables it to grab data from overseas - not least FISA (Foreign Intelligence Surveillance Act) 702 which Congress is reauthorizing to 2025
"They can fine Microsoft all they want, but it's no longer physically possible without approval from a local data custodian in Ireland."
Is this actually the case? The only thing I've read on these lines is about this arrangement being put in place in relation to the new DC in Germany. It's possible they've rolled this out elsewhere and I've missed it.
"Unlike Google who's security isn't as good (presumably largely because they are built on *Nix and you can't block root access..."
That's an amazing pile of ground axes and bad assumptions you've got there. Bravo.
Out of interest, what is The MS equivalent of a Container, and how many reboots does it requires to use?
You mean something like this https://azure.microsoft.com/en-us/overview/containers/ ?
Yes, except on your own PC, like chroot on Unix, jails in BSD, Zones in Solaris...
I've been given a commercial binary to run which I don't trust. I'm putting it in a Zone, and confining its cpu/mem/network/filesystem access. What do you do?
"*Nix and you can't block root access to a file system like you can block admin access in Windows as *Nix doesn't have a very good ACL / security model in comparison) and the"
You fail at UNIX, OTOH you excel at talking smack and making stuff up. Just a few pointers for you:
1) root is not an "Admin Account", and it shouldn't be used as such - we've known better for several decades now.
2) chroot was available in UNIXland at least a decade before WinNT was even on the drawing board (Win 3.1, 3.11, 95, 98, ME et al didn't really have anything like that). Better and more comprehensive mechanisms have been implemented many times over since over the past *three* decades as well.
3) As for MS "redesigned their security so that remote access to local data requires local approval" - they have been doing that off and on since NT was released and quite frankly the CVE reports speak volumes for their fallibility when it comes to securing a machine running Windows.
Being cynical I doubt you'll be taking any of the above to heart given that you are probably just shilling or trolling - where the truth or rational arguments aren't actually relevant.
Nope small companies just can't compete at cloud level.
They would have to build several DC's with all the costs, have to buy all the equipment in at near normal pricing and then pay the staff.
They may have 10 staff looking say after 100 racks, where as Amazon may have 10 staff looking after a 1000 racks.
Nope small companies just can't compete at cloud level.
They would have to build several DC's with all the costs, have to buy all the equipment in at near normal pricing and then pay the staff.
Well given the number of data centres HMRC currently operate, Amazon will be having to build several new DC's in the UK to satisfy the HMRC requirement: "We need resilience in data centres and we need someone who can hold that data for us."
Which raises the question whether part of the deal is that Amazon takeover a few of HMRC's datacentres.
It's only a bad thing if you can prove it. Which can get tricky when commercial sensitivity trumps disclosure. Or it should be a simple decision because AWS doesn't (for tax purposes) make any money in the UK. And if it's bought this business at a loss (Finance can do that), it would be an even more tax efficient deal. And if anyone complains, well, a 150% increase to put the deal on par in an equally efficient (not tax avoidance) manner wouldn't be in the public interest now, would it? And competitors are free to use the same tax strategies as Amazon, because HMRC believes in a level playing field, and treats SMEs and multinationals with armies of lawyers the same way.*
But both carefully selected partners share similar flaws, ie US disclosure requirements, and getting your systems & data into AWS/Azure is easier than getting it out again. So much for government 'open source'. The IRS will no doubt be happy if they can subpoena UK tax records from Amazon US though, especially for an US nationals living & working here who're trying to escape their clutches.
*Yes, that was sarcasm..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
