<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2038511469714819&amp;ev=PageView&amp;noscript=1">

Security risk: Federal police store data on Amazon servers

5 Mar., 2019

Police footage on Amazon servers? Apparently this is not a problem for the German Federal Police. After all, Amazon is currently the only provider in Germany to provide a cloud solution, according to the Federal Police Headquarters. However, it remains unclear how exactly these sensitive operational data of the so-called bodycams will be secured.

 

Polizei_Bodycam_800x800The Ministry of the Interior confirms that the data is encrypted and stored exclusively on servers in Germany. Accordingly, the German data protection standards are adhered to. However, the ministry does not provide any further information on the type of encryption and whether US authorities can access the servers. The Patriot Act and Freedom Act allow American authorities in particular to access the servers of American companies. This way, NSA and CIA can secretly gain access to sensitive data.

A bitter aftertaste is also left behind by the fact that Amazon sells facial recognition software to American police authorities, which are then used for the evaluation of the bodycam recordings. So it seems a little strange that Amazon of all things should manage the Bodycam recordings of the German police.

Even though the Ministry of the Interior assures that the recordings are encrypted, it is unclear how this is done. The simple principle applies here: whoever has access to the cryptographic keys and controls the encryption process has potential access to the data. Only an comprehensive encryption solution such as the eperi Gateway, which supports AWS and encrypts the data not only in transit, but also at rest and in use, really offers security here. According to Amazon, the recordings are stored encrypted in the Amazon cloud. But in contrast to the usual solutions in which the cloud provider has access to the cryptograhic keys or controls the encryption process, with the eperi Gateway only the customer is in control over the cryptographic keys and the encryption process. Because only those who have the cryptographic key have access to the data. So it wouldn't matter whether the recordings of the federal police are stored in the Amazon cloud - neither attackers nor American authorities or even Amazon administrators themselves could use the data.

 

Share Button: LinkedIn Share Button: XING