Cloud Hosting

The Government is considering putting a police cache of tens of millions of child abuse images onto Amazon's cloud network, in a move privacy advocates warned would introduce new risks for the highly sensitive data-set.

Documents seen by The Telegraph show the Home Office has launched a study into uploadingthe "child abuse image database" onto the cloud. The database was set up in 2014and is comprised of millions of images and videos seized during previous operations.

Up until now, the images have only been accessible within police premises given they have been deemed "incredibly sensitive".

However, accordingto studydocuments, there have been a"number of limitations and concerns" in having thedata-set only accessible on physical sites.

The Home Office is looking into what the challenges would be in creating a copy of the images and then putting them on a cloud server, the documents said.

Such a move would likely prompt concerns over whether the database would be at higher risk of being stolen by criminals, given previously physical access has had to be granted.

A report released last year by cyber security firmPalo Alto Networks suggested there were tens of millions of vulnerabilities across cloud server providers, with these at risk of exploited by hackers to gain access to uploaded material although that same report said the fault did not lie with cloud providers themselves, but the way their systems were used.

The Home Office appears to have held initial conversations with Amazon Web Services, the cloud arm, over the database.

Amazon's cloud servers already play host to some of the most sensitive police data, with the company having been chosen as a supplier for the police super-database set up recently, which combined criminal conviction records withintelligence information. The companyisamong the biggest investors insecurity and compliance.

It is thought the feasibility study is being conducted as a "fact-finding" exercise, and that there are currently no plans to upload the images.

However, in the documents, it said such a move would bring more flexibility, as currently police cannot access the data remotely. The Home Office declined to comment.

Privacy advocated raised concernsover whetherimages of child abuse required even more protections, given they would be a "high value target".

A spokeswoman for Privacy International said the move would remove physical access controls and introduce a "different set of risks to what is a highly sensitive database".

"As the Home Office increasingly turns to cloud providers to hold sensitive data which would constitute a high value target, the public needs a great deal of reassurance."

The group urged for a consultation to be held with children's charities and those with technical expertise into whether the risks outweighed the benefits.

"Some of the justifications for such a move include a desire to facilitate remote access to the database and permit 'innovation activity'. This indicates that a broadening of access to a greater number of individuals outside the police, which is a clear cause for concern," the spokeswoman said.

Follow this link:
Government proposal to put police child abuse image database on the cloud raises hacking fears - Telegraph.co.uk