The UK Government has drawn criticism amid plans to award a £300 million contract to Amazon for the storage of highly-sensitive biometric data.
Concerns over Amazon’s contract award cast a light on the Government’s cloud contract framework, which critics suggest is not providing opportunities to small and medium-sized (SME) businesses.
The Home Office is assessing how it can combine police and immigration biometric databases, which contain sensitive information including DNA, facial recognition data and fingerprints. Under proposals by the government department, a combined platform could be used by law enforcement in the future; with the passport office and border force personnel also being granted access.
According to The Telegraph, suppliers are being shepherded toward Amazon’s AWS cloud business, despite there being bids tabled by US companies, which include IBM, Leidos and DXC Technology.
Amazon’s cloud business has emerged as a major industry player in recent years and is expected to grow significantly over the next decade.
- Paul Winstanley: The Public Sector can be the Catalyst for Helping SMEs Scale
- DIGIT Movers & Shakers: April 2019
- UK Gov Backs Plans to Change How Scientists Access NHS Data
Speaking to the publication, David Davis MP considered whether there has been a “covert instruction” to prefer Amazon over rival bidders during the tender process.
“I see no objective reason for it,” he said. “There might be one, but it’s not obvious to me.” Davis added that the Home Office should lay bare “what exactly is going on” and the logic behind current processes.
Tim Colman, head of the Federation of Small Businesses (FSB), said: “The process appears to be flawed and, in the case of some of the cloud services, detrimental to British SMEs, which of course, therefore, damage the Government.”
Despite claims that AWS will likely secure the deal, the Home Office insists the contract for its biometrics contract is still open to applications. A spokesperson for the Home Office insisted that it considers all bids that “meet the technical requirements set out in the contract” and that it “does not stipulate the use of a certain hosting provider”.
The spokesperson added: “All contracts are awarded on the capability of the supplier to meet the requirements and provide value for money.”
Weighing into the debate, a spokesperson for AWS told The Telegraph that additional concerns over the storage of sensitive biometric data are unfounded and that citizen’s data “does not move without their consent.”
The company said: “When customers, including the UK Government, use AWS they always own their data, their data stays in the AWS Region they choose, and it does not move without their consent. They can choose to encrypt their content for added security and content that has been encrypted is rendered useless without the applicable decryption keys.
“Because AWS has a world-class team of security experts, monitoring systems 24/7 to protect customer content, UK Government departments are choosing AWS for their most sensitive workloads.”