Microsoft admits under oath it can't protect French data from US government access.
Microsoft admits under oath it can't protect French data from US government access.

Microsoft can't protect French data from US government access

Microsoft admits under oath it can't protect French data from US government access.
Microsoft can't protect French data from US government access
If this doesn't get the French state to get Microsoft and US tech out of all their public offices, I don't know what will.
The national Police is planning to renew all the computers not supported by windows 11 while our Gendarmerie (same thing but different) is using Ubuntu since approximately 17 years. The head of Polytechnique signed a deal with microsoft to put restricted zones on o365. We are not there yet and it is a fucking shame. All the usual state contractors are hand in hand with microsoft so I don't see any move in the close future. It could be easy to fine the USA companies into oblivion because they can't respect GDPR but the EU is too submissive for that.
If it makes you feel any better, Microsoft can't protect US data from Chinese access either.
It’s the same with Chinese companies. In the past we thought that the US was benign but not any more.
Well then, time to start fining them under GDPR.
They can be fined if they actually use the data wrongly. However, them admitting is already important. It should be very obvious to anyone that there is not such thing as 'European enclaves' in these hyperscalers. Even if they host the data in Europe, unless it is an european company that does not have to comply with the US state, then the data is available to the US government.
Microsoft is a scummy company. Go Linux!
Linux is my favourite operating system company
This is why I'm migrating all the servers I own to EU data centres owned by EU companies. It's insanely hard to get enterprises off the big 3 cloud providers, but for the smaller clients I support they don't know why difference and in the long run it ends up saving then money
Which ones are you using? I only have worked with hetzner, ionos and ovh, with mixed results.
I've used Digital Ocean, Hetzner and OVH just because they're cheap. It depends on your expectations.
I like Hetzner, what kind of issues did you have with them?
Hetzner VMs generally, there are a couple of issues I've needed to workaround like private IP assignment with terraform, but other than that, if you're comfortable deploying a k8s cluster yourself, just throw things on the cluster. The VMs aren't the fastest but they give the biggest bang for your buck.
I'm currently experimenting with scaleway, but the cost is pretty high, so I'll probably just migrate over to dedicated machines in hetzner and add more machines as the cluster grows
Do you know if there is a community of devops/admins/devs who are doing the same? I am interested in doing the same thing.
Not as far as I know, but the self-hosting community is generally moving over to VM runners and off the vendored solutions, any cloud provider can give you those.
Scaleway gives the most was style of services like managed kubernetes, FAAS, managed gateway etc. you pay for the convenience though.
Fuck Microsoft but aren’t there data residency laws that say French data must be stored in Europe?
So that way, when push comes to shove, no country has their data hosted on enemy servers?
I’m not saying companies follow this, but I always thought they made these laws as part of GDPR.
Fuck Microsoft but aren’t there data residency laws that say French data must be stored in Europe?
The problem with U.S. companies operating in Europe is the CLOUD Act. It doesn't matter where the physical servers are located, if the U.S. Government wants access to the data, U.S. Based companies are required by law to allow it.
I work for a french public owned company in transport. The whole company uses Microsoft 365, "sysadmin is an idiot and I don't trust his password system" [ editing done] etc... Oh yeah, no one thought about cleaning up the system so copilot's here all right, just sipping in the corner.
We are truly f***d .Doesn't matter whom attacks, the US, China, Russia, indépendants. They can paralyse this transportation network in a snap. And I know it's far from a lone example.
The french public services are hopeless as far as computing and basic security is concerned. There are a few times when they struck genius and got productive, secure services out, but day to day companies that are the infrastructure of the country itself are hopeless.
Yes BUT, the US government can fine them whatever they want / threaten contracts / revoke their ability to do business in the US.
Ultimately their ability to function in the US is largely dependent on them doing whatever the fuck the government wants. If forced to choose between the US and EU, they're almost always going to choose US.
I really dont think that it matters if the data is in Europe. If the company is American then it will not matter. The data must be in Europe AND the company must be also European, this way it can not be forced by the US to do anything.
Ohlala, quelle surprise...
🦎 Intensified German Lizard noises
I mean that's been known since the Snowden leaks
Hopefully this will get something moving
I highly doubt that this will get anything moving: In 2020 the European Court of Justice already invalidated the Privacy Shield agreement with the US for precisely this reason.
The majority of EU-companies however just continued to use US services despite the fact that user data could be accessed by the US government at any time, contrary to EU data protection regulations, and even without a court order (patriot act and such). No effective penalties - or more like no penalties whatsoever - were imposed on those companies that simply ignored the ruling.
The end result was that the EU entered into a new agreement with the US, the EU-US Data Privacy Framework (DPF) – just a new name: nothing has changed. European users' data on US servers is still not protected in accordance with European law.
This statement only confirms what has long been known - nothing has changed.
So I can't see why the EU would change course now, unfortunately. They could have years ago for the same reason but didn't because, well, money...
I mean, they cant really blow up their entire infrastructure. They would be smart to force industry to cycle things out and give them a deadline but it will be expensive and slow going and the second the conservatives get power they will undo it all.
I was thinking of government internal software moving away from microsoft. Denmark, a German state and a French city are already doing it
It's going to happen on some scale eventually. The earlier we get the USA traitors off our data the better.