Under Trump 2.0, Europe's dependence on US clouds back under the spotlight Europeans are starting to worry that US companies’ dominance of the cloud represents untenable risk. In a recent blog post titled "It is no longer safe to move our governments and societies to US clouds," Bert Hubert, an entrepreneur, software developer, and part-time technical advisor to the Dutch Electoral Council, …
This is the problem with the cloud. You are using someone else's computer. They (and to some extent their governemt) have control over it. You have some, but if they decide to block your access, you can't do an awful lot. If they turn it off for any reason, you can't do a lot.
This was bad enough before Trump, I don't trust Trump to not just add access charges or block every company in the UK because Kier Starmer has pissed him off..
One of the few good things to come out of Trump being elected is that the American mask has slipped and everyone is being forced to reassess their vulnerabilities to political mechanations
Global economies and commerce chains will come out better for the painful experience, but make no mistake it IS painful and fraught with risk that the economic bullets will turn into physical ones
...there is no talent in govt, so you get lowest common denominator decisions.
Trump and Musk switching America to the dark side highlights the rationale for Pi PCs and for proper non-cloud, non-AI software with applications and data held locally.
I'm sure Musk will eventually get around to 'maximising' US cyberspace by taking back control of data on US turf. Once governments have ruined everything they can offline, they move to ruining it online.
Europe (and elsewhere) will eventually sort itself out, after getting screwed over a few dozen times.
No talent in government? No, there are plenty of talented and conscientious public servants. They just don't have PR firms telling citizens how wonderful they are, they way so many private firms do. How many minutes out of every television hour are spent on ads?
But I agree with the rest.
Ah, we're kinda damned if we do, damned if we don't here - when we do (say) video interviews, we're asked for full transcripts; and when we provide full transcripts, it's a pain for some people.
We've done our best to make it readable but sometimes, when some of our vultures have a lot of other work on, we have to ship what we've got - and in this case, we shipped this as a full-length interview. There is a summary at the start if you can't read it all.
Also if there is anything confusing in it, feel free to drop us a note to corrections@theregister.com and we'll fix it up best we can. Cheers,
C.
Nothing wrong with transcripts, nothing wrong with how it reads, and there is no ambiguity about what an utter shit show this is. Birmingham city counsil anyone...
Like we could argue the toss about enviromtal impacts on how we went from tape to disk to cloud...(cough... music industry ah mp3's cough)... I don' know what impact this had ecologically... but these are goverments, that "potentialy" could end up not owning their data...
The great data tax doge tarif?
Are you in uni/gov. procurement perhaps?
"Ohh please don't do this .... " ... what it's not packaged right...? No fancey jingle...oh horrer it's different ...WOW thats what you came here to comment on?. I'll wager my hat it was people with the same sort of sentiment's as your's, that deep sixed the the open frame works project's in Munich in 2015...
"Ah... erm.... ohh it dosnt have a ribbon on it"
Europe (and the island that flatters itself as a "bridge") are slowly realising that, in the wake of The Orange One, they need to look to their own (and Ukraine's) defence.
Maybe even more slowly they will come to see the need for European "clouds", "social media" and the like.
Zuck, Musk and Bezos are already the Triumvirate of Trumpistan.
It's not as if superior FOSS bug-compatible substitutes for M$ didn't already exist.
The UK needs to work more closely with the French on defence, our SSBNs should be able to launch French missiles for example. We should have had a joint carrier program, France can't afford more than 1 and no ship builder is willing to build only a single ship, we had to make design cuts to afford 2.
Not sure what you mean, Eurofighter, like Tornado before, was actually a success. Yes, there were delays and cost overruns, but that's par for courses for large scale defense programs even when there aren't multiple nations involved.
It also shows that, technologically, Europe has the capability to build highly advanced weapon systems despite spending a lot less than the Americans for their boondoggles.
Just look at the mess that the JSF program has been pretty much since invocation. And that's for a program where technology is completely US controlled. Europe would have a hard time to do worse on its own.
"Eurofighter, like Tornado before, was actually a success"
I'd argue that. Started in 1979, first flight in 1994 and into actual operational use with the RAF in 2007.
In the mean time the French dropped out and built the Rafale, first flight 3 years before Eurofighter and into service some 6 years before. Its carrier capable, unlike the Eurofighter.
Its a non-stealth aircraft trying to compete in the era of stealth. It was designed as a cold war era interdictor with ground strike tacked on later.
Now the JSF is a very special case. The plane has to satisfy multiple services within the US armed forces, which has rarely worked in the past (F-111 A and B variant amongst others), and has to fulfil the roles of many very different aircraft. They want a single plane that is an A-10, F-16, Harrier and F-22 rolled into a (supposedly) common platform and for it to be used by the USAF, USMC, Navy, RAF, IDF plus others. At least the Eurofighter started with a one to many relationship rather than the JSF many to many.
You do have to wonder how you can flat spin an F35 vertically into the ground. That report will make interesting reading, if it ever gets released!
With that 1979 date it looks like you are including the technology development programmes like the Active Controls Technology Jaguar and Experimental Aircraft Programme.
The French were in and out of the early stages of the programme and had a specific need for a Carrier Aircraft that the other nations didn't - this created compromises that the other nations didn't want. Once they had got all the technical data out of the programme the French left to do their own thing (which some consider to have been their plan all the time) and the remaining partners needed to re-adjust the programme.
The remaining programme also had to deal with the politics of a multi-nation programme - as well as the changing situation brought by the re-unification of Germany which particularly affected that partner.
Most of the Eurofighter nations already had a strike aircraft (Tornado - another programme considered a success), so prioritizing Typhoon's interdictor role was a natural choice, the swing role of Typhoon was always a consideration and not just "tacked on".
Flat spins are a nasty situation to find yourself in. F-14s had a bit of a reputation for being susceptible to this - until they got their Digital Flight Control System upgrade. The double engine flame-out crash of the DA6 Typhoon ended in an inverted flat-spin with the airframe pancaking into the ground. So it is not a totally surprising end to a bad day - the circumstances leading up to it are usually more "interesting".
"The remaining programme also had to deal with the politics of a multi-nation programme"
Which is the exact issue initially pointed out. The programme suffered as it was multi-national with everyone wanting something different and special. Which is why I'm sceptical that any European group initiative to replace something we currently get from the USA will take decades of bickering and not work very well.
The Tornado was originally an interdictor, just turned out that it was a pretty darn good strike aircraft too.
The F-14A was plagued by the engines which had a nasty habit of compressor stalling at the wrong moment. You'd think with all the added electronics to make the airframe more stable a modern jet should not do similar. The F-14 computer was still very impressive for its day.
The problem with the Eurofighter and Rafale are not so much about the difficulty of political agreement, but rather that they all wanted to make a superiority fighter for prestige. But then they failed to produce a successor to the AlphJet, and no drone, no long-range observation plane, no close combat support aircraft ...
If the Europeans had decided that some do an interceptor, some the trainer, some the close air support, some the attack helicopter, some the transport aircraft ... we could have many superbe specialty aircraft, instead of these expensive half-baked one-size-fits-all fighters.
So what is your view on the Eurocopter Tiger and Airbus A400M. MBDA are producing some decent kit as well.
I agree that spending levels and priorities in Europe do not favour military projects and circumstances tend to give different nations different strategic priorities.
Buying from the US is not without its problems - even if you are buying off-the-shelf. Getting in on future development is even more challenging. The US even has problems with its internal projects with state representatives holding out for more spend in their state. Even European countries on their own have internal politics to contend with as the lamentable state of Germany's armed forces bears witness to.
Collaborative European projects are not without their unique challenges, but there are many successes and Europe does need to sort itself out as a bloc. Spending priorities in Europe have not favoured military spending and that is possibly the biggest challenge.
Tornado was good for dashing off into the skies above the North Sea, launching missiles at some unfriendlies, and getting out of range of any return fire, but it was hardly a fighter. It was a successful programme that satisfied the needs of those that operated it.
Electronics is used to allow relaxed stability/unstable airframe designs which confer a number of advantages. But the electronics requires effective controls in order to do their thing. It can keep you out of the danger zones of the airframe during controlled flight giving you carefree handling. But if you have a problem like engine(s) out you have a limited amount of time before you start losing control due to lack of electrical power, lack of hydraulic power, and/or lack of airspeed. Once you have lost control the airframe will do its own thing, such as finding one of its stable modes (e.g. a flat spin) until the flight ends.
>They want a single plane...
From memory, that was a cost-cutting Conservative government demand: it would be so much cheaper only to have one multi-role airplane than have several top-notch role specific aircraft...
About the only thing we did get right was the 2012 Olympics...
Probably because the UK government was only a half-hearted collaborator...
Remember, for decades the eurosceptics, mainly in the Conservative party, did much to sabotage UK-European relations and some saw the UK's role in the EU to do whatever was necessary to ensure it was ineffectual... Now Europe has a reason to pull together, the UK only needs to decide whether it wants a major part in a re-invigorated Europe, or be a non-entity part of the USA, most likely with a lesser status than Puerto Rico.
This can no longer be done, from a UK perspective. History tells us this just doesn’t work out for us.
When the UK needed to defend its own ships during the Falklands, Thatcher requested the kill codes for the French Exocets. Mitterrand directly refused. As a result, French-sold aircraft fired French-made missiles at HMS Ardent and HMS Sheffield, sinking one and causing the greatest loss of naval lives since WW2. This was the UK relying on its *ally* in war, help which would have cost the French nothing.Thatcher then asked Reagan for help who *gave us the Exocet codes (!) from US intelligence penetration of French military. This prevented the loss of two further UK naval ships.
We *cannot* mount French missiles in UK navy, and then rely on them. Just can’t do it.
Just so it’s clear: with all this wiffle about NATO, and maybe if Ukraine joined that would stop Russian aggression: in 1982, a country attacked the sovereign territory of one NATO member (UK) who asked another NATO member (France) not even for military aid, or not to arm the enemy, but just for *intelligence* about arms they’d already sold the enemy*. And France refused. Tell me how the U.K. should protect French military interests again because NATO?
It might help to know that technically it’s not “a kill-switch”. The Exocet seeker has a somewhat-deliberate defeat method, which can be executed/spoofed by any capable EW suite with the appropriate information. If you doubt its existence, then consider that after it was provided, an Exocet was fired at HMS Exeter and was defeated…..the official story is that they shot it down with their 4.5inch naval gun. A sea-skimming missile at 700mph vs manually-aimed gun firing at 25rpm (nothing like a CIWS Phalanx), whose firing-solution software was designed to hit ships. In 1982 It’s way harder to hit than a supersonic Silkworm, because sea-skimming. That’s about as realistic as defeating an assassins bullet by shooting it down with your own pistol.
Your link quotes Magoudi’s book (apparently he is the “problematic, uncorroborated source”) disagrees with what I told you. Magoudi says that Mitterrand did give the codes under pressure. Whereas I’ve told you that Mitterand refused, we had to rely on Reagan for that. The publically available sources who mostly concur what I’ve told you, are a book by Pierre Razoux (French defence official), and a separate book by Mark Urban based on 30-yr rule declassified info. My information does not rely on either of those. So, from your POV problematic maybe, but certainly not uncorroborated.
Regardless of the source, the reality of the situation is obvious. We live in a very fragile world that is way too dependent on the internet, cloud services and the dominance of US involvement in their functionality The nature of change means you should never have all your eggs in one basket.
Hmmm, you actually contradict yourself there, case you didn't notice.
Had France zapped the Exocets on UK say-so, who's to say it wouldn't zap French-sourced missiles on UK warships on someone else's say so? You sell gear to someone kinda means you ought not to backdoor it on a 3rd party's behalf.
Plus, the situation is a bit more nuanced than you claim here https://www.bbc.com/news/magazine-17256975
One could argue that we've been all too happy to outsource our collective defence to the USA since the end of WW2. Having a US base on your territory is good for the economy.
It has been the case for DECADES that the USA has been the dominant force in the UN and NATO. Trump has finally made Europe sit up and notice. Europe might also finally take a stand over the US meddling in local affairs such as Ukraine. They are all cosy thousands of miles away, just like in WW2, and the lives of Europeans are just images on the TV.
But then Europe did next to sod all after the 2014 annexation of Crimea. Lots of talking, lots of stern words, nothing much else.
Macron faffed about trying to appease Putin in the runup to Feb 2022 and for quite some time after. It was late 2023 before he decided France probably should do something and despite all his bluster in the US recently France is one of the lowest contributors of the major European nations.
Germany was also very reluctant to join as they have been cosying up to Russia for a very long time. Cheap gas and coal had driven the German economy very nicely indeed and now the country is in recession.
The UK has had its 'special relationship' with the US for a very long time and this is why we got dragged into Iraq by Dub-yah and why we were some of the first non-US contributions to Ukraine.
Yes, this is a very long standing politicians and European politicians have been sticking their head in the sand. They are very good at that. They did the same over Russia even after the annexation of Crimea as you pointed out (although according to Obama the reason for that was that they felt there was popular support for Russia in Russian speaking regions).
Trump is getting what he wants with regard to defence. He made it clear he wants to stop subsidising European defence. This was going to happen sooner or later, with or without him. The real threat to the US is China, so they are going to be looking increasingly in the other direction.
Whats new. Our politicians are just as idiotic as American ones, just in somewhat different ways.
"[The draft dodger] made it clear he wants to stop subsidising European defence."
Europe has invested $3.5 Trillion in the US since 2000 alone on the back of this defence "subsidy".[1] That is almost 2/3 of all foreign direct investment. It has been quite a profitable deal for the US.
It will cost the US dearly if the felon in charge succeeds in chasing away all foreign direct investment and all trade
[1] https://www.statista.com/statistics/188884/foreign-direct-investment-from-europe-in-the-us-since-1990/
Let's not forget that after WW2 with the whole lend/lease program and the developments of the cold war, "outsourcing our collective defense to the USA" is exactly what the US wanted! After WW2 Europe had to rebuild and more importantly rearm, and at the same time to keep up with a technological arms race that was moving the goal post at high speed. Plus on top of that often having to make considerable payments to the US to repay wartime loans. Some countries (like France and Britain) had at least SOME means of keeping up with the US, but even they struggled. Many other countries had to either make do with French and British equipment (that they wouldn't be able to get until those countries had built sufficient quantities for their own use and would thus always be behind) or buy it from the US, who was usually more than happy to take their money. US foreign affairs and NATO doctrine were all crafted around the US providing basically the backbone of any defense of Europe. And the US orchestrated it that way deliberately. The US arms industry benefited tremendously.
Should the EU have woken up sooner? Definitely. But I do not believe for a second that the "outsourcing of collective defense" was a move borne out of complacency or lazyness.
The US Gov just needs to instruct DNS hosts to selectively black-hole European queries (both ways). That would probably be the most severe thing that can happen, but there are milder versions which would be incredibly disruptive. Simply using US-based DNS services could scupper European's use of the internet.
I remember a US election where people in UK couldn't even browse US sources of information as it was geo-blocked. US Gov seemed to have forgotten that there are US citizens resident in Europe that needed to make a choice in order to vote. With the current administration I feel that similar reckless changes could be made.
Just remember that in the old days of coups, the first thing the perps did was to take control of the media.
DNS is distributed. European DNS requests rarely go to DNS servers in the US unless it's specifically for a US entity. If the attack you describe just happened to things hosted there, it would have little effect. Even if it extends to any DNS server operated by a US company, that would be more severe because Google and CloudFlare's resolvers are the most often used, but there are lots of DNS resolvers hosted in the EU by EU companies, none of which would have done this. Root servers are operating in many countries. The protocols in use are standard, so at worst, people who used 8.8.8.8 would have to enter a new IP address. Consumer ISP users might not notice, having always used their ISP resolver.
Cloud providers are much more concentrated and are much harder to substitute. However, many of them operate from EU-based subsidiaries, if not EU-based parent corporations to avoid paying as much tax to the US. There is a lot that EU governments could do to prevent damage being done, or at least to make the companies suffer if they complied, and the companies are smart enough to know the risk to their cash flow. I expect that they would resist things likely to antagonize the countries in which their valuable servers and customers are, even if they try to hide that they are doing so.
Just remember that in the old days of coups, the first thing the perps did was to take control of the media.
In the new days of democratic elections, the first thing candidates do is have their friends in the media glorify them and humiliate the opposition.
Water is wet, the bears do their thing in the woods...
Don't feed the monster - Much of US power comes from the vast revenues which are being fed by European countries.
Don't expose all of your transactions or secrets ( political or economic) to the monster by using their software.
Don't position yourselves where your critical data can be withheld at a whim.
Do invest in an EU/UK investment in local software /hardware- A few billion is peanuts compared to the revenue loss outside the bloc.
Don't allow politicians enslave the continent by listening to naysayers.
All of the above has been obvious for a couple of decades, the longer it's left, the harder it becomes - grow a pair!!
Independance from USA is perfectly possible - the technology is stable and well-esrtablished. However, it needs motivation (and of course money!).
I would have thought the sheer idocy of a Trump White House systematuically dismamtling the US laws and constitution is enough of a wakeup call.
I think China and Russia's demographics mean that they are going to wane in influence, so are not as big a threat as the US has become.
If we (and when I say we I mean "western countries that aren't the US") want to survive as an independent body of trading nations, we have to work to cut them out of hte loop. It'll be expensive, but there's nothing we can't do.
Fortunately, one of the most important technologies: semiconductors is not solely in the hands of the US, with the ASML in the Netherlands and TSMC in Taiwan.
There is plenty of software that isn't US licenced.
It's going to cost a fortune - but what's the alternative?
Many of us have pointed out for years that it was never safe to do that. Admittedly the reasons were more to do with reliability and security rather than being reliant on the whims of a megalomaniac, but the same risks always applied.
It was just common sense to have more control over the systems on which you relied. You don't start locking your front door for the first time just because w ell-known burglar has moved into the neighbourhood. If you've had any sense of security you'll always have locked up at night or when you left the house.
"Europeans therefore have good reason to wonder how much they can trust data privacy assurances from US cloud providers amid their shows of obsequious deference to the new regime."
You can trust data privacy assurances from cloud and hosting providers exactly the same amount as you've always been able to trust them, i.e. not at all.
We've been auditing our services recently and looking at whether and which services ought be moved or diversified from US vendors. Obviously we're not going to lift-and-shift on purely ideological grounds. That would be disruptive. But for new services, or small - easily moved - things, then it's certainly a consideration as the year rolls round and contracts or subscriptions are renewed and we look to rebalance our spending.
The most depressing thing as a UK firm is that whilst there are many decent-ish European cloud and mail vendors (OVH, Hetzner, Scaleway, Tuta, etc) there's a real lack of UK providers. If you're a French firm, you could pretty easily turn to an entirely French stack for hosting, cloud services, S3-compatible backup storage, marketing email, etc, etc. Same if you're German or Swiss. We have some in the UK, but not the same diversity that France or Germany have (never mind France and Germany).
This isn't a problem as such - I've no objection using a French or German provider - they have UK regions and so on. But for the "self-serve" experience where you plug in some card details and crack on (akin to AWS/OVH/Scaleway), the UK has surprisingly little on offer (other than a seeming multitude of Plesk/cPanel/Wordpress hosts, which are fine in so far as it goes, but not useful to us).
That's not to say we don't have some good hosts - Mythic Beasts jump to mind. But they're often smaller firms without the scales or hardware choice/availability and it's often a case of requesting quotes, etc on a build-your-own basis, which often end up expensive if you're asking for ones or twos (not speccing out a whole rack of kit, when you've reached the point where the TCO has shifted in favour of ownership and colo vs. renting).
It’s all a matter of proportion, priorities and what comes first. These services are unlikely to vanish overnight. We’re eyeing up alternatives, but replacing Google Workspace (mail, productivity plus identity and SSO) is a hell of a lot more work than getting the devs to point their transactional mail at an EU alternative to sendgrid or mailgun. Some wins are easier than others and there needs to be an ROI (which personally I think we’re at, but the boss… eh. Standard small firm, under-resourced, over-committed, moving services means not doing customer work). And of course there isn’t really an easy replacement for GW and M365. You’re going to end up with separate mail, productivity, identity providers. It’s a big project even for SMEs.
Thinks of the work cloud migrations - pretty sure that was, like outsourcing, purely ideological grounds.
However I'd be looking at a risk based approach and at the moment I don't think it is possible to evaluate the risks and time lines so you've got to start planning now
Given the recent highly publicised meeting between Macron and Trump, and the upcoming meeting between Starmer and Trump, one assumes there has been a lot of conversation between Macron, Starmer, other European leaders, and their teams.
I wonder how they undertook those conversations? Do they all have extremely non-american, extremely secure comms? Or just email a few documents around with Gmail whilst talking on android and iphones? Did Marcon make calls using his phone from his hotel room in Washington on US cellular networks? Given that we already know the Americans hacked and tapped Angela Merkels phone many years back, what else are they spying on their so called European allies with?
It would not surprise me in the slightest if Trump and his cronies know exactly what has been said between the other parties and are fully briefed and prepared to respond to it.
"It would not surprise me in the slightest if Trump and his cronies know exactly what has been said between the other parties and are fully briefed and prepared to respond to it."
Well, they'd only know the parts of those conversations Putin told them about and/or wanted to tell them.
It would not surprise me in the slightest if Trump and his cronies know exactly what has been said between the other parties and are fully briefed and prepared to respond to it.
In normal times, I'd agree with you. With the current disadministration though, I'd argue that the people responsible for the wiretapping are too busy replying to emails about what they did on their holidays and what they had for breakfast to be listening to phone calls, and the people who should be receiving the briefing are too incompetent or egotistical to listen to it anyway.
Trump doesn't strike me as the sort of businessman who prepares for a meeting, he just wings it. He also doesn't like being told "things" too - he'll happily listen to a story to describe a situation to him, or take in a figure that he'll then wildly giganticise for effect, but he doesn't like to be told how to do his deals and I'm sure he'll think that being briefed on what Macron is saying would be too much effort to go to. He also has a short attention span IIRC so probably won't want to read or listen to a long brief.
In normal times, I'd agree with you. With the current disadministration though, I'd argue that the people responsible for the wiretapping are too busy replying to emails about what they did on their holidays and what they had for breakfast to be listening to phone calls
Malicious compliance, you gotta love it.
He also has a short attention span IIRC so probably won't want to read or listen to a long brief.
He can't read and he doesn't listen.
> But if you look at a modern Microsoft desktop, it is actually configured in such a way that it's very difficult to save a file on there that does not go to the cloud. It's actually sort of barely possible to prevent that from happening.
This is total bullshit. Almost none of my work files are in OneDrive, they are all local or on company servers.
Learn basic computer skills like use of File Explorer and the Save dialog and you too can keep your files wherever you want. FFS.
If you want business machines to default to local filleshares when saving, it's doable with M365 but isn't the default - it's GPO job to set the default locations for each program. And it still gives annoying error messages which confuse users as the messages assume the files are on Sharepoint, even when they aren't.
365 also doesn't like stuff being moved between non-365 and 365, especially if done as an email attachment.
Just had fun and games sorting out an Excel spreadsheet containing macros, that Windows decided came from the Internet and then disabled the active content because it was a security risk.
... and it could be cool to get some update on what's happening with Linux at Schleswig-Holstein, along with some results of their experiments with snortical FKK warfare ... inquiring minds! ;O
Because Google, AWS, Apple won't give your data to any US entity asking it under FISA and CLOUD Act? This gut talks extensively about Microsoft - but the problem is across all US companies. More even so they have fully embraced the new dear leader in exchange for less regulations and less taxes.
It's admitedly a bit of a long read, but Bert, Hu Bert (the Bond, James Bond of IT) does say (in this interview): "If the NSA wants to get their hands on the French email or the Dutch email, they're going to get it", and "there's nothing Microsoft and Google and Amazon could do about that" ...
FWIW, FISA is also addressed in the "More Context" reading suggestions, with Richard's "AWS to pump billions into sovereign cloud for Germany" piece.
I think there are two aspects being conflated here. The fact some American cloud providers have attempted to provide European locations in attempt to placate GPDR and other compliance requirements and to compete with 'native' European companies on supposedly the same footing.
Of course the elephant in the room is that various American agencies can (presumably) request the information of interest through the American parent company under the CLOUD Act provision regarding foreign data access. And that is ignoring other underhanded means to obtain such data.
In general, this won't effect most people, or even many companies. There are only some entities that a weaponised GAFA would be an issue for.
The chance of the US government turning off your cloud access, in many cases, is less than a software vendor going TU or a malware attack.
It's the same with MFA and encryption, which needs to be proportionate to risk. 95% of people are not worth the time and effort to hack. There are juicier targets out there. They don't need to strip, lie in their back garden and have a satellite image the number painted on their arse before they can access their Gmail. A password or text message is enough. The remaining 5% should have the good sense to use a more secure service.
So this is a pressing problem for those who may be at risk, but less so for the rest.
That said, I would always advocate the use of local storage over the cloud, proper applications over subscription web services, and no AI over any AI, because you should not really place your stuff at the mercy of anyone else, regardless of who they are. It creates a point of failure that you have no control over and no way of mitigating.
Simple solution, if the Megacorps want our business, they open datacenters in the appropriate regulatory zone and no data gets shared back to US based companies, not the data or the reports based on that data, until the USA becomes a respectable data citizen obeying everybody's laws and that won't happen under Trump or the 3 letter agencies ! As for governments using US clouds, that is just plain stupid and asking for abuse !
There are quite a bit of initatives and regulations along these lines imho, like the IPCEI¹ Cloud project, the French "trustworthy cloud²" strategy, the DSA³ and DMA⁴, the US-EU DPF⁵, and the well-known GDPR⁶, among others. And AFAIK there are plenty of GAFAM datacenters in Europe already (Ireland, France, Germany, Spain, ...), with more on the way ...
I could be wrong but it seems to me then that the issues raised in interview are not so much a lack of datacenters that are physically in Europe but: a) due to foreign ownership of many of them, there is still a risk of data exfiltration, say under "NSA"/FISA directives; b) a big "red button" actuated from abroad could turn these datacenters off without much notice, and; c) "European governments did not have even a smidgen of vision" and made themselves willingly vulnerable to a single supplier and its potential failures (here: Microsoft 365 -- eg. "Microsoft Outlook is a huge source of geopolitical risk").
Then again, that may be exactly what you'all wrote as a "US cloud" (Wolfclaw) could be physically in Europe but operated by a US cloud giant, and a proper EU cloud service (AC) would need to be operated by some EU outfit instead ... So, yeah, maybe Europe wanted to have its cloud and eat it too, and then ended up with neither, so far.
¹-Important Project of Common European Interest, ²-French companies running software licensed from the US tech giants on French servers, ³-Digital Services Act, ⁴-Digital Markets Act (DMA), ⁵-Data Privacy Framework, ⁶-General Data Protection Regulation
You are right about most of these, and I don't think the risk is as high as described. However, the risk would be a lot lower if the EU bothered to enforce any of those things. If GDPR were enforced as written, it would be incredibly scary to all the large companies with massive bank accounts in Ireland that could easily be fined for what they do. When it was passed, they did seem to fear that someone would enforce it, hence all the scrambling to update terms of service documents and stop certain programs. But then nobody ever did anything with it and those programs started back up again. The DMA did get used as a big stick a couple times against Apple, and Apple started to comply, but then someone got distracted, Apple noticed, Apple halfheartedly finished a couple things, breaking them so they wouldn't have much effect, and nobody did anything about them. The many powerful incentives available will do no good if companies assume they'll never be used, and it makes it harder to change their mind and use them once because the numerous examples of everyone else who gets away with violating them can be used to delay or derail the process.
"But then nobody ever did anything with it and those programs started back up again."
Max Schrems initiated court cases and got rulings but every time TPTB here came up with fudges with privacy figleaves so that they didn't really have to do anything to disturb the status quo. As per my comment way above - it's taken a long time for the penny to drop.
"if the Megacorps want our business, they open datacenters in the appropriate regulatory zone and no data gets shared back to US based companies"
I don't think that's how it works. There are enough mechanisms in the US to enable USG to make demands on the parent companies that have to be filled. It would need a complete ownership firebreak to solve that: something like franchises run by European companies with European management and a firm contract that does not oblige the franchisees to respond to such demands. I wonder i there are any lawyers in Washington state familiar with setting up franchise operations including leasing IP etc.
Even then I wouldn't trust the S/W provided not to have backdoors.
"It would need a complete ownership firebreak to solve that: something like franchises run by European companies with European management and a firm contract that does not oblige the franchisees to respond to such demands."
That is *exactly* what Microsoft did several years ago in Germany - they signed a contract for T-Systems (part of Deutsche Telecom Group) to run some services in T-Systems' German data centres on Microsoft's behalf. The contract defined the service offerings that T-Systems ran and specifically gave Microsoft *no* access (neither physical nor remote access) to the personal data stored in those data centres.
However after a couple of years Microsoft shutdown that service offering apparently due to "lack of demand".
However in the past year or so I'm sure I saw that both AWS and GCP did similar deals with (again) T-Systems in German, TIM (or TI?) in Italy, and someone (who's name I've forgotten) in France.
I don't know why we don't have a blanket headline for (at least) the next 4 years, something like, Trump and Musk, wanting to see their name in the news, did something incredibly stupid, probably unconstitutional and probably illegal today. The GOP senators as usual, tried to defend the indefensible.
What's really sad is that still most of the Trump-tards think he's doing great--till, of course, it hits them, e.g., cops "duh, I didn't think he'd pardon the copkillers," Muslims, "Duh, I didn't think he'd be so pro-Israel," union members, etc. As for the suposedly 51% of white women who voted for him, you really are morons and deserve what happens to him if they wish an abortion.
Wonderful interview, right down to the use of the word "obsequious" in the intro! It's sure good to get a critical perspective from a European technologist on how that continent apprehends the current state of cloud geopolitics, and related governance sovereignty.
Hubert's plea for lean software, linked for instance under ieee in the first part of Liam's One Way Forward Homeric allegory (Drowning in code, viz FOSDEM 2024), was also quite interesting imho.
Good reading!
I wonder why this discussion is being started after the fact. About a decade ago it would've been a useful discussion but these days all banks, insurance companies and local and national governments have moved over to one of the three big American cloud providers. Mostly because local government doesn't have the expertise to maintain servers and software infrastructure and because they're all basically small fiefdoms who do as they please.
Many governments have been using Outlook for years and years and there's an almost zero chance they'll switch back to a European alternative, if one exists.
Let me get this right, Trump's pro-America 'America First' policy is so blatant that the Europeans abandon US companies and found their own, thus causing the pro-American policy to become an anti-American policy.
Are we Europeans to understand that breaking away from our US colonial masters (Micrsoft, Google, Meta, the US Military etc.) is a good thing for us to do?
The US is really screwing with the globalists. Suddenly sovereignity is in fashion again.
This exemplifies the problem with globalism, you get a bad government in and we're all screwed including former leaders. However, in this case I think the US under Trump are not the bad guys, we are! Or rather the bureaucracy that has been lying to us. We're in the Truman show people, you just haven't worked it out yet, some of you never will. And when I say Trump is not the bad guy, I mean he is not as bad as his predecessors or our governments, not that he is an angel.
So why is Europe in this situation?
Ask yourself why all the contracts “continually” go to the big US tech companies?
Because all the MP’s and bureaucrats giving out the contracts own massive amounts of shares in the tech companies. They make lots of noise about the US in public but are all getting filthy rich from your tax money.
Or, perhaps, for the same reason that these major cloud and software providers are major everywhere else: they have a bunch of products that are easy to get in to and hard to get out of. It is easy to decide you need a device management system, you've got Windows machines, you'll use Microsoft's software. Now that you're doing it, changing to anything else runs into the problems that the alternatives have fewer features and you'll be spending a lot of time and money to get to the same place you are now, so it gets put off. It's easy to decide you need email, calendars, and shared documents, so you'll sign on with Google Workspace. It's hard to get all your data out of that and transferred to somewhere else. It's hard to find somewhere else that could take all that data if you did transfer it, meaning you're either switching to another company that's quite similar or you have to set up several replacement services instead of one.
There is a website https://european-alternatives.eu/ that lists all the european alternatives to a range of things. AWS S3 alternatives, Registra alternatives.
The problem though is cost. They're not all competitive of pricing. The cost only matters given the risk you're willing to take of course.
Great link! Hubert does make the point though, that aside from financial cost, there's also a kind of cost of habit from users (and/or moat), say: "we just don't want to change. We would like to just get Microsoft Office but without Microsoft", and "if you are in the Microsoft ecosystem, you could jump ship to Google, but that is extremely painful", or even "users say, ‘I must have the original, real Microsoft’".
Tech solutions exist, financial costs may be overcome (eg. with volume discounts), but users ... they're the real tough ones imho!
It depends. If the big cheese knows enough about computers to know what he wants (i.e. is the user who has to be persuaded)) and it's Microsoft or nothing then it will be Microsoft. If the big cheese isn't interested in computers as such but is insistent on following a government policy (if that's what this leads to) then the users will have something that's not Microsoft put in front of them and hat's what they'll use.
But we did tell you so.
"We" in this case being sysadmins, net admins, in-house developers and all the other folks who actually understood these risks way better than the suits in the executive suite.
We warned about it when IT operations were outsourced the first time around. Upper manglement ignored the warnings because it saved money, forgetting the adage that you can only have two of fast, cheap or good. And when you outsource it, you don't get to pick which two any more. A lot of enterprises got burned. I, personally, made a fair stack of cash contracting on projects to bring operations back in house at a few places.
We warned about it again when the idea about saving money by outsourcing the storage infrastructure to the cloud came along. We got exactly the same pushback from exactly the same folks. It was cheaper so they were going to do it. All our arguments about putting our company's crown jewels in somebody else's control fell on deaf ears.
Along came the rapacious feature creep of software "subscriptions" and SAAS, where you weren't even running your applications locally, and we warned about that too.
So yeah. We told you so. And we don't even get to enjoy the schadenfreude, because we're working our behinds off trying to mitigate these risks and fix the mess - those of us that didn't just shrug our way into retirement or weren't laid off as part of the "savings."
It took a long time, but European countries begin to realize that De Gaulle was right after all.
To reduce costs I got a mate to host one of our web sites, and one day without warning he deleted it. My associates said I'd been stupid to hand it over to him, and they were right, but when corporations and governments do the equivalent on a much larger scale that seems to be an "ideal solution". Maybe someone can explain why?
the solution is to classify certain technologies as being essential and therefore subject to open transfer for a license cost. so Entra becomes a product that a small EU provider can license and deploy in their cloud. same for AWS S3 API, etc. All technologies that Cloud monopolies use can be deemed essential and open and portable. China was able to do this with android, the EU can do it with other Global tech. If they don't license it becomes free. No takes backsies. I believe Gaia-X started down this road before becoming bogged down in process. There is also precedent in how social media now allows portability of data even if there is nowhere to go, and classification of companies importance to the digital economy via the DMA
China didn't do that to Android. Chinese companies took the open source code for AOSP and used it, and they weren't the only ones. It is much harder to do that to something that isn't open source, especially when, if you do it as an element in a trade war, the country where it is based can retaliate against you by taking, and possibly publishing, any important software a company operating there has.
In addition, your example doesn't need that. Any cloud provider who wants can use AWS-compatible APIs for almost everything. The number of places that have S3-compatible storage systems should make this clear. The reason they haven't done it for everything else is that S3 is a simple API and other services aren't. You can reimplement all the APIs that exist for AWS Lambda, but nobody wants to, especially as it makes it easier for their customers to leave them as well because why would they ever write for the private API rather than the standard, easily movable one?
The American government believe they own the planet and dictate to the world who has access to your data.
All data that matters to me is on servers situated in my premises and an Amsterdam-based failover.
The US gov can go do one if they try to get access.
Europe - East and West - is as big as America. Why the fcuk are we letting dictators like Trump tell us what to do?
Sorry if that's a bit intemperate but I'm sick and tired of an overgrown child babbling on about how "great" America is.
Note that I'm talking *government* here - I've got nothing against the American people. You all seem to be decent folks.
"Europe - East and West - is as big as America. Why the fcuk are we letting dictators like Trump tell us what to do?"
Easy, because all the European dictators are too busy arguing amongst themselves. Every country in Europe has its own vested interest (don't forget France still has the remains of its empire!) and every eurocrat in the leviathan that is the EU wants their particular views to be the correct and ultimately winning views.
This is quite a good vid: How Can the EU Become a Global Superpower?
https://www.youtube.com/watch?v=4aOmsQ9Pl4g
And we are now learning that USAID may have been funding political change in Europe.
"All data that matters to me is on servers situated in my premises and an Amsterdam-based failover."
You know what you're doing so can understand where the risks lie. People who run corporations and governments are very important, don't know what they're doing and won't lower themselves to ask people like you so they continue to not know what they're doing so they make the big mistake: they believe what the salesman tells them, which includes getting rid of people like you. It's taken a long time for them to realise that they've got into a vulnerable situation that can't be easily unwound and they now need people like you but you're no longer on the books.
Assuming that Europe now moves to reduce their reliance on US tech there will be no replacing that highly lucrative market for US businesses. They must know that Putin isn't gonna let them in no matter how much their president buddies up to him. Meanwhile other regions will be acutely aware of what's going on and will act accordingly.
So it seems likely that we have now reached the high water mark of US tech dominance. What will happen to the share price of US tech firms once that reality settles in?
Surely it's a great time to get involved in a European start up.
Following the link in Friday's update about the EU data bundary I came across this:
"With the completion of the boundary, our European commercial and public sector customers are now able to store and process their customer data and pseudonymized personal data for Microsoft core cloud services"
That seems to exclude non-pseudonymized personal data. Is this me being too sceptical about gaps in Microsoft's statements or is that covered by "customer data"?
And is all this set at naught if MS receive a demand under the CLOUD Act?
Yes, EU Data Boundary means nothing if Microsoft gets a demand from US authorities under any US law (not just CLOUD Act or FISA).
EU Data Boundary (which encompases data centres in EU and EFTA) also does not mean that data in the EU Data Boundary will not be transferred out of the Boundary. As Microsoft itself states transfers will continue: https://learn.microsoft.com/en-us/privacy/eudb/eu-data-boundary-learn.
Check e.g. the sub-pages "Continuing data transfers for all services" and "Continuing data transfers for specific services".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
