Microsoft admits it would have to let Trump spy on EU data if demanded

⁨842⁩ ⁨likes⁩

Submitted ⁨⁨3⁩ ⁨weeks⁩ ago⁩ by ⁨octopus_ink@slrpnk.net⁩ to ⁨technology@lemmy.world⁩

https://www.techradar.com/pro/microsoft-admits-it-would-have-to-let-trump-spy-on-eu-data-if-demanded

source

Comments

Sort:hotnew top

TomMasz@piefed.social ⁨3⁩ ⁨weeks⁩ ago
There's no telling if that hasn't already happened. Europe needs to drop Microsoft ASAP.

source
- takeda@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
  Microsoft said this, but this likely applies to AWS and GCP too.
  
  source
  - Gumus@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Check out Hetzner, a German cloud provider. Established, reliable and way cheaper than AWS.
    
    I know migrating is nigh impossible for most large apps, but creating a new one on AWS/GCP/Azure is so shortsighted.
    
    More people need to know about alternatives.
    
    source
    -> View More Comments
  - boonhet@sopuli.xyz ⁨3⁩ ⁨weeks⁩ ago
    And OCI. Any US based company is subject to the CLOUD act.
    
    source
- artyom@piefed.social ⁨3⁩ ⁨weeks⁩ ago
  
  ~~Europe~~ Everyone needs to drop Microsoft ASAP
  
  FTFY
  
  source
- lemmy_outta_here@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Canada, too. For the last two years, Canada has entrusted sensitive statistical information to Microsoft. We should be treating MS with the same skepticism we currently reserve for Huawei.
  
  source
- comador@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Germany and a handful of other countries have been moving to Linux over the past decade. Betting the rate of uptick speeds up now though.
  
  source
OutlierBlue@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
Anyone wonder where your country’s health records about all their citizens are stored? I’m guessing it’s all on either MS, AWS, or Google. That means Trump could get access to your medical history.

This is important because of his attacks on LGBTQ people, vaccines, autism, and who knows what other nonsense he wants to persecute.

And here in Canada the Liberal government is putting forth bill C-2, which opens up even more access to the US to get even records stored in Canada by Canadian companies.

eff.org/…/canadas-bill-c-2-opens-floodgates-us-su…

Feel safe yet?

source
- Daefsdeda@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
  I am from the Netherlands and work at a hospital, we exclusively use Microsoft software.
  
  source
  - Damage@feddit.it ⁨3⁩ ⁨weeks⁩ ago
    Here in Italy all family doctors use Gmail for safety data regularly
    
    source
    -> View More Comments
- lemonskate@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Only if they aren’t using customer provided encryption keys (is using blob/bucket storage) or an equivalent approach to encryption at rest, and make sure they’re doing standard TLS for encryption in flight.
  
  It’s absolutely possible, and standard for any decent organization, to build their cloud architectures to fully account for the cloud provider potentially accessing your data without authorization. I’ve personally had such design conversations multiple times.
  
  source
  - cley_faye@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    It is possible. The question is, is it done often, and is it done on hardware you can trust. I’m somewhat confident if I run my services on bare metal, the provider would have a hard time getting my encryption keys, although it’s not impossible even in this situation. How many people do so with VPS and managed instances, where snooping around the runtime and exfiltrating data unbeknownst to the user is trivial?
    
    Also, beyond that, how many fall for the convenience of things like SSE, whether it’s with customer provided keys or not? That should be a red flag, but people find it oh so convenient.
    
    We’re bound to see stuff bubble out where “we did all the right things” boils down to clicking a checkbox in some web UI and be done with it in the future.
    
    source
- smiletolerantly@awful.systems ⁨3⁩ ⁨weeks⁩ ago
  In the case of Germany: confidential computing tech ensures all data is encrypted in storage and in memory, shielded even against data center employees / hosting providers. I imagine that’s become the standard for most countries.
  
  source
  - cley_faye@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Hmm. Policies might say so. Not every business follow policies, whether they are their own or imposed ones, though. Business going all “it’s ok, our provider have the correct certifications for data handling” are definitely a thing.
    
    source
    -> View More Comments
- NigelFrobisher@aussie.zone ⁨3⁩ ⁨weeks⁩ ago
  Actually it’s all in Palantir, so we’re totally safe with this non-villain coded company.
  
  source
Auli@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
So how are American companies any different then Chinese? Everyone always says Chinese companies have to listen to their government. Never got how American companies would be any different.

source
- MysteriousSophon21@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  They’re not different at all - the CLOUD Act (2018) and FISA courts already gave the US govt near-complete access to American tech companies’ data regarldess of where it’s physically stored, we just don’t talk about it as much as we do with China.
  
  source
- buddascrayon@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  Until this abomination of a law, the US was different. But the GOP is quickly adopting every fascist idea they come across.
  
  source
  - DreamlandLividity@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    
    Until this abomination of a law, the US was different.
    
    Press X to doubt.
    
    source
    -> View More Comments
  - MellowYellow13@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    No they werent lmfaooo
    
    source
  - kent_eh@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
    
    Until this abomination of a law
    
    The “patriot” act would like to have a word with you…
    
    source
    -> View More Comments
  - jjlinux@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
    Is this still earth 50? Because Luthor is still president (with an orange tan and a toupé).
    
    source
- eugenevdebs@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
  One is Chinese (bad, stinky) one is American (good, freedom).
  
  Both are authoritarian shitholes that violate the freedoms of its citizens.
  
  source
  - camelbeard@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Time to listen to this banger again
    
    youtu.be/_WTBkj8gFfI
    
    source
DeathByBigSad@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
Can EU please make an open source phone?

We have linux for computers, but we need a “linux” for phones (yes I know Android uses Linux Kernel, I’m talking about like a Libre Non-Google OS)

source
- Gsus4@mander.xyz ⁨3⁩ ⁨weeks⁩ ago
  I have another question: why do some eras seem to be so free for technology to evolve and so open to new entrants to create their designs and why do other eras feel like a billionaire trap and enclosures for consumers? The 80s/90s felt great for technology, but today it feels like they all want to take anyone’s capacity to do anything beyond being a dumb paying consumer away…like they’re covering all possible outcomes to come out enslaving everyone. Why didn’t they do that in the 80s/90s? Am I looking at the past with rose-tinted glasses?
  
  source
- octopus_ink@slrpnk.net ⁨3⁩ ⁨weeks⁩ ago
  I’m holding my breath for the pinephone to be ready for primetime. I check in on it every so often to see what the current buzz is.
  
  source
- bigmamoth@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  U have several fork of android some are great. The issue is I need google service for a lot of proprietary app like uber, banking app etc. Linux phone exist but without an appstore it s useless
  
  source
  - Nalivai@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    That’s kind of the point. UE could theoretically demand some Linux support from banks. It wouldn’t be a popular decision at first, but the consumer protection agency is capable of that, banks are capable of that, and it would help a lot.
    I don’t think it would happen, it’s cheaper for banks to lobby against it than do a bare minimum, lobbying is cheaper than anything, but still, neat idea.
    
    source
- TheGreyGhost@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  Does Graphene OS fit that description?
  
  source
  - 18107@aussie.zone ⁨3⁩ ⁨weeks⁩ ago
    It only works on Google Pixel phones.
    
    There are other operating systems, and some more open (but more expensive) manufacturers like Fairphone and PinePhone.
    
    source
    -> View More Comments
emax_gomax@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
I thought gdpr forced companies to store data securely in the eu. Are they saying they’ll transfer that data to the us to give Trump access, cause that’s a gdpr violation and should result in fines and eventual removal from the eu market.

source
- x00z@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  The CLOUD act and GDPR do indeed not work together.
  
  source
- noxypaws@pawb.social ⁨3⁩ ⁨weeks⁩ ago
  The first sentence and the first paragraph of the article:
  
  even if that data is stored overseas
  
  source
- OutlierBlue@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
  
  and should result in fines
  
  Hahaha should
  
  source
- cley_faye@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  There are provisions. I don’t remember the exact name of it, but basically, the US says “yah, these business are legit ok, you see?” and the EU is like “oh, ok, deal”. This includes the big providers and a handful of others, obviously.
  
  And yes, it is a farce.
  
  source
- Auli@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
  It’s still on their servers. They just give government access to data.
  
  source
comador@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Does this also mean Microsoft would allow China to spy on the US if asked?

Reference: arstechnica.com/…/microsoft-to-stop-using-china-b…

source
- octopus_ink@slrpnk.net ⁨3⁩ ⁨weeks⁩ ago
  My assumption for many years now has been that the answer to any question involving MS giving access to your data is “yes.”
  
  source
ArmchairAce1944@discuss.online ⁨3⁩ ⁨weeks⁩ ago
I have been saying this for more than a decade. Shit like this is why privacy laws and stuff regarding warrants and other stuff need to be expanded to private entities as much, if not more so, than government agencies. In the past the idea of a company having that much access to people’s information was unthinkable, and in almost everyone’s mind it was governments we needed to be worried about.

But that hasn’t been true since the 90s at least with credit cards being used for most stuff and internet purchases being the norm for almost everything.

Governments in the past needed something to ask for permission to look into you… but companies never did, and since the only thing governments need to do is either buy it or ask nicely it makes many protections kinda moot. The fact that many countries want a strict surveillance state over everyone means even the classic protections we had for a brief while are disappearing, too.

If there ever is a 2nd enlightenment with protections for people it needs to make the stuff written in the 18th and 19th century look like children’s toys in comparison.

If you say ‘but what about terrorism and bad people?’ Look around you. They still exist and still rarely get caught unless they fuck up badly. Most of the time it still due to informants and people talking to authorities. In the US the murder rate resolution is only 50% (and that is just arrested and charged, not convicted) and this is because there is a massive distrust of the police. In other countries people are more likely to assist the police and/or they take their jobs far more seriously in terms of forensics… and on top of that they usually have a far lower murder rate which allows more time and resources to be funneled into solving major crimes.

Better to let 100 guilty men go than 1 innocent person convicted is the usual motto, but they don’t believe that in practice. In reality they are very much kill them all and let God sort out his own. And we can’t keep allowing that shit to happen.

source
Njos2SQEZtPVRhH@piefed.social ⁨3⁩ ⁨weeks⁩ ago
If the EU doesn't combine forces to get out of this tech-dependency, than what do we have the EU for? I am a big fan the EU, it's doing many things for us already, but I'm really hoping we can work our way out of this together, and I hope we choose the FOSS-route so that we significantly help the world forward

source
- raspberriesareyummy@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  I think our problem is a mix of corruption and tech illiteracy in the European parliament. People are either too deep in the pockets of silicon valley, or they are lazy fucks who don’t understand anything about computers and are unwilling to learn, so they keep believing “Windows is easier”.
  
  source
Wolf@lemmy.today ⁨3⁩ ⁨weeks⁩ ago
It’s weird that this was something that Microsoft would have to admit, considering “The CLOUD Act” has made this mandatory for all US based companies anywhere they operate in the world. This has been a law since 2018.

source
01189998819991197253@infosec.pub ⁨3⁩ ⁨weeks⁩ ago
I mean. They’re a USA company. Of course they would be required to follow the laws of the country in which they HQ. Did anyone think anything different?

source
- trismegistos@infosec.pub ⁨3⁩ ⁨weeks⁩ ago
  This ist what data sovereignty is for.
  
  source
- Vinstaal0@feddit.nl ⁨3⁩ ⁨weeks⁩ ago
  Well pretty sure local laws here say that certain data should stay within the countries borders (like data from accounting firms) so I hope they also encrypted everything to prevent this carrot from accessing it.
  
  source
  - 01189998819991197253@infosec.pub ⁨3⁩ ⁨weeks⁩ ago
    It’s encrypted, I’m sure. But I highly doubt it’s e2ee. It’s likely as the eula alludes to (end to server to end). So… accessible by MS.
    
    source
    -> View More Comments
Gerudo@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
So we all agree that “if demanded” ANYONE’S data can be spied on. Doesn’t matter where.

At least it’s finally admitted to out in the open.

source
einkorn@feddit.org ⁨3⁩ ⁨weeks⁩ ago
How is that news? The CLOUD Act is law since 2018.

source
- octopus_ink@slrpnk.net ⁨3⁩ ⁨weeks⁩ ago
  I’m guessing the admits part.
  
  source
  - x00z@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Continuing to do business in the US after the CLOUD act already implied enough.
    
    source
  - uranibaba@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Didn’t Microsoft say not too long ago not to worry, because they didn’t have to give access to data?
    
    source
redlemace@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
well… there is self-hosting too

source
zebidiah@lemmy.ca ⁨3⁩ ⁨weeks⁩ ago
YEAR OF THE LINUX DESKTOP, LETS GOOOOOOOO!

source
kleingartenganove@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
As an EU citizen, I don’t find the idea of the US government having access to my data nearly as frightening as the idea of my own government getting into my accounts.

source
- Ste41th@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  What f the US decided to share info in the data on your accounts to your government?
  
  source
  - Grass@sh.itjust.works ⁨3⁩ ⁨weeks⁩ ago
    isn’t this part of how the [insert number] eyes works?
    
    source
    -> View More Comments
lennee@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
suck my arch btw

source
MetalMachine@feddit.nl ⁨3⁩ ⁨weeks⁩ ago
How much you wanna bet they already do and have been doing for years? They already spy on the rest of us, why is this any different?

source
- Patches@ttrpg.network ⁨3⁩ ⁨weeks⁩ ago
  
  Years
  
  Bruv, the United States government could get any information they wanted if it was stored on US Soil since the dawn of the US. The only thing stopping them was effort.
  
  source
PalmTreeIsBestTree@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
No one is safe anywhere…

source
Geodad@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Of course they would. That’s why I quit using their software.

source
ComradeRachel@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
Why are there no major competitors outside the USA? Is there no “Silicon Valley” in the EU?

source
- archchan@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
  Because the one in the US is working out so well for humanity right?
  
  Fuck Silicon Valleys. Use and support open standards and software.
  
  source
  - ComradeRachel@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
    I mean yes duh but wouldn’t it be great to have European owned data centers running Linux?
    
    source
MisterFrog@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
It’s SO funny how apparently for almost 20 years we (as in the west outside the USA) decided that using Chinese cloud platforms or networking hardware was dangerous and to be avoided, but private US companies? Nothing to see here!

Silver lining of the orange man is that maybe countries will wake up and smell the digital sovereignty that we sorely lack.

source
appropriateghost@lemmy.ml ⁨3⁩ ⁨weeks⁩ ago
lol any EU bureaucrat who thinks otherwise is either a useful idiot or themselves compromised?

source
LordGarmadon@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Suprised Pikachu

source
FreedomAdvocate@lemmy.net.au ⁨3⁩ ⁨weeks⁩ ago
It was the same for Biden, why did no-one care then?

source
- Liberal_Ghost@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  Yeah I wondered the same thing. That cloud act went into effect in 2018. Haven’t seen anyone try to change it in the last 6 years
  
  source
- octopus_ink@slrpnk.net ⁨3⁩ ⁨weeks⁩ ago
  Goodbye!
  
  source
  - semperverus@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    Listen, I’m extremely anti-trump but the guy has a point. Evil things can be evil regardless of who is in charge, but we only seem to care when the narrative shifts in certain directions. Why didn’t we care about this back then?
    
    source
    -> View More Comments
flop_leash_973@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Then those EU firms should immediately make getting out of anything and everything Microsoft. As a US citizen, all our government and companies understand is personal profit and personal data hording. So make it hurt where they will feel it.

source
pfizer_dose@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
And I’m assuming anywhere else that microsoft operates (the entire world) would be the same too, no? I don’t know why this rhetoric would be specific to the EU.

source
Amoxtli@thelemmy.club ⁨3⁩ ⁨weeks⁩ ago
I trust Microsoft.

source
pineapplelover@lemmy.dbzer0.com ⁨3⁩ ⁨weeks⁩ ago
Well some of those countries are part of 5 eyes, 9 eyes, and 14 eyes

source
pewgar_seemsimandroid@lemmy.blahaj.zone ⁨3⁩ ⁨weeks⁩ ago
we’d just cancel their trademark then

source