Comment by hyghjiyhu
7 hours ago
If the data center is operated by a "trusted subsidiary" as the article mentions and everyone in key roles is a French citizen with no connection to the US then there is no one to give a gag order.
In practice the US HQ could mandate a security update that secretly uploads all data to the US but that's a whole other can of worms that I don't think anyone is ready to open.
the data center which runs software written and controlled by the US companies and likely has a 24/7 software related support team which is distributed across the world....
in a modern cloud dater center you don't need someone physically plugging a USB stick in a server, you just need a back door in a cloud software stack many times the size then any modern operating system which often even involves custom firmware for very low level components and where the attacker has the capabilities to convince your CPU vendor to help them...
... a backdoor that is a necessity anyway, because it is constantly used to upgrade the cluster software.
>In practice the US HQ could mandate a security update that secretly uploads all data to the US but that's a whole other can of worms that I don't think anyone is ready to open.
incredibly ambiguous/unsatisfying sentence. if this french hearing is concerned about french data security, then asking a question about your "in practice" is exactly a can of worms the french would like to open.