← Back to context

Comment by dathinab

6 hours ago

Until this happened MS was still going around trying to convince lawyers to use their Cloud and telling them that there is no issue.

Including certain contractual "standard"(1) agreements which would make some of their higher management _personally_ liable for undue data access even under Cloud act from the US!!!

(1) As in standard agreements for providers which store lawyer data, including highly sensitive details about ongoing cases etc.

So you can't really trust MS anymore at all, even if personal liability (e.g. lying under oath) is at stack. And the max ceiling for the penalties for lying under oath seem less then what you can run into in the previous mentioned case...

You also have to look a bit closer at what it even means if "the french MS CEO swears they are complying" it means he doesn't know about non compliance and did tell his employees to comply and hired someone to verify it etc.

But the US doesn't need the French CEO to know, they just need to gain access to the French/EU server through US employees, which given that most of the infra software is written in the US and international admin teams for 24/7 support is really not that hard...

And even if you want to sue the French CEO after a breach/he (hypothetically) lied he would just say he didn't because he also was lied too leading to an endless goose chase and "upsi" by now the French CEO somehow is living in the US.

And that is if you ever learn about it happening, but thanks to the US having pretty bad gag orders/secret court stuff the chance for that is very low.

So from my POV it looks like MS has knowingly and systematically lying and deceiving customer, including such with highly sensitive data, and EU governments about how "safe" the data is even if it lead to personal legal liabilities of management.

And I mind to remember that AWS was giving similar guarantees they most most likely can't hold, but I'm not fully sure. Idk. about Google.

Oh and if you hope that the whole Sovereign Cloud things will help, it wont. It's a huge mage pretend theater moving millions over millions into the hands of US cloud providers while not providing a realistic solutions to the problem it is supposed to solve and neglecting local competition which actually could make a difference, smh.

1 comment

dathinab

Reply
impossiblefork  6 hours ago

The max penalty for things like this is actually life inprisonment though. If you, to aid a foreign power without authorization gather certain types of information, it's espionage.

There wouldn't be any lawsuit. If you do this kind of things you get arrested, get a trial and then you are in prison forever.