Comment by csense
5 hours ago
This applies to any company, doesn't it?
Your home country can tell you "Give us your data" and you have to comply.
"I will never give up customer data" is a very tough promise to keep, if the government threatens you with your business license being revoked, your servers and domains being forcibly seized by the police, and you personally going to jail.
(Under the current US administration, we can add "A close examination of the immigration status of all foreign nationals employed by your company, followed by probable deportation or jail" to the list of potential consequences for resisting the government.)
The trick is to collect as little data as possible and to get rid of what you need to collect as quickly as you can. This is in direct opposition to the practices of companies like Microsoft which wants to spy on their users and profit from the data they collect though.
There's also an open question of how possible it is to run a system that doesn't collect/store data in a way that makes it possible to be collected by the government. The US government can force companies to compromise their systems or shut down their services if they refuse. In the past they've even threatened that shutting down a service instead of compromising it could still get operators in legal trouble.
At this point anyone who wants to keep the US government out of their data should avoid using any US company.
This is why I still prefer Signal; this practice seems to be their modus operandi even though they, too, were affected by AWS us-east-1 catastrophe
Well this is especially significant because Microsoft is currently building a sovereign datacenter in France (nicknamed "Bleu"). I'm wondering what the consequence of that testimony will be.
https://blogs.microsoft.com/on-the-issues/2025/04/30/europea...
> This applies to any company, doesn't it? Your home country can tell you "Give us your data" and you have to comply.
Not all countries have an equivalent to the USA CLOUD Act.
Of course. But what if the holding lives in a country that don't enforce this (or is too weak to). Then all the subsidiaries are really sovereign from the host country perspective.
It seems the solution is ages old. Don't have the holding incorporated in an empire...
How would this work in practice? If the empire wants to get at your data, why do you think it would shy away from pressuring a country so weak that it can't afford to enforce this on their companies?
Then the empire just says that they want the data or you won't be allowed to operate in the empire, which would be bad for profits and anger shareholders.
Well yes but that is all the more reason for EU entities to use EU companies for data storage.
That's not so. In a democratic state of law, the police can not unilaterally decide to seize you servers, and the politicians cannot tell the police to do so. Separation of powers is a thing.
Nice theory, that even on US isn't really working nowadays.
What would stop them from doing that?