WilbertNov 30
bert hubert 🇺🇦🇪🇺🇺🇦
Anytime you see Microsoft or any US company state the CLOUD Act is not such a big deal for Europe, do ask them if they can reassure us on FISA 702 and EO12333 as well. You will not get an answer. Here @edri sets it out nicely: https://edri.org/our-work/promises-unkept-the-eu-us-data-privacy-framework-under-fire/
Promises unkept: The EU-US Data Privacy Framework under fire - European Digital Rights (EDRi)

A decade after Snowden’s revelations — and despite public outrage — surveillance and mass data collection continue under the EU-U.S.

European Digital Rights (EDRi)
Nov 29 at 11:39amWeb
Show threadFazal MajidNov 29

@bert_hubert @edri well, the one time a MS executive was testifying under oath to the French legislature, we got a crystal-clear answer:

https://www.theregister.com/2025/07/25/microsoft_admits_it_cannot_guarantee/

Sadly my alma mater opted to recontinue its Office 365 contract. Sadly, Trump and Vance's disdain for a pusillanimous Europe unwilling to assume the burdens of sovereignty is no less galling for being richly deserved.

The answer more savvy outfits like AWS are peddling is Confidential Computing, i.e. AMD TEE, but that does not protect against Denial of Service (as happened to the ICC), and the opacity of the implementation does not guarantee there aren't NSA backdoors in it.

Microsoft admits it 'cannot guarantee' data sovereignty

Updated: Under oath in French Senate, exec says it would be compelled – however unlikely – to pass local customer info to US admin

The Register
Show thread波鉄 (Hatetsu)Nov 29
@fazalmajid @bert_hubert @edri Most importantly of all, there's a ton of research out there saying these things don't protect against physical attacks, ie. that while they might protect you from other tenants, they don't protect you from the people in control of the actual hardware
Show threadâ  â µ avukoNov 30

@HaTetsu @fazalmajid @bert_hubert @edri

If you in any way put the key (management) to your encrypted data in the hands of someone else, you made yourself a ransom victim.

The power to destroy a thing is the absolute control over it.

— Frank Herbert, Dune

Show threadQuantumNov 29
@bert_hubert @edri In automation you should never depend on agreements outside automation. Hacking is also forbidden, yet there are plenty of hackers. Protect yourself with automation! In case of this subject: Put your data on servers that you can control. Specifically governments should do so with our private information.
Show threadKevin Karhan Dec 1

@bert_hubert @edri OFC #CloudAct and other #Cyberfascism by the #USA is as much of a concern and risk as any #cyberfascist demands the "#P.R." #China, #Russia, #KSA or #India mandate...

  • CloudAct is inherently incompatible with #GDPR or even #BDSG and I hope @noybeu with @maxschrems will make it abundantly clear in court and get judges to accept this reality!
Show threadBonneDec 2
@bert_hubert @edri Just wondering….. As a Dutch citizen, can I object to having them put my data in the US?
Or do we just have to accept this, given the risk assessment by the Belastingdienst?