veroandiMay 26
mc.fly

The dutchies have a centralized identity that you are using to basically interact with everything government. That contains pensions and health related issues.

This is called DigID. It is run by a company called Solvinity an was was supposed to be taken over by a U.S. company called Kyndryl.

The dutch cabinet (= government) has now blocked this takeover.

I think the topic of souvernty is slowly landing in the right heads. I guess also ... thank you @bert_hubert and everyone else making noise there๐Ÿ™‚

https://nltimes.nl/2026/05/26/netherlands-blocks-us-takeover-digid-operator-solvinity-security-concerns

#infosec #cybersecurity #souveraeneInfrastruktur #sovereignty #digid

May 26 at 11:10amWeb
Show threadWooShellMay 26
@mcfly @bert_hubert NB: Kyndryl isn't just "a US company", it's what was formerly known as IBM Business Consulting Services.. so heavily entangled with the Big Tech industry and government across the ocean.
Show threadGin KangarooMay 26
@mcfly
๐Ÿ’ช Thank-you @bert_hubert . I really appreciate the work you do.
Show threadbert hubert ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ช๐Ÿ‡บ๐Ÿ‡บ๐Ÿ‡ฆMay 26
@GinevraCat @mcfly "a cast of dozens" had been making noise, and I'm happy to say politics decided to pay attention!
Show threadmc.flyMay 26
@bert_hubert i changed my post slightly, i guessed already several were involved but i have not been explicit.
@GinevraCat
Show threadMark RotteveelMay 26
@mcfly @bert_hubert That is an oversimplification. DigiD is run and hosted by Logius, a Dutch government organization, in a government datacenter, but it is hosted on a platform that is supplied, administered and maintained by Solvinity (in said government datacenter). So DigiD is not owned nor run by Solvinity, but given they supply and administer the *underlying* platform, there are some risks inherent to Kyndryl buying Solvinity.
Show threadmc.flyMay 26

@mrotteveel That is correct and i did not want to get into too much details there.

But you are right.
@bert_hubert

Show threadEvertMay 26

@mrotteveel @mcfly @bert_hubert Not in a government data center. Solvinity uses Equinix data center. FISA 702 applies ๐Ÿคฆโ€โ™‚๏ธ.

https://www.noraonline.nl/wiki/Overheidsdatacenter

Overheidsdatacenter - NORA Online

Show threadMark RotteveelMay 27
@eje_koster @mcfly @bert_hubert Maybe Solvinity uses Equinix in general, but DigiD is hosted by the government, see https://www.logius.nl/actueel/digid-en-blijft-nederlands ("Het platform waar DigiD op draait wordt geleverd door Solvinity en draait in een overheidsdatacentrum." or "The platform running DigiD is supplied by Solvinity and runs in a government datacenter").
Logius | DigiD is en blijft Nederlands

De aankondiging van Solvinity, leverancier van clouddiensten voor de overheid, heeft geleid tot vragen in de media en de Tweede Kamer. Logius begrijpt die zorgen en benadrukt dat DigiD Nederlands is en blijft.

Show threadbert hubert ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ช๐Ÿ‡บ๐Ÿ‡บ๐Ÿ‡ฆMay 27
@mrotteveel @eje_koster @mcfly the actual servers are maintained and accessed by Solvinity.
Show threadMark RotteveelMay 27
@bert_hubert @eje_koster @mcfly Yes, and I said that in my initial post.
Show threadPhosphenesMay 26

@mcfly @bert_hubert

I don't know how much this has sunk in around the world, but the current US administration is fully criminal. It does not respect any law or boundary it can break.

That includes any US corporation they have any power over, which is basically all of them.

Run, don't walk, away from any dealings with them, as if your life depended on it. Your data is not safe, your infrastructure is not safe, your lives are not safe.

Show threadThomas Fricke (he/his)May 26

@Phosphenes @mcfly @bert_hubert

RE:https://23.social/@thomasfricke/116641368107417833

I try to avoid the Cassandra effect

Thomas Fricke (he/his) (@[email protected])

At DevOpsCon in Berlin I will give a talk on why you MUST include digital sovereignty into your risk assessment. This is not the "everything is said, but not by everybody" kind of talk. This is the "get the fuck out of it" kind of talk. https://devopscon.io/devsecops/digital-sovereignty-resilient-cloud-risk-assement/ #digitalsovereignty #security #devsecops #devops #kubernetes #cloud

23
Show threadmc.flyMay 26

@thomasfricke
Nice. I want the slides :-)

@Phosphenes @bert_hubert

Show threadThomas Fricke (he/his)May 26

@mcfly @Phosphenes @bert_hubert

You will get them. Will be created one day ahead. Normally I write them on the way to the event. But this time I will cycle

Show threadJanMay 26
@mcfly
Big shout out to @stasdigi as well
Show threadPeet TerluinMay 26
@mcfly @bert_hubert As I understand it DigiD does not CONTAIN pension and health or any other data. You use it when you login to online systems to identify yourself. It only "gives" the online systems your BSN/"social security number" with the assurance that it is actually you.
The damage that could be done by taking down this platform would nevertheless be huge, since a lot of systems rely on the DigiD for the logins.
The systems you can login to do include pension and health related systems.
Show threadmc.flyMay 26

@christoffel66
Yes, this is "only" the identity provider.

But his is a big "only" because it - as you correctly said - means the whole health- and pension world will become harder to access if this identity does not work anymore.

Besides a lot of other stuff. Like paying taxes, a lot of the government services etc etc.

So if you can take down the identity provider you basically take down the services behind it.

@bert_hubert

Show threadMichele AdduciMay 26
@mcfly @bert_hubert and then in Germany many large not-European firms work with digital identity and eHealth applications
Show threadWenzel MassagMay 27
@mcfly I wish the German government got the memo finallyโ€ฆ
Show threadmc.flyMay 27
@stairjoke yeah we all do. Even if i live in NL now I still really on that country to work properly.
Show threadManuel 'HonkHase' AtugMay 27

@mcfly @bert_hubert KRITIS secured in .nl.

Congrats ๐Ÿ‘Œโค๏ธ