NGO: Our values are peace love and solidarity!

Me: Could you stop using Google docs?

NGO: But its so coooonvieeenient

Mastodon, I need your help! As more European countries and orgs look to ditch US technology and move to sovereign or open source alternatives, I'm trying to track these efforts.

So far, I've found more than half a dozen government agencies, cities, orgs, that are embracing digital sovereignty but want to hear about other examples that I've missed. Who else should I be adding to this?

Here's a list of what I have so far:

*Edit: This list is now on Proton Sheets, as I should have seen that coming*

https://docs.proton.me/sheet?mode=open-url&token=EG60KWHEDG&linkId=JnZzdChtiOV5FlG3GkJNcuUXn55S6jH59La_pFtdHaC-A0Fu0I5v4vbOrD6zTZUa-x6JD-qG-C7AGIhus3pnhw%3D%3D#7P2AL5m6PPzT

#digitalsovereignty #opensource #europe #tech

RE: https://social.openrightsgroup.org/@openrightsgroup/116403024808284896

The USA now considers it a national security issue if foreign countries DON'T permit free cross-border data transfers and don't make use of US cloud services for sensitive information.

The UK is fully compliant with America's wish to have access to its data, and the UK govt's continued refusal to drop US cloud services and data companies like Palantir and Oracle effectively makes the UK a client state.

De afgelopen periode hebben we gewerkt aan een meetlat waarmee je de digitale autonomie van je applicatielandschap in kaart kunt brengen. Vandaag hebben we die als @utrechtuniversity publiek beschikbaar gesteld.

Digitale autonomie is meer dan "weg bij big tech". Het gaat over geopolitiek, lock-in, weerbaarheid, contracten en academische vrijheid en nog veel meer.

Het Digital Autonomy Assessment Framework (DAAF) maakt dat inzichtelijk. #digitaleautonomie

https://www.uu.nl/nieuws/universiteit-utrecht-stelt-tool-beschikbaar-voor-meten-kwetsbaarheid-digitale-autonomie

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec