So how are American companies any different then Chinese? Everyone always says Chinese companies have to listen to their government. Never got how American companies would be any different.
Until this abomination of a law, the US was different. But the GOP is quickly adopting every fascist idea they come across.
Until this abomination of a law
The “patriot” act would like to have a word with you…
People keep forgetting that.
Until this abomination of a law, the US was different.
Press X to doubt.
It’s like he selectively forgot about the Snowden leaks
Is this still earth 50? Because Luthor is still president (with an orange tan and a toupé).
No they werent lmfaooo
They’re not different at all - the CLOUD Act (2018) and FISA courts already gave the US govt near-complete access to American tech companies’ data regarldess of where it’s physically stored, we just don’t talk about it as much as we do with China.
One is Chinese (bad, stinky) one is American (good, freedom).
Both are authoritarian shitholes that violate the freedoms of its citizens.
I have been saying this for more than a decade. Shit like this is why privacy laws and stuff regarding warrants and other stuff need to be expanded to private entities as much, if not more so, than government agencies. In the past the idea of a company having that much access to people’s information was unthinkable, and in almost everyone’s mind it was governments we needed to be worried about.
But that hasn’t been true since the 90s at least with credit cards being used for most stuff and internet purchases being the norm for almost everything.
Governments in the past needed something to ask for permission to look into you… but companies never did, and since the only thing governments need to do is either buy it or ask nicely it makes many protections kinda moot. The fact that many countries want a strict surveillance state over everyone means even the classic protections we had for a brief while are disappearing, too.
If there ever is a 2nd enlightenment with protections for people it needs to make the stuff written in the 18th and 19th century look like children’s toys in comparison.
If you say ‘but what about terrorism and bad people?’ Look around you. They still exist and still rarely get caught unless they fuck up badly. Most of the time it still due to informants and people talking to authorities. In the US the murder rate resolution is only 50% (and that is just arrested and charged, not convicted) and this is because there is a massive distrust of the police. In other countries people are more likely to assist the police and/or they take their jobs far more seriously in terms of forensics… and on top of that they usually have a far lower murder rate which allows more time and resources to be funneled into solving major crimes.
Better to let 100 guilty men go than 1 innocent person convicted is the usual motto, but they don’t believe that in practice. In reality they are very much kill them all and let God sort out his own. And we can’t keep allowing that shit to happen.
As an EU citizen, I don’t find the idea of the US government having access to my data nearly as frightening as the idea of my own government getting into my accounts.
What if the US decided to share info about the data on your accounts to your government?
isn’t this part of how the [insert number] eyes works?
Pretty much, basically the country’s involved will share loads of intelligence with each other and data will be a big thing they’ll share.
Does this also mean Microsoft would allow China to spy on the US if asked?
My assumption for many years now has been that the answer to any question involving MS giving access to your data is “yes.”
How is that news? The CLOUD Act is law since 2018.
I’m guessing the admits part and of course Trump is the current (quite jutified) bogeyman.
Didn’t Microsoft say not too long ago not to worry, because they didn’t have to give access to data?
Continuing to do business in the US after the CLOUD act already implied enough.
I thought gdpr forced companies to store data securely in the eu. Are they saying they’ll transfer that data to the us to give Trump access, cause that’s a gdpr violation and should result in fines and eventual removal from the eu market.
and should result in fines
Hahaha should
There are provisions. I don’t remember the exact name of it, but basically, the US says “yah, these business are legit ok, you see?” and the EU is like “oh, ok, deal”. This includes the big providers and a handful of others, obviously.
And yes, it is a farce.
The CLOUD act and GDPR do indeed not work together.
The first sentence and the first paragraph of the article:
even if that data is stored overseas
It’s SO funny how apparently for almost 20 years we (as in the west outside the USA) decided that using Chinese cloud platforms or networking hardware was dangerous and to be avoided, but private US companies? Nothing to see here!
Silver lining of the orange man is that maybe countries will wake up and smell the digital sovereignty that we sorely lack.
It was the same for Biden, why did no-one care then?
Goodbye!
Listen, I’m extremely anti-trump but the guy has a point. Evil things can be evil regardless of who is in charge, but we only seem to care when the narrative shifts in certain directions. Why didn’t we care about this back then?
I haven’t used a Microsoft product in my personal life in twenty years. One of the primary reasons for that is that I don’t trust them with my privacy. People (gestures broadly at the tech space) have been expressing similar sentiment for decades.
We are not a monolith, and some people have cared about these things while others have not.
For those who only just began caring, I find it entirely reasonable that when the top of the pyramid wasn’t Trump, someone who there are a great many reasons to distrust, they weren’t as worried about it.
If you didn’t care about it until recently, only you can answer the question you have asked.
All of which is far more of an answer than the sheer whataboutism merited.
Oh I most certainly cared back then, just felt like nobody wanted to listen to me. Full Linux, grapheneos stack with no google play services, no Microsoft, nearly free of google (replacing gmail is going to be a monumental task, but it’s my last one).
I think my point is kinda that the whataboutism poster I blocked might have needed a reminder that the idea that “no one cared until it was Trump” is just another pro-Trump attempt to rewrite history, and untrue on the face of it, because it has never been difficult in the age of MS dominance to find knowledgeable people expressing these concerns.
However, and going back to my original comment and my underlying frustration that I’ve entertained this whataboutism for this long, like all examples of whataboutism it’s nothing but a waste of time where we all circlejerk about how of course we all cared about it even before Trump while simultaneously failing to call out the original statement of “no one cared until Trump” as the obvious bullshit that it is, on top of being whataboutism.
So now I get to walk away smugly congratulating myself for how thoroughly I’ve exposed the whataboutism and the bullshit, meanwhile all the time you and I spent thinking about and typing this could have been spent thinking up creative methods of civil disobedience, or otherwise doing something more valuable than impotently demonstrating what an inane point was made in the first place.
So next time, I’m just stopping at Goodbye, and the downvoters can fuck themselves.
Edit - typo or two corrected.
Yeah I wondered the same thing. That cloud act went into effect in 2018. Haven’t seen anyone try to change it in the last 6 years
So we all agree that “if demanded” ANYONE’S data can be spied on. Doesn’t matter where.
At least it’s finally admitted to out in the open.
Anyone wonder where your country’s health records about all their citizens are stored? I’m guessing it’s all on either MS, AWS, or Google. That means Trump could get access to your medical history.
This is important because of his attacks on LGBTQ people, vaccines, autism, and who knows what other nonsense he wants to persecute.
And here in Canada the Liberal government is putting forth bill C-2, which opens up even more access to the US to get even records stored in Canada by Canadian companies.
https://www.eff.org/deeplinks/2025/07/canadas-bill-c-2-opens-floodgates-us-surveillance
Feel safe yet?
In the case of Germany: confidential computing tech ensures all data is encrypted in storage and in memory, shielded even against data center employees / hosting providers. I imagine that’s become the standard for most countries.
Hmm. Policies might say so. Not every business follow policies, whether they are their own or imposed ones, though. Business going all “it’s ok, our provider have the correct certifications for data handling” are definitely a thing.
I am from the Netherlands and work at a hospital, we exclusively use Microsoft software.
Here in Italy all family doctors use Gmail for safety data regularly
Only if they aren’t using customer provided encryption keys (is using blob/bucket storage) or an equivalent approach to encryption at rest, and make sure they’re doing standard TLS for encryption in flight.
It’s absolutely possible, and standard for any decent organization, to build their cloud architectures to fully account for the cloud provider potentially accessing your data without authorization. I’ve personally had such design conversations multiple times.
It is possible to do things correctly. The question is, is it done often, and is it done on hardware you can trust. I’m somewhat confident if I run my services on bare metal, the provider would have a hard time getting my encryption keys, although it’s not impossible even in this situation. How many people do so with VPS and managed instances, where snooping around the runtime and exfiltrating data unbeknownst to the user is trivial?
Also, beyond that, how many fall for the convenience of things like SSE, whether it’s with customer provided keys or not? That should be a red flag, but people find it oh so convenient.
We’re bound to see stuff bubble out where “we did all the right things” boils down to clicking a checkbox in some web UI and be done with it in the future.
Of course they would. That’s why I quit using their software.
I mean. They’re a USA company. Of course they would be required to follow the laws of the country in which they HQ. Did anyone think anything different?
This is what data sovereignty is for.
Well pretty sure local laws here say that certain data should stay within the countries borders (like data from accounting firms) so I hope they also encrypted everything to prevent this carrot from accessing it.
It’s encrypted, I’m sure. But I highly doubt it’s e2ee. It’s likely as the eula alludes to (end to server to end). So… accessible by MS.
Their EULA can’t break our national law, so it can still be e2e encrypted and not accessible by MS
While true, in the past, MS has shown us they don’t care about national laws. I’m not saying they don’t e2ee, I’m saying they might not be following this particular national law due to their own national laws. I don’t know.
Can, would, should. All words to define "not sure if ‘is’.
well… there is self-hosting too
I trust Microsoft.
Well, you are entitled to your opinion.
No one is safe anywhere…
