Specifically here, he is under oath in France so an American gag order wouldn't protect him from the French justice system.

This make it less likely he's lying. It could be possible Microsoft France has a "rogue" employee system where a key person only obeys to Microsoft US orders rather than his French boss and French law. Then the boss can swear to the Senate that they're complying.

This is exactly the system the US Congress accused TikTok of having set up.

If the data center is operated by a "trusted subsidiary" as the article mentions and everyone in key roles is a French citizen with no connection to the US then there is no one to give a gag order.

In practice the US HQ could mandate a security update that secretly uploads all data to the US but that's a whole other can of worms that I don't think anyone is ready to open.

> This is exactly the system the US Congress accused TikTok of having set up.

"Every accusation is a confession" remains undefeated

Less likely doesn't say much though. He may have simply weighed the chances of the French government ever finding out that he lied.

> It could be possible Microsoft France has a "rogue" employee system where a key person only obeys to Microsoft US orders rather than his French boss and French law.

I would think that is not just a possibility, but a certainty.

Until this happened MS was still going around trying to convince lawyers to use their Cloud and telling them that there is no issue.

Including certain contractual "standard"(1) agreements which would make some of their higher management _personally_ liable for undue data access even under Cloud act from the US!!!

(1) As in standard agreements for providers which store lawyer data, including highly sensitive details about ongoing cases etc.

So you can't really trust MS anymore at all, even if personal liability (e.g. lying under oath) is at stack. And the max ceiling for the penalties for lying under oath seem less then what you can run into in the previous mentioned case...

You also have to look a bit closer at what it even means if "the french MS CEO swears they are complying" it means he doesn't know about non compliance and did tell his employees to comply and hired someone to verify it etc.

But the US doesn't need the French CEO to know, they just need to gain access to the French/EU server through US employees, which given that most of the infra software is written in the US and international admin teams for 24/7 support is really not that hard...

And even if you want to sue the French CEO after a breach/he (hypothetically) lied he would just say he didn't because he also was lied too leading to an endless goose chase and "upsi" by now the French CEO somehow is living in the US.

And that is if you ever learn about it happening, but thanks to the US having pretty bad gag orders/secret court stuff the chance for that is very low.

So from my POV it looks like MS has knowingly and systematically lying and deceiving customer, including such with highly sensitive data, and EU governments about how "safe" the data is even if it lead to personal legal liabilities of management.

And I mind to remember that AWS was giving similar guarantees they most most likely can't hold, but I'm not fully sure. Idk. about Google.

Oh and if you hope that the whole Sovereign Cloud things will help, it wont. It's a huge mage pretend theater moving millions over millions into the hands of US cloud providers while not providing a realistic solutions to the problem it is supposed to solve and neglecting local competition which actually could make a difference, smh.

> This make it less likely he's lying. It could be possible Microsoft France has a "rogue" employee system where a key person only obeys to Microsoft US orders rather than his French boss and French law. Then the boss can swear to the Senate that they're complying.

It's also possible that US employees had access to French servers without anyone in France knowing.