Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dathinab 18 hours ago

Until this happened MS was still going around trying to convince lawyers to use their Cloud and telling them that there is no issue.

Including certain contractual "standard"(1) agreements which would make some of their higher management _personally_ liable for undue data access even under Cloud act from the US!!!

(1) As in standard agreements for providers which store lawyer data, including highly sensitive details about ongoing cases etc.

So you can't really trust MS anymore at all, even if personal liability (e.g. lying under oath) is at stack. And the max ceiling for the penalties for lying under oath seem less then what you can run into in the previous mentioned case...

You also have to look a bit closer at what it even means if "the french MS CEO swears they are complying" it means he doesn't know about non compliance and did tell his employees to comply and hired someone to verify it etc.

But the US doesn't need the French CEO to know, they just need to gain access to the French/EU server through US employees, which given that most of the infra software is written in the US and international admin teams for 24/7 support is really not that hard...

And even if you want to sue the French CEO after a breach/he (hypothetically) lied he would just say he didn't because he also was lied too leading to an endless goose chase and "upsi" by now the French CEO somehow is living in the US.

And that is if you ever learn about it happening, but thanks to the US having pretty bad gag orders/secret court stuff the chance for that is very low.

So from my POV it looks like MS has knowingly and systematically lying and deceiving customer, including such with highly sensitive data, and EU governments about how "safe" the data is even if it lead to personal legal liabilities of management.

And I mind to remember that AWS was giving similar guarantees they most most likely can't hold, but I'm not fully sure. Idk. about Google.

Oh and if you hope that the whole Sovereign Cloud things will help, it wont. It's a huge mage pretend theater moving millions over millions into the hands of US cloud providers while not providing a realistic solutions to the problem it is supposed to solve and neglecting local competition which actually could make a difference, smh.

impossiblefork 18 hours ago | parent [-]

The max penalty for things like this is actually life inprisonment though. If you, to aid a foreign power without authorization gather certain types of information, it's espionage.

There wouldn't be any lawsuit. If you do this kind of things you get arrested, get a trial and then you are in prison forever.

dathinab 11 hours ago | parent [-]

except we are speaking about lying under oath, not espionage, you don't get a trail for espionage because you lie under oath

and leading management also technically doesn't need to know that is happens for it to be doable. Or in other words they have a lot of reason to "accidentally" not know about it/have it overlooked

this means even if it happens they are very unlikely to be charged for anything more then negligence

but the contracts I mentioned above basically state "it doesn't matter why it happens and if you knew or if it was your fault as long as there was the smallest bit of negligence on your side you are on the hook for it personally". So in a situation where they can effectively avoid espionage trials (because they didn't commit espionage, just negligence) they still are hold responsible

if high level management would reliable go to prison for things like that you wouldn't need additional contracts to make sure they actually have insensitive to actively try to find/prevent anything like this/act very non-negligent.

impossiblefork 3 hours ago | parent [-]

He wouldn't even be charged for lying under oath if he lied and it became apparent, because there'd be not considering the much more serious espionage charges. They'd only prosecute the espionage part.

Participating in a plot to supply french state information to the US is espionage. France also apparently has a broad definition of espionage, relative to some other EU countries.

States have a tendency of coming down rather harshly on this kind of thing, so this idea about negligence is I think unlikely. If you know about it the charges will be espionage charges. If it happened it would be the biggest thing ever. They'd arrest most Microsoft employees in relevant teams as well the leadership, probably many others too. Just interrogation would probably take half a year due to lack of interrogators.