Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hvb2 4 hours ago

> The government still plans to place the authentication system of all Dutch citizens in USA hands.

That's not a fair characterization. The company that runs it might be bought. That's not planning to put it in USA hands

oever 4 hours ago | parent | next [-]

The sale could be stopped by government. The ID system might be moved to a different company. The government could by the part of the company that hosts the ID system. None of these measures are being taken.

The result is that the information needed to log in to all the important government systems becomes subject to American jurisdiction. Foreign agents will be able to authenticate themselves as any Dutch citizen and act on their behalf.

moi2388 4 hours ago | parent | prev [-]

It is a fair characterisation. They can access the data, as their data protection officer warned about, it hereby falls under US law, they have to give data when requested, and can shut it down at any time.

embedding-shape 3 hours ago | parent [-]

None of those things make "The government still plans to place the authentication system of all Dutch citizens in USA hands" a fair characterization, it doesn't seem to be true by any measures, the government has no such plans, unless you can point me to some public session/document that shows that this is actually the plan?

oever 3 hours ago | parent | next [-]

Their plan is to do nothing to stop the transfer of the system to a USA company. By doing nothing, they are making this happen.

embedding-shape 3 hours ago | parent [-]

> Their plan is to do nothing to stop the transfer of the system to a USA company

And you have concrete proof that this is indeed the plan, stated by the government as the official position, or this is based on your own extrapolation of rumors?

The amount of misinformation that any story related to any European country seems to pull in is crazy, seems to be something about the continent that makes some parts of HN feel blood in their mouth or something.

an hour ago | parent | next [-]
[deleted]
oever 3 hours ago | parent | prev | next [-]

There has not been a single action or communication from government that indicates that they are preventing the ID system from ending up under USA jurisdiction.

Parliament has asked government with near unanimity to prevent this from happening. Government has not even acknowledged that this should be prevented.

embedding-shape 3 hours ago | parent [-]

Right, which I agree, sucks, they should be upfront about what they want to do, regardless of what that is. And ideally their plan should be to try to stop it, I'm with you on this.

But the lack of action is not proof that "their plan is to do nothing" nor "the government plans to hand authentication data over to US", those stronger claims require stronger proof, something you seem to be unable to provide.

fragmede 2 hours ago | parent | prev [-]

C'mon, be nice, they read a Russian propaganda post and are repeating it as a fact they earnestly believe. We can't all see through their lies.

noirscape 3 hours ago | parent | prev [-]

Since a lot of this discussion is talking around the actual situation, let me try and explain it in more detail.

The dutch government has an authentication system called DigiD. It's effectively an OAuth protocol for government sites, and one of the few ways in which the Dutch government has centralized IT. Every dutch citizen can get access to it, and probably will need it at some point to deal with the government (paper options are meant to exist, but you can already guess on how easy the availability of that is.)

DigiD is currently hosted by a dutch company named Solvinity and developed by Logius (the governments in-house IT development organization). Solvinity is currently in the process of being bought out by another company, Kyndryl, which is based in the US. The government approved the takeover under the previous coalition (who are no longer in power.) The takeover currently is under extreme public scrutiny because of everything to do with the US - most people are at least vaguely aware of the deadly combination of the US CLOUD/PATRIOT laws, which would compel Kyndryl to hand over data on any dutch citizen to the US government for any reason[0]. The US government right now is not exactly behaving like a good steward with the powers it has, instead favoring maximum exploitation within (and outside, if the lawsuits are any indication) it's legal limitations, and is also verbally attacking it's own allies near constantly. Given DigiD is effectively a list of personal information on almost every dutch citizen, it's probably a bad idea to hand access to it over to a hostile foreign country.

On an employee level, the takeover is deeply unpopular - some government workers have actively reached out to the press to warn about the deal, something which very rarely happens as government workers aren't expected to publicly break with government policy. This has led to a motion in the second chamber (parliament) to change DigiDs hosting from Solvinity to another provider being passed... in 2028, for a deal set to go through in a much shorter timespan. At the same time, the government (this time: the elected politicians) is unwilling to reconsider it's stance on the Solvinity takeover, claiming that because it already said it was OK before, it can't change its mind now.

[0]: It's also, almost certainly illegal in a GDPR/AVG (local version of GDPR) sense. US/EU privacy laws are fundamentally incompatible with one another because of these two laws, and the courts keep shooting the international data transfer agreements to bits every time. Even on a basic level, having your government authentication systems legality tied to whether or not Max Schrems wins his court cases is a bad idea.

embedding-shape 2 hours ago | parent [-]

We have something similar in Spain too, and I'd be outraged if the government planned to sell it all to a US company as well, don't get me wrong.

But I still don't see the "inaction of blocking the sale" as proof that the government is planning or trying to push that sale through, regardless if I personally happen to disagree or I see the drawbacks from it.

noirscape 2 hours ago | parent [-]

I sorta alluded as to how the government is pushing the sale through, but to reiterate more clearly, and with political detail:

* In early 2025, the previous dutch government lost majority coalition support. The previous government remains in power until a new one is elected, but isn't expected to make major decisions any more; they're effectively just stewards to ensure the country isn't totally leaderless[0] (this is also called a demissionary government here).

* In late 2025, a new second chamber is elected and work on a coalition begins. Until a new coalition is formed, the previous government remains in power.

* In November 2025, right around this, Kyndryl announces it's takeover of Solvinity. The demissionary government gives initial approval for the takeover and decides that the takeover won't mess with the DigiD contract.

* In January 2026, the deal begins to fall under scrutiny in IT/privacy circles and some political parties express their concerns, but not much media attention is drawn to it at first. The ACM (dutch antitrust authority) also gives it's approval for the sale. All this still happens under the demissionary government.

* In February 2026, the new coalition government is sworn in. Scrutiny on the deal is starting to intensify and media coverage becomes more public.

* In late April 2026 (as in, last week), parliament passes a motion to request to change away from Solvinity in 2028. At the same time, the minister responsible for the sale is answering press questions about the sale, indicating he doesn't intend to block the sale. Just four days ago, the minister publishes a formal letter to parliament, effectively saying that they aren't stopping anything and that the government already gave preliminary approval to extend the DigiD contract with Solvinity (a separate matter, but just as related) back in March (so under the current government). They expect to ink it before the end of next week (May 6th.)

Somewhere between March and April, some internal government employees also step to the press to warn them about the sale in terms of a national security threat, but I don't exactly recall when on the timeline that happened.

The reason why the government is getting the blame for it isn't just inaction; they aren't standing by and letting something they had no involvement with (since the previous government was demissionary) happen - they're actively choosing to continue the motions of the previous demissionary government - including signing contract extensions that the previous government wasn't involved with - in spite of the very clear pushback they're getting from doing so.

[0]: This is the abbreviated version - somehow the previous government managed to lose coalition support twice, even when it was already demissionary. It's not normal for two parties to pull out like that on separate occasions.