Microsoft Allegedly Leaked Dutch Civil Servants' Data To the US

An anonymous reader quotes a report from Cybernews: The technology giant Microsoft has been accused of leaking the data of civil servants working for the Netherlands' regulatory agencies to the US House of Representatives. The civil servants affected by the leak work at the Authority for Consumers and Markets (ACM) and the Dutch Data Protection Authority (AP), according to the NL Times. They are involved in implementing the Digital Services Act (DSA), the European Union regulation on online services, aimed at combating illegal content and protecting user rights.

NL Times reports that Microsoft shared emails, minutes, and invitations sent by the civil servants without redacting their names in the documents. Willemijn Aerdts, Dutch State Secretary for Digital Economy and Sovereignty, said she discussed the allegations with US Ambassador to the Netherlands Joe Popolo. [...] The allegations against Microsoft further strengthen concerns over Europe's dependence on American technologies, which poses major risks to data privacy. Further reading: Netherlands Blocks US Takeover of Vital Digital Supplier

No Choice

[ISoldat53]

Microsoft had no choice but to comply with the subpoena. The Dutch, and the rest of the world, does have the choice in which cloud service, if any, they put all of their data.

Re:

[ArchieBunker]

Buy some Trump shitcoins and your troubles are gone.

Re:No Choice

[MeNeXT]

The other option is to seize the company assets within the country on espionage charges.

Re: No Choice

[pele]

You think they have any? Maybe a few stacks of a4 and a box of bic pens. Maybe.

Re:No Choice

[JaredOfEuropa]

Why do you think the Dutch authorities are now blocking the acquisition of Solvinity by some US based firm? Solvinity manages the servers for the national identity provider scheme (DigiD).
Personally I don't think the government should be using 3rd party clouds for anything remotely critical. They have the scale to make running their own infrastructure worthwhile financially, and the know-how to run it effectively.

Re:

[jenningsthecat]

Personally I don't think the government should be using 3rd party clouds for anything remotely critical. They have the scale to make running their own infrastructure worthwhile financially, and the know-how to run it effectively.

And if they don't have the scale on their own, they can combine forces with other like-minded countries.

That's probably not ideal, but it would be WAY better than trusting ANY private-sector cloud services provider - never mind an American one - with all that sensitive data.

Re:No Choice

[Mirnotoriety]

> Microsoft had no choice but to comply with the subpoena.

No such DOJ criminal warrant or subpoena was issued. What's extraordinary is that the U.S. House of Representatives engaged in spying on a regulatory agency of a fellow NATO member. But then again, the current Washington Administration does seem to be about burning all bridges.

Re:

[Alain Williams]

No such DOJ criminal warrant or subpoena was issued.

No need, all the USA gov't needs to say is "We can do this the easy way or the hard way, either way we will get what we want."

Re:

[hotte]

No such DOJ criminal warrant or subpoena was issued.

No need, all the USA gov't needs to say is "We can do this the easy way or the hard way, either way we will get what we want."

You think so?

Re:No Choice

[ISoldat53]

"American tech companies are required to share data with the U.S. government due to the Cloud Act in force in that country." - the CLOUD Act. It's not clear if a subpoena or summons was issued as required by the act. . All I have seen is that the US "demanded" the data. The Dutch government probably didn't want to go up against the US government, or worse Microsoft.

Re:

[jenningsthecat]

What's extraordinary is that the U.S. House of Representatives engaged in spying on a regulatory agency of a fellow NATO member. But then again, the current Washington Administration does seem to be about burning all bridges.

Here in Canada - at least among us average citizens - NATO is a very iffy thing just now. NATO's supposed leader has threatened the sovereignty of other NATO members, and launched trade wars with some of them. Ambassador to Canada Pete Huckster is an insulting arrogant bully, and he and American politicians are supporting Alberta separatists in a not-so-clandestine fifth column operation aimed at breaking my country apart.

So while the US spying on other NATO members is reprehensible, it's not really extraor

Re:No Choice

[sit1963nz]

They starting that, along with a whole pile of other IT changes that kicks US companies out of the EU.

The US government has forced this, and what is worse is they have created a competitor to the USA. They are building everything on top of OSS/Linux.
And they will be able to export the know how to other countries, and offer much safer solutions for smaller countries to store their data in.

Hell, offer safer social media, safer as in less abuse, far fewer pedos, sex pests, nazis, etc etc etc because you will an ID, and these people don't want to be ID'd.
It will make it safe for families, again a service they can sell the world

And it's not just IT, military contracts are being cancelled with the US and given to the EU.

The USA has lost trust, they are also losing "soft power", trade agreements (again the US bullies, lies, etc are in play here too).

20 years time, the US will regret the Trump years, the will be seen as the start of the complete F*kup of the economy and all the debt he has racked up with destroying the customer base it needed to bring in money to the USA so they can pay this debts

Russia has just defaulted on its debts, no one is too big to fail.

Re:

[radarskiy]

Microsoft US has no choice but to comply with the US subpoena. Microsoft EU has no choice but to comply with Netherlands privacy laws.

The fact that the two entities of their own accord got themselves into a position where either one or the other will not be in legal compliance is not the problem of either the US or the Netherlands. They could have just kept track of what jurisdiction the data was in. Microsoft desperately does not want their customers to know that they fucked this up AGAIN.

Re:

[gweihir]

Microsoft had a choice of opposing the Cloud Act back when. They did not or not really. Now a rather high bill for that comes due.

Data Sovereignty

[Baron_Yam]

If you use Amazon or Microsoft, your data is as protected as Trump's next tantrum. Actually worse than that, as there will be people seeking compliance in advance and nobody gives a damn about American laws nevermind yours.

You cannot trust the US government

[bradley13]

The US government can compel any US company to release data that it holds, even if that data is stored outside the US. Pretending that any US company can comply with the GDPR is a fantasy.

This might, might be acceptable, if one could trust the US government. At latest after the Snowdon revelations, we all know that you cannot.

Re: You cannot trust the US government

[Sneftel]

Pretending that any US company can comply with the GDPR is a fantasy.

The GDPR explicitly carves out an exception for data controllers complying with government orders.

Re:

[gweihir]

Yes. For EU government orders. Or ones that offer equivalent protections to the data owners (the people the data refers to). The US already was once found to NOT have those protections with the Schrems II ruling. I guess we will be getting another ruling now, because the changes made after Schrems II are obviously worthless.

Re:

[gweihir]

Indeed. The problem for Microsoft (and Google and AWS and others) is that this has now become blatantly obvious. And it makes data-storage in the relevant clouds pretty much illegal for many European companies.

Leaked?

[dc29A]

"Leaked"

*wink* *wink*

Unclear to Me...

[SlashbotAgent]

Is this emails taken from the M365 mailboxes of the Dutch officials? Or, are these emails exchanged between Microsoft corporation and Dutch officials?

I guess this just goes to show

[thegarbz]

The Dutch were right in telling foreign companies to fuck off: https://yro.slashdot.org/story... [slashdot.org]

And the US Ambassador who is whinging about this decision https://cybernews.com/tech/net... [cybernews.com] can go fuck himself and then fuck off. Or maybe the other way around, no one wants to see him do that.

Re:

[ArchieBunker]

Joseph Popolo is another DEI hire. He’s a marketing CEO and investment banker.

Microsoft

[awwshit]

Microsoft is a danger to everyone.

Re:

[dskoll]

US-based IT companies are a danger to everyone outside the USA.

Re:Microsoft

[ZombieCatInABox]

US-based IT companies are a danger to everyone.

FTFY.

Re:

[jenningsthecat]

US-based companies are a danger to everyone.

FTAFY (fixed that again for you)

US is a danger to everyone.

FYFFY
(fixed your fix for you)

Re:

[gweihir]

Always has been.

What do you think?

[Schoenlepel]

Over here (in the Netherlands) we've got something called... errr... I know this might sound strange... errr... are you ready? Sure? A government which basically granted every government contract to Microsoft without so much as a single thought. Every. Single. Government department uses Microsoft per the blanket government contract. Oh, the fun of it? There's supposed to be procurement rules. Conveniently, they ignored those, otherwise Microsoft might have been facing stiff competition from other contractors.

The argument for ignoring those procurement rules (established by the EU)? There's no other market participant who can deliver on such a scale. Never mind they did zero actual investigation and just went with Microsoft. To me this smells of corruption.

And now there's this. Who would have thought?

Cowardly fucking shits

[Pinky's Brain]

Please mr Microsoft, don't keep breaking our laws ... we won't sue, but please stop. Maybe we didn't pay enough attention to Trump's balls while sucking him off?

If Microsoft did this to an US agency, their management would be in court for treason.

Re:

[jenningsthecat]

If Microsoft did this to an US agency, their management would be in court for treason.

That would depend on which agency you're talking about, and how well Microsoft managed to curry favour with Trump.

I hear that money, flattery, and spurious ersatz medals can go a long way toward making der Trumpenfuhrer look the other way. And if the agency in question was NOAA or CDC, Trump might actually hand out a medal.

digital market war declaration.

[Elektroschock]

The city of Berne in Switzerland just commissioned a study concerning switching to Open Desk from M365. According to the text of the study practically all topics are met, according to the press release and the news reporting we are not ready yet. In any case, the Netherlands has the capacity to change the market, if it costs a few billions, it costs a few billions to get things ready and close the gap. We need to wind off our public service from Microsoft. The actions taken here clearly cross the line. This is the equivalent to a declaration of digital market war.

The Background is that the US Congress harasses European regulators with made up allegations against their Digital Services Act. We cannot accept these transgressions. The task is to break free from the Microsoft dependency, quickly.

Trust MS at your own peril

[RUs1729]

That so many do is a permanent source of amazement.

Re: Trust MS at your own peril

[fluffernutter]

Trust US at your own peril. FIFY

the message

[fluffernutter]

The message being sent to the world is to reduce the business you do in the US as little as possible. It's a really funny message for a country to send, but there it is.

Re: the message

[fluffernutter]

I mean, the message is to do as little as possible in the US.

And M$ cut the ICC off

[whitroth]

And there's any question why the EU is bulding the Eurostack?