
Europe needs digital sovereignty – and Microsoft has just proven why by 01-_-
A quiet but deeply unsettling moment just shook the foundations of international justice, proving why Europe needs digital sovereignty – and most Europeans not too interested in tech likely missed it: The Chief Prosecutor of the International Criminal Court (ICC), a court based in The Hague and central to Europe’s upholding of human rights, suddenly found that his email account was shut down. The service provider? Microsoft. The reason? Mr. Trump.
What happened
In February, Trump sanctioned International Criminal Court (ICC) for issuing arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant. The court argued that the Israeli politicians have committed war crimes by restricting humanitarian aid in Gaza amid the war against Hamas, thus, harming civilians.
Israeli officials denied all charges, and, consequently, US President Donald Trump issued sanctions against the ICC saying that the court had committed “illegitimate and baseless actions targeting America and our close ally Israel”. Trump also called the warrants “baseless arrest warrants”.
Following these sanctions, the ICC has found itself faced with several issues:
- The chief prosecutor, Karim Khan, has lost access to his email; his bank accounts were frozen.
- American employees of the court risk arrest when traveling to the U.S.
Due to the blocking of Khan’s Microsoft email account, the court is facing severe hurdles in its day-to-day work.
Microsoft blocked email account based on U.S. sanction
Microsoft shut down Khan’s email account.
The blocking of Khan’s Microsoft email account took place because of an executive order signed by Trump which the U.S.-based company – Microsoft – fulfilled. This gets even more explosive when one considers that Microsoft – even if it wanted to – had to obey this order because of the legal and political situation.
The Open-Source Business Alliance (OSBA) told Heise that it considers Microsoft’s actions to be “unprecedented in this context and with this impact”, and that this incident proves that Europe needs digital sovereignty by choosing European-based tech services over US-based Big Tech.
“This must be a wake-up call for all those responsible for the secure availability of state and private IT and communication infrastructures. … We cannot rely on companies that are not under our jurisdiction.”
Wake-up call for digital sovereignty
This, indeed, must be a wake-up call.
U.S. sanctions – unrelated to Europe and imposed by a foreign power – led to the shutdown of the digital communication of a leading public figure, the Chief Prosecutor of the International Criminal Court.
This is a story of digital sovereignty.
And it marks a clear turning point in Europe’s relationship with foreign technology providers. If key figures in international law can be digitally silenced by a company subject to U.S. law, what does that say about our control – or lack thereof – over the very digital foundations we rely on?
For years, European institutions have relied on a false promise of security and data protection by Silicon Valley tech giants. Cloud providers like Microsoft, Amazon, and Google have repeatedly assured us that they respect European law, have built data centers within EU borders, and have pledged to comply with the GDPR. While at the same time Microsoft’s New Outlook uploads all data, including passwords, into the cloud, Microsoft’s Office 365 has been declared illegal for German schools because of data protection issues, and Denmark has banned Gmail from schools due to privacy concerns based on the GDPR. And these are just a few examples.
Jurisdiction trumps everything
Jurisdiction matters more than we used to think: European authorities should stick to European tech services.
In the light of all this, the ICC incident has just put the final nail in the coffin. It reveals a deeper truth, one that
19 Comments
BLKNSLVR
Essentially big tech is under the jurisdiction of the mad king, which means all users of big tech are also under that same jurisdiction, including any and all private and public organisations in any country.
This is one of the reasons I think the mad king thinks that he can bully the rest of the world – because he can, by proxy, bully the rest of the world.
Much like the diving head first first into AI uptake, the whole cloud mania thing coming home to roost.
If calling a war criminal a war criminal results in sanctions, could sanctions be the new tariffs? I don't want to give him ideas…
This should scare pretty much any organisation outside of the US.
wickedsight
We are in such an insane bind here…
We can see China and the US developing AI tooling (and other tech) at a high speed. One of the reasons for this is the lack of regulation and even active deregulation. In the EU, we won't be able to keep up with this speed because we tend to want to regulate first and many of our regulations hinder gathering the insane amounts of data needed.
Falling behind on AI and not wanting to be dependent on tools from outside the EU will put us at a significant disadvantage in research and production of new technologies and we're already far behind in that aspect.
We also don't want to drop our values just to keep up. Which is partially because we're still in the luxury position of being very rich. I wonder, though, whether we can keep this going in the current state of the world. Things seem to have changed massively in our disadvantage over the past 5 or so years.
tormeh
Wake me up when governments actually start writing checks. I bet the ICC will stay on Microsoft because doing anything else would be difficult. All anyone in big org IT knows is Microsoft, and no one wants to change.
mytailorisrich
The ICC has nothing to do with Europe and the EU apart from being located in the Netherlands, unless there is a claim that it is not independent and partial (hum hum).
The claim that it is "central to Europe’s commitment to human rights" to fluff their case is FUD basically to promote their products.
nanna
European digital sovereignty in email depends on having a decent FOSS email client, but the best we have is Thunderbird. I hope TB can make up for all those years of lost time and catch up with Outlook. From their emails it seems like the focus is to compete with Exchange and to build smartphone clients. Personally I just really hope they find time to deal with the absolutely shoddy search.
bn-l
Why are the good guys sanctioning ICC judges?
mg
The article is about email. Europe could probably bring email "in-house". Large players like IONOS and OVH might help do it at scale.
But what about AI? Soon all of our email will be pre-handled by our OpenAI assistant while we will be driven around by Waymo and a good part of our work is done by a Tesla humanoid robot. How can Europe catch up and do that in a sovereign way?
For world-class AI, a country needs:
Components 2-5 seem not on the horizon on a world-class level in Europe. So Europe probably won't have the means to do AI "in-house" in the coming decades, right?
Certhas
I agree with the argument, but…
> [Would we allow a situation where] a foreign power could force them anytime to cut Europe’s power?
We did just that with Russian gas imports. It took a massive effort to transition of these imports after Russia closed the tap.
tallanvor
The problem is that at some point you're always going to be subject to at least one country's laws, and at some point those laws will conflict with those of another country, even within the EU.
Going on-prem is probably the safest, but you're still at risk of physical search and seizure as well as being subject to pressure placed on your ISP to cut you off if someone really wants it done.
j0057
"Would Europe ever hand over control of its national power grids to foreign companies bound by non-European law? Would we trust a foreign supplier’s guarantee for 99.999% uptime (which is the standard uptime SLA agreement of cloud providers) while at the same time a foreign power could force them anytime to cut Europe’s power? Of course not."
EU already does this:
https://berthub.eu/articles/posts/the-gigantic-unregulated-p…
https://news.ycombinator.com/item?id=41292018
pembrook
Unfortunately the time to think about digital sovereignty was back in the 1970s.
We've stacked on so many layers of abstraction to computing and every step of the way Europe missed the boat due to its underlying structural issues for investment and fragmented cultures/markets. It's quite frankly too late.
Here's a NYT article from 34 years ago with the exact same story as today: https://www.nytimes.com/1991/04/22/business/europe-stumbles-…
Europe missed the PC, the internet, the smartphone, and is currently burying its head in the sand over AI.
Dumping a bunch of money into building an inferior domestic version of Microsoft 365 just as it's about to be disrupted by AI-native paradigms would be the amusing cherry on top.
It'd be like Apple moving the final cardboard packaging step to US factories and claiming their entire supply chain is 'sovereign.' Sure, China can't affect that last packaging step. But every layer of (far more important) abstraction below it they still have power over.
falcor84
I'd appreciate a legal perspective on this – is the problem that Microsoft's EU operations are run by a corporate division rather than a standalone subsidiary?
If it were an EU-based subsidiary that controlled the data about EU citizens, it would not be beholden to US executive orders, while still otherwise offering MS the ability to control global corporate strategy from its US HQ, right?
EDIT: fixed s/division/subsidiary/ in the second paragraph
rado
The EU needs to take over Firefox, improve and support it, declaring independence
_vere
I wish they weren't sued into providing a backdoor for the German government, I vastly prefer their corporate structure to proton, but I cant really trust to use a "encrypted" service with a government backdoor.
rswail
So there's numerous layers to this:
1. Where and how is the data stored and retrieved? This can be made local by forcing all data users/services to use an EU data storage service that is locally owned and operated and under EU jurisdiction. Access to the data would only be to the service delivery operator and the appropriate EU legal authorities.
2. Where and how is the data accessed? The data needs to be accessed by the service provider (eg an email service) to handle incoming updates and requests. The access could be limited to the required updates and inquiries, or otherwise logged so that the service provider is held accountable for access.
3. Where and how is the service accessible to legal authorities? For example, police warrants for an email inbox. The service provider should be required to identify and reveal publicly what data is available and how it is legally accessible if required. Given encryption, it may be that the service provider is unable to provide that access to anyone except the end user (eg Protonmail, Signal).
4. What control does the end user have over their data and the associated meta-data maintained by the service provider? GDPR covers a lot of ground here, including the right to be forgotten.
Havoc
Yeah Europe really needs to step up here. It's a huge economic block.
The whole chips fab thing may be a bridge too far for now, but the basics really should be doable. The newly launched EU DNS is a good start. Rules like taxpayer money needs to only fund open software etc need to be pushed. The large hosting providers need to be incentivized to build out more complete offerings that don't have gaping product holes vs big cloud etc.
Both China and the US are aggressively pushing homegrown & favouring their own players. Time for the EU to do the same
jansenmac
Microsoft did not block the email account of the ICC! This really is misinformation. See here: https://www.politico.eu/article/microsoft-did-not-cut-servic…
KronisLV
It seems like people agree that EU alternatives are nice and that open source software is great… but even in software development the people making the choices still opt for databases like Oracle or SQL Server and the large US-centric cloud providers, or even communication apps like Teams/Slack instead of just self-hosting Mattermost/Zulip/whatever.
I don't think anyone is taking this seriously enough.
MaxPock
Nothing has destroyed American goodwill than imposition of extra-territorial sanctions.
Btw when the US imposed sanctions on Hong Kong leader ,she had to collect her salary in cash as no bank would process it.