I am Danish, working with IT in the private sector, but with regular contact to the public sector.
I can assure you that there is plenty of other agencies, ministries, municipalities, private companies etc. in both Denmark and other European countries looking into switching to non-American software.
"Data sovereignty" is now an important parameter when chosing supplier. Everybody asks about it it. Everybody plans around it.
Although the weaning off will take many years, and although European companies and governments will probably never be entirely without American software, and why should they, the American dominance will disappear, little by little. For better or worse, the American Century is coming to an end, also in IT.
> "Data sovereignty" is now an important parameter when chosing supplier.
I hope you're right! I'm a backend dev and engineer, and I would love to specialize in helping companies off US cloud. Haven't found a lot of interest here in Norway so far..
In my experience, companies are perfectly happy with US companies, as long as the data doesn't leave Europe. This means we have to prove we only store data in European datacenters.
I guess that's fine for now, but it would be better if we could get European alternatives to AWS or GCP.
There are lots of alternatives in Europe, just a little different, and smaller than the big 3
> companies are perfectly happy with US companies, as long as the data doesn't leave Europe
I think it's pretty clear they can not guarantee that, see the CLOUD act.
Also, they could shut you out or turn your whole business off if you, or your country, offends the orange fuckhead
And why wouldn't this European equivalent do something that a lot of people in Europe dislike too, in the future? The entire model of large cloud companies is bad.
That's a different risk profile. Companies are governed by local laws, usually, and currently, that works here in Europe.
USA companies are subject to us laws, so any data will never be safe. Companies can be gagged, forced to seal their customer data and forced to lie about it, by law !
I really hope the EU is serious about this and doesn't change its mind with the next American administration who offers hugs and kisses.
Second that, even though it seems that there is nothing happening yet, many companies and government agencies in all of Europe are aware of their hard Microsoft dependency and are looking / coordinating to leave.
Same with Atlassian Confluence / Jira.
(Source: Working in a state owend company in a EU member country)
Everyone in the American IT world has been trying to leave Microsoft and Google for decades. In that case, the problem isn't IT push, it's that users refuse to learn new software. I can guess it's the same in Europe.
It's maybe harder in Europe, because you also have fragmentation. For example, Californians are fine using software from New York. Same, same. But Germany prefers to use German software, so far. This makes it even harder, I would guess, for EU developers to establish a thriving standard.
What counts as data sovereignty in your book? Are the sovereign clouds of AWS, MS, Google acceptable? If not, who are your preferred providers?
There are no such thing as sovereign AWS/Google cloud in Europe. Marketing-wise maybe.
They're largely not unless you are looking to appease your superiors.
OVH, Telecity, Hezner, Bahnhof, Tele2 etc;etc;etc;etc;etc; are all valid suppliers without the need to buy from hyperscalers.
I think what tends to work though is the idea that someone in redmond can't arbitrarily decide to shut you down as an individual or exert pressure. So it goes in order of importance:
A) Can we buy the software and use it in perpetuity
B) If we can't buy the software in perpetuity, do we at least control who has access to the software and our data
C) If we can't control who has access to the data then can we at least ensure we always have access to it?
D) If we can't ensure we have access to our own data then what are we even doing here?
Depending on where you fall on this line (which is a decision each government must make) you'll have to claw back something because right now we're all on D.
Should we discuss DNS root servers at some point too?
Run local root. Rootservers are not essential. It's in ietf draft discussion now as 4 documents but already works and just has to be turned on.
If you want to change pace, ask your dns sw provider to turn on local root by default.
(One of the things being defined is how to get a root zone trustably out of band using the new ZONEMD checksum)
A bigger question might be why there are no ICANN HSM outside the USA to generate root zone signings. ICANN has offices in Geneva and Singapore, it would not be hard to find secure DC locations for the signing ceremonies.
I've had this thought too - of the 13 root servers, 10 are US or US-based companies. The only exceptions are Netnod (Sweden), RIPE NCC (Netherlands), WIDE Project (Japan). Even ICANN and Internet Systems Consortium are US-based non-profits... How do you even mitigate risk in this case?
China do root server mirrors: https://www.globaltimes.cn/content/1156025.shtml
How does one start a Root DNS business?
Looks like a business opportunity.
The US passed the CLOUD Act which subject all those sovereign clouds run by US companies completely subject to US spying and hijack.
Those offerings are garbage for anyone outside the US.
Countries hosting the data centres can make it illegal to allow access from outside their area/EU... or specifically to US entities along with making it illegal to move any data out without customer/local gov approval... This isn't rocket science. The company cannot do business if it doesn't follow the law. There are laws like this in places already. The company's local subsidiary tells the American company to politely pound sand and the American company says sorry, we tried, but do not have the capability to do as asked.
America has become China in the eyes of the world.
Everyone banned Huawei products despite the ability to pass laws saying Huawei must respect data sovereignty. They didn't ban US firms, because unlike China the USA was championing the rule of law at the time. Data sovereignty only works if the USA respects the laws of other countries, even though, just like China, they could coerce / bribe citizens and firms to bypass them. Such activity would be largely undetectable. Who is going to know if someone peeked at a secret document stored in Azure? There was a huge amount of trust involved in the arrangement.
The USA has now denounced the rule of law, is withdrawing the the institutions set up to champion it, and has shut down the ICCC's access to some services. The trust has gone.
An American company will always follow US law, no matter the local laws.
It isn't usually an American company doing the local operations, but a local subsidiary. Like Walmart Canada telling Walmart corporate to pound sand in the 1990's over Cuban pajamas. It's illegal for Canadian companies to participate in the US embargo of Cuba.
This is all well within the realm of what governments can and do regulate. Want to do business in a country with their laws or not is the choice.
At some point it comes to a head; Walmart corporate and the USA didn't care enough about Cuban pajamas, but in a situation where they DO care, you quickly get Вкусно – и точка.
The EU (nay, perhaps every country) should be prepared to deal with Microsoft or AWS completely cutting them off from access to all their systems - what would be the cost and impact?
We are rapidly heading to not one Internet, but country-specific internets that may or may not bridge to other ones in some cases.
Apparently AWS sovereign cloud is designed to continue operating even if the US offices cut them off. The servers are in the EU and the people running them are subject to EU laws, not US ones.
Realistically a US executive could be legally required to give an EU engineer a command that they legally couldn’t follow. At that point I guess we find out if the engineers’ national or corporate identities are dominant. I suspect the former in most cases, but who knows?
The US exec probably doesn't want to order them either. So the game would be played and they did their best. There's another article about the US fighting data sovereignty requirements/laws in other countries, but that relies on their quickly dwindling soft power.
Canadian companies can't use Cloud providers at all then? I'm incredulous about that.
Google, AWS & Microsoft all nullroute the countries of Cuba, Iran and North Korea. Google also nullroutes Crimea.
So by using a cloud provider, you are participating in the embargo of Cuba.
Not sure Canada has the leverage/market to get them to sway here. But a body like the EU has the leverage to force local operation and control.
The employees of the actual subsidiary entity follow the laws of the country they're based in.
GDPR give exemption for foreign government for "national security", "important reasons of public interest" or "law enforcement", whatever that meant.
> If not, who are your preferred providers?
Can we have fully decentralized mesh networking yet?
I love how some hyper-sci-fi settings have the concept of a "datasphere" (analogous to atmosphere): an actual physical cloud of ubiquitous nanorobots that provide connectivity, storage and computation.
Wouldn't that also be ideal for AI too the way it's shaping up to be? Any device anywhere would just need to connect to a signal "neuron" of the global brain (possibly becoming a neuron itself) and it should theoretically be able to fetch anything.
First we gotta migrate everybody to IPv6, then we can start talking.
Meh, best I could do is an atmosphere controlled by an American PBC.
Dealing with the patchwork of lesser-known infra providers in the EU is work enough. You want to live life on hard mode!
If everyone started doing it, it would get easier and easier. There's no inherent reason why the various AWS services shouldn't be completely replaceable with similar services from other vendors on a whim.