The fact that government agencies, particularly those that deal with international concerns like these are using non sovereign tech for communications is mind-blowing. They might as well use public gmail.. atleast it would be cheaper. If you want it not exposed directly, host it yourself and take measures to secure it for intended eyes only. This should be common sense.
It's mind blowing that government bureaucrats would be permitted to use commercial providers for official business at all. The provider being foreign is merely the cherry on top.
I was going to ask why something like mail.gov.nl doesn't exist but it turns out [0] (edit: wikipedia is full of lies) that they don't have a reserved second level domain for official government services to use? Is this really one of the countries pushing digital IDs?
As far as I can tell .gov.nl is only used for pages aimed at i.e. expats and businesses. Most services dutch people use simply have a .nl page like the digital id or filing taxes.
With DigiID, as with this, I never understood why countries give critical infrastructure contracts away from the country it directly impacts, provided they have a mature tech ecosystem. I thought the whole point was that it was critical?
We've known this since the Snowden leaks 13 years ago. In a couple of years there will probably be a president in the US that will be more palatable for the european political class and we'll all be able to go back to pretending this doesn't happen.
After all the EU is too compromised energetically, militarily, industrially, burocratically and democratically to ever achieve independence. Talking about digital sovereignty as we ban construction of new datacenter is just too cute. This is all just political theater as we peacefully sunset into a museum continent.
Downvotes for stating a reasonable, and probably correct argument.
Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world.
The UK is a bit of an exception in being aware of it and actually talking about it. That is about it.
Perhaps it originated from there. But EU Chat Control is brought up again and again and again for a vote. They'll continue until some version of it is passed. And then they'll go further with the next privacy infringing regulation to be building on top of it. It is really disheartening for privacy activists, but that is probably the strategy. Wear people out, and push the regulation through when resistance wanes. Note that the Netherlands is on the side of protecting privacy at this point in time. I think it does a great deal to erode trust of EU citizens in the European Union, in a time when that trust is perhaps more important than ever before. For information see: https://fightchatcontrol.eu
In Europe, we dissociate public servants from elected officials. Dutch officials, receiving a lot of money from US-based NGO/foundation, push for chat control and other US interests. Dutch public servants obey official in matters of laws, but can lobby for the tools they use.
You mean these specific Danish EU civil servants were the ones pushing chat control? Or are we actually talking about completely different people? Not every European is the same person.
Not the US but the Dutch state is the problem here.
The powers that be know that US espionage is not only limited to some emails and also entails sophisticated industrial espionage and never cared.
Now "suddenly" they want to do something about it.
This is Not about Dutch interests / sovereignty - we need to find out what it really is about.
The EU should fine such intentional violations with a billion euros per violation. That would stop this immediately and force cloud providers to split off their European side into separate companies that don't fall under US law.
And it's not "The EU", but really one EU commissioner. Many organs of the EU including the EU Legal Service have criticised CSAR (Chat Control) and the European Parliament has voted against it, effectively killing it.
One understated outcome of Trump 2.0 is waking up some sections of the European intelligentsia to the risk of dependency on the United States.
Trump 1.0 should've been enough, but instead European leaders were just too thankful for a Biden back-to-normal scenario that they basically took no action allowing the US to further extend its dominance.
Better late than never. Incidentally, trying to build EU tech independence should produce job making industries, so can become a populist move also
Does it matter who is president? The US was spying on European leaders before Trump's first term:
"According to the investigation, which covered the period from 2012 to 2014, the NSA used Danish information cables to spy on senior officials in Sweden, Norway, France and Germany, including former German Foreign Minister Frank-Walter Steinmeier and former German opposition leader Peer Steinbrück."
Trump was elected. Twice. It was not a fluke, not a once in a lifetime event, he's a symptom of wider processes happening in the US. The world has changed and the old order is not coming back
Trump is one thing but the overall dynamic of similar politicians gaining footholds across the world is what worries me. If everyone is X nation first in the same way, you lose the ability to negotiate with compromises, people want to start expanding their borders and that just escalates into war.
We're already seeing that in a few cases but it just stands to get worse if this carries on.
Half the countries in Europe has their own Trump-equivalent politician heading one of the largest parties, and yet Europeans are imagining it's something happening "in the US" while they sleepwalk into disaster.
This is entirely the wrong lesson to take from this. Why are we still using a plaintext protocol in this day and age? Why can we not get an E2EE addition to the email protocol with full backwards compatibility?
Yes, I understand that it would be imperfect since inevitably not all servers would support it thus forcing additional understanding and decisions on the end user. No, I don't care that a user other than myself might leak my messages in plaintext. Perfectionism in this regard only serves to further shoot us in the foot. Yes, I understand that key distribution is a difficult problem but then that's the case no matter the protocol. Other protocols have solutions that work reasonably well at this point.
There's no justification for the current status quo.
Alternatively I'd be fine using matrix for all my PII related needs (healthcare, government, subscription services, etc, etc) but somehow I don't see that happening any time soon.
For large organization data the keys would need to be stored within the organization, not with one particular user as in the case of your personal PII needs.
And then you'd still need to worry about digital sovereignity for the keys.
Getting from here to there is going to be tough, but I agree 100%. Not only should email be E2EE, but it should include a certificate scheme such that you know the person purporting to be the sender is actually the sender.
Given that the cryptography would necessarily be asymmetric verifying the sender on a TOFU basis seems like a trivial addition (just sign something). I doubt you can do better than TOFU though unless you tie it to an external ID system (corporate or government or etc issued hardware tokens or similar).
For a public institution you want some sort of accountability / auditing mechanism, so you can't just do E2EE encryption between users.
Otherwise, a public servant could do sketchy stuff behind the public's back with no paper trace.
What you don't want is hostile foreign capitalists leaking your data to their local authoritarians. They are not your public and shouldn't have the data in the first place.
US companies cannot comply with the GDPR because of the CLOUD Act. The two frameworks are fundamentally in conflict with each other and it seems to me that everybody in the EU knows about it, yet this is somehow swept under the carpet and ignored even by government authorities. I've always wondered why this is so and how these kind of dependencies could be allowed in the first place. It's even worse for AI use than it is for productivity suits and email.
It seems similar conversations are happening in Europe as well. Originally, Korea is a country where the 'pro US faction' (the faction that believes Korea should be subordinate to the US) is very strong by default. The US had a very strong influence on the establishment of the Korean government, and if you look back at Korea's history, it has always been about finding a country to serve. It feels like siding with the strongest power. In fact, the pro US faction is very strong, but there has also been a strong flow of security, bureaucratic, and economic elites who have justified dependence on the US as a national survival strategy.
But recently, after Trump, I have never seen anti American sentiment this bad. It is the first time.
Actually, it is natural. In my view, Trump's policies look very similar to the Indian caste system, and I think they are a serious regression for democracy. More than that, he is destroying all the international trust that the US has built up. In Korea, people used to think of the US as a 'just' country, but these days, people are cautiously mentioning US wrongdoing more often. Especially after the tariffs and the Iran war. I myself am now unemployed because my factory expansion was canceled due to the Iran war.
My country has a natural talent for impeaching presidents, but unfortunately, Americans do not seem to have that talent. What a pity.
Can you run an empire democratically? Imagine if the US president instead of being a dictator had to actually spend EVERY SINGLE DAY convincing Congress members.
I was going to ask why something like mail.gov.nl doesn't exist but it turns out [0] (edit: wikipedia is full of lies) that they don't have a reserved second level domain for official government services to use? Is this really one of the countries pushing digital IDs?
> Official second-level domains do not exist.
[0] https://en.wikipedia.org/wiki/.nl
[1] https://publicsuffix.org/list/public_suffix_list.dat
After all the EU is too compromised energetically, militarily, industrially, burocratically and democratically to ever achieve independence. Talking about digital sovereignty as we ban construction of new datacenter is just too cute. This is all just political theater as we peacefully sunset into a museum continent.
Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world.
The UK is a bit of an exception in being aware of it and actually talking about it. That is about it.
https://en.wikipedia.org/wiki/Chat_Control
And it's not "The EU", but really one EU commissioner. Many organs of the EU including the EU Legal Service have criticised CSAR (Chat Control) and the European Parliament has voted against it, effectively killing it.
Trump 1.0 should've been enough, but instead European leaders were just too thankful for a Biden back-to-normal scenario that they basically took no action allowing the US to further extend its dominance.
Better late than never. Incidentally, trying to build EU tech independence should produce job making industries, so can become a populist move also
"According to the investigation, which covered the period from 2012 to 2014, the NSA used Danish information cables to spy on senior officials in Sweden, Norway, France and Germany, including former German Foreign Minister Frank-Walter Steinmeier and former German opposition leader Peer Steinbrück."
https://www.reuters.com/world/europe/us-security-agency-spie...
We're already seeing that in a few cases but it just stands to get worse if this carries on.
Yes, I understand that it would be imperfect since inevitably not all servers would support it thus forcing additional understanding and decisions on the end user. No, I don't care that a user other than myself might leak my messages in plaintext. Perfectionism in this regard only serves to further shoot us in the foot. Yes, I understand that key distribution is a difficult problem but then that's the case no matter the protocol. Other protocols have solutions that work reasonably well at this point.
There's no justification for the current status quo.
Alternatively I'd be fine using matrix for all my PII related needs (healthcare, government, subscription services, etc, etc) but somehow I don't see that happening any time soon.
And then you'd still need to worry about digital sovereignity for the keys.
And if those keys are stored by a company subject to US jurisdiction, we're back to the same problem.
Otherwise, a public servant could do sketchy stuff behind the public's back with no paper trace.
What you don't want is hostile foreign capitalists leaking your data to their local authoritarians. They are not your public and shouldn't have the data in the first place.
But recently, after Trump, I have never seen anti American sentiment this bad. It is the first time.
Actually, it is natural. In my view, Trump's policies look very similar to the Indian caste system, and I think they are a serious regression for democracy. More than that, he is destroying all the international trust that the US has built up. In Korea, people used to think of the US as a 'just' country, but these days, people are cautiously mentioning US wrongdoing more often. Especially after the tariffs and the Iran war. I myself am now unemployed because my factory expansion was canceled due to the Iran war.
My country has a natural talent for impeaching presidents, but unfortunately, Americans do not seem to have that talent. What a pity.
Bad is subjective?
https://kbthink.com/news-list/view.html?newsId=2026011611543...
Given their behaviour, some might see anti-americanism as justified or even good.