The fact that government agencies, particularly those that deal with international concerns like these are using non sovereign tech for communications is mind-blowing. They might as well use public gmail.. atleast it would be cheaper. If you want it not exposed directly, host it yourself and take measures to secure it for intended eyes only. This should be common sense.
It's mind blowing that government bureaucrats would be permitted to use commercial providers for official business at all. The provider being foreign is merely the cherry on top.
I was going to ask why something like mail.gov.nl doesn't exist but it turns out [0] (edit: wikipedia is full of lies) that they don't have a reserved second level domain for official government services to use? Is this really one of the countries pushing digital IDs?
As far as I can tell .gov.nl is only used for pages aimed at i.e. expats and businesses. Most services dutch people use simply have a .nl page like the digital id or filing taxes.
I don't think Americans understand what US used to mean for the rest of the world.
America was supposed to be the next step of humanity, a new land stripped from the ills of the old world where you invest or you go to build things, where your past or identity wasn't the primary concern but your dreams your abilities were. It wasn't nationalistic place, it was open to all and pretty much it was the group work of humanity. When aliens arrive, they arrived to US and even if not, they certainly wanted to speak to the US president as the leader of humanity.
Unlike Europe it wasn't stuck into petty identity conflicts, unlike Russia or China it was governed by the law and the law would protect you from the sneaky politicians. Unlike Europe, US companies were fair businesses that could protect you the customer from bad things even if America developed European or Asian habits.
Why wouldn't you use anything from America? Americans don't understand how transactional they are becoming and that from now on they will need to perform. Like the Tesla boycott, suddenly Tesla had to price their vehicles to match the functionality they provide in order to be able to sell cars again.
Currently the US tech tools are better as they were refined for decades with huge resources and user bases, so it is hard to switch away and at this time it's the perception of risk and US no longer being cool are what pushes for the transition but if EU is lucky Trump will invade Greenland and will make people take the inconvenient path and US tech industry will compact into 350M US market. Europeans will have a few years of sub-par tech and then will have good sovereign tech.
All throughout my adult life the US (for all its apparent faults) was to me a shining example of progress and humanity. It was the best large scale implementation of human rights, laws, and democracy. Sure it was far from perfect but “as good as it gets, for now”
Became very disillusioned with that image of the US in the last couple of years.
Maybe it’s always been like that - but the recent cronyism, the blatant openly displayed corruption and complete disregard for all the values it used to champion really destroyed the good image I had of the US.
In years to come they will realise what this loss of image (or “aura” as the kids would say) really means in a very practical and blunt sense.
Yes, US was also the guide star when it comes to dilemmas. When not sure, check out what Americans do and they will probably have it figured it out without the bias that we may have due to historical reasons.
I firmly believe that the dominant feeling towards US today isn't anger or hate, its heartbreak and disappointment.
Ah, come on, now that those government agencies and their employees are using "non-sovereign tech" (ie. chatgpt/claude/gemini) for thinking, the emails are basically not a concern at all.
This is ignoring that AI also, of course, lets spying agencies move from having every email ever sent in most countries to actually reacting to every email ever sent in most countries. They can move from helping Boeing make foreign airline companies ignore door closing issues to influencing every last restaurant's drinks buying decision individually.
I mean, I doubt they're there yet, but that's what they'll want to do.
With DigiID, as with this, I never understood why countries give critical infrastructure contracts away from the country it directly impacts, provided they have a mature tech ecosystem. I thought the whole point was that it was critical?
Not exactly free as in free beer but Collabora, and their 'Collabora Online' suite fits your description. It's effectively online hosted libre office with a few extras.
Perhaps it originated from there. But EU Chat Control is brought up again and again and again for a vote. They'll continue until some version of it is passed. And then they'll go further with the next privacy infringing regulation to be building on top of it. It is really disheartening for privacy activists, but that is probably the strategy. Wear people out, and push the regulation through when resistance wanes. Note that the Netherlands is on the side of protecting privacy at this point in time. I think it does a great deal to erode trust of EU citizens in the European Union, in a time when that trust is perhaps more important than ever before. For information see: https://fightchatcontrol.eu
You mean these specific Danish EU civil servants were the ones pushing chat control? Or are we actually talking about completely different people? Not every European is the same person.
In Europe, we dissociate public servants from elected officials. Dutch officials, receiving a lot of money from US-based NGO/foundation, push for chat control and other US interests. Dutch public servants obey official in matters of laws, but can lobby for the tools they use.
We've known this since the Snowden leaks 13 years ago. In a couple of years there will probably be a president in the US that will be more palatable for the european political class and we'll all be able to go back to pretending this doesn't happen.
After all the EU is too compromised energetically, militarily, industrially, burocratically and democratically to ever achieve independence. Talking about digital sovereignty as we ban construction of new datacenter is just too cute. This is all just political theater as we peacefully sunset into a museum continent.
Downvotes for stating a reasonable, and probably correct argument.
Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world.
The UK is a bit of an exception in being aware of it and actually talking about it. That is about it.
"Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world."
Well, Russia is trying to do something about and I think we can all agree that there are wrong ways to go about it. Simply being incompetent, like the EU, is not the worst possible scenario.
Btw, say what you will about Russia, but it's light years ahead of the EU in digital sovereignty. One of the reasons it did not crumble under sanctions.
The EU should fine such intentional violations with a billion euros per violation. That would stop this immediately and force cloud providers to split off their European side into separate companies that don't fall under US law.
And it's not "The EU", but really one EU commissioner. Many organs of the EU including the EU Legal Service have criticised CSAR (Chat Control) and the European Parliament has voted against it, effectively killing it.
Not the US but the Dutch state is the problem here.
The powers that be know that US espionage is not only limited to some emails and also entails sophisticated industrial espionage and never cared.
Now "suddenly" they want to do something about it.
This is Not about Dutch interests / sovereignty - we need to find out what it really is about.
One understated outcome of Trump 2.0 is waking up some sections of the European intelligentsia to the risk of dependency on the United States.
Trump 1.0 should've been enough, but instead European leaders were just too thankful for a Biden back-to-normal scenario that they basically took no action allowing the US to further extend its dominance.
Better late than never. Incidentally, trying to build EU tech independence should produce job making industries, so can become a populist move also
Does it matter who is president? The US was spying on European leaders before Trump's first term:
"According to the investigation, which covered the period from 2012 to 2014, the NSA used Danish information cables to spy on senior officials in Sweden, Norway, France and Germany, including former German Foreign Minister Frank-Walter Steinmeier and former German opposition leader Peer Steinbrück."
Trump was elected. Twice. It was not a fluke, not a once in a lifetime event, he's a symptom of wider processes happening in the US. The world has changed and the old order is not coming back
Trump is one thing but the overall dynamic of similar politicians gaining footholds across the world is what worries me. If everyone is X nation first in the same way, you lose the ability to negotiate with compromises, people want to start expanding their borders and that just escalates into war.
We're already seeing that in a few cases but it just stands to get worse if this carries on.
Half the countries in Europe has their own Trump-equivalent politician heading one of the largest parties, and yet Europeans are imagining it's something happening "in the US" while they sleepwalk into disaster.
It seems similar conversations are happening in Europe as well. Originally, Korea is a country where the 'pro US faction' (the faction that believes Korea should be subordinate to the US) is very strong by default. The US had a very strong influence on the establishment of the Korean government, and if you look back at Korea's history, it has always been about finding a country to serve. It feels like siding with the strongest power. In fact, the pro US faction is very strong, but there has also been a strong flow of security, bureaucratic, and economic elites who have justified dependence on the US as a national survival strategy.
But recently, after Trump, I have never seen anti American sentiment this bad. It is the first time.
Actually, it is natural. In my view, Trump's policies look very similar to the Indian caste system, and I think they are a serious regression for democracy. More than that, he is destroying all the international trust that the US has built up. In Korea, people used to think of the US as a 'just' country, but these days, people are cautiously mentioning US wrongdoing more often. Especially after the tariffs and the Iran war. I myself am now unemployed because my factory expansion was canceled due to the Iran war.
My country has a natural talent for impeaching presidents, but unfortunately, Americans do not seem to have that talent. What a pity.
Can you run an empire democratically? Imagine if the US president instead of being a dictator had to actually spend EVERY SINGLE DAY convincing Congress members.
This is entirely the wrong lesson to take from this. Why are we still using a plaintext protocol in this day and age? Why can we not get an E2EE addition to the email protocol with full backwards compatibility?
Yes, I understand that it would be imperfect since inevitably not all servers would support it thus forcing additional understanding and decisions on the end user. No, I don't care that a user other than myself might leak my messages in plaintext. Perfectionism in this regard only serves to further shoot us in the foot. Yes, I understand that key distribution is a difficult problem but then that's the case no matter the protocol. Other protocols have solutions that work reasonably well at this point.
There's no justification for the current status quo.
Alternatively I'd be fine using matrix for all my PII related needs (healthcare, government, subscription services, etc, etc) but somehow I don't see that happening any time soon.
For large organization data the keys would need to be stored within the organization, not with one particular user as in the case of your personal PII needs.
And then you'd still need to worry about digital sovereignity for the keys.
Getting from here to there is going to be tough, but I agree 100%. Not only should email be E2EE, but it should include a certificate scheme such that you know the person purporting to be the sender is actually the sender.
Given that the cryptography would necessarily be asymmetric verifying the sender on a TOFU basis seems like a trivial addition (just sign something). I doubt you can do better than TOFU though unless you tie it to an external ID system (corporate or government or etc issued hardware tokens or similar).
For a public institution you want some sort of accountability / auditing mechanism, so you can't just do E2EE encryption between users.
Otherwise, a public servant could do sketchy stuff behind the public's back with no paper trace.
What you don't want is hostile foreign capitalists leaking your data to their local authoritarians. They are not your public and shouldn't have the data in the first place.
US companies cannot comply with the GDPR because of the CLOUD Act. The two frameworks are fundamentally in conflict with each other and it seems to me that everybody in the EU knows about it, yet this is somehow swept under the carpet and ignored even by government authorities. I've always wondered why this is so and how these kind of dependencies could be allowed in the first place. It's even worse for AI use than it is for productivity suits and email.
The fact that government agencies, particularly those that deal with international concerns like these are using non sovereign tech for communications is mind-blowing. They might as well use public gmail.. atleast it would be cheaper. If you want it not exposed directly, host it yourself and take measures to secure it for intended eyes only. This should be common sense.
It's mind blowing that government bureaucrats would be permitted to use commercial providers for official business at all. The provider being foreign is merely the cherry on top.
I was going to ask why something like mail.gov.nl doesn't exist but it turns out [0] (edit: wikipedia is full of lies) that they don't have a reserved second level domain for official government services to use? Is this really one of the countries pushing digital IDs?
> Official second-level domains do not exist.
[0] https://en.wikipedia.org/wiki/.nl
That's the most common approach globally. Like most countries, the Dutch Government use .gov.nl.
It exists, but the vast majority of government services dont use it (i.e. taxes are just done through belastingdienst.nl).
Ah. Just a blatant inaccuracy on wikipedia I take it. That does make a bit more sense.
Yep. gov.nl is in the PSL[1] and there are plenty of used subdomains (e.g. https://business.gov.nl/)
[1] https://publicsuffix.org/list/public_suffix_list.dat
As far as I can tell .gov.nl is only used for pages aimed at i.e. expats and businesses. Most services dutch people use simply have a .nl page like the digital id or filing taxes.
I don't think Americans understand what US used to mean for the rest of the world.
America was supposed to be the next step of humanity, a new land stripped from the ills of the old world where you invest or you go to build things, where your past or identity wasn't the primary concern but your dreams your abilities were. It wasn't nationalistic place, it was open to all and pretty much it was the group work of humanity. When aliens arrive, they arrived to US and even if not, they certainly wanted to speak to the US president as the leader of humanity.
Unlike Europe it wasn't stuck into petty identity conflicts, unlike Russia or China it was governed by the law and the law would protect you from the sneaky politicians. Unlike Europe, US companies were fair businesses that could protect you the customer from bad things even if America developed European or Asian habits.
Why wouldn't you use anything from America? Americans don't understand how transactional they are becoming and that from now on they will need to perform. Like the Tesla boycott, suddenly Tesla had to price their vehicles to match the functionality they provide in order to be able to sell cars again.
Currently the US tech tools are better as they were refined for decades with huge resources and user bases, so it is hard to switch away and at this time it's the perception of risk and US no longer being cool are what pushes for the transition but if EU is lucky Trump will invade Greenland and will make people take the inconvenient path and US tech industry will compact into 350M US market. Europeans will have a few years of sub-par tech and then will have good sovereign tech.
> America was supposed to be the next step of humanity, a new land stripped from the ills of the old wor
wat
This kind of sums up my sentiment.
All throughout my adult life the US (for all its apparent faults) was to me a shining example of progress and humanity. It was the best large scale implementation of human rights, laws, and democracy. Sure it was far from perfect but “as good as it gets, for now”
Became very disillusioned with that image of the US in the last couple of years. Maybe it’s always been like that - but the recent cronyism, the blatant openly displayed corruption and complete disregard for all the values it used to champion really destroyed the good image I had of the US.
In years to come they will realise what this loss of image (or “aura” as the kids would say) really means in a very practical and blunt sense.
Yes, US was also the guide star when it comes to dilemmas. When not sure, check out what Americans do and they will probably have it figured it out without the bias that we may have due to historical reasons.
I firmly believe that the dominant feeling towards US today isn't anger or hate, its heartbreak and disappointment.
> was to me a shining example of progress and humanity.
Which country was the US bombing to the ground at this period you're reminiscing on?
Ah, come on, now that those government agencies and their employees are using "non-sovereign tech" (ie. chatgpt/claude/gemini) for thinking, the emails are basically not a concern at all.
This is ignoring that AI also, of course, lets spying agencies move from having every email ever sent in most countries to actually reacting to every email ever sent in most countries. They can move from helping Boeing make foreign airline companies ignore door closing issues to influencing every last restaurant's drinks buying decision individually.
I mean, I doubt they're there yet, but that's what they'll want to do.
Disaster, meet Catastrophe.
In the meantime Belgian public sector will use Google Cloud, it seems: https://ittech-pulse.com/news/smals-partners-with-google-clo...
bonkers
With DigiID, as with this, I never understood why countries give critical infrastructure contracts away from the country it directly impacts, provided they have a mature tech ecosystem. I thought the whole point was that it was critical?
Because politicians hate depending on their engineers so much that they are willing to risk high treason charges instead?
Nobody is getting charged for this in any way.
Not yet )
Is anyone building (open source?) G-Suite - I’m honestly tired of paying Google money and I think everyone needs independence.
https://lasuite.numerique.gouv.fr
Not exactly free as in free beer but Collabora, and their 'Collabora Online' suite fits your description. It's effectively online hosted libre office with a few extras.
Something like nextcloud.com? It's appeared on HN a few times. Some European governments and municipalities have switched to it.
Where and how will you host your email service, for example?
Nextcloud+self hosted email
No one made the easy pickings of Facebook clone, Reddit clone or Twitter clone for insane profits. You really think someone will make a gsuite?
The person making project X days are over. The energy and drive is extinguished from humanity. Ambition is all that’s left.
The irony that it is data from civil servants that wan to implement the biggest central digital censorship endeavor in the western hemisphere.
Netherlands has always been pretty firmly against Chat Control (except for one political party, EPP)
Is this about EU Chat Control? Because that was mostly pushed from Denmark no?
Perhaps it originated from there. But EU Chat Control is brought up again and again and again for a vote. They'll continue until some version of it is passed. And then they'll go further with the next privacy infringing regulation to be building on top of it. It is really disheartening for privacy activists, but that is probably the strategy. Wear people out, and push the regulation through when resistance wanes. Note that the Netherlands is on the side of protecting privacy at this point in time. I think it does a great deal to erode trust of EU citizens in the European Union, in a time when that trust is perhaps more important than ever before. For information see: https://fightchatcontrol.eu
Ah, yes. Sure. Proof?
the danish were one of the strongest Chat Control promovers
https://en.wikipedia.org/wiki/Chat_Control
Dutch and Danish are two different nationalities. To be fair they both begin with a D and end with a H so I understand the confusion.
And neither are in the Western hemisphere.
That’s a very generous understanding.
You mean these specific Danish EU civil servants were the ones pushing chat control? Or are we actually talking about completely different people? Not every European is the same person.
But also the U.S. based companies are the biggest lobbyist.
So, completely different country
In Europe, we dissociate public servants from elected officials. Dutch officials, receiving a lot of money from US-based NGO/foundation, push for chat control and other US interests. Dutch public servants obey official in matters of laws, but can lobby for the tools they use.
We've known this since the Snowden leaks 13 years ago. In a couple of years there will probably be a president in the US that will be more palatable for the european political class and we'll all be able to go back to pretending this doesn't happen.
After all the EU is too compromised energetically, militarily, industrially, burocratically and democratically to ever achieve independence. Talking about digital sovereignty as we ban construction of new datacenter is just too cute. This is all just political theater as we peacefully sunset into a museum continent.
Downvotes for stating a reasonable, and probably correct argument.
Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world.
The UK is a bit of an exception in being aware of it and actually talking about it. That is about it.
"Europe's biggest problem (I do not mean just the EU, I mean everyone from the UK to Russia) is that it is in denial about its decline, weakness and irrelevance to the rest of the world."
I disagree on this broad statement.
Well, Russia is trying to do something about and I think we can all agree that there are wrong ways to go about it. Simply being incompetent, like the EU, is not the worst possible scenario.
Btw, say what you will about Russia, but it's light years ahead of the EU in digital sovereignty. One of the reasons it did not crumble under sanctions.
The EU should fine such intentional violations with a billion euros per violation. That would stop this immediately and force cloud providers to split off their European side into separate companies that don't fall under US law.
The EU is trying relentlessly to read our IMs though.
That's a separate problem.
And it's not "The EU", but really one EU commissioner. Many organs of the EU including the EU Legal Service have criticised CSAR (Chat Control) and the European Parliament has voted against it, effectively killing it.
They have been doing it for years? ECHELON isn't exactly new. Also, recent EU and UK actions are not exactly privacy friendly.
Digital sovereignity is not enough. You need to get electronic communications completely off the internet.
You mean off the web... Properly encrypted email can't be read in a browser (unless you give your keys to Gmail etc);
Never thought about it, but makes quite a lot of sense.
Why? e2e encryption and self-hosting exist.
Not the US but the Dutch state is the problem here. The powers that be know that US espionage is not only limited to some emails and also entails sophisticated industrial espionage and never cared. Now "suddenly" they want to do something about it. This is Not about Dutch interests / sovereignty - we need to find out what it really is about.
I was trying to read the article, but those animations kept distracting me.
Use NoScript. Worked like a charm.
One understated outcome of Trump 2.0 is waking up some sections of the European intelligentsia to the risk of dependency on the United States.
Trump 1.0 should've been enough, but instead European leaders were just too thankful for a Biden back-to-normal scenario that they basically took no action allowing the US to further extend its dominance.
Better late than never. Incidentally, trying to build EU tech independence should produce job making industries, so can become a populist move also
Because Trump has 2.5 years left and they may be hoping a Democrat wins
Does it matter who is president? The US was spying on European leaders before Trump's first term:
"According to the investigation, which covered the period from 2012 to 2014, the NSA used Danish information cables to spy on senior officials in Sweden, Norway, France and Germany, including former German Foreign Minister Frank-Walter Steinmeier and former German opposition leader Peer Steinbrück."
https://www.reuters.com/world/europe/us-security-agency-spie...
Trump was elected. Twice. It was not a fluke, not a once in a lifetime event, he's a symptom of wider processes happening in the US. The world has changed and the old order is not coming back
Trump is one thing but the overall dynamic of similar politicians gaining footholds across the world is what worries me. If everyone is X nation first in the same way, you lose the ability to negotiate with compromises, people want to start expanding their borders and that just escalates into war.
We're already seeing that in a few cases but it just stands to get worse if this carries on.
Half the countries in Europe has their own Trump-equivalent politician heading one of the largest parties, and yet Europeans are imagining it's something happening "in the US" while they sleepwalk into disaster.
What's the point of this when The Netherland, among some other EU countries is already all in into eternal Atlanticism.
yes, digital sovereignity of the individual.
It seems similar conversations are happening in Europe as well. Originally, Korea is a country where the 'pro US faction' (the faction that believes Korea should be subordinate to the US) is very strong by default. The US had a very strong influence on the establishment of the Korean government, and if you look back at Korea's history, it has always been about finding a country to serve. It feels like siding with the strongest power. In fact, the pro US faction is very strong, but there has also been a strong flow of security, bureaucratic, and economic elites who have justified dependence on the US as a national survival strategy.
But recently, after Trump, I have never seen anti American sentiment this bad. It is the first time.
Actually, it is natural. In my view, Trump's policies look very similar to the Indian caste system, and I think they are a serious regression for democracy. More than that, he is destroying all the international trust that the US has built up. In Korea, people used to think of the US as a 'just' country, but these days, people are cautiously mentioning US wrongdoing more often. Especially after the tariffs and the Iran war. I myself am now unemployed because my factory expansion was canceled due to the Iran war.
My country has a natural talent for impeaching presidents, but unfortunately, Americans do not seem to have that talent. What a pity.
I have never seen anti American sentiment this bad
Bad is subjective?
I am speaking based on the response criteria of Korea's largest research institution.[1]
https://kbthink.com/news-list/view.html?newsId=2026011611543...
Nah, you misunderstood. He was saying that the label bad for anti-americanism was subjective.
Given their behaviour, some might see anti-americanism as justified or even good.
I didn't know that. Thank you for your kind explanation.
Can you run an empire democratically? Imagine if the US president instead of being a dictator had to actually spend EVERY SINGLE DAY convincing Congress members.
This is entirely the wrong lesson to take from this. Why are we still using a plaintext protocol in this day and age? Why can we not get an E2EE addition to the email protocol with full backwards compatibility?
Yes, I understand that it would be imperfect since inevitably not all servers would support it thus forcing additional understanding and decisions on the end user. No, I don't care that a user other than myself might leak my messages in plaintext. Perfectionism in this regard only serves to further shoot us in the foot. Yes, I understand that key distribution is a difficult problem but then that's the case no matter the protocol. Other protocols have solutions that work reasonably well at this point.
There's no justification for the current status quo.
Alternatively I'd be fine using matrix for all my PII related needs (healthcare, government, subscription services, etc, etc) but somehow I don't see that happening any time soon.
For large organization data the keys would need to be stored within the organization, not with one particular user as in the case of your personal PII needs.
And then you'd still need to worry about digital sovereignity for the keys.
I don't follow. Are you saying that BigCorp would demand key escrow? They already deploy custom email solutions today so I don't see the issue.
I am saying you can't keep the keys just on a stick in the employee's pocket since multiple people need to have access to the data.
And if those keys are stored by a company subject to US jurisdiction, we're back to the same problem.
Getting from here to there is going to be tough, but I agree 100%. Not only should email be E2EE, but it should include a certificate scheme such that you know the person purporting to be the sender is actually the sender.
Given that the cryptography would necessarily be asymmetric verifying the sender on a TOFU basis seems like a trivial addition (just sign something). I doubt you can do better than TOFU though unless you tie it to an external ID system (corporate or government or etc issued hardware tokens or similar).
How about the metadata? Perhaps if you mean something like self-hosted Matrix, then I agree.
For a public institution you want some sort of accountability / auditing mechanism, so you can't just do E2EE encryption between users.
Otherwise, a public servant could do sketchy stuff behind the public's back with no paper trace.
What you don't want is hostile foreign capitalists leaking your data to their local authoritarians. They are not your public and shouldn't have the data in the first place.
US companies cannot comply with the GDPR because of the CLOUD Act. The two frameworks are fundamentally in conflict with each other and it seems to me that everybody in the EU knows about it, yet this is somehow swept under the carpet and ignored even by government authorities. I've always wondered why this is so and how these kind of dependencies could be allowed in the first place. It's even worse for AI use than it is for productivity suits and email.
Roll on Schrems III.