On June 10, 2025 […] Microsoft France’s Director of Public and Legal Affairs, Mr. Anton Carniaux […] was asked if he could guarantee that data from French citizens could not be transmitted to United States authorities without the explicit authorization of French authorities.
Mr. Carniaux said that he could not guarantee this.
In other words, if the United States were to issue a legal request to Microsoft for the data of a French citizen hosted in the EU, Microsoft would comply regardless of French or EU law.
[…]
This removes France, Canada, and all other country’s autonomy and sovereignty to control the data it uses in their respective countrys according to their practices and laws.
[…]
Microsoft’s statement means that if they receive a valid legal request from the United States government for data on a Canadian, residing on a Microsoft server in Canada, Microsoft will respond to the request without receiving permission from Canadian authorities.
[…]
United States-based tech companies, such as Microsoft, Amazon, and Google, and their products play a role in nearly every aspect of our daily lives, whether through software, hardware, Internet hosting, or other means
[…]
Previously, Canada and others have adopted data residency requirements, which requires certain data to be hosted in Canada. There was a believe that this was enough to protect Canada’s sovereignty and our people, but with the United States Cloud Act and an adversarial United States administration, the conditions have changed. Despite these efforts, there have always been concerns that Microsoft and others would ignore data residency. Microsoft has now confirmed that it does not care about data residency or other country’s sovereignty.
[…]
Does this affect the Federal Government and Military?
Yes.
It appears that it does not matter if the target is an individual, organization, or government. As long as the legal request is considered valid in the United States, the target or location of the data does not matter. As an example, the Department of National Defence and Canadian Armed Forces make significant use of Microsoft 365. They have their own defence-tailored instance called Defence 365, which serves as a common cloud infrastructure for collaboration across DND/CAF, with stakeholders and other government departments. In theory, any data on or using Microsoft or a US-based organization’s products and infrastructure which is not isolated from the Internet could be subponeaed by the United States government.
[…]
The current United States administration has shown to base a significant amount of its foreign and economic policy on dubious or false pretenses with little basis in rational, informed evidence or reality. As a result, we cannot expect that all legal requests received by Microsoft or other tech giants will be evidence-based or rational. Thus, this revelation represents a significant risk to the Government of Canada and its military.
[…]
Can Canada and Others Say No?
In theory, yes. But there are a few problems with this.
Canada could say no, but if the information is hosted on Microsoft servers then Microsoft would be able to retrieve this information without the Canadian government knowing. So the user and government will not know unless the United States government or Microsoft informs them. Even in such a case where the user or Canadian government/authorities were informed, it would more or less be, “This is happening and there’s nothing you can do. Your issue is with the United States government, not us.”
In more controlled, secure data environments, it would be more difficult for Microsoft to retrieve this data without some indication informing the user. However, the only likely way to avoid the risk of US legal requests superceding Canadian or other international law is to not use the products of US-based organizations or to keep them disconnected entirely from the Internet.
[…]
This admission from Microsoft France has reaffirmed the importance of data sovereignty and renews concerns about Canada’s ability to trust Microsoft or other non-Canadian companies to provide reliable and secure cloud services. This is likely to add to the growing calls for Canada to develop a sovereign cloud capability, reducing its reliance on major cloud hosts, the majority of which are US-based.
[…]
So…what’s the best AWS/Azure alternative in Canada?
The proof is in what you say goes back a few years, when the United States Government issued a legal request to Blackberry cellphones to divulge client information, and they said ‘flat out … no.’ Today they are no longer a cell company. however, Microsoft complied, and you know where they are today. Take that any way you want, but I’m just glad I live in Canada.
That just means you shift to the EU market, which had heavily pulled out of MSPs with US comapanies due to the huge risk and fines from GDPR, etc
Wow. I used to be a lead Enterprise architect for a large corporation. We had some clients who explicitly required, by contract, that the data should be hosted in Canada and only accessed by people in Canada. This included the department of National defense.
Microsoft complied by hosting instances in Canada and we went through hoops to ensure data remained in Canada.
This seems to uppend the game. However, all this information should already be encrypted. Whenever it isn’t, I’m sure corporations are scrambling to fully encrypt (or de-host) data.
I mean, data (at rest and in transit) encryption has been available for other risk vectors. This seems to be no different. If Microsoft/Amazon/Oracle, etc had a backdoor to unencrypt the data, it would create a higher backslash.
For individual users, I don’t think 99% of them care where their data is hosted.
The data encrypted in the data center usually has the keys stored with the data.
It’s only to protect the data when they throw away the disks. It doesn’t do what you think it does.
“Usually”
Sure.
But there are custoner managed keys which do exactly what I think it does.
Where are those keys stored?
I work in fintech (payments industry) and we specifically have servers in the US AWS clusters for American clients, and in Canada for RoW. Canada is supposedly a safe-harbor for data with partnering countries, unlike the US.
But knowing this what MS says, I somehow doubt Amazon has a different stance.
For individual users, I don’t think 99% of them care where their data is hosted.
I honestly think 6 months ago that number was 99% for sure, but I honestly think there’s more people who would get upset because of the US aspect of this, especially depending on the presentation of it.
This is why I switched away from US-based tech companies.
I just made the switch to Linux on my work PC last week. I do freelance audio work and Linux is significantly lacking when it comes to audio compared to Windows. DAWs aren’t as robust, plugins are severely lacking (can’t get any Windows ones to really work with wine) and though I’ve got things mostly figured out now, I’d say anything I do is 3 or 4 clicks to every 1 on Windows. This week has been constant maintenace, and everything takes more work. That said, fuck Microsoft.
The reason why things work so much better in Windows is that Microsoft has always had a policy of ‘buy and kill’. If any developer working in Linux developed a ‘better system’, Microsoft bought out either the company or the patent and then killed the product.
Yep, we’re seeing the end game of allowing monopolies to take over. It’s been a long, difficult road but my PC was the last bit I needed to say I am officially not using any product from a company who’s CEO was at Trump’s inauguration. PC and 2 laptops (Linux), current phone as well as 2 old ones (graphene os, calyx, and lineage), email, messaging, drive, social, no amazon, etc.
I personally wish I could get away from Apple but that would take a lot of work and training my Grandmother on how to talk to me. Photos are my only real hold back from ditching iCloud everything else has been moved to another Canadian host. I just need to find a Mac that I can use to move my photos to as it seems to be hard to move them via my iPad or iPhone.
If it helps, I had a Google Home hub and bought one for my mum to talk. She has an old laptop as well so I just got her to download Signal and now we video call over that instead. Was pretty painless actually. If you both have Macs you can get something else and use Signal with Signal on her Mac so you can change without much hassle to her.
For photos, I’ve heard good things about immich and ente.io, both are FOSS.
Most of my family uses iPads and/or iPhones, as much as I would love to try and do something FOSS for video calling. I had degoogled my LAN minus youtube prior to January, after January I stopped paying for YouTube by using Unwatched.
I have a Nextcloud instance hosted by a Canadian host, that is were my calendars, contacts, and files are hosted. I have been trying to actually get around to moving my photos as well.
Time to take a page from our Nordic friends and switch to linux and open source. FUCK M$
These governments would presumably need this software for a lot of the same uses and could even pool their resources to to improve it for all were it open source.
Imagine if our government demonstrated the competence to plan a long term program for Canadian open source digital infrastructure. Then staff and execute it instead of paying fat margins to some faceless corpo to get one service or another.
I’d sign up to work on such a program.
Microsoft has been a blight on human society since its inception, and needs to go.
Well yea, this was always dumb as fuck.
