167
Microsoft says U.S. law takes precedence over Canadian data sovereignty (www.cyberincontext.ca)
submitted 1 day ago by Scotty@scribe.disroot.org to c/canada@lemmy.ca
22 comments fedilink hide all child comments

Archived link

On June 10, 2025 [...] Microsoft France’s Director of Public and Legal Affairs, Mr. Anton Carniaux [...] was asked if he could guarantee that data from French citizens could not be transmitted to United States authorities without the explicit authorization of French authorities.

Mr. Carniaux said that he could not guarantee this.

In other words, if the United States were to issue a legal request to Microsoft for the data of a French citizen hosted in the EU, Microsoft would comply regardless of French or EU law.

[...]

This removes France, Canada, and all other country’s autonomy and sovereignty to control the data it uses in their respective countrys according to their practices and laws.

[...]

Microsoft’s statement means that if they receive a valid legal request from the United States government for data on a Canadian, residing on a Microsoft server in Canada, Microsoft will respond to the request without receiving permission from Canadian authorities.

[...]

United States-based tech companies, such as Microsoft, Amazon, and Google, and their products play a role in nearly every aspect of our daily lives, whether through software, hardware, Internet hosting, or other means

[...]

Previously, Canada and others have adopted data residency requirements, which requires certain data to be hosted in Canada. There was a believe that this was enough to protect Canada’s sovereignty and our people, but with the United States Cloud Act and an adversarial United States administration, the conditions have changed. Despite these efforts, there have always been concerns that Microsoft and others would ignore data residency. Microsoft has now confirmed that it does not care about data residency or other country’s sovereignty.

[...]

Does this affect the Federal Government and Military?

Yes.

It appears that it does not matter if the target is an individual, organization, or government. As long as the legal request is considered valid in the United States, the target or location of the data does not matter. As an example, the Department of National Defence and Canadian Armed Forces make significant use of Microsoft 365. They have their own defence-tailored instance called Defence 365, which serves as a common cloud infrastructure for collaboration across DND/CAF, with stakeholders and other government departments. In theory, any data on or using Microsoft or a US-based organization’s products and infrastructure which is not isolated from the Internet could be subponeaed by the United States government.

[...]

The current United States administration has shown to base a significant amount of its foreign and economic policy on dubious or false pretenses with little basis in rational, informed evidence or reality. As a result, we cannot expect that all legal requests received by Microsoft or other tech giants will be evidence-based or rational. Thus, this revelation represents a significant risk to the Government of Canada and its military.

[...]

Can Canada and Others Say No?

In theory, yes. But there are a few problems with this.

Canada could say no, but if the information is hosted on Microsoft servers then Microsoft would be able to retrieve this information without the Canadian government knowing. So the user and government will not know unless the United States government or Microsoft informs them. Even in such a case where the user or Canadian government/authorities were informed, it would more or less be, “This is happening and there’s nothing you can do. Your issue is with the United States government, not us.”

In more controlled, secure data environments, it would be more difficult for Microsoft to retrieve this data without some indication informing the user. However, the only likely way to avoid the risk of US legal requests superceding Canadian or other international law is to not use the products of US-based organizations or to keep them disconnected entirely from the Internet.

[...]

This admission from Microsoft France has reaffirmed the importance of data sovereignty and renews concerns about Canada’s ability to trust Microsoft or other non-Canadian companies to provide reliable and secure cloud services. This is likely to add to the growing calls for Canada to develop a sovereign cloud capability, reducing its reliance on major cloud hosts, the majority of which are US-based.

[...]

top 22 comments
sorted by: hot top controversial new old
[-] RalphWolf@lemmy.ca 4 points 18 hours ago

Clearly, Microsoft, Amazon, Google and others will all comply.

We're screwed.

[-] k0e3@lemmy.ca 4 points 20 hours ago

Furthermore, they'll only adhere to said US laws only when it benefits them.

[-] quick_snail@feddit.nl 7 points 1 day ago

So...what's the best AWS/Azure alternative in Canada?

[-] phx@lemmy.ca 3 points 11 hours ago

And that's the rub. It's been something warned repeatedly by the security depts of all sorts of corps rushing to "the cloud" (and adopting AI) but has received a deaf ear.

"Do more and save money ... on somebody else's infrastructure". I'm the end, I'm a bit suspect of the saving money but as well, and the "well it's a CANADIAN/EUROPEAN datacenter" means jack shit in the face of the US Gov't and Corps

[-] quick_snail@feddit.nl 1 points 7 hours ago

It doesn't mean Jack shit if the cloud provider is a company that is based in Canada.

[-] obvs@lemmy.world 40 points 1 day ago

This is why I switched away from US-based tech companies.

[-] Jack_Burton@lemmy.ca 21 points 1 day ago

I just made the switch to Linux on my work PC last week. I do freelance audio work and Linux is significantly lacking when it comes to audio compared to Windows. DAWs aren't as robust, plugins are severely lacking (can't get any Windows ones to really work with wine) and though I've got things mostly figured out now, I'd say anything I do is 3 or 4 clicks to every 1 on Windows. This week has been constant maintenace, and everything takes more work. That said, fuck Microsoft.

[-] Daryl@lemmy.ca 16 points 1 day ago

The reason why things work so much better in Windows is that Microsoft has always had a policy of 'buy and kill'. If any developer working in Linux developed a 'better system', Microsoft bought out either the company or the patent and then killed the product.

[-] Jack_Burton@lemmy.ca 6 points 1 day ago

Yep, we're seeing the end game of allowing monopolies to take over. It's been a long, difficult road but my PC was the last bit I needed to say I am officially not using any product from a company who's CEO was at Trump's inauguration. PC and 2 laptops (Linux), current phone as well as 2 old ones (graphene os, calyx, and lineage), email, messaging, drive, social, no amazon, etc.

[-] Reannlegge@lemmy.ca 2 points 1 day ago

I personally wish I could get away from Apple but that would take a lot of work and training my Grandmother on how to talk to me. Photos are my only real hold back from ditching iCloud everything else has been moved to another Canadian host. I just need to find a Mac that I can use to move my photos to as it seems to be hard to move them via my iPad or iPhone.

[-] Jack_Burton@lemmy.ca 3 points 1 day ago

If it helps, I had a Google Home hub and bought one for my mum to talk. She has an old laptop as well so I just got her to download Signal and now we video call over that instead. Was pretty painless actually. If you both have Macs you can get something else and use Signal with Signal on her Mac so you can change without much hassle to her.

For photos, I've heard good things about immich and ente.io, both are FOSS.

[-] Reannlegge@lemmy.ca 1 points 1 day ago

Most of my family uses iPads and/or iPhones, as much as I would love to try and do something FOSS for video calling. I had degoogled my LAN minus youtube prior to January, after January I stopped paying for YouTube by using Unwatched.

I have a Nextcloud instance hosted by a Canadian host, that is were my calendars, contacts, and files are hosted. I have been trying to actually get around to moving my photos as well.

[-] rarsamx@lemmy.ca 28 points 1 day ago* (last edited 1 day ago)

Wow. I used to be a lead Enterprise architect for a large corporation. We had some clients who explicitly required, by contract, that the data should be hosted in Canada and only accessed by people in Canada. This included the department of National defense.

Microsoft complied by hosting instances in Canada and we went through hoops to ensure data remained in Canada.

This seems to uppend the game. However, all this information should already be encrypted. Whenever it isn't, I'm sure corporations are scrambling to fully encrypt (or de-host) data.

I mean, data (at rest and in transit) encryption has been available for other risk vectors. This seems to be no different. If Microsoft/Amazon/Oracle, etc had a backdoor to unencrypt the data, it would create a higher backslash.

For individual users, I don't think 99% of them care where their data is hosted.

[-] quick_snail@feddit.nl 3 points 1 day ago

The data encrypted in the data center usually has the keys stored with the data.

It's only to protect the data when they throw away the disks. It doesn't do what you think it does.

[-] rarsamx@lemmy.ca 2 points 1 day ago

"Usually"

Sure.

But there are custoner managed keys which do exactly what I think it does.

[-] quick_snail@feddit.nl 1 points 1 day ago

Where are those keys stored?

[-] vinceman 12 points 1 day ago

For individual users, I don’t think 99% of them care where their data is hosted.

I honestly think 6 months ago that number was 99% for sure, but I honestly think there's more people who would get upset because of the US aspect of this, especially depending on the presentation of it.

[-] dubyakay@lemmy.ca 3 points 1 day ago

I work in fintech (payments industry) and we specifically have servers in the US AWS clusters for American clients, and in Canada for RoW. Canada is supposedly a safe-harbor for data with partnering countries, unlike the US.

But knowing this what MS says, I somehow doubt Amazon has a different stance.

[-] sixpaque@lemmy.ca 4 points 1 day ago

The proof is in what you say goes back a few years, when the United States Government issued a legal request to Blackberry cellphones to divulge client information, and they said 'flat out ... no.' Today they are no longer a cell company. however, Microsoft complied, and you know where they are today. Take that any way you want, but I'm just glad I live in Canada.

[-] quick_snail@feddit.nl 3 points 1 day ago

That just means you shift to the EU market, which had heavily pulled out of MSPs with US comapanies due to the huge risk and fines from GDPR, etc

[-] Reverendender@sh.itjust.works 17 points 1 day ago* (last edited 1 day ago)

Microsoft has been a blight on human society since its inception, and needs to go.

[-] InEnduringGrowStrong@sh.itjust.works 10 points 1 day ago

Well yea, this was always dumb as fuck.

this post was submitted on 23 Aug 2025
167 points (100.0% liked)

Canada

10338 readers
865 users here now

What's going on Canada?

Related Communities

🍁 Meta

🗺️ Provinces / Territories

🏙️ Cities / Local Communities

Sorted alphabetically by city name.

🏒 SportsHockey

Football (NFL): incomplete

Football (CFL): incomplete

Baseball

Basketball

Soccer

💻 Schools / Universities

Sorted by province, then by total full-time enrolment.

💵 Finance, Shopping, Sales

🗣️ Politics

🍁 Social / Culture

Rules

  1. Keep the original title when submitting an article. You can put your own commentary in the body of the post or in the comment section.

Reminder that the rules for lemmy.ca also apply here. See the sidebar on the homepage: lemmy.ca

founded 4 years ago
MODERATORS
otter@lemmy.ca
mp3@lemmy.ca
otter@piefed.ca
mp3@piefed.ca