Computer scientists: Germany falls into the data trap in the Microsoft cloud

With the preference of some federal states and the German government for Microsoft cloud services, "increasingly sensitive citizen data is also migrating into the care of the tech company", warn the Presidential Working Group on Digital Sovereignty and the Data Protection and IT Security Working Group of the German Informatics Society (GI). They see "unacceptable risks for Germany's digital independence" and the protection of citizens' and companies' data: "The worrying dependence on Microsoft is not only being cemented, but further expanded."

One trigger for the GI's alarm: according to a c't survey, at least six federal states including Bavaria, Lower Saxony and North Rhine-Westphalia want to introduce the Teams video conferencing system or the complete Microsoft 365 cloud office package in their administration. Federal Chancellor Olaf Scholz (SPD) also recently backed the Delos cloud project from SAP, Arvato and Microsoft, which, however, advertises more "sovereignty" than pure US solutions. Such efforts lead the GI to fear that "Germany could soon be trapped in the golden Microsoft cage".

MI6 chief speaks of "data trap"

The GI quotes an interview with British intelligence chief Richard Moore from MI6 from 2021. The espionage expert spoke of a "data trap": "If you allow another country to get access to really critical data about your society, that will erode your sovereignty over time." According to the IT experts, the data trap will close in Germany if the plans of some federal states to migrate to the Microsoft cloud are realized.

This has to do with the Cloud Act, the authors explain. It authorizes US authorities to "legitimately access data held in data centers of US service providers outside the USA". The providers are obliged to maintain confidentiality. In a 2019 study mentioned by the authors, auditors referred to the resulting "pain points for the federal administration". Digital monopolies could brutally increase their prices, it continues. A further explosion is to be expected in the administration. The federal government has increased spending on software licenses from around 771 million euros in 2022 to over 1.2 billion euros in 2023 alone. A large chunk of this will go to Microsoft.

Doubts about security and legal compliance

The GI is pessimistic about serious security incidents in Microsoft's Azure cloud. There are also doubts about the legal compliance of awarding contracts of this size without a prior EU-wide tender. Alternative solutions are sufficiently well known and would be preferable for reasons of data protection, IT security and costs. Schleswig-Holstein is leading the way with its open source approach. "Germany's future must not depend on the arbitrariness of large foreign corporations," emphasize the computer scientists. It is crucial "that we can shape our digital future independently, self-determinedly and securely". The German government must finally implement its guiding principle of strengthening digital sovereignty. The federal states also have a special responsibility here.

(mma)