Opinion: Microsoft's gift of billions is a Trojan horse for Europe

Contents

"More cyber security, data protection and digital sovereignty for Europe – and all free of charge": Brad Smith, Vice Chair and President of Microsoft, promised nothing less than this last week. And they are all valid, correct and important points that he mentions in his company's promises.

An opinion by Dennis-Kenji Kipker

Dennis-Kenji Kipker is the Scientific Director of the cyberintelligence.institute in Frankfurt am Main and a Professor of IT Security Law.

In times of geopolitical volatility, Europe needs more digital resilience than ever before, and data protection must also be taken seriously in the transatlantic relationship. It also makes sense for one of the largest cloud hyperscalers to actively support us in the European Union (EU) in storing and processing our data securely.

At this point at the latest, however, you might think you have misheard the Redmond-based company's monopoly position: Why should the EU listen to a company that to this day uses anti-competitive licensing and bundling practices to bind European users to it when making decisions about its digital sovereignty? Against this backdrop, the latest announcements by the US company seem not only strange, but even presumptuous.

Gag contracts instead of open competition

And that's not all: in the last point of his latest assurances, Smith argues that Microsoft wants to strengthen Europe's economic competitiveness. When a US company pursues European economic policy in this way, alarm bells should ring. After all, Microsoft as a company stands neither for open competition nor for original European technological sovereignty, but rather for dependency and the eradication of fair competition – and has been doing so systematically for decades.

And if Microsoft is now announcing billions in investments to implement an alleged sovereignty program here in the EU, it is ultimately no more a gift than the Trojan horse. This was initially offered as a splendid thank-offering, but in the end only brought about the downfall of the besieged city of Troy.

No concrete and reliable assurances

Reason enough, therefore, to be more than just critical of the very idea of a European charm offensive. But the form of the concrete presentation also makes you sit up and take notice: How could a blog post by a Microsoft company representative be able to provide the necessary legal protection against a US president who is acting more and more erratically and to his own advantage? Concrete and legally reliable assurances over a precisely defined period of time are not associated with this.

If Smith also refers to the "EU data border" as an essential protection mechanism of Microsoft's data policy, it should be clear that the fine-sounding assurances are built on sand. After detailed analysis, this very data limit is little more than window dressing. One might actually assume that the cloud customer decides when his own border is opened and when it is not – but the exact opposite is the case.

Swiss cheese

The other promises also sound more like a marketing coup, despite the announced billion-euro investment: only the US company itself knows what the specific benefits are of storing the source code of Microsoft applications as an emergency copy in Switzerland. Without the developers and capacities behind it, a static source code copy is of little use if it is not actively and regularly adapted to current threats and identified security vulnerabilities. The same problem arose last year for the partially sovereign Delos Cloud and was therefore heavily criticized by IT security experts.

But that's not all: what Microsoft cleverly leaves out of its alleged European sovereignty promise is the continuing threat to EU data sovereignty posed by US surveillance legislation such as the Patriot Act and the CLOUD Act. These allow US intelligence services and security authorities extensive powers of access to sensitive data – regardless of where it is stored. In the face of this acute threat to cyber security and the protection of European data, wisely concealing this fact is not only negligent, but also deliberately misleading customers.

Too good to be true

In conclusion, Microsoft's new "digital commitments" are nothing more than a forced diversionary maneuver by the PR department of a major international corporation. Even in times of increasingly uncertain transatlantic relations, Microsoft is keen to further expand its market dominance with largely empty promises regardless of losses. Apart from the company itself, no one will really benefit from this.

The already precarious situation on the EU cloud market is only likely to get worse if the gift is accepted, with European start-ups and competitors being deliberately forced out of the market and customers being gagged with increasingly restrictive license conditions and a lack of cost control. If an offer sounds too good to be true, then it usually is.

(wpl)