TZUTC: -0500   
   MSGID: 1763.consprcy@1:2320/105 2d943c00   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Swiss government urges people to ditch Microsoft 365 and others due to lack    
   of proper encryption   
      
   Date:   
   Tue, 02 Dec 2025 10:20:00 +0000   
      
   Description:   
   A lack of E2EE and sufficient transparency has Switzerland worried about   
   American hyperscalers.   
      
   FULL STORY   
   ======================================================================   
    - American hyperscalers adhere to the US Cloud Act, which goes against Swiss   
   beliefs   
    - Privatim is advocating for true E2EE and more transparency across the chain   
    - American hyperscalers are acceptable if customers can encrypt their own data   
      
   Swiss data protection officers have warned public bodies not to use cloud   
   services from industry hyperscalers Microsoft, Amazon, and Google, due to a   
   lack of true end-to-end encryption.    
      
   This comes as many SaaS vendors, especially those falling under the US Cloud   
   Act, could be required to hand over data to US authorities, even if its    
   stored in Switzerland.    
      
   Cloud providers were also criticized for not offering sufficient transparency   
   to verify security, with long chains of external service providers further   
   complicating data security.   
      
   Switzerland warns against using Microsoft 365, AWS, and Google Cloud   
      
   Privatim, the Conference of Swiss Data Protection Officers, also warned that   
   using SaaS means a significant loss of control for public bodies, meaning    
   they cannot influence risks to citizens fundamental rights.    
      
   Ultimately, Privatim says that international SaaS providers should not be    
   used for highly sensitive or confidential data unless the government can   
   encrypt the data itself, and the provider cannot access the keys.    
      
   Switzerland is already known for its strict data privacy laws, and a Swiss   
   Data Protection Act revision in September 2023 adds further requirements for   
   cross-border data disclosures and more.    
      
   The US Cloud Act goes against Swiss standards for privacy and sovereignty,   
   particularly because even data thats hosted in a Swiss region is not immune   
   from the US Cloud Act.    
      
   Unrelated to this latest warning, Switzerland already has its own, home-grown   
   alternative to Big Tech. Proton has quickly gained itself a name for strong   
   security  the company cannot access user data, even if it were required to by   
   law.    
      
   Besides using Swiss and EU infrastructure and adhering to Swiss law, Proton   
   also offers client-side encryption (CSE) and open sources the parts that dont   
   need to be protected.    
      
   Being that three American hyperscalers account for around two-thirds of the   
   cloud market, not only does this make finding a suitable and compliant   
   alternative slightly more challenging, but it represents significant growth   
   opportunities for those companies if European data privacy trends continue.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/swiss-government-urges-people-to-ditch-   
   microsoft-365-and-others-due-to-lack-of-proper-encryption   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426