Menu

Filter by
content
PONT Data&Privacy

0

The unexpected vulnerability of the cloud

The recent Microsoft issue surrounding Israel painfully exposes how dependent states have become on commercial infrastructure. Digital autonomy appears not to be a technical ambition, but a political necessity.

October 8, 2025

Last month, Seattle-based Microsoft pulled the plug on an Azure account belonging to Israeli intelligence agency Unit 8200 - the military equivalent of the NSA. Internal employee protests forced the management to make the decision: Israel was using phone traffic in Gaza via Azure to analyze targets. That data was in the Microsoft data center in Wieringermeer.

This definitely punctures one assumption: that a foreign cloud provider can ever be a reliable basis for national sovereignty. From now on, governments must see promises from vendors for what they are - marketing, not power. The kill switch is not hypothetical, but inevitable.

A decision in Redmond with global implications

As Dion Wiggins describes, Microsoft ultimately had no choice. Management put 11,500 terabytes of Israeli military intelligence offline. The servers in the Netherlands were entirely under U.S. management. Israel still tried to switch to AWS in a few days, but there again: the switch is owned by the vendor, not the customer.

Earlier, MP Christine Teunissen (PvdD) asked questions of Minister Veldkamp about the presence of this military data on Dutch soil. His answer - "we are going to investigate this further" - marks the first time that a European government interfered with an ally's intelligence operations that ran entirely through a foreign commercial platform.

The first sheep over the dam

Microsoft President Brad Smith put it succinctly, "Microsoft is not a government or a country. We are a company."

That sounds logical, but the implication is troubling. For the first time in history, a major American technology company suspended its services to Israel during a military conflict - not through sanctions or politics, but through internal policy. This showed that an acceptable use policy can outweigh a defense treaty.

Microsoft's investigation found that the Israeli Defense Ministry was using Azure storage and AI services in the Netherlands. At the same time, the company stated that it drew this conclusion "without having access to customer content." Only a reassurance on paper - because in practice, those who manage infrastructure always possess the power to shut it down.

Where does the power really lie?

The incident exposes an uncomfortable truth. All European initiatives around digital sovereignty, from the AVG to national cloud strategies, are built on the fiction that laws are above technology. In reality, the power lies with who manages the servers and storage - not who writes laws. Cloud providers operate outside national jurisdiction and can change the balance of power between states with a single decision, with no legal consequences.

Sovereignty is no longer an inalienable right, but a revocable privilege dependent on another country's corporate policies.

The lesson is hard, but clear

National security rests on infrastructure beyond national control. The technical kill switch is nothing more than the revocation of login credentials - a simple act with geopolitical consequences. No insurance covers this risk. No compliance program prevents it. This is not a cyber threat, but a structural dependency that governments themselves have accepted.

The conclusion is inescapable: power over our data, our services and even our defense no longer lies with states, but with the boardrooms of a handful of corporations. And their decisions are not democratic, but commercial.

From centralization to resilience

As Dion Wiggins sharply concluded, "Microsoft did not just lose credibility; it detonated the very assumption that foreign cloud can be trusted to underpin sovereign power. From this point forward, every government must treat vendor promises as worthless - and the kill switch as inevitable."

All centralized clouds share this same Achilles' heel: one decision point, one vulnerability. This is precisely why open-source and decentralized Web3 developments are so crucial. They make it possible to leverage the computing power of the global network while keeping essential data and processes secure within one's own jurisdiction.

Decentralization is thus not just a technological choice, but a strategic one: it restores the balance between power and dependence. Those who wish to maintain control over national data and critical infrastructure will have to anchor it in open, verifiable and sovereign technology.

In my earlier blogs on digital autonomy, Web3 sovereignty and the role of trustless infrastructures, I have frequently pointed out this tipping point. We see every day how vulnerable digital society has become: ransomware attacks that shut down hospitals and automakers, cyber attacks on energy and transportation systems, and now Seattle board decisions that can shut down entire intelligence operations.

This continuous stream of incidents is not a random series of failures, but a structural failure of centralization as an architectural principle. Today's cloud models are built for efficiency and scale, not for sovereignty and continuity. And this is exactly what we are now seeing in a world where digital dependency has become a strategic risk.

Dion Wiggins is working on his triptych The Digital Sovereignty Imperative, in which he asks the key question that affects us all: how do nations maintain their autonomy in a digital world governed by private infrastructure?

I agreed to review his work at his request to me - not only because it will be an important book, but because this debate needs to be had now, today.

The next time a minister talks about "digital autonomy," the first question should be: Who has the key to the plug - and in which country is the socket?

Share article

Comments

Leave a comment

You must be logged in to post a comment.