That is because the corporation is subject to American law. That means it can be forced at any time to help US authorities access data of foreign authorities or citizens. For that purpose there is the so-called “National Security Letter” in US law, empowering secret courts to issue instructions of this nature, including the obligation to maintain confidentiality under penalty of law. The revelations of former agent Edward Snowden have shown that America’s secret services make extensive use of these powers. The documents published by him show that Microsoft co-operates closely with the secret service NSA.
A NSA document of March 8, 2013 describes in detail that Microsoft even gave the US authorities access to the company’s “cloud” service, i.e. to those data storage facilities where an increasing number of firms and also state authorities outsource their IT to save the costs of having their own IT department. The Snowden documents also proved that the NSA used a cyberweapon called “Regin” in co-operation with its British partners to spy on the EU Commission and the European Parliament – via a security gap in the Windows programme.
Wikileaks has published secret documents which prove that this was no isolated case. They show that the CIA even developed a veritable tool kit of malware exclusively targeting Windows programmes. And so did the NSA, which contained even four different, so far unknown, security gaps for the Windows system (“zero day exploits”), the hacker group “Shadow Brokers” revealed recently.
De facto the use of Microsoft products in state authorities is “no longer compatible with a state under the rule of law,” said the lawyer and Green European Parliament member Jan Philipp Albrecht. He is by many considered to be the father of EU data protection law. Albrecht went on to say there was a plethora of personal data about citizens stored on state computers, including tax payments, state of health, police files and social data. “But the authorities cannot guarantee that these data remain private as long as they are working with software not under their control,” warned Mr. Albrecht. That will have to change, “otherwise we will downgrade Europe to a digital colony.”
Mr. Albrecht is not alone in expressing such views. In 2014, after the Snowden revelations, a big majority in the European Parliament called for EU states to jointly “develop key autonomous IT capacities as a strategic measure” and that these would “have to be based on open standards and open source software,” so they “could be tested.”
A year later, the newly elected parliament again called for a “European strategy for independence in the IT sector”. It also indicated how this could be achieved: It was important to establish “a publicly accessible source code as a mandatory selection criterion in all public sector IT procurement procedures,” as called for by security researcher Michael Waidner.
If this happened, Mr. Albrecht thinks it would have an effect on information technology “like an Airbus project.” Just like Europe once made itself independent of Boeing, it could also get over its dependence on Microsoft and at a much lower cost, he thinks: If open source became mandatory for standard software, “Europe’s players would immediately be competitive,” Albrecht says. After all, he added, the required alternatives have long been developed.