Big Tech Clouds Are Not Made Safer by Piles of Paperwork - Bert Hubert's Writings

Dutch IT expert Bert Hubert has published a critical analysis of how European governments, particularly the Netherlands, are attempting to address the risks of storing sensitive data on American cloud services through bureaucratic compliance measures rather than addressing the fundamental legal and sovereignty issues.

The Core Problem: American Legal Control

Hubert identifies two fundamental problems with relying on American servers for critical infrastructure:

First, everything works only as long as American authorities approve. A single executive order from the White House can suddenly cut off access to your cloud infrastructure. Second, at least three legal instruments give the US government access to our data and communications, even when Microsoft servers are physically located in Europe.

This isn't controversial analysis. The Dutch Attorney General recently confirmed these concerns in Parliament. Yet despite this acknowledgment, governments continue negotiating with reality rather than changing course.

The Paperwork Solution

Instead of addressing the fundamental risks, Hubert observes that organizations are creating extensive documentation to justify continuing business as usual:

• Data Privacy Impact Assessments
• Data Transfer Impact Impact Assessments
• "Comply or explain" documents
• Risk registers where risks are documented and then "accepted"

These documents are produced by an entire industry of consultants who help organizations create such complexity that executives can confidently claim everything is fine while moving systems like DigiD to American providers.

The Illusion of Safety

Hubert draws on software engineering wisdom to critique this approach. He quotes Tony Hoare, the recently deceased software developer: "There are two ways to design software. One is to make it so simple that there are obviously no problems. The other is to make it so complicated that there are no obvious problems."

This complexity is sold as nuance but actually obscures the real dangers. No amount of paperwork can overcome the reality that American services remain vulnerable to sanctions, and no mountain of documents can solve the privacy problems.

The only realistic statement organizations can make is that they believe things will work out and trust that US authorities will act reasonably. Hubert suggests organizations should be honest about this: "We really believe it will be fine."

The Economic Incentive

There's a significant economic incentive to maintain this system. Consultants, advisors, and "governance" professionals have lucrative careers helping organizations continue sending data and money to America without having to develop genuine IT expertise or take control of their own computing infrastructure.

These professionals present themselves as bringing nuance while actually helping create an increasingly dependent and dangerous society.

The Alternative

Hubert argues that the real solution requires swimming against the current - building trust in European technology that works differently, developing actual IT departments rather than big-tech departments, and taking genuine control over computing infrastructure.

He concludes with a warning: "Don't fall for it. And work on something better."

Context and Reception

This analysis comes amid ongoing controversy in the Netherlands about government services like DigiD moving to American cloud providers. The piece has generated significant discussion about the balance between convenience, cost, and sovereignty in digital infrastructure.

While Hubert acknowledges this might not be a "fun piece," he recommends a philosophical perspective through a video titled "You probably think this song is about you," suggesting the broader implications of these technical decisions for society and individual autonomy.

The article reflects growing European concerns about digital sovereignty and the limitations of regulatory compliance in addressing fundamental geopolitical risks in cloud computing infrastructure.