Hacker News new | past | comments | ask | show | jobs | submit login
France bans Office 365 and Google Docs from schools and public administration (siecledigital.fr)
403 points by andrepd on Nov 20, 2022 | hide | past | favorite | 184 comments

Just to clarify, they are only banning the usage of the free offerings of Office and Workspace which do not provide the data governance / compliance features. The higher tiers of Workspace/Office provide this functionality.

That's a pretty critical distinction.

It's an important point, but doesn't remove weight from the decision.

First, Google Docs is out of window either way. Then a specific budget needs to be approved to use Office, which will reduce its use to only people actually needing it (just reading docs produced elsewhere won't be enough)

Don't worry about the budget, education is the second most funded government feature in France after healthcare/social security, and before Defence [1] (in French)

(103 billions EUR for education in 2020 by the central government only, 67 for Defence, and surprisingly little resources about how much social security actually costs, on an extensive scale) (local governments allocate more resources, mostly for the maintenance or buildings and supplies)

Teachers have had free licenses for MS Office since forever, even for personal computers) Computers can be pretty new in most schools. But network and host administration is more than patchy in most schools, due to a lack of qualified and dedicated employees, so they're ok with purchasing SW that works out of the box. (We used to maintain the school computers with a small group of students when we were in HS)

Actually, free software advocates have been complaining by the price of MS products, compared to the subventions to make free software.

And anyway, MS Office is the only software consistently used in ANY branch of government. It's a staple. Some Defence ppl have even been complaining that you might not want to run NSA-approved American SW for everything, especially as it often came on Chinese Lenovo HW. (While top government officials reminded that the USA is friendly, and that you can't go to the extent of making chips out of the sand from Brittany, a region with cold beaches in the west of France)

So the budget and the usage for Office already exist, for everyone

[1] https://www.economie.gouv.fr/facileco/comptes-publics/budget...

I understand the skepticism, but:

> education is the second most funded government feature in France after healthcare/social security

Both of which are under heavy pressure to reduce costs, which also leads to the waves of strikes (I know, France, strikes, name a more iconic duo. But their conditions are actually super shitty). They don't have enough money to cover salary raises among the inflation, that money going to US monopolies doesn't look go under any light you put it.

> Teachers have had free licenses for MS Office since forever

Local licenses might stay, 365 ones are going away (here the free tier is targeted, and Education minister targeted Microsoft in particular to freeze new licenses)

> Actually, free software advocates have been complaining by the price of MS products, compared to the subventions to make free software.

These decisions are actually not bound to bring fully free software in the mix. Proprietary solutions seem to be eyed at (those could be based on free software of course, but money will be exchanged at the end of the day)

My general take is that up until now "nobody is fired for choosing MS" was the basic principle, but that doesn't mean it stays that way forever. Switch to linux was a step in that direction already, and they committed to it up to a point. Stopping Office 365 propagation goes in that same direction.

See, this kind of misunderstanding (that doesn't happen in French, BTW) is why calling it «free software» instead of «libre software» is IMHO a bad idea...


> It's an important point, but doesn't remove weight from the decision.

Which FOSS alternatives provide similar functionality to Offices 365/Docs, and don't cost somewhere around ~$10/seat in IT time to set up and administer?

A git repository and an installation of LibreOffice don't meet that bar. Collaborative editing, good-enough default access control and security, and document sharing that doesn't consist of emailing "March Report_Version_6 (Copy 2)--actually final--.doc" around.

You don't need that until uni, do you?

1. Students aren't the only people who use productivity software in schools.

2. You don't need computers at all until uni, and yet...

And generally speaking, the alternative to this stuff in schools isn't FOSS, it's proprietary shit that costs $XY(Z)/seat and steals student data for use in its anti-plagiarism feature.

The court's ruling is fine and reasonable, but the conclusions people are drawing from it are not.

In France, some middle/high school classes actually teach you how to use a word processor. Some of them also include group presentations with slides

So computers are pretty much a necessity yes.

> but doesn't remove weight from the decision.

Why? They can still use it, but under the non-free version which is under the necessary compliance.

Which costs cash that has to come from a budget

Which they have to pay for anyways since they are schools and public admins.

But this isn't a budgetary issue, it's a compliance issue which is why they are paying for it. What's your point?

The point is that the free version is currently wide spread, and forcing payment means lots of districts will have to justify additional costs in their budget. With Europeans increasingly disgruntled at US companies at least some of these districts will find or make due with alternatives. This has macrolevel effects.

... if only Microsoft was a private company that can adapt itself (and even put sales teams on this) in less time than a government minister needs to request permission to enter their office.

I've heard of Microsoft education deals that involved paying 500 to 5000. With your choice of a macbook for every 500, or a lenovo laptop for every 200 paid.

This is shifting the goal posts away from anything I was arguing. Do better

Who uses the free version of Office 365?

apparently most french schools

> Then a specific budget needs to be approved to use Office, which will reduce its use to only people actually needing it

You have great faith in bureaucracy. The reality is anybody who was using a free version before will probably be given a paid version afterwards, and if not then the cost of administration and the creation of new fiefdoms around this process would be a net burden on efficiency anyway.

I feel like this should be added to the submission title.

(Please correct the following if necessary.)

In 2019, MSFT claimed re: Teams that it was keeping all data in country.


In 2021, Office365 was banned from all ministries.


Additional note: there are directives to also stop paid Office 365 [0], especially from the education branch with clear orders coming from the top to stop any new deployment[1]

To the unavoidable question of “what to use then?”, I think the answers are “tough luck” and “the gov has a new service for that”. It’s set a case where GDPR has priority over costs and efficiency.

[0] https://siecledigital.fr/2021/09/24/etat-francais-micorost-3... [1] https://questions.assemblee-nationale.fr/q16/16-971QE.htm

> S'agissant de l'emploi de la solution Microsoft Office 365, le ministère de l'éducation nationale et de la jeunesse a informé en octobre 2021 les recteurs de région académique et d'académie de la doctrine « cloud au centre » (circulaire du Premier ministre précitée), de la position de la Dinum (note du 15 septembre 2021 précitée) et de l'avis de la CNIL sur ce sujet. Le ministère a ainsi demandé d'arrêter tout déploiement ou extension de cette solution ainsi que celle de Google, qui seraient contraires au RGPD.

I think that this move isn't so much about privacy. I think that French government is beginning to realize that these types of products and services constitute critical IT infrastructure for the country. As such, these products can not be offered by a foreign country, no matter how friendly. I suspect the government offices will be next. I am not actually sure, what alternatives are out there for MS Office and Google Docs?

You can still just buy Office and not use the 365 offering [1]. The ban on Office 365 doesn't look like it's relevant to Office 2021.

Aside, both LibreOffice and Apple's office suite are perfectly serviceable for K12 education and most public administration.

[1] https://support.microsoft.com/en-us/office/what-s-the-differ...

> You can still just buy Office and not use the 365 offering

Until MS stops offering that and you're SOL, subscription model only going forward.

That’s been “any day now” for years, but they keep releasing standalone versions. They just keep some (usually server-powered anyway) features exclusive to 365.

The fact that they've recently rebranded Office to actually be Microsoft 365 but didn't bother doing so for the standalone Office 2021 product tells me it's probably on the way out. I doubt we'll see a Microsoft 365 2023 but maybe MS really just is that bad with brand names.


They've also been offering deep discounts on Office 2021 for months now via the stackcommerce network which might indicate that 2021 is the last standalone release.

You mean those sketchy Office 2021 Professional Plus deep discounts, right? That's an (expensive) edition available in MSDN-like subscriptions, I'm almost sure they're either "cheap region" keys or MSDN-generated ones. Some of the worst offenders even tell you you'll get a username and password in an email (rather than product key), confirming it's just a user in their 365 tenant. (Of course I'll hand my documents off to CheapOfficeDotCom)

I bought one license.

It showed up in my Microsoft account alongside previous purchases which were at full price.

I haven't had an MSDN account for several years, so I can't compare with that.

Optimistically, maybe they’ll separate the brands now? But yeah, I guess we’ll see in 2023 if “Office 2024” comes out or not.

(Also, love that iOS parsed that “365 2023” as a phone number)

Yeah, but then we can just fork it and, uh. Oops.

If a country like France prefers it, it will be built for them.

Microsoft made by offline office program too slow to use when I updated to 11. It was a shakedown and I am not a happy customer.

I can't read the article (but gazing at the words, I almost feel like I can...) but I'd guess that all of their software needs are covered by other software systems licensed by the govt. And that this ban is more to make people stop using free cloud services instead of them.

> what alternatives are out there for MS Office and Google Docs?

Probably Collabora.

“Collabora Online. Your Private Office Suite In The Cloud”



From what I understand, Collabora is LibreOffice in your browser, with cloud functionality

> From what I understand, Collabora is LibreOffice in your browser



Does this include hosted email? https://www.collaboraoffice.com/collabora-online-3/ shows that it has a user directory, but I can't find any direct mention of a web email interface.

https://www.open-xchange.com/ does email, office, and solves many enterprise management problems already. It can be cloud hosted or deployed online and is mostly open source (https://gitlab.open-xchange.com/frontend, pretty sure they've got everything but the "pro" stuff licensed under GPL). It's based on OpenStack, though, so hobby deployments may pose a challenge.

It's the most complete European office product I've seen so far.


It's an underdog but pretty good. If you want to use something in the cloud which respects privacy more. Does not even need an email for registering and there is a premium plan too.

But I think the more practical solution is LibreOffice/OpenOffice. I think it's encouraged (or even enforced?) to use that office suites for public service/government institutions in France.

Cryptpad failed my early example of spreadsheet functionality: I typed in a series of numbers in column B, and typed at the top of the column "=B3:B".

There's a website that exist to answer this specific question:


Of these alternatives, I'm using Onlyoffice for some years now, specifically their Personal tier, which is free of charge. I think it works well, and it's also clear that they are constantly working on it.

LibreOffice for a desktop version of office productivity applications... would be more than enough for most users. Not sure what the options are for web-based office applications though.

10 years ago the police stations (the "gendarmerie" to be precise) in France moved away from windows / word to Linux / openoffice. source: my did who is now a retired officer. I remember him asking me some cool tips on Linux so he could show off his colleagues who were lost by the transition.

The Gendarmerie also contributes to OSS quite significantly.

Lemonldap (SSO solution) for example.

> As such, these products can not be offered by a foreign country, no matter how friendly.

I think this is a rather naive perspective. I’ve worked in national security jobs, and the idea that services from foreign companies should not be allowed is a completely infeasible dream.

Just like with Twitter, we need to replace these monolithic services with international standards that any country or business can implement

Libre Office. Not so sure that it integrates very well with cloud services, though I’ve not tried. It’s a bit of a step back from collaboration on a Google Doc. However, for basic functionality, I’m quite fine with word processing on Libre Office.

Microsoft Office isn't banned, just Workspace / M365 / Azure Active Directory as users' IDP.

Anecdotally, I think you may be right. Granted, historically there are reasons to think the French want to protect language and so on, but privacy protections are not something immediately associated with France ( whether it is true or not is another story altogether ). Personally, I have the same problem with O365 as I do with with social media. That is: it is your stuff on somebody else's PC. It is almost a given that there will be a conflict over 'who's stuff is it anyway'.

A self hostable version is OnlyOffice and then I guess you could also just have a plain old on-prem licensed non-cloud Sharepoint farm.

Well, there's Zoho's office suite:


Some years back I used open office on a personal PC.


Word was fine. Excel, you felt it was more clunky and lost productivity. Never used the other formats.

Was good enough if you didn't want to pay and were using these infrequently.

OpenOffice has largely been replaced by LibreOffice. It's a perfectly fine office suite, but the draw of Office 365 and Google Docs aren't the document editors themselves, it's that you get E-Mail, chat, file storage and PIM in the cloud with it.

The alternative isn't just LibreOffice, it's LibreOffice + Postfix + ejabberd + Samba + Apache + Radicale, which you all have to put on a server somewhere and set up individually.

For a 11 year-old?

I mean, even at uni i worked locally.

I have been using LibreOffice for many years. Its doc editor Writer is better than newer versions of MS Word (better style management, better footer/header system, better font options), and its spreadsheet program Calc is pretty good for general purposes, although it lacks some of the advanced Excel features.

Nextcloud is pretty much a drop-in replacement for Google Apps and Office365 these days for most use cases.

Maybe it has improved in the last 3 years, but that certainly was not the case when I tried it for my company. Fist, it was self-hosted, which adds monitoring, security, and tech support. Second, its concurrent document editing was absolute shite.

It has dramatically improved in the past 3 years to the point that I finally switched to it for my family and company.

I balked at it for several years but honestly today it is good enough for music streaming, file sharing, collaborative document editing, photo management, contact management, calendar sharing, issue management, appointment management, etc.

Also passwordless fido2 login.

Any good articles covering this setup? I was looking for a one stop solution for streaming and file management but it always seemed like many systems had to be combined or I had to pay other companies.

Just install nextcloud per the official docs, then install the addons you want from the admin interface. All are open source and free. That is literally it.

How's the upgrade story these days? Some years ago there were a lot of scary stories about upgrades going horribly wrong due to DB changes or otherwise being non-trivial.

Better, but just last week a test upgrade failed even using their own docker image and docker compose file.

Why? Because you can’t upgrade between major versions. If you do, part of the software is upgraded and the rest is not. Now you can’t go back either, because the persistent config directory has been modified in the process. There are countless posts in forums about failed upgrades (including this).

I have tried bare metal and docker, and the upgrades have failed once in a while. I am not sure if the snap version is any better.

Thanks, that's just the kind of stuff that keeps me away. Life is too short for such shenanigans.

Life is too short to put my data in the hands of third parties who will use it to target and manipulate me.

Democracies require more decisions from citizens than dictatorships but freedom is worth a bit of thinking once in a while.

Done several major version upgrades without issues. As long as you do one upgrade at a time and are not doing anything nonstandard it is smooth in my experience.

It's more than enough to build on. If a government simply decided that it was important to have ownership of their code and interoperability & future-proofing of their data & documents, then relatively over night any rough edges and weaknesses could be cleaned up.

It's like saying a house is unusable shite because the sink has dirty dishes in it.

But this is a government. Their operations, and the impairment thereof, affects millions of people. Further, they should be in the business of governing, not cobbling together solutions based on stackoverflow posts.

Collaborative, concurrent document editing is a must-have feature, especially now with so much remote work.

So it’s not just dirty dishes. A more apt metaphor would be a house where 10% of the time when two people enter a room together, they both lose their phones in the room, can never find them, and have to get new phones. I mean, I guess you could decide that outcome is better than a house in which 0.0001% of the time, the US government looks at the contents of the phone, but I don’t see why you would.

They can be exactly as in the business of governing while paying one set of programmers as while paying another.

Try again.

bonus try agains:

And they have an obligation not to waste taxes on rent.

And they have an obligation to transparency even if currently all fail to meet.

NextCloud has integrated OnlyOffice for document creation and editing.

Does it scale to tens/hundreds of thousands?

(Asking, I actually don't know)

If it doesn't now, it can be made to in a figurative 11 minutes once a state level entity simply decides it matters.

All that's ever been missing is for a few politicians to have the vision or fortitude to ignore MS/Apple/Google sales pitches and then stick with it through the inevitable difficult transition period and complaints and address them by addressing them rather than by just going back to the familiar comfortable bad deal.

This is completely true.

That's a pretty stupid case of autarky. First, where do you stop? Second, when your actions are indistinguishable from China or Russia, you probably have to think a bit more about it.

> I think that this move isn't so much about privacy. I think that French government is beginning to realize that these types of products and services constitute critical IT infrastructure for the country.

It can be both; as surveillance capitalism becomes even more and more pervasively intrusive we can see the risks against both individuals and institutions. There's also plenty of history of major governments (including the US and French) using their intelligence services to help in commercial endeavours.

But the war in Ukraine has also demonstrated how quickly the US can cripple an economy.

I think it would and should be possible to use products run by a foreign country if that country respects the rule of law and has decent oversight in place (both on paper and in practice). But the US with its National Security Letters and secret FISA courts is not that kind of country.

Can you explain how "National Security Letters and secret FISA courts" violate US laws? If they don't violate US laws can you explain how they're examples of how the US doesn't' respect the rule of law? If you mean that the US doesn't respect the laws of other separate sovereign nations, isn't that how the system works?

> If they don't violate US laws can you explain how they're examples of how the US doesn't' respect the rule of law?

They are special exceptions to the normal process of law that favour particular actors. Rule of law means that the processes of law must be consistent and public, and fair to all sides; people need to be able to tell their stories publicly in order to be able to find relevant witnesses, for example.

Nice to see someone taking privacy a little more seriously.

The cloud has it's place but I've never been happy with the underhanded way that Office 365 "encourages" users to save to the cloud. When someone pays for one service, and is continuously pushed to use another (with additional downstream costs), I wonder isn't it time to pursue antitrust?

France isn't taking privacy seriously. They're the most advanced nation on the planet in terms of industrial espionage.

What they're concerned about is not having their businesses operate at the whims of and be open to disruption by Americans.

I work at a company that has a French government service as a customer. They are super sensitive to their data transiting across US servers but have zero concerns about transit through the rest of Europe...including Europe's "fourteen eyes" nations.

> They're the most advanced nation on the planet in terms of industrial espionage.

Citation needed.

(Especially given that the other two contenders are the US and China)




This is pretty widely known. Especially in the Defense industry and their world class industrial espionage skill goes all the way back to the eighteenth century.

It's not "citation needed", you're just ignorant of history.

Deleted my message to your og message because you posted this here, but you're basically basing your whole argument on one person in a cable leak.

It's not much of a base.

Lol for you to truly believe this. German officials were still complaining about French spying in the wikileaks cables.

France has partically cornered the market on datacenter infrastructure (everything from the racks down...somewhere between 1/3 and 1/2 is made by French companies).

If you think 300+ years of strategy/tradecraft suddenly ceased functioning 40 years ago (and because why?) you'd be sorely mistaken.

It's more likely the case that manned airframe deveopment has been fairly stagnant around the world since the 80s for political/budget reasions (which is true), so you haven't been able to see their blatant wins. France has seemed to keep up with the rest of world in UAV development (Parrot) despite much less investment....

Are you suggesting that Parrot has been benefiting from industrial espionage? That's absolutely ridiculous.

First, everyone is way behind DJI, that's just a fact. You can buy a DJI drone, open it, inspect it, and still not be able to do a perfect alternative at the same price.

Second, some UAV autopilots were written by a couple engineers more than a decade ago, and today there are pretty advanced open source autopilots, with open source protocols and open source apps to control them.

I don't know about your other claims, but given the UAV one, I must now doubt them.

That's not a sound argument, neither a sourced one.

Let's take your example, Parrot, it's not because a company can do as good with less than it means it is stolen technology.

Has the world over stolen the screw tech in the US technology tree because I can buy it at the hardware store for a cent when one is billed $40 to the US army?

That's a wild line of reasoning.

[1] https://www.latimes.com/archives/la-xpm-1986-07-30-vw-18804-...

I love how people take a throwaway line that's practically an afterthought and discard the bits about their 300+ years of experience doing exactly this.

Those bits are well documented and you can go read about them with a cursory google search.

But no, my reasoning is WiLd AnD cRaZy.

I would say that given France's history, you would have to show me that Parrot _hasn't_ benefited from some level of industrial espionage.

Asking someone to prove a negative is a terrible way to argue.

The French government as we know it did not exist 300 years ago, neither did the modern industrial age.

The other funny thing is that France being a leading industrial espionage power was also part of the Snowden leaks, which means the NSA believes that this is true, as recently as a decade ago.

I don't think you could find a better citation.

There's a pretty big gap between "a leading industrial espionage power" and "the most advanced nation on the planet in terms of industrial espionage."

Especially since, again, the Snowden leaks exposed that the NSA was a pretty strong contender for the title.

Easy enough to widen the base.

It was almost an open secret that French Intelligence bugged and monitored first class (and elsewhere) of the TransAtlantic Concorde flights between Europe and the US (and elsewhere).

This was, for many years, the prestige fastest travel between the major powers and a honeypot of loose lips by diplomats, politicians, and even senor military staff from many nations.

[1] https://www.theregister.com/2015/06/09/french_spied_concorde...

There is a lot of "could", "might", "reportedly", and "plausible" in this article. I.e. suppositions and assumptions. Nothing backed up.

Now, it's a standard practice in security to not discuss security issues and confidential info in a public space like a plane. I'd not be surprised the French goverment would bug the Concorde, but it does not imply at all the supposed extent, ruthlessness and far-reach that the OG poster implies.

> but it does not imply at all the supposed extent, ruthlessness and far-reach thar the OG poster implies.

Well perhaps a better understanding of Cold War politics might peel back the cover on how ruthless the French can be.

It's a fact that the bulk of the Cold War weapons grade ore was sourced from parts of Africa that were former | current French | Belgian colonies and satelite states, it's well recorded the ongoing destabilisation of local democratic Governments that kept effective control of mineral operations in the hands of principally French companies acting as US proxies in an extensive (at the time) unreported war of resource domination and control.

What the French did in New Zealand, planting bombs and killing civilian anti nuclear demonstrators [1] pales in comparison to their actions in Africa and elsewhere.

> The sinking of Rainbow Warrior, codenamed Opération Satanique, was a state-sponsored terrorist bombing by the "action" branch of the French foreign intelligence services, the Direction générale de la sécurité extérieure (DGSE), carried out on 10 July 1985.

[1] https://en.wikipedia.org/wiki/Sinking_of_the_Rainbow_Warrior

The argument is about industrial espionnage and French ruthlessness in doing it.

There are clear evidence that French neocolonialism has had terrible impacts on Sub-Saharan Africa for instance and beyond (The Ivory Coast crisis is a more recent example than the ones you chose). However, they barely indicate anything about an ability to conduct industrial espionnage in, say, the USA. At best, it is adjacent.

Bombing the Rainbow Warrior says nothing about the French government's industrial spying capacity as well. It shows how shody the DGSE was in fact.

It clearly demonstrates a ruthlessness in the French Intelligence services through the delibrate bombing of a foreign flagged ship in New ZEaland Government Territory and, by extension, the ruthlessness of the French Government via their arm, those same services.

> It clearly demonstrates a ruthlessness in the French Intelligence services through the delibrate bombing of a foreign flagged ship

They bombed the ship in a harbor, in a way that was intended to let everyone evacuate the ship. The photographer died because he came back to the hull to get his belongings when the second bomb exploded. (Which isn't to say it was an accident. The agents did plant those bombs, and the bombs did kill someone in a way they could have anticipated, even if it wasn't their goal.)

It's a radical action to take for an intelligence service, and it's a deadly crime committed on the sovereign territory of an allied country, but I don't think it's fair to assess that it demonstrates "ruthlessness of the French Government". It's certainly pretty mild by the standards of international espionage.

And it seems like very weak evidence if used to argue that France has uniquely aggressive secret services. I don't want to do whataboutism to excuse the DGSE's actions, but if the argument is that the DGSE is less bound by ethics than, say, the CIA, then I do have to point out that the CIA has done a lot worse than bombing a boat, a lot more recently.

Spy agencies and police bug all sorts of stuff. The hallways of Federal courts are widely believed to be bugged. I’m sure lots of different entities spy on airport lounges, etc.

It's a dramatically better base than 99% of opinions on this.

Where do they rank in terms of being an industrial power? If they’re spying and that’s the best outcome they can muster…I don’t blame people for assuming they’re not peak-spying.

France can be criticised in many respects but they do produce a lot of good tech. Just not so much in the frontend digital consumer sphere.

I wish my country was as good at spying and could steal the TGV designs ;)

Very high? France is the third largest military industrial exporter in the world after the US and Russia. The Ariane is Europe's heavy lift rocket.

They're the 8th largest manufacturing country in the world. Is that industrial superpower territory? I don't think so. Italy out-manufacturers them by about 10%.

I'd say so. as I alluded to in my comment, in aerospace and defense they're very much among the top three. A country that competes if not leads India and China despite having twenty times smaller a population I think deserves that label. And rather than use Italy to drag France down in a comparison I'd say it's a good opportunity for people to recognize that Italy itself is quite underrated. The country has a remarkably resiliant private sector in particular.

> They're the 8th largest manufacturing country in the world. Is that industrial superpower territory?

When you're the 20th most populated country, yes, arguably.

They're the world's leading nation (or possibly #2) at manufacturing datacenter infrastructure (by sales volume).

Ever heard of Dassault? Solidworks? Airbus?

I have. (Note that the first two you listed are not two different things, or to the extent they are, the second one is US, continuing to be based just down the road in MA, USA).

I did not know Solidworks is based out of MA. I wonder how their dev teams are split

I have not heard of the U.S. as a contender for industrial espionage. Traditional espionage sure, but not for competitive advantage. Do know of any sources for info about that?

It was a big part of the Snowden leaks, eg:


> The U.S. National Security Agency is involved in industrial espionage and will grab any intelligence it can get its hands on regardless of its value to national security, former NSA contractor Edward Snowden told a German TV network.

> In text released ahead of a lengthy interview to be broadcast on Sunday, ARD TV quoted Snowden saying the NSA does not limit its espionage to issues of national security and he cited German engineering firm, Siemens as one target.

> "If there's information at Siemens that's beneficial to U.S. national interests - even if it doesn't have anything to do with national security - then they'll take that information nevertheless," Snowden said, according to ARD, which recorded the interview in Russia where he has claimed asylum.

Which, like... of course.

Politics follow incentives. If you build an espionage apparatus that lets you spy on conversations worldwide, and you have laws that lets you read private data without a warrant and send a gag order to the company that owns the server, and you have laws specifically for doing the above to data stored in europe by american companies, and your only mechanisms for accountability are to the White House, not the public or foreign countries, and you can get your boss re-eletected by helping american companies create jobs at the expense of foreign companies... Why would you ever abstain from industrial espionage?

Well, they abstain because it is wrong, immoral, and illegal. As this article [1] notes, even leaked material from the DNI which contemplates industrial espionage does not contain any evidence of it.

The US IC being a horrible monster may well fit your world view. But we must not allow ourselves to confuse what we think should be easy to prove with what we actually can prove. And I don’t even mean “prove” in some strict, legal sense. I just mean prove in the sense of providing evidence with the same ease that you provide speculation. If you could point to cases of US industrial espionage in Snowden’s leaks, that would be a good start.

1 - https://theintercept.com/2014/09/05/us-governments-plans-use...

You must be joking right

The US controls the global economy, every transactions made in $ are sniffed and tracked, they know about your trade secrets

And if you dare escape from their watchdog, they'll let you know illico presto [1]

(this is also why i believe that cryptocurrencies fad is a FED project, and Satoshi is one of their codename)

One of my biggest regret is not saving the article i read on that matter that went into the details on why, including how they leverage their army of lawyers to make sure you comply, or it was a book, it's sad that i forgot.., read a little bit about Alstom, it's very shady

It's also part of the reason why they are scared about BRICs moving away from the dollar and adopting the YUAN and its digital version

[1] - https://www.theguardian.com/business/2003/feb/16/iraq.theeur...


Some documentation on the matter:


Hmm, I still don’t see any industrial espionage - governments spying on other countries’ businesses in order to give secret IP to their own industrial leaders. This is distinct from gathering intel on business to inform national security decisions.

Your comment seems like a general distrust of the US intel collection based on a mist of evidence and conspiracy theory.

you don't see therefore they don't do?

i don't think there is much to argue here, let's move on

> The cloud has it's place but I've never been happy with the underhanded way that Office 365 "encourages" users to save to the cloud.

What does it do?

I use it on my Mac and nearly all my documents are just local, except for a few I've specifically saved to the could so I can easily access them from other devices.

When I make a new document and save it, it defaults to the save it locally dialog. I don't notice any encouragement, let alone underhanded encouragement, to save to the cloud.

It is possible that when I first installed it the default was to give the save online dialog when saving a new document instead of the save local dialog, but it seems to remember which one you last used and give that as the default the next time.

Have I missed some other encouragement to use the cloud?

My experience on Windows is that it selects your Onedrive account automatically. I've had to change the default because it kept trying to upload my documents.

I've also had several scratch documents appear in a cloud drive at some point, probably through autosaves. Disabling cloud integrations tends to generate nag screens or "helpful" warning toolbars to "restore functionality". Going offline in Office on Windows is a path riddled with deceptive design. This is the education version of Office on Windows 11, though I haven't used or updated it in a while; not that I think Microsoft's data collection team has suddenly had a change of heart.

Non-enterprise versions of the product don't seem to be available without signing in to a Microsoft account at all. You can log yourself out out after activation, but realistically very few people know about that and even then you've already given Windows a hint of a Microsoft account, which it will use to try to sign you into every chance it gets.

It defaults to onedrive and buries local storage behind a tiny text button. It brings up a giant popup saying 'you need to upload to edit' if you open a form in read only mode and various other ways.

All of the above/below, and many config changes (eg. prefer local storage) seem to be reverted to MS preferred defaults by system upgrades :(

its the default option and you have to click more to save to disk

I can see government offices, but why schools? The ease of access and productivity hit wouldn't outweigh the benefits imho.

Because storing files in the cloud is the most sensible option for most people.

As the ministry explains in its response, in the Dinum circular, it is clearly stated that "the deployment of Office 365 is prohibited in French administrations". The State's interministerial digital director has decided to intervene to protect the "sensitive data" held by several public officials. According to the circular published in 2021, it is written that data should no longer be hosted on Microsoft 365 cloud services, to protect it from a possible security breach or even misuse by US intelligence services.

Long overdue. Should happen in all European countries.

I say. I understand that they are supposedly cutting edge tech, but at the same time, we're hosting intelligence on an another country's soil. Especially now, there are quite a lot of alternatives that we could use, and improve, locally:


What is going to be a replacement?

It's not a fusion reactor we're talking about here. I'm sure the very smart and capable CS types in INRIA could manage it.

https://www.w3.org/Amaya/ (Started in -1996- "in conjunction with W3C")

Can't find where I read this, but in context of [packet switching] and the French variant, it was claimed Valéry Giscard d'Estaing put an end to the French variant, due to US pressure. (I think it was the Louis Pouzin interview in Oral History.)

France should be kicking ass in software & computing. The mystery is why it isn't competing with Google, Facebook, etc.


An Interview with Louis Pouzin, conducted by Andrew L. Russell, Paris, France, 2012

---- source: https://conservancy.umn.edu/bitstream/handle/11299/155666/oh... [pp 17-18] ----

But on the other hand, the French délégation à l’informatique were powerful. Fortunately for them, President Pompidou died. And then we had a new president called Giscard d’Estaing. And Giscard d’Estaing was not in the same mentality; Pompidou was still a follower of De Gaulle’s policy. De Gaulle’s policy was to be independent from the American. And CII in building a network was in a way a continuation of the same policy – become independent. But Giscard absolutely had no technology vision. He was interested in politics, but not in technical things. He had advisors who had no technical training. They were people from Ecole nationale d’administration, and people who make rectangles, and put arrows between rectangles, and they think it’s going to work. <laughter> So they dissolved the délégation à l’informatique. Finished. Disbanded. <laughter> And as a result, our funding was cut.

And they also joined together CII and Honeywell-Bull and made CII-Honeywell-Bull, a new company. And this new company which had not much experience in networking, they said they would take our technology and develop it in their own system. The guy who was at that time heading Bull was an engineer. He had been at IBM before, and he was a guy who understood very well strategy and technology. So I think he was pretty convinced that it was a good deal to get what we had developed. But he had been put in place by the technical group, which was also a partner in CII, and this group was Thomson. Thomson was typically a company that was making electro-mechanical devices, but also working for the army, for the military, for the aerospace and so on.

And here you had CG, which was a huge group – all kinds of electrical things – and téléphonie. CG had apparently put a lot of money into supporting Giscard’s election everywhere. You know, the lobbyists finance the elections. And why did they finance the elections? It’s because they didn’t like the government policy with Thomson, because Thomson had decided to go into téléphonie. And that was extremely displeasing for General Electric, for CG, because they were not the monopoly but the dominant provider in France. There were other ones, but they were the big one. And to them, introducing another competitor in téléphonie was not very attractive.

In addition to that, the délégation à l’informatique had put up an industrial group called Unidata. And Unidata was CII, Siemens, Plessey in the U.K., Olivetti in Italy, and Phillips in the Netherlands.

So this Unidata group had a strategy to develop a product series by sharing engineering, sharing development, and having each one a particular specialty. And they had decided, for example, that Siemens... Siemens also was in computing, but they were not very dominant. And so they had decided that Siemens would close down the computing subsidiary they had in France. And on the other hand, the French would close their computing subsidiary in Germany. So each one would have its own clean territory. And that means that for Compagnie générale d’electricité in France that Siemens was becoming a partner of a big French company and, therefore, it certainly would be detrimental to their market for the téléphonie. The delegate from the informatique told me that. They wanted to scatter Thomson’s enterprises in téléphonie, and financing Giscard was probably a way to push them to that direction. And once Giscard was elected, so they disbanded Unidata.

Siemens was furious about that because it was really treason for them. <laughter>

-- end --


Why should France be kicking ass at SW dev? The only French SW I considered was Didomi. Their product was alright, but their sales cycle was a pain in the ass.

They should be. (Starting with Joseph-Marie Jacquard, the French were there from the beginning.)

My opinion: The have the intellectual, philosophical, technical, industrial, academic, and human resources for it. But apparently they lack political will to make it happen as a matter of national policy (like US and SV-MIC matrix), and of course the past 2 decades there has been something of a brain drain as well.

Where is French brain drain going to in your view?

Don't know about Europe but there are TONS of french coders in Montreal nowadays. They kick ass and they're super cool to hang out with. Just don't challenge them at the baby foot table.

Search pulled up this which contains this list: { US, Germany, Australia, UK, Canada, Switzerland } with emphasis on greater preference for countries with francophone cities (CA, CH), which makes sense.



edit: okay then, Wordpad!

It doesn't seem from this post nor the source text if there is a product they particularly recommend. But I guess from the "cloud at center" issue they would be fine with normal Office (the offline only suite) and LibreOffice/OpenOffice?

There is nothing to prevent an organization from deploying office 365, and simply use the desktop apps only, never storing any data off-site. The only difference between that and installing the non-365 version of the office products is that the software updates are more seemless.

A malicious software update could still exfiltrate all documents in plaintext.

If you do not trust a third party to store your data, then you cannot trust any of their proprietary binaries to access your data either.

So, Microsoft will push an update to extract the data? Did you forget a "/s" tag?

I mean... Windows is also owned by Microsoft, so they should ban all use of Windows. And also ban any binary distribution of software of any kind (yup, all school teachers will build their Linux from source now). Oh wait, a third party is making the firmware in your CPUs, better build those from scratch too... go get your pickaxe - you're going mining. </s>

I am totally serious.

If the French Government has a goal of digital sovereignty and defending against entities like the NSA taking their data, then this is what it takes to meet that threat model.

A state actor could certainly compromise a Microsoft binary signing key with or without the cooperation of Microsoft.

Whoever controls the key that signs the binaries that touch your data, controls your data.

Using reproducible builds of open/audited software and firmware is a great start to make third party exfiltration of data more expensive. Next would be removing known backdoors like Intel ME until a migration can be made to open/audited hardware as well.

The path France is on is an expensive one to be sure, but if they stop at only ceasing use of offshore cloud services they are kidding themselves.

And they only run on a few operating systems.

CNIL is a pretty ridiculous organization of buearcrats. They'd rather pummel even a French company to the ground with fines rather than discuss anything. Their policies aren't particularly best practice either - you could build things better than they recommend but if it doesn't meet their requirement they'll annihilate you with fines.

Can you give us at least one example ?

Look at their password requirements : 1 symbol, 1 uppercase letter, 1 lowercase letter, 1 number - when we know that security folks at this point would say "any easy to remember phrase is better than random characters". And they will fine you to death if you don't enforce all the characters.

There's a few mentions online about companies that have gone out of business or fined like crazy - whether they're warranted or not isn't the question. There's an article on tech crunch about Fidzup that shares a nice extreme case. I don't think 1 nations DPA should be able to unilaterally make decisions for entire platforms or the planet. Moreover, they're absolutely terrible to work with.

I see what you say in old recommendation but a recommendation is just a baseline you can change if you justify it. The new version seems to be in line with what you want : https://www.cnil.fr/sites/default/files/atoms/files/draft_re...

For Fidzup there was no monetary sanction. Investor have just walk away when they learned there was an inquiry.

All sanction are published : https://www.cnil.fr/fr/thematique/cnil/sanctions I don't find anything crazy.

We probably need a new way of handling these dependencies on tech firms. I don't think libre office or any other thing can replace MS Office. There should be another way to deal with it.

Zoho has entered the chat.

Seriously though, what are they supposed to use now?

Microsoft Office, locally, for document editing. For simultaneous cloud editing they'll have to switch to alternatives such as NextCloud, OnlyOffice, Open-Xchange, you name it. Plenty of fish in the sea, each with their own advantages and disadvantages. Some scale great for small primary schools, others scale better for high schools and universities.

This entire problem could've been solved years ago when the GDPR grace period started; then when Safe Harbor blew up as expected by just about everyone, they had another chance to start working on a fix. Then the fix should've had priority since Privacy Shield was invalidated, because they have been in violation of the law since.

I'm sure institutions will cry foul and beg the government not to fine them because they could've never seen it coming, because the solution to privacy laws always seems to be "ignore the law and pretend you'll never get caught".

ONLYOFFICE can also do collaborative online editing, and sharing, for free (and it's also open source!)


I guess they could use normal Microsoft Office (not the cloud version).


Or some version of Collabora (LibreOffice with support)

That would be the ideal! These guys (and Allotropia) do amazing work.

I like the genera idea of not using the big companies and forcing them into compliance but if the France government is anything like the USA gov I can't imagine them running a self-hosted solution like NextCloud at the same level of security, compliance, and reliability that are imposed on MS and Google.

The article specifically refers to the free edu versions of office and workspace. What about the paid ones?

“The CNIL recommends that institutions use collaborative suites offered by service providers exclusively subject to European law and "that host data within the European Union and do not transfer it to the United States". The centrist deputy had asked the Ministry of Pap NDiaye to find out if Microsoft's free offer in schools did not "become a form of dumping and unfair competition".

Sounds like there are multiple angles to this. Privacy. Monopoly. National security. So it’s not just about it being free.


It doesn't matter that it's incomplete. They can still use Office without 365, etc. It's not a real principled fundamental policy about all public/government code and documents and data and formats etc.

It doesn't matter what the real reason is. Even for example the cynical idea that it's just to force favoring some other private entity.

Still good.

It's good even purely for the optics that it's even possible, for any reason at all. As it is it does do a lot of direct good already, but even if it did nothing more than make the concept of "we don't need to use office365 or google" less crazy sounding the next time someone tries to take a government open source and open data and open data formats, or even merely reject the servicication of things that don't actually require it, that is already a good thing all by itself.

And the fact that it pushes back against the indoctrination of kids to accept that as just a universal fact of life is just that much better.

This is the type of thing that would be more effective if they focused on publicizing it and publicly pressuring the company to provide a solution that meets their needs. Once they say "bye," msft has no incentive to fix it.

Andrew Bustamante says on Fridman podcast that French government intelligence agency is number one in the world in industrial espionage.

France might also be the country that “bans the most”. Privacy is probably used as a tool in business.

Good time for Google Workspace to be testing client side encryption.


Great news! Now ban adobe

Congrats! This should have been banned many years ago, in whole Europe

Asia/Africa follow along and encourage local or free, non-profit open source alternatives

What should have been banned specifically? This isn’t a ban on commercial software.

Brazil is years ahead of EU countries in this matter.

what other email services are good enough for enterprise and government? apart from exchange on-premise

What about a plain old email server set up in house? Maybe it would cost more and have less features, but it sounds like a good price to pay to avoid Google and Microsoft. Email after all does not have to be centrally managed because of the way it works.

smtp protocol

Avaya maybe?

I'm curious about what alternatives they're proposing. That's 98% of the market right there (citation needed).

How will this law be enforced?

Since it is about public institutions, any public servant disobeying will be disciplined. That can include strongly worded letters, demotions or even firing. For public institutions spending money on (for them) illegal goods, activities or licenses is not possible, which means that any receipt they hand in for that won't ever get reimbursed. Which also means they wouldn't get the goods in the first place, because the business selling them knows they will get stiffed.

Isn’t it notoriously difficult to fire or demote anyone in the french bureaucracy?

IT departments in the various branches of the administration have to follow the guidelines of the government, it's not really hard to implement in that sense. What's harder is avoiding shadow IT.

Shadow IT implies that IT departments don’t care enough to expend effort to crack down. Is that common in France?

My work experience is that it happens everywhere crackdowns and directives get in the way of productivity. Ultimately between getting things done and sticking to the rules, people often pick the first option. I'm also guilty of it to an extent.

What about on-prem office?

Wish I knew French. What’s the TLDR in English lol

About time.

I'm a traditionally very paranoid, very DIY admin/hacker type. A knowledgeable friend turned my opinion to the cloud a few years ago. He simply asked me whether I had DLP, an IPS and enterprise-grade firewall for my home systems. With that line of questioning, he made me realize that no jerry-rigged home-built network system can hold a candle to the security and robustness of a cloud solution, even a mere consumer-grade OneDrive or BackBlaze or something like that. Since then I haven't really kept anything important on local storage. It's in the cloud, for better or worse now.

Yeah, but who’s going to seriously spend much time and effort to try and attack you? Obviously you are always at risk of automated attacks when a vulnerability comes out and attackers scan the internet for any exposed service vulnerable to it, but otherwise you’re not anything like the kind of target that a cloud provider would be (that they’d try to random for millions of dollars if they’re successful, and would have the personal data of millions of people to sell on the dark web when they don’t pay).

Unless you’re known to have data that’s particularly interesting, your risk is nothing like what they face…

Cloud can certainly be secure, assuming the security can be verified (through audits and/or open source clients) and the data is end-to-end encrypted.

The cloud isn't the problem, the active data collection that cloud companies do on your unencrypted data is.

The cloud is just as vulnerable as everything else is:


But do those firewalls work…? They seem to be too often serving as an attack vector.

32 Connected experiences that analyze your content in Microsoft 365 Apps for enterprise...


According to Peter Zeihan, France (along with Turkey & a few others) will be emergent empires of the post-globalist age. There is ample precedent for and, and for some countries, explicit codification of using commercial tech products for state ends, particularly espionage.

So a) this is not a surprising direction at all and b) this sets up a nice little pre-fertilized, fully-walled-off plot for a French omnibus tech company to explode into.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact