I always hosted my own mail, both for myself and for the few businesses I run throughout my career. Once in a while I would offer the family to use my email infrastructure, with ample storage space and cool domain names, but everyone seemed content with their altern.org, yahoo.com and later gmail.com accounts.
When I worked as Head of IT at a news agency, we used Google Workspace and despite my repeated assurance that I can not look into the emails of others, pretty much everyone used their personal accounts for the most important communication. They would assume that they are safer with Google, and this was a rational assumption. If someone threatened me with death or offered a hefty ransom, I would be able to check their mails, sensitive documents or just browser history. And I am happy to never have been in that situation.
In the same vein, the political decisions to outsource critical IT services to US companies satisfied two objectives:
- protect the local IT personnel
- rein in their power.
And this worked, until 2025 when it became apparent that there is a geopolitical risk to entrust EU governments' IT to US companies. Between the geopolitical risk and the very real risk of empowering their own IT, our politicians decided they are willing to take the geopolitical risk.
For that, I have to remind that the upcoming Criminal Code has two brand new sections that provide ample opportunity for prosecution in the future if the geopolitical risk realizes:
- Section 5. La collaboration politique et intellectuelle / Afdeling 5. Politieke en intellectuele collaboratie
- Section 6. Les infractions concernant les secrets d'Etat / Afdeling 6. Misdrijven met betrekking tot staatsgeheimen
The stakes have never been higher.