We promised we weren’t a political podcast, but here we are.
This week Matt drags Liam through the tangled history that led us to EuroOffice, the EU-driven scramble to build a homegrown alternative to Microsoft 365 and Google Workspace. It’s a story that starts in 2008, runs through Ireland, and lands squarely in the lap of every consultant who’s ever been asked “where is our data hosted?”
Spoiler: the answer matters less than you’d think, but more than you’d hope.
We trace the thread from:
- OpenOffice → LibreOffice — what happened when Oracle bought Sun, and why the open source community walked
- Clean room engineering — Google v Oracle, the Java APIs precedent, and a delicious bit of irony about Android
- The Microsoft Ireland case (2013–2017) — when Microsoft told the FBI to take a number, and won
- The US CLOUD Act (2018) — the legislative response that quietly rewrote the rules
- The Australia–US CLOUD Act Agreement (2021) — what it actually says, and why it doesn’t say what most people think it says
- EuroOffice and the open source civil war — LibreOffice, Collabora, ONLYOFFICE, Nextcloud, and what happens when “European solidarity” meets a multi-billion-euro market opportunity
Along the way we get into the uncomfortable bits: that Microsoft’s “sovereign cloud” for Australian government is still operated by a US corporation; that GDPR is in direct conflict with the CLOUD Act and European companies are stuck in the middle; that Australia’s biggest “cloud provider” is really just a data centre operator; and that “where is your data hosted” might be the wrong question entirely.
The bigger question we land on is one for consultants: what’s our responsibility here? For most clients, US law enforcement is a non-issue. But “almost certainly not relevant” isn’t the same as “not a risk.” When someone asks you to sign off on an architecture, can you honestly say their data is safe from these scenarios? And if not, how do you present that risk profile fairly, without being paranoid, and without hand-waving it away?
We don’t solve it. We’re not sure it’s ours to solve. But it’s worth being aware of — because the questions are starting to filter down from the big end of town to the mid-market, and “we use the European data centres” isn’t the answer it used to be.
Tangents include: biometrics vs PINs under US law (don’t use Face ID at the border), Steve Gibson’s neurometric authentication idea, rubber-hose cryptanalysis, mechanical typewriters in Cold War embassies, and the eternal question of why YubiKeys cost $150 each.
We also briefly tease a future episode on enshittification — Cory Doctorow’s term for the slow rot of platforms we’ve all become dependent on. That one’s coming. Eventually.
🍻 Tonight’s Drinks
Matt – Sunday Road Blackwoods Pale Ale 🍺
Liam – Red wine (open bottle rules) followed by a Stone and Wood Pacific Ale chaser 🍷
🔗 Links from the Episode
- European Alternatives — the directory of non-US alternatives to big tech
- The Acquired Podcast — the Microsoft episodes Matt referenced
- Security Now with Steve Gibson — for the neurometric authentication story
- LibreOffice / The Document Foundation
- Collabora Online
- ONLYOFFICE
- Nextcloud
- The CLOUD Act (US) — the actual text
- Australia–US CLOUD Act Agreement — Attorney-General’s overview
- Enshittification by Cory Doctorow — book reference for the next-episode teaser
Any Likes 👍, Shares 📣, Subscriptions 🔔, and Love ❤️ go a long way to helping us keep doing this for fun.
Cheers! 🍻