Crunch time for Switzerland’s digital independence. Incomprehensibly, and despite appeals not to do it, the Confederation is awarding a highly strategic contract to American and Chinese companies. The 5-year, 110 million franc “Public Clouds Bund” procurement project will provide all the technologies needed to run the State’s activities in the cloud. This could include big data and cyber defence, AI and blockchain, internet of things (IoT) and streaming, analytics and data storage. This decision is already attracting stinging criticism from expert observers, but also bafflement among the wider population, as can be seen on our Twitter and LinkedIn feeds.
No Swiss or European company to participate in the digitisation of the Confederation
Alibaba, Amazon, IBM, Microsoft, Oracle: that’s the astonishing list of suppliers selected to build the Confederation’s so-called digital independence. These American and Chinese suppliers were justified in a few lines. The location of data centers is of course part of the picture, but it only accounts for 10% of the final score – and a presence in Switzerland is not even a requirement, which by definition leaves local companies out in the cold. The Confederation’s principal justification for its choice is “the very attractive price proposition”, accompanied by a few lines, on the pretext that it cannot elaborate further during the appeal period (Le Temps, 28 June 2021).
Administration denigrating a strategic sector that’s also one of our economy’s most promising
How can the Confederation naively believe in savings when it’s increasing its dependence by ignoring local businesses? Couched in these precise terms, the question is perfectly valid, as the authorities’ strategy seems so bizarre.
The real price to pay
“This choice is worrying news for citizens and businesses that are forced to provide data to the federal government. It’s also a very bad political signal that does not encourage the cantonal public sector and the private sector to store their data in Switzerland,” comments Anaïc Cordoba of Datalabel.ch, which promotes data protection beyond legal requirements.
Defying all common sense, the Confederation is pushing Switzerland into a very worrying dependency relationship. Encouraging this imbalance will result in immense losses due to missed opportunities and loss of revenue for local Swiss or even European players. In practice, despite the significant savings being touted, the Confederation will inevitably:
- boost the GAFAM hegemony
- accelerate the arrival of BATX on the market
- delay the emergence of our digital sovereignty
- hinder the development of a strategic industrial capacity
- undermine the perception and thus the positioning of Switzerland as Europe’s data safe
Are all these elements also part of the “very attractive price proposition”?
Contrary to the justifications put forward, and given what’s at stake, the real price Switzerland ends up paying therefore promises to be astronomical.
“In fact, the most distressing aspect of this affair is the discrepancy between a form of public digital irresponsibility that has left our country lagging behind in terms of its digital transition for more than ten years, and a call for bids with specifications seemingly designed to exclude any Swiss provider. It even leaves you suspecting that preliminary negotiations would have led to the same situation,” says Prof. Jean-Henry Morin from the Institute of Information Service Science at the University of Geneva. He continues: “In the end, a country that prides itself on ranking amongst the world’s innovation elite finds itself subservient to digital giants whose business models are, at best, totally cynical and, at worst, offer lost sovereignty on a platter that puts us in a highly compromised situation. Amateurism, negligence, ignorance or underhand ambition are just some of the avenues that we are entitled to explore. What our country needs now more than ever is a real digital leap forward!” “
Prohibitive call for bids gave local players no chance
Though launched with the aim of improving the federal administration’s digital sovereignty, the call for bids calls into question the Confederation’s strategy. The document stipulates that providers must provide more than 24 of the 32 services requested and have “data centers on at least 3 continents”, which, by definition, prevents local and independent entities from bidding in competition to GAFAM or BATX.
Intentions blurred by giant demands and impossible deadlines
People were led to believe that the tender would be compatible with bids from Swiss and European suppliers. This turned out not to be the case. In contradiction to the stated desire to increase its digital literacy, the Confederation has drawn up a catalogue of requirements that are completely inaccessible to the country’s companies. Moreover, it would have taken teams weeks of full-time effort just to complete the application form. What companies can afford to do that?
In an unheard-of two months between 7 December 2020 and 3 February 2021, the bidding process itself squeezed out all the local players who were interested in the contract, including infomaniak. The Confederation took a long time to answer our questions and those of our competitors. This exchange forum, which was intended to provide support for the applications of potential suppliers, turned out to be entirely useless.
The day the Swiss authorities surrendered their digital sovereignty
The day the contract was put out to tender was the day the Confederation abandoned the very notion of digital sovereignty within its own administration – that’s the ultimate outcome of its decision. This notion, which is essential for the harmonious development of our economy and our democracy, seems to have escaped this administration.
Anything but Made in Switzerland
The list of players selected for this 110 million franc contract shows that:
- Not one of them is Swiss or European
- Not one of them uses an open ecosystem or favours open source
- Amazon doesn’t even have a data center in Switzerland (the closest one is in Germany)
- All their technologies are created and developed abroad: USA, China.
Local partners left without a role
The Confederation’s stance seems ideally calibrated to perpetuate a long-standing collaboration with Microsoft on the ground. This reality on the ground is clearly enunciated by this specialist, who works with major corporations: “The running joke in IT used to be that no one got fired for choosing IBM or Oracle. Nowadays, the same can be said of the offerings from Amazon (AWS) and Microsoft (Azure). There’s a kind of fascination with the cloud, and companies appear to be rushing to these solutions ‘to avoid problems’. But there are problems, of course.”
In its blindness, the Confederation is on the point of handing over responsibility for its cloud without considering the participation of local companies and partners – who haven’t even been consulted.
Is Swiss tech so undeserving of the Confederation’s support?
Despite the existence of players such as infomaniak, the Federal Institutes of Technology EPFL/ETHZ and Cloud Sigma, the administration appears unwilling to incorporate Swiss or European expertise, if only to guarantee the sovereignty of critical components of the whole. Nor does the Confederation propose encouraging the development of technologies missing from the project.
Laying Switzerland open to outside influences is a real risk
What’s the point of having a source of water if you don’t control the pipes? The risks of relying on non-sovereign solutions are very real. No one ignores them anymore. In his annual report, the Federal Data Protection and Information Commissioner points out that the cloud implies a strong dependence on what are often global players. It means that data protection needs to be built in early, at the point the bidders/suppliers are chosen, not afterwards when it may be too late.
Switzerland cannot afford it
Alibaba, Amazon, IBM, Microsoft and Oracle: these companies receive direct and indirect support from the governments of their domicile countries. But it’s not just about support. Of course, it’s also a question of sovereignty and control. These companies are dependent on economic-political forces that prevail over the rest. It’s worth noting the USA’s ongoing effort (via the “Five Eyes” intelligence alliance) to bring a large part of the activities of “big tech” back under US jurisdiction, regardless of where the data is hosted. It’s also worth remembering the worrying disappearance of the founder of technology giant Alibaba, Jack Ma, who miraculously reappeared after several months in a flurry of state propaganda.
“Can we really trust players who are subject to legislation that we do not control, who are not geographically close, who do not share exactly the same values as Switzerland, who condone fundamental rights violations…? asks François Charlet, a legal expert in technology law.
Confederation taking a leap in the dark
If all the development talent is abroad, what happens in the event of a commercial, legal or diplomatic dispute? Does the Confederation know what fate has in store for it? Even if these suppliers come with certifications, the risks directly related to the lack of sovereignty are very real:
- data blocking
- backdoors
- service closures
- spying
- data analysis
- censorship
- data destruction
This is what happens with “temporary transfers of data abroad”. These transfers, “necessary for the functioning of a service”, are invoked on operational grounds and allow circumvention of the territoriality of data protection regulations: information is moved outside its original legal framework before being returned. Needless to say, the man in the street never knows what happens to the data as it’s transferred.
This concern is reinforced by the fact that point 3.6 of the call for bids states that subcontracting is perfectly acceptable and that overall responsibility for this lies with the bidders themselves. Far from being a guarantee, it increases the exposure to risk.
Confederation not following recommendations of its own administration
The Confederation is aware of the issues at stake, but is deeply inconsistent:
“Double standards. On the one hand, we’re adopting new data protection legislation and seeking to strengthen the rights of individuals and the governance of companies in this area. On the other hand, we have a government seeking to collaborate and in all probability transfer the personal data of Swiss citizens to countries that offer insufficient protection. On the one hand, companies and users are urged to use “local” (i.e. Swiss or even European) services. On the other hand, we have a government doing the complete opposite. As with the F-35A fighter plane procurement, the Swiss government is making decisions based purely on technical and economic considerations, without looking at (geo)political and security criteria,” explains technology law specialist François Charlet.
Do as I say, not as I do!
For Gilles Aebischer, lawyer and chairman of the Datalabel association,
“Data protection requirements are becoming increasingly stringent in the private sector, particularly with regard to data localisation. The Federal Council is currently developing a certification and a “Swiss Cloud” label for services that guarantee data sovereignty – a label that, in all probability, the Confederation will not be able to use for itself!”
Switzerland sending a very bad signal
What message is the Confederation sending with this strategy?
Firstly, it has no faith in the skills and capacities of its own providers. Secondly, it’s giving up defending its digital sovereignty despite its much-vaunted neutrality and data hosting credentials. (Could it be it hasn’t understood the notion of digital sovereignty?) Thirdly, it’s not encouraging cantonal institutions and the private sector to store their data in Switzerland.
Fourthly – since we’re talking about the future – the Confederation is now telling its universities to train students with foreign proprietary tools rather than develop local know-how that they control. And last but not least, it’s allowing itself to choose companies without committing them to maximum ecological performance, since this wasn’t stipulated anywhere in the call for bids.
Infomaniak alert
This case shows how easy it is to succumb to the lure of immediate savings at the expense of skills development and the long-term challenge. It highlights how vital your support and the support of the private sector in general is to the development of real advances.
The blindness of the Confederation in this strategic matter reinforces our belief in the urgency to build a Swiss and European technological alternative – one that’s needed now more than ever.
We’ve enjoyed very strong support from the private sector for the past 25 years, and we’ll carry on recruiting in order to develop sovereign alternatives to the web giants. infomaniak will never sell its technology to the highest bidder and will continue to develop in accordance with its values. Moreover, all our ethical and environmental commitments, which are part of infomaniak’s DNA, will soon be written directly into our articles of association, thus making these values inseparable from your trusted brand.
Further information
- Appel d’offres (20007) 608 Public Clouds Confédération
- Adjudication de l’appel d’offres (20007) 608 Public Clouds Confédération
- Le Conseil fédéral veut un label Swiss Cloud et une administration cloud-ready en 2025
- Le «Swiss cloud», une stratégie illisible à 110 millions de francs
- Le cloud suisse est-il vraiment souverain?
- La souveraineté numérique? La Suisse ne fait même pas semblant de s’y intéresser
- Le cloud de la Confédération fourni par quatre géants américains et Alibaba
- Comment la Confédération s’est fiée à la Chine et a négligé nos données
- Les cinq fournisseurs qui décrochent le contrat de cloud public de la Confédération
- Chinesische und amerikanische Geheimdienste sind berüchtigt für ihren Datenhunger: Trotzdem greift die Schweiz auf Cloud-Dienste von Alibaba und Amazon zurück – warum?
- Bund überlässt Alibaba Schweizer Daten
- «Geheimhaltungs-Daten sollten nicht im Ausland gelagert werden»
- Schweizer Daten werden nach China und in die USA ausgelagert
- Wie der Bund bei seinen Cloud-Plänen auf China setzte und den Datenschutz vernachlässigte
- Aufregung auf Vorrat: Ob der Bund seine Daten in eine chinesische Cloud auslagert, ist alles andere als entschieden
More about our commitments
- Data hosting in Switzerland
- Swiss Made Software: building the technological alternative in the heart of Europe
- 9 reasons to choose Infomaniak to store your data and ensure data confidentiality
- Control over data: data centres are the cornerstones of Infomaniak is independence
- Engineers, whistleblowers, ethical hackers: this is how Infomaniak protects your URL data
- Webmail that is 100% independent: Infomaniak offers a unique alternative to GAFAM
- Infomaniak promises fiscal transparency
- Infomaniak bolsters its environmental and social approach by joining the Chambre de l’économie sociale et solidaire (Chamber of the Social and Solidarity Economy)
Prioritising quality code : explanations and solutions for repaying the technical debt
Friday August 11th, 2023