Frédéric Pierucci (Ikarian): The challenges of digital sovereignty

There are people who inspire, command respect, impress and give man, an extraordinary dimension. Frédéric Pierucci is one of them. The story, the pain, and the struggles of this man, who had an extraordinary destiny, force us to think and grow. Discover the full transcription of this awesome episode.

You’re not part of the French Tech, and you’re not the boss of an engineering department. Yet, you hold a very original, interesting and inspiring vision of tech! First, could you say a word about yourself, your background, and your career before April 14th, 2013?

I spent more than twenty years in a corporation known to everyone, Alstom. There, I had a mostly expatriate 20 year-long career spent in Asia, the United States and Europe.

Alstom is a large corporation. I’ve always been in the power generation side of the business, where I’ve held several positions: Head of Global Sales for nuclear and coal power plants, Head of several business units within the corporation, etc. The last position I held was that of Head of the Boiler Division, which was 4,000 people strong, had a turnover of 1.4 billion, and was based in Singapore.

What happened on April 14th, 2013?

At the beginning of 2013, I was in Singapore supporting Alstom’s power generation strategy to get closer to Chinese competitors. My division was used as a test division for this convergence. For two years, I managed everything. I moved the headquarters to Singapore and prepared the merger with our Chinese partners. I was even appointed as future boss of the new entity.

On the transport side of the business, and, more precisely, TGV train manufacturing, at the beginning of this decade, the corporation’s strategy was to bring a Russian shareholder in Alstom Transport. Several players were involved in this project: the French, the Russians, and the Chinese. There was also a party missing at the negotiating table, but they would soon make themselves known (spoiler)! So, in August 2012, I moved the headquarters to Singapore and relocated there.

At the same time, I was travelling a lot to the US because I was managing about 700 people there. On April 14th 2013, arriving at Kennedy Airport, when the plane doors opened, five people were waiting to tell me that I was under arrest and handcuffed me as I was coming out.

Did you see this arrest coming?

Not at all. When they arrested me, I had no idea why they were doing so. They didn’t even know themselves!  They had just been ordered to arrest me as I got off the plane, then take me to the FBI headquarters in Manhattan to see the DOJ (Department of Justice) prosecutor.

What happened next?

When I was arrested, I was told that I had been indicted six months earlier, but that the indictment had been kept under seal because I was a French citizen. Indeed, when the United States investigate French citizens, they favor confidentiality to prevent them from taking refuge back in France and not ever come out again since France does not extradite its nationals.

It turned out that I was indicted because, according to them, I knew about various bribes paid by Alstom’s commercial intermediaries to win a contract in Indonesia, 10 years earlier. I was first jailed in a maximum-security prison for 14 months, in the US, with the cream of the East Coast crop. I soon found out that I had been used and instrumentalised to put pressure on the CEO of the corporation to negotiate a deal with the US and pay a fine to the United States Department of the Treasury.

Their objective was to destabilize the company and put pressure on the CEO to sell two thirds of Alstom’s business to its large American competitor, General Electric. It was a national disaster because Alstom was the manufacturer of turbines for the French nuclear power stations and also the provider of all their maintenance. And so, by becoming American, France lost great strategic autonomy, the fruit of an industrialization and energy autonomy strategy obtained from the 1970s. In addition to which, Alstom being also the maker of the propulsion for the Charles de Gaulle aircraft carrier, with the sale of Alstom Power, France lost a lot of its sovereign capability in this area.

Then, a lot of debates took place in France. In 2014, 2015, etc., parliamentary inquiry commissions on the subject were organized and many books and documentaries were produced relating to the way the United States use law as a weapon of economic destabilization against their European allies. To give you an idea, in a ten-year period, French companies have paid 14 billion dollars in fines to the US Treasury for the application of extraterritorial laws on anti-corruption, export controls, compliance with US embargoes, etc. So, these are huge sums of money. Moreover, these are just the tip of the iceberg because behind that, there is the whole distribution chain of the company and, often, these types of cases end up with the French company being sold off a piece at a time.

So, I spent 14 months in prison, then came back to France for 3 years and then I went back to prison for one year.

In the name of what law, text or principle of extra-territoriality were they able to detain you all this time?

The US have a raft of laws with extraterritorial reach. In fact, all of these laws have been put in place over the years. Before that, in terms of anti-bribery, the US had an old law from 1977 that only applied to US companies. But in 1998 they made that law extraterritorial. So, since 1998, the law does not only apply to American companies, but to all companies in the world as soon as there is a territorial connection (dollar, SWIFT, etc.), no matter how small, with an American territory. And here, I’m talking about corruption.

But the same thing exists regarding the respect of embargoes that the country decrees all by itself. Depending on its needs, it puts certain countries or companies under embargo. This means that the whole world cannot work and trade with companies, states, or individuals without violating US law, without being sanctioned by the US.

For example, these sanctions can affect the banking sector. BNP Paribas paid $8.9 billion for banking in a country that was under US embargo. The blackmail comes into action when you’re given the choice to either pay a fine because you have broken US laws, or get your license to operate in the US or your dollar operations withdrawn. So, you have to negotiate and pay huge fines to get out of these kinds of lawsuits. Every year a new extraterritorial law comes out and every time, under the guise of moral or indisputable values such as fighting corruption, terrorism, etc.

Where did you find the courage to face this ordeal? How did you get through it?

For a start, I received an extremely important source of support from my family. In these kinds of situations, you turn to what is the most solid thing in your life, that is your family: my wife, children, parents, sister, etc. You find yourself with a very small circle of people you can really count on, whereas the company completely let me down. I was even fired while I was in prison for abandoning my job! Indeed, my job in Singapore was complicated to perform from a high security prison. You really feel that you’re alone. A few political figures reacted, such as Arnaud Montebourg, who understood the link between the legal case in the United States and the takeover of Alstom by General Electric. But very few made this link. Then, there were deputies like Marleix, who acted and understood. But it was still a minority of people!

So, I ended up very lonely at the highest possible secured section of a high-security prison. In fact, one develops an extremely rapid capacity to adapt in these kinds of situations and, even more so once you understand the rules. I tried to understand what was happening to me. I spent all my time in prison studying American law and case law to understand what had happened to companies and individuals who had been prosecuted for violating this notorious Foreign Corrupt Practices Act. I was killing time working from 8am til 8pm, as if I actually were going to work. I was studying the pile of documents that my lawyer or my wife had sent me. That’s how I realized that many of these laws were actually instruments of economic warfare to mostly target European companies. 80% of the fines under this one FCPA law are paid by non-US companies, and two thirds of these are paid by European companies. The sectors most targeted at the beginning were the easiest ones to target: oil, gas, telecom, energy… But nowadays, all sectors can be concerned.

What did you learn from these years and how did they change the man you were before?

I have changed enormously. Of course, you don’t go through an ordeal like this without changing a lot. I think, one of the biggest changes you undergo, is that you appreciate a hundredfold all the little moments in life. There you go, you appreciate a lot more all these little moments. Be they personal relationships or completely innocuous situations, you appreciate them a lot more!

Have you always had this fighting spirit?

Yes, when you are faced with such a system, you either give up completely or, on the contrary, you fight and try to understand. I think this type of ordeal is extremely revealing and what you’re made of really emerges. And all this can happen to many people! We don’t realize it, but many victims of this American state and these economic wars are in prison! I have met some of them. Fathers of families who never imagined for a moment that they could find themselves caught in this kind of mechanism.

A word about Ikarian. Because when you came back from the United States, you set up a consulting company.

When I came back from the US, I did two things. I had written during my months in prison more than 2000 pages of analysis on these laws. When I came back to France, I realized that I had become a bit of an expert on the subject. So, with the former president of the Bar, Paul-Albert Iweins, I started to try to make the French government aware of the need to change French anti-corruption laws to protect French companies from extraterritoriality. And so, we held quite a few conferences, including one at the National Assembly, to raise awareness on the need to change the law. This was done in 2016. There is a new French anti-corruption law called the Sapin 2 law. Companies don’t see it that way, but basically this law is designed to both protect them from US extraterritorial laws, and ensure that, even if there are prosecutions, at least the fines are paid to the French Treasury rather than to the US Treasury.

I therefore contributed to this large-scale awareness-raising effort, and, at the same time, I set up my own strategy and operations consulting firm, Ikarian. We support companies, in a very vertical way, on the subject of compliance with the various anti-corruption laws, export control laws, embargo laws, etc. We are increasingly being asked for services on the protection of data, and, particularly, strategic data. We build awareness, do training, procedure auditing, rewriting of procedures and codes of conducts, integrity checks on business partners, a lot of corruption risk mapping, integrity checks, due diligence on business partners, etc. We also have tools, including a whistleblower tool, and so on. We are always focused on this extraterritoriality with services or tools that protect companies on a European scale. We have many clients in Europe, but also outside of Europe, in the United States and in China, and from all sectors of activity.

What are your objectives today?

On a professional level, I have developed Ikarian, which is doing very well because I think that there was a need for French companies to get these services from French players. The idea is to perpetuate Ikarian and, obviously, to bring the argument on legal sovereignty to the places where I am allowed to express myself. There are a lot of conferences on this subject, and it is an essential subject to guarantee the freedom of French citizens first, and then European citizens. When we talk about legal sovereignty, we talk about digital sovereignty, industrial sovereignty, etc. It’s part of a whole! So, I want to continue to speak out to raise both public and political leaders’ awareness on these subjects.

I also have a very personal project which is to buy back the part of General Electric that the United States took away from us. I’ve been working on this project for two years and I’m confident that it will succeed. I’ve got a complete management team in place and the funds to do this type of operation. I hope we will be able to convince the government that it is necessary to recover our sovereignty which took us a long, long time to build up, 10 to 15 years! 

How would you define this digital sovereignty?

I think that the State has a duty to protect its citizens and its companies, and more and more so on the personal data and strategic data part. Since a number of countries have put in place extraterritorial laws on digital data, this area is currently akin to the wild wild West.

Here is an example that is very significant. The United States have put in place the Cloud Act, which allows American authorities to ask an American service provider to provide them with customer data stored in the cloud inside or outside the United States, say, in France. This is the pinnacle of extraterritoriality! If you use Outlook and your data is stored on a server in Paris, the Americans can exploit it if they are suspicious. If a prosecutor or anyone else part of the US government is suspicious, they can ask Microsoft to give them the information stored on Microsoft Azure.

Why is the US doing this? You have to go back to what Snowden revealed in 2013. He revealed that the NSA worked hand in hand with 100 US digital companies, the GAFAs and others, to collect all digital transactions, be they via email, text, video, everything about everybody and especially about European citizens and companies. There were hundreds of thousands of French citizens spied by the NSA. In this Prism program, which followed on from the NSA’s Echelon program, there was a desire to spy on all the digital communications of French companies’ executives who were negotiating contracts worth over 200 billion dollars. This meant that all the executives of major companies (Airbus, Alstom, Technip, etc.) were systematically bugged by the NSA. These are the revelations of Snowden in 2013 and of WikiLeaks at the same time.

It meant that while we naively thought that the US wanted a free market and the best man to win, in effect, it was not at all the case. It’s not the one with the best product that wins. It is the one who has the best information at the best time but who can also react at the best time. The United States have understood this and have been doing this massive spying through the NSA for years. In fact, this whole system was really industrialized after the end of the Cold War when all the intelligence agencies found themselves out of work because they had no more political enemies.

Under President Clinton, American intelligence was oriented out of political intelligence into economic intelligence. If you talk to people in these services, they will tell you that about 60% of American intelligence agencies’ work is on economic intelligence, the rest is done on drugs and terrorism. In Europe, however, 95% of agencies’ work is on anti-terrorism. So, there is a state which has put its power at the service of American companies for economic needs. These revelations came to light thanks to Snowden. And, at that point, the digital companies that had worked with the NSA found themselves in a very complicated situation because they could have been sued by the companies or by the states that they had spied on. Angela Merkel (former German Chancellor) and François Hollande (former French President) were bugged too!

The Americans thus respected their own laws, but broke many French and European laws by being complicit in this spying effort. To protect and give a legal framework to this massive spying operation, the United States created in 2018, the Cloud Act. This act gives a legal guarantee to all those companies that work hand in hand with the NSA to spy on our companies and says to them: « now, there is a law that says you have the obligation to transfer the data that is stored in your company if we ask you to ». And now, in the latest version of the text, they are even obliged to decrypt it on behalf of the American authorities requesting it. That’s why I do a lot of awareness raising on the use of tools for economic warfare, and also on issues like cloning and so on.

If we look at the legal part, we have the impression that there is an incompatibility between European law and American law. Obviously, one of the two loses…

There is a conflict of laws! For example, you can’t comply with the GDPR and the Cloud Act. In the end, you have to break some laws. Why did the United States put the Cloud Act in place? It’s to get around the blocking laws. That is to say, if a French company has to pass on information to a foreign authority because it is being pursued by that authority, there is a French law to deal with it: the blocking law. It prohibits French companies from transferring information to foreign authorities unless they go through the Ministry of the Economy, which has a dedicated department that screens said information. So, there are multilateral treaties for the exchange of information between the ministries of justice of different countries.

So, if the United States want information on French companies, they have to go through the American Ministry of Justice who, in turn, will go through the French Ministry of Justice, who then goes directly to the companies concerned. Except that all of this takes up a lot of time and, obviously, with this law and in theory, the United States should not be able to recover all the information they want. However, through the Cloud Act, they completely override the international treaties on judicial cooperation between the United States and France. Instead of going through a governmental department, they go directly through GAFAs to collect information on clouds, even on those based in France.

In your opinion, is citizen data as interesting as large corporation data?

Citizen data is extremely important indeed! Let’s take the example of the Data Hub. It’s a register that collects French people’s health data for medical research. It is a project of the French Ministry of Health. A contract was signed with Microsoft to store this data. And you should know that Microsoft Azure is subject to the Cloud Act, that it can be hacked or used for other purposes. So, potentially, the United States can access our health data.

I didn’t sign up for this! I signed up for my data to be stored on French servers subject to the GDPR, but not to the American Cloud Act. And for this project, there was no call for tenders. It was negotiated almost by mutual agreement between the institutions and the companies under the pretence that it was both necessary to move quickly and there were no French offers.

This poses very serious problems because by doing this, the public authorities are, in a manner of speaking, supporting this extraterritoriality. Appeals filed with the CNIL should get things moving! Normally, everything should be reviewed after two years, but many voices had to raise for the State to react. With more culture and economic intelligence at State level, it should have been a priority to consider a French alternative to secure French health data.

From a legal point of view, everything seems very complex! Laws exist, but they contradict each other, how is this possible?

The problem is not just the law, it’s the enforcement of the law. The United States have the means to enforce their laws, whereas France enacts a lot of laws but has a lot of trouble enforcing them. That’s why there has been this table tennis game between Europe and the United States for more than 25 years on data capture.

First there was Safe Harbor, then, after the Snowden affair, the Privacy Shield, an agreement that more or less regulated the transfer of European data to the United States, but this one was ultimately very much in favor of the United States. It took an Austrian lawyer, Schrems, to change all that by saying that he did not agree with the Privacy Shield!

In his view, the agreement did not sufficiently protect him as an EU citizen, and he refused to allow his data to be transferred to the US. So he went to the European Court of Justice and the law was repealed in July 2020. A new text, Schrems II, prohibits the transfer of personal data to the US. This poses a whole set of problems for GAFAs and other American companies. It is important to see, here, that even the European Commission was extremely lax in negotiating the Privacy Shield, which did not really protect European citizens.

And where does this laxity come from? Is it a question of skill, or is it a question of interest?

A bit of both! The European Union intends to create a European market. We can see this in particular with the competition law: it is, above all, a market and not a political or legal entity to protect European citizens. We have to go to the level of each State to find laws that can be applied to each citizen of each State. It is very complicated at the European level to have a consensus on this subject.

With 27 countries, it is much more complicated than when there were only 6 or 7. And then some of these countries are still very much “Atlanticists”! We still feel the weight of both post-World War II and Cold War eras. This compromises Europe’s strategic autonomy! And without it, it is complicated to have legal, digital and industrial sovereignty. We see many European projects being scuttled by states that are more inclined to support policies in favor of their own interests.

So, when we talk about technology, we don’t necessarily have the legal framework. However, do you think that we have the technology and tools that would allow us to propose an alternative to the American infrastructure?

Well, obviously, we are 15 years behind the United States in many areas, both in terms of hardware, software, networks, etc. But in the 1970s, we were the only country in the world that had the technology to do this, even if we were behind in terms of energy independence. We reacted, and in a 15 year-timeframe, France had become autonomous in terms of energy! I think we need the same kind of impetus for digital technology, and it can only come from the State.

This is a new battle. We are in need of a great digital plan! A plan that must, first, direct public orders towards French players. This is what is currently lacking. The GAFAs were born thanks to American public orders, particularly from the American Department of Defense. The latter sponsored the emergence of both GAFAs and other American players. So, the American public order was directed towards the creation of the champions we currently see, or at least a good part of those that we currently have in Europe.

But European competition law puts obstacles in the way of directing public procurement towards French or European players. I think that it is really urgent to either review this and make a sort of exception for the digital sector, or find ways of directing public orders towards French and European players in order to fill this gap. It’s going to take a long time, but if we never start, we’ll never get there.

The Russians and the Chinese have realized the importance of this digital sovereignty and have been trying for a long time to free themselves from American tools and services. For example, the Chinese and Russians are trying to create an alternative to the Swift system. The Chinese authorities have declared that by 2024, there will be no more American software on the computers used by the Chinese civil service. So there has to be a political will at the highest level in Europe. Either we remain under the American umbrella and thus remain numerically, economically and politically dependent, or we can find a third way between China and the United States! For the moment, there is a lot of talking but, in reality, it will be complicated to achieve this with 27 members.

There is no alternative, but the financial stakes are monstrous… How can we move forward?

I’m not saying that we have to rebuild everything, and I don’t have a solution, but, I can illustrate with two examples we carried out on a smaller scale. The French Sapin law requires companies with 50 or more employees to set up a whistle-blower system. This is a system in SaaS mode where employees can blow the whistle on something. They can, for example, be ethical alerts in the event of corruption in the company.

This type of data is extremely valuable. The companies offering this type of service were initially American companies. So, potentially, the information is directly accessible in the United States before it is even processed! A few alternatives emerged, notably with the ideas of a Swedish and a Dutch company, and French companies, aware of all these problems, turned to them. But, two years later, the two companies were bought out by American companies. And we, for our part, worked on an identical French system, stored on OVH and therefore not subject to the Cloud Act.

And OVH is one of the infrastructures that can potentially make us optimistic! And there are players like this one and others who indicate that we are on the right track. What do you think?

We are right to be optimistic because I see that this subject is becoming a hot topic. I see a lot of corporations, especially French companies, that have joined forces and are making digital sovereignty their battle horse. I feel that things are moving forward and that there is awareness at company and politician level. And more and more conferences are being organized on the subject. I see change, but I think it is too slow and lacks an impetus from public authorities. It can only be a political decision, and it must be a French decision first and foremost.

Efforts are being made at the level of the European Commission, but it’s too slow! We must first start in France, as we did with the GDPR, and then try to impose what we did, at a European level. And to start with, we have to direct public orders towards French players! And then we need what has been lacking until now: a legal reaction to this extraterritoriality. Have you seen many American digital companies sanctioned in French or European courts following the NSA affair? There have been no complaints.

Imagine French actors spying on American companies on American territory. Everyone would have ended up in jail and these companies would have been banned for life from the US. Of course, in Europe, nothing happened following the Snowden affair. That’s what was so dramatic. And since nothing happened, as long as they win, they continue playing.

We have to make sure that we are respected, but also fine American companies that break our laws. And for the moment, it’s complicated. Even the Apple Agreement case, where Apple was fined $13 billion by the courts for tax evasion, is a failure. Ireland was supposed to get the $13 billion back, but they didn’t want it, and they didn’t want Apple to pay them a fine because they wanted to keep undercutting taxes in Europe. That’s where we are now. It’s mind-boggling to end up with this kind of paradox. And the European Court of Justice has overturned the decision against Apple as well!

So you think we should start with France?

Public procurement in France is about 50% of GDP. We start by directing French public orders towards French companies, and then we’ll see. Exactly like we did in the 1970s to create Alstom and Framatome.

Speaking of Alstom, it’s a fight that’s obviously quite active. You are potentially in the process of taking over this subsidiary, which was sold a few years ago. How are you doing with this consortium and the project to buy back Alstom?

It’s a project that can be considered because General Electric is on the verge of bankruptcy for a number of reasons. The main reason is that in 2008, GE was above all a large bank and a large insurer. This is where 80% of its profits came from. But the company was caught red-handed in the subprime business. The US government injected 130 billion dollars to save the company. A debt that it is now unable to repay. They are, therefore, forced to sell a lot of assets and focus on certain subsidiaries.

This is a unique opportunity to recover the most strategic part. I have been working on this project for two years. I have put together a management team to take over this activity, and I have already spoken with funds and the ministries to make them aware of the need to do this operation. So, in the meantime, General Electric is carrying out yet another massive redundancy plan, especially in the nuclear sector.

The real risk is that we will both lose key skills and no longer be able to ensure the maintenance of nuclear power plants. So, there is a social, technological and industrial sovereignty urgency to resume this activity as quickly as possible. It’s quite complicated, but I’m hopeful that we’re going to succeed, because the worst thing would be for this activity to be sold to another non-French player.