The Pentagon issued a “letter of concern” to Microsoft documenting a “breach of belief” over the corporate’s use of China-based engineers to take care of delicate authorities laptop programs, Protection Secretary Pete Hegseth introduced this week. On the identical time, the Protection Division is opening an investigation into whether or not any of these workers have compromised nationwide safety.
The actions got here in response to a current ProPublica investigation that uncovered Microsoft’s “digital escort” system, by which U.S. personnel with safety clearances supervise overseas engineers, together with these in China. ProPublica discovered that the escorts usually lack the experience wanted to successfully supervise engineers with much more superior technical expertise.
The tech large developed the association as a work-around to a Protection Division requirement that individuals dealing with delicate information be U.S. residents or everlasting residents.
“This system was designed to adjust to contracting guidelines, nevertheless it uncovered the division to unacceptable threat,” Hegseth mentioned in a video announcement posted on X. “In case you’re considering America first and customary sense, this doesn’t go both of these exams.”
The letter serves as a warning to Microsoft, which has mentioned in earnings studies that it receives “substantial income from authorities contracts.” It’s much less critical than a “remedy discover,” which may result in termination of Microsoft contracts if issues should not mounted. The division didn’t launch the letter publicly, and it didn’t reply to ProPublica’s request for a duplicate of it.
Consultants have mentioned permitting China-based personnel to carry out technical assist and upkeep on U.S. authorities laptop programs poses main safety dangers. Legal guidelines in China grant the nation’s officers broad authority to gather information, and specialists say it’s tough for any Chinese language citizen or firm to meaningfully resist a direct request from safety forces or legislation enforcement.
Hegseth mentioned the newly opened Pentagon investigation into the digital escort program would deal with Microsoft’s China-based workers. The probe will “assist us decide the affect of this digital escort workaround,” he mentioned, together with whether or not “they put something within the code that we didn’t find out about.”
Hegseth mentioned in his video announcement that the division can also be requiring a brand new third-party audit of Microsoft’s digital escort program. It’s unclear who will conduct that audit.
Microsoft began utilizing digital escorts a couple of decade in the past, ProPublica discovered, and went on to win federal cloud computing enterprise price billions of {dollars}. By way of the Obama, Trump and Biden administrations, the system escaped the discover of Pentagon officers. ProPublica reported final week that Microsoft didn’t disclose key particulars of the association within the safety plans it submitted to the Protection Division. The corporate has declined to touch upon these omissions.
“We anticipate distributors doing enterprise with the Division of Protection to place U.S. nationwide safety forward of revenue maximization,” Hegseth mentioned within the video.
Within the wake of ProPublica’s reporting, Microsoft introduced final month that it had stopped utilizing China-based engineers to assist Protection Division cloud computing programs. In an announcement offered for this story, the corporate mentioned that it “will proceed to collaborate with the US Authorities to make sure we’re assembly their expectations.”
“We stay dedicated to offering probably the most safe providers potential to the US authorities, together with working with our nationwide safety companions to judge and alter our safety protocols as wanted,” the corporate mentioned within the assertion.
Along with China, Microsoft has operations in India, the European Union and elsewhere throughout the globe, and engineers in these locations additionally work on Protection Division cloud upkeep.
Final month, Hegseth mentioned on X that “overseas engineers — from any nation, together with after all China — ought to NEVER be allowed to take care of or entry DoD programs.” However final week, in response to ProPublica’s questions, the Protection Division left the door open to the continued use of foreign-based engineers with digital escorts, saying that it “could also be deemed an appropriate threat,” relying on elements that embody “the nation of origin of the overseas nationwide” being escorted.
In his announcement, Hegseth didn’t point out whether or not the escort program would proceed or say whether or not Microsoft’s reliance on different overseas nationals to take care of the Protection Division’s laptop programs would even be reviewed. The division didn’t reply to questions from ProPublica in search of further details about the brand new investigations.
ProPublica reported final month that Microsoft has additionally relied on its China-based workers to take care of federal cloud computing programs past the Protection Division, together with these of the departments of Justice, Treasury and Commerce. In response to the reporting, Microsoft has urged that it might additionally discontinue the usage of China-based engineers for these departments.
On this week’s announcement, Hegseth mentioned the Protection Division was working “with our companions in the remainder of the federal authorities to make sure that all U.S. networks are protected.”
