Propublica is a nonprofit newsroom that investigates power abuse. Sign up and receive the biggest story as soon as it’s published.
The Pentagon has issued a “letter of concern” to Microsoft, documenting a “breach of trust” in relation to the use of China-based engineers to maintain sensitive government computer systems, Defense Secretary Pete Hegses announced this week. At the same time, the Department of Defense is beginning to investigate whether any of these employees are undermining national security.
This behavior was born in response to a recent Propublica survey that exposed Microsoft’s “digital escorts” system. In this system, US personnel with security clearance oversees foreign engineers, including China. Propublica has discovered that it is often lacking the expertise required to effectively oversee engineers with much more advanced technical skills.
The tech giant has developed the arrangement as an effort to address the Department of Defense requirements that people who process sensitive data are US citizens or permanent residents.
“The program was designed to comply with contract rules, but it put the department at unacceptable risk,” Hegses said in a video announcement posted to X.
This letter serves as a warning to Microsoft. Microsoft says it receives “significant revenue from government contracts” in its revenue report. If the issue has not been fixed, it is less serious than a “treatment notice” that could lead to the termination of your Microsoft contract. The department did not publish the letter and did not reply to requests for copying ProPublica.
Experts say that allowing China-based personnel to provide technical support and maintenance on US government computer systems poses a major security risk. Chinese law grants national officials a wide range of authority to collect data, and experts say it is difficult for Chinese citizens and companies to meaningfully resist direct requests from security forces or law enforcement agencies.
Hegseth said the newly opened Pentagon survey of the digital escort program will focus on Microsoft’s China-based employees. The probe “helps determine the impact of this digital escort workaround,” he said.
In the video announcement, Hegseth said the department is also requesting a new third-party audit of Microsoft’s digital escort program. It is unclear who will perform the audit.
Microsoft began using digital escorts about 10 years ago, finding Propublica, and gained billions of dollars worth of federal cloud computing business. Through the Obama, Trump and the Biden administrations, the system has escaped pentagonal official notifications. Propublica reported last week that it failed to disclose any significant details of the security plan arrangement Microsoft submitted to the Department of Defense. The company declines to comment on these omissions.
“We hope that vendors will do business with the Department of Defense to increase national security rather than maximize profits,” Hegses said in the video.
In the wake of a report from Propublica, Microsoft announced last month that it had stopped using China-based engineers to support the Department of Defense’s cloud computing system. In a statement provided for the story, the company said it would “work with the US government to ensure that it meets their expectations.”
“We remain committed to providing the US government with the safest services possible, including working with our national security partners to assess and coordinate security protocols as needed,” the company said in a statement.
In addition to China, Microsoft operates in India, the European Union and elsewhere around the world, and engineers at these locations are also working on the Department of Defense cloud maintenance.
Last month, Hegseth said in X that “no country, including China, should be allowed to maintain or access the DOD system.” However, last week, in response to a Propublica question, the Department of Defense left the door open for the continued use of foreign engineers with digital escorts, saying that factors, including the “country of origin of the foreigner”, could be “deemed an acceptable risk” depending on the factors being escorted.
Microsoft was unable to disclose important details regarding the use of China-based engineers in US defense operations, Record Show
In his announcement, Hegseth did not mention whether the escort program would continue. The department did not respond to questions from Propublica seeking additional information regarding the new survey.
Propublica reported last month that Microsoft also relies on its China-based employees to maintain a federal cloud computing system beyond the Department of Defense, including the Department of Justice, Treasury and Commercial. In response to the report, Microsoft also suggests it will cease use of China-based engineers for these sectors.
In an announcement this week, Hegseth said the Department of Defense is “working with other federal partners to ensure that all US networks are protected.”
