Microsoft has been left with egg on its face after an independent investigation revealed a concerning pattern of using workers based in China to maintain and support US government customers on its Azure cloud.
The initial report, published by nonprofit investigative journalism outfit ProPublica on July 15, exposed Redmond’s practice of using China-based engineers to staff contracts for the US Department of Defense, potentially exposing sensitive government data to hacking and espionage.
In response to the report, US Secretary of Defense Pete Hegseth said he would launch an investigation into the practice, writing on X, “Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.”
Shortly after, Microsoft said it would take swift action to adjust its practices. Frank X. Shaw, the company’s chief communications officer, wrote in a post to X, “Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services.”
However, a follow-up report published on Friday emphasized that Microsoft’s habit of using overseas engineering staff for government customers has been pervasive, extending to contracts not just for the DoD but also the Department of Justice, the Department of the Treasury, the Environmental Protection Agency, the Department of Education, and the Department of Commerce.
As of this writing, Microsoft has not responded to The Register‘s request for comment on whether it plans to adjust its practices across all of its government contracts, beyond just the DoD. However, it told ProPublica it was taking “steps” to ensure the security of government cloud customers’ data, without offering further details.
The US departments in question are all customers of what Microsoft calls its Government Community Cloud. While this packaging of Azure isn’t intended for classified data, any information stored in it related to government operations could nonetheless be considered sensitive.
The concern is that granting Chinese nationals this level of access to US government systems could leave data and applications wide open to all manner of threats. Malicious hacking, including ransomware and other cyberattacks, is one obvious worry. More troubling is the potential for the Chinese government to enlist its citizens for state espionage purposes.
Microsoft has claimed that, by policy, foreign workers with access to government systems are supervised by US citizens with government security clearances. However, according to the report, these overseers, dubbed “digital escorts,” often lack technical expertise and are ill-equipped to understand what engineers are actually doing.
Other cloud providers, including AWS, Google, and Oracle, told ProPublica that they do not employ a similar management structure and do not use foreign workers to maintain government accounts.
The kerfuffle over Redmond’s use of foreign labor comes hot on the heels of news that the company plans to shed another 9,000 workers, bringing the year’s layoffs to more than 15,000 worldwide. Naturally, Microsoft claims it’s all about AI.
In a July 24 memo to employees, CEO Satya Nadella said the job cuts have been “weighing heavily” on him, but added, “Teams are reorganizing. Scopes are expanding. New opportunities are everywhere. It reminds me of the early ’90s, when PCs and productivity software became standard in every home and every desk! That’s exactly where we are now with AI.”
Despite Nadella’s chirpy pronouncement, it seems more likely that Microsoft’s recent bloodletting — and its reliance on cheap overseas labor — are all part of a concerted effort to cut staffing costs so it can divert funds to building out its AI capacity.
Evidence of this is that Microsoft has steadily increased its capital expenditures over recent quarters, which suggests the software giant is investing heavily in non-software activities, such as building and expanding datacenters. Analysts expect this trend to continue when Redmond announces its next quarterly earnings on July 30. ®