Post

Conversation

Byron Wan
@Byron_Wan
🚨 Microsoft, as a provider of cloud services to the US government, is required to regularly submit security plans to officials describing how the company will protect federal computer systems. Yet in a 2025 submission to the Defense Department, the tech giant left out key details, including its use of employees based in China, to work on highly sensitive department systems. In fact, the Microsoft plan makes no reference to the company’s China-based operations or foreign engineers at all. The document belies Microsoft’s repeated assertions that it disclosed the arrangement to the federal government, showing exactly what was left out as it sold its security plan to the Defense Department. The Pentagon has been investigating the use of foreign personnel by IT contractors in the wake of reporting by ProPublica last month that exposed Microsoft’s practice. Microsoft’s security plan, dated Feb 28 and submitted to the department’s IT agency, distinguishes between personnel who have undergone and passed background screenings to access its Azure Government cloud platform and those who have not. But it omits the fact that workers who have not been screened include non-US citizens based in foreign countries. “Whenever non-screened personnel request access to Azure Government, an operator who has been screened and has access to Azure Government provides escorted access,” the company said in its plan. The document also fails to disclose that the screened digital escorts can be contractors hired by a staffing company, not Microsoft employees. propublica.org/article/micros
Image
Quote
Byron Wan
@Byron_Wan
What could possibly go wrong? 🚨🚨🚨 Microsoft has been using engineers in China to help maintain the Department of Defense’s computer systems — with minimal supervision by US personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from China. The
Show more
Image
3,006
Views