Microsoft Used China-Based Support for Multiple U.S. Agencies, Potentially Exposing Sensitive Data (propublica.org) 15
Microsoft used China-based engineering teams to maintain cloud computing systems for multiple federal departments including Justice, Treasury, and Commerce, extending the practice beyond the Defense Department that the company announced last week it would discontinue. The work occurred within Microsoft's Government Community Cloud, which handles sensitive but unclassified federal information and has been used by the Justice Department's Antitrust Division for criminal and civil investigations, as well as parts of the Environmental Protection Agency and Department of Education.
Microsoft employed "digital escorts" -- U.S.-based personnel who supervised the foreign engineers -- similar to the arrangement it used for Pentagon systems. Following ProPublica's reporting, Microsoft issued a statement indicating it would take "similar steps for all our government customers who use Government Community Cloud to further ensure the security of their data." Competing cloud providers Amazon Web Services, Google, and Oracle told ProPublica they do not use China-based support for federal contracts.
Microsoft employed "digital escorts" -- U.S.-based personnel who supervised the foreign engineers -- similar to the arrangement it used for Pentagon systems. Following ProPublica's reporting, Microsoft issued a statement indicating it would take "similar steps for all our government customers who use Government Community Cloud to further ensure the security of their data." Competing cloud providers Amazon Web Services, Google, and Oracle told ProPublica they do not use China-based support for federal contracts.
Re: (Score:2)
Re: (Score:2)
They aren't the only one, but ISTM that they're currently the most aggressive intruders.
Government Efficiency (Score:1)
Seriously, how is this not a federal crime? (Score:2, Insightful)
None of these systems should have a non-US person anywhere near them.
Re:Seriously, how is this not a federal crime? (Score:4, Interesting)
And that's supposed to be the rule (with some specific exceptions for allied nationals in some cases). I've had to do work on a government cloud, and question one was "Are you a US citizen physically located in the US". I'm not sure what (or if) Microsoft was thinking.
Re: (Score:2)
I'm not sure what (or if) Microsoft was thinking.
They were thinking "Dollars! More Dollars! Many More Dollars! And who cares about the customer!" That is what Microsoft usually thinks. Lets hope this time it comes back to haunt them.
Re:Seriously, how is this not a federal crime? (Score:4, Insightful)
I know a guy guilty of 34 of them in a much more dangerous position.
Wow (Score:1)
Maybe China could release the Epstein files?
Digital escorts (Score:2)
I suppose that's one way to keep the (probably mostly single male) software engineers and IT people doing what you want them to do, but I feel like digital managers would be more effective. :-D
Re: (Score:2)
I was thinking Wallace Corp's "Joi" romantic companion model.
Re: (Score:2)
I expect real escorts (the hooker type) would have been more effective, because they typically have a good radar for when something feels off. They would have been about as effective on the tech side, because it is essentially impossible to monitor what something competent does on a computer keyboard. I know, I have tried.
access control (Score:3)
Microsoft employed foreign engineers and then employed "digital escorts" to keep an eye on them?
I want to see the job posting for that one:
"Wanted: Cloud Digital Escort. As a Cloud Digital Escort, you will watch over IT workers located in China to prevent them from doing nasty things like send sensitive data to China. Great hours for night owls! Pay: Hourly/min wage/less"
Every time I have to use Excel I remember how bad MS is at building software, but how good they are at roping everyone into using it.
Such a surprise (Score:2)
The Chinese will have anything worth knowing from these MS customers now. And they will have placed countless backdoors. "Escorts" like the ones used by MS are completely worthless. I had the opportunity to observe that in person and to run some experiments a few years back (me and my boss tried to "supervise" each other, complete failure). The customer still decided to go with this flawed idea. And a few months later a developer placed a backdoor and they only noticed a few weeks later on a traffic analysi
Pretty simple (Score:2)