(Credit: Ying Tang/NurPhoto via Getty Images)
Microsoft says it will stop using China-based engineers for work on the US Defense Department government cloud and related services.
Frank Shaw, Microsoft's communications lead, said the move comes in response to "concerns raised earlier this week about US-supervised foreign engineers.
"We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed," he wrote on X.
Earlier this week, Sen. Tom Cotton (R-Ark.) wrote to Defense Secretary Pete Hegseth outlining numerous concerns about Chinese involvement in DoD IT operations.
Cotton's complaint acknowledged that Chinese workers are accompanied by US citizens functioning as "digital escorts," who provide supervision of their activity. However, Cotton claimed that these "digital escorts often do not have the technical training or expertise needed to catch malicious code or suspicious behavior."
The senator demanded that Microsoft supply information about the contractors who hire Chinese personnel to work on these projects, as well as information on the subcontractors who hire these "digital escorts" and the type of security training they receive.
"The US government recognizes that China's cyber capabilities pose one of the most aggressive and dangerous threats to the United States, as evidenced by infiltration of our critical infrastructure, telecommunications networks, and supply chains," said Cotton.
On X, Hegseth said he agrees with Cotton's assessment and said DoD "is already looking into this ASAP," adding, "Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems."
Cotton's letter came after ProPublica published an investigation earlier this week on the history of how Microsoft used these digital escorts to monitor Chinese workers. The practice, which dates back to 2016, functions "with little review," while escorts "copy and paste the [Chinese] engineer’s commands into the federal cloud."
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” one anonymous escort told ProPublica.
This is the latest example of the Trump administration cracking down on Chinese access to US systems. In April, the FCC moved to ban electronics vendors from hiring Chinese labs to test their products. More recently, the agency pushed to ban Chinese companies and technology from undersea internet cables connected to the US.