"It appears that there is a great deal of uncertainty surrounding the fact that Microsoft allegedly employed Chinese engineers to manage critical Defense Department systems containing sensitive data."
In a move to enhance security protocols and address concerns about potential vulnerabilities, Microsoft has announced it will no longer use China-based engineering teams to provide technical assistance for the Department of Defense (DoD) cloud and related services. This decision comes after the company's use of a program involving "digital escorts," U.S. citizens with security clearances, who acted as intermediaries supervising China-based engineers providing technical support for sensitive military systems.
The digital escort system was in place for "high impact level" data, which falls below "classified." However, the oversight was inadequate given the escorts’ limited skills, creating significant security risks due to potential introduction of vulnerabilities or malicious code. ProPublica reported that many digital escorts were paid "barely more than minimum wage" and were often less qualified than the engineers they oversaw.
The use of China-based engineers with digital escorts was disclosed by Microsoft but reportedly not well known or adequately monitored by U.S. government officials. Even some high-ranking officials within the government were unaware of the use of digital escorts.
Following a ProPublica investigation in mid-2025 exposing this arrangement and associated risks, Microsoft announced it has ceased the involvement of China-based engineers in supporting DoD systems. Microsoft Chief Communications Officer Frank Shaw confirmed the use of digital escorts and announced changes to how the company offers support to the United States government.
The federal government explains that "High Impact data" involves systems where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect. Given the nature of the data involved, the use of digital escorts posed a notable security concern.
Microsoft remains committed to providing the most secure services possible to the US government, including working with national security partners to evaluate and adjust security protocols as needed. The company operates in a way "consistent with US Government requirements and processes," according to a Microsoft spokesperson.
The Office of the Director of National Intelligence considers China and Chinese-based companies a cyber threat to the United States government. In light of this, FedRAMP introduced their High Baseline to account for the government's most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.
This decision by Microsoft is a significant step towards ensuring the security of sensitive U.S. government data. The first public discussion of the topic was ProPublica's piece, which has sparked a much-needed conversation about the importance of robust security measures in handling such data.
- Microsoft has ceased the use of China-based engineers for supporting Department of Defense (DoD) systems, following an investigation by ProPublica that exposed the associated risks.
- The federal government classifies "High Impact data" as systems where loss of confidentiality, integrity, or availability could cause a severe or catastrophic adverse effect.
- In light of China being considered a cyber threat to the United States government by the Office of the Director of National Intelligence, FedRAMP introduced their High Baseline to account for the government's most sensitive, unclassified data in cloud computing environments.
- Microsoft is committed to providing the most secure services possible to the US government, operating in a manner consistent with US Government requirements and processes.
- The use of digital escorts, U.S. citizens with security clearances, supervising China-based engineers for sensitive military systems posed a notable security concern, as revealed by the ProPublica investigation, and this decision by Microsoft is a significant step towards ensuring the security of sensitive U.S. government data.
