In a stunning revelation that underscores the perils of unchecked corporate dominance, a ProPublica investigation has exposed Microsoft’s longstanding practice of outsourcing the maintenance of critical Pentagon computer systems to engineers in China – under the guise of minimal U.S. supervision. This arrangement has left some of America’s most sensitive defense data precariously exposed to Beijing’s cyber espionage apparatus.

As the world’s preeminent tech giant leverages its monopoly-like grip on government contracts, this episode not only highlights Microsoft’s cavalier approach to national security but also amplifies alarms about communist China’s insidious avenues into the heart of U.S. federal infrastructure.

The core of the scandal revolves around Microsoft’s “digital escorts” program, a workaround designed to comply with Defense Department mandates barring foreign nationals from handling classified data. Since securing lucrative federal cloud contracts around 2015, Microsoft has relied on China-based programmers to troubleshoot and maintain systems integral to the Pentagon’s operations. These engineers, often far more technically adept than their overseers, provide instructions via platforms like Microsoft Teams, which U.S.-based escorts – typically low-paid contractors with security clearances but scant coding expertise – then execute. Starting wages for these escorts hover around $18 per hour, and their training is woefully inadequate, leaving them ill-equipped to detect malicious code or subtle sabotage.

ProPublica’s probe, drawing on internal documents and interviews with current and former employees, paints a picture of oversight that is superficial at best. Escorts, many of whom are ex-military personnel with limited software engineering backgrounds, essentially act as intermediaries, inputting commands without the ability to scrutinize their implications. One anonymous escort confided, “We’re trusting that what they’re doing isn’t malicious, but we really can’t tell.”

Former Microsoft engineer Matthew Erickson echoed this, warning that escorts “would have no idea” if a seemingly benign script concealed harmful intent. This vulnerability is exacerbated by Microsoft’s global workforce strategy, prioritizing cost savings over security in a bid to maximize profits from its Azure cloud empire.

The national security implications are dire, particularly given China’s designation by the Office of the Director of National Intelligence as the “most active and persistent cyber threat” to U.S. networks. Beijing’s National Intelligence Law mandates that companies and citizens assist in intelligence gathering, granting authorities unfettered access to source code, security keys, and data. Experts like Jeremy Daum of Yale Law School have noted that resisting such demands would be “difficult for any Chinese citizen or company.” For Microsoft, operating in China means navigating this legal minefield, potentially turning its engineers into unwitting – or coerced – conduits for state-sponsored hacking.

This isn’t theoretical. In July 2023, China-backed actors exploited Microsoft vulnerabilities in a massive breach, infiltrating email accounts at two dozen U.S. agencies, including the State and Commerce departments. The hackers, dubbed Storm-0558, stole 60,000 emails, exposing sensitive diplomatic communications. ProPublica links this to broader risks in Microsoft’s setup, where Chinese engineers gain intimate knowledge of federal cloud architectures – knowledge that could inform future attacks. Harry Coker, a former CIA and NSA executive, described the arrangement as an “avenue for extremely valuable access,” adding that intelligence operatives “would love to have had access like that.”

Microsoft’s response has been predictably defensive, insisting its practices align with government requirements and emphasizing an internal “Lockbox” review process. The Pentagon’s Defense Information Systems Agency claims no direct foreign access occurs, but former officials like David Mihelcic, ex-DISA chief technology officer, deride the system as relying on “one person you really don’t trust because they’re probably in the Chinese intelligence service, and the other person is not really capable.”

This fiasco is emblematic of Microsoft’s broader pattern: exploiting its immense market power to secure government windfalls while skimping on safeguards. With Azure commanding a dominant share of federal cloud services, Microsoft has engaged in anti-competitive tactics, such as bundling its flagship Office suite with lesser products, stifling rivals, and inflating costs for taxpayers. These practices are under scrutiny in an FTC antitrust probe initiated under the Biden administration and continued by the Trump team, examining cloud licensing and AI integrations.

Alarmingly, the Trump administration’s new AI Action Plan calls for reviewing prior investigations to avoid “unduly burden[ing] AI innovation.” This could signal a softening stance toward Microsoft, now a titan in AI through investments such as OpenAI. Such leniency would be misguided. Microsoft’s monopoly enables these security lapses; only robust competition can force accountability.

As communist China ramps up its cyber offensives, Microsoft’s conduit into U.S. defenses represents a glaring chink in America’s armor. FTC Chair Andrew Ferguson must intensify the inquiry, compelling Microsoft to prioritize security over shortcuts. Failure to do so risks not just data breaches but the erosion of U.S. technological supremacy.

The stakes – our national sovereignty – could not be higher.

Frank Salvato is the vice president of news & information operations for Global Emergent Media Communications. He is the host of the Underground USA podcast. Salvato’s writing has been recognized by the House Foreign Relations Committee and the Japan Center for Conflict Prevention, and has been published by the American Enterprise Institute, the Washington Times, Accuracy in Media, and American Greatness. He can be heard twice weekly on America’s Third Watch radio program syndicated on the Salem Broadcasting Network.