Microsoft’s Presence in China Poses National Security Risks

Microsoft recently invited up to 800 of its employees living and working in China to relocate to other countries. This move highlights the growing tensions in the tech race between China and the United States. The U.S. is particularly concerned about China’s ability to develop advanced generative artificial intelligence (AI) by allegedly stealing from Microsoft engineers through corporate espionage and intimidation.

For over two decades, Microsoft has maintained a significant presence in China, employing nearly 5,000 people, 80% of whom are software engineers. These employees create source code for products widely used by the U.S. government, including Office, Exchange, Teams, Windows, and Azure. Microsoft also operates six data centers in China.

While this large footprint has been beneficial for business, it poses serious national security risks for the U.S. The Wall Street Journal noted that Microsoft has a close relationship with China, with substantial research-and-development teams focused on cloud computing and AI. This relationship has led to concerns about China’s access to sensitive information.

China’s 2016 National Cybersecurity Law mandates that technology companies operating there must store Chinese user data on mainland servers and provide the government with access to source code, encryption keys, and backdoor access. Microsoft has complied with these requirements, providing source code through its China-based Microsoft Transparency Centers and allowing China to review its Windows operating system source code as far back as 2003. This compliance raises significant security concerns as it can lead to “legitimized” theft of sensitive information.

In April, the Department of Homeland Security’s Cyber Safety Review Board criticized Microsoft for its “shoddy cybersecurity practices, lax corporate culture, and deliberate lack of transparency.” The criticism came after Chinese state actors hacked the email accounts of U.S. government officials, including Commerce Secretary Gina Raimondo. Microsoft’s practice of informing Chinese state regulators of vulnerabilities before notifying customers or U.S. authorities has facilitated cyberattacks on U.S. government systems.

An interagency advisory from the Cybersecurity and Infrastructure Agency, National Security Agency, and FBI highlighted that 20% of the top Common Vulnerabilities and Exposures (CVEs) exploited by China since 2020 were found in Microsoft systems. The security products Microsoft sells in China, such as Sentinel, Defender, Synapse, and Azure Firewall, are also used to protect U.S. homeland systems. These products are subject to China’s National Cybersecurity Law, making them vulnerable to cyberattacks.

Beyond national security, Microsoft’s relationship with China has also drawn scrutiny for human rights abuses. The U.S. Department of Commerce cited Microsoft for supporting mass arbitrary detention, forced labor, and biometric data collection targeting Uighurs and other minority groups. The U.S. Senate accused Microsoft of being “complicit” in these abuses after its staff collaborated with a Chinese university on AI research. Additionally, Microsoft’s compliance with Chinese censorship laws restricts Chinese citizens’ access to information on government critics and protests.

Microsoft’s recent offer to relocate employees out of China is seen as a gesture to concerned American policymakers. However, the company must take more substantial actions to demonstrate a commitment to protecting national security and human rights. It must consider reducing its operations in China to mitigate the risks posed by the Chinese government’s access to sensitive information and its potential use for cyberattacks and human rights violations.

Please leave your comment below!