A top Republican lawmaker has urged President Biden’s Commerce Department to probe whether Microsoft’s business in China is a national security risk – after The Post highlighted growing fears on Capitol Hill that the Big Tech giant was getting too cozy with Beijing as it develops AI technology.
A scathing letter by Rep. Pat Fallon of Texas sent on Feb. 12, which has not been previously reported, was addressed to Commerce Secretary Gina Raimondo – one of several US officials whose emails were brazenly hacked after a China-based group breached their Microsoft Outlook accounts last year.
Fallon cited The Post’s report last December, in which US lawmakers warned Microsoft against working too closely with China. Executive Brad Smith had raised eyebrows by declaring Microsoft wanted to “actively participate in the digital transformation of China’s economy.”
“What we seek to understand is if and how Microsoft’s broad usage across the US federal government, close ties to [People’s Republic of China]’s government and compliance with intrusive PRC laws threatens US national and economic security,” Fallon said in the letter.
“No US company should be playing a role in supporting the Chinese government,” the letter added. “It is critical that any such efforts be stopped, and that broader Chinese operations be carefully scrutinized.
Microsoft has faced more calls to exit China – where it has about 10,000 workers and multiple research labs – as critics warn that the Chinese Communist Party will force companies to divulge sensitive data and trade secrets. Those fears helped drive passage of a House bill that would force Beijing-based ByteDance to sell TikTok within six months or face a US ban.
Microsoft is a notable outlier compared to Big Tech rivals such as Google and Meta, which have pulled out of the country to avoid the Chinese Communist Party’s censorship and tough scrutiny from US lawmakers.
A Microsoft spokesperson said the company has “long provided governments around the world ability to inspect limited portions of our source code to assure themselves it does not contain backdoors.”
“This is done only in controlled environments where the code cannot be recorded or extracted, and our source code is always maintained so that customer security does not depend on it staying secret,” the spokesperson said. “This access is not a response to any law in China or elsewhere and is something we provide broadly except where prohibited by sanctions.”
Microsoft has a set policy for disclosing software vulnerabilities that is not tailored to a specific country. The company has “not otherwise provided China with access to our source code or any other information about vulnerabilities,” the spokesperson added.
Representatives for the Commerce Department did not return requests for comment.
Fallon noted that Microsoft has maintained its “longstanding business” in China – and is subject to stringent local laws – even as it holds an “85% share in the US government office productivity software market.”
“In order to comply with China’s National Cybersecurity Law, Microsoft must provide the Chinese government with access to its source code,” the congressman said.
The Texas Republican pointed to the hack of Raimondo’s email account while demanding answers on what the Commerce Department has done “to reduce the reliance on Microsoft’s software and cybersecurity capabilities which have created a single point of failure that can easily be breached.”
Fallon asked Raimondo to explain what steps the Commerce Department had taken to hold Microsoft accountable for the cybersecurity failure.
The GOP lawmaker also demanded that Raimondo explain what export controls are in place for “effectively regulating Microsoft’s operations” in China to protect US interests.
Fallon asked Raimondo to submit written responses to address his concerns. The congressman told The Post he has yet to receive a response.
“With every new cyberattack on critical infrastructure, and every move to threaten its neighbors and our allies, there is no reason we should afford Communist China any further openings to weaken American national security,” Fallon said in a statement on Friday. “This extends to American companies that operate within China as well. The United States needs assurances that we can counter asymmetrical threats, particularly in the realm of artificial intelligence.”
“Last month, I raised this specific point in a letter to Secretary of Commerce Gina Raimondo, but have yet to receive a response,” the statement continued. “This comes as my colleagues and I on the House Committee on Oversight and Accountability have begun our own initiative to review potential threat vulnerabilities within the federal government to the CCP.”
“A proper response from Sec. Raimondo would make clear that the Biden Administration takes seriously an increasingly emboldened Communist China,” Fallon added.
As The Post reported, Smith’s December trip appeared to directly contradict comments that Microsoft CEO Satya Nadella made just weeks earlier during a Nov. 15 appearance on CNBC.
At the time, Nadella said Microsoft was “mostly focused on the global market ex-China” and downplayed the company’s work with the Chinese government.”
Sen. Josh Hawley (R-Mo.) said Microsoft should “know better” and that Congress “should block partnerships like this,” while Rep. Mike Gallagher (R-Wis.), chairman of the House Select Committee on China, warned Microsoft that the Chinese Communist Party “will use AI for evil techno-totalitarian purposes.”
Top Microsoft executives have reportedly debated shutting down the company’s AI research lab in Beijing due to the mounting Congressional scrutiny, the New York Times reported in January.