Microsoft is defending its extensive presence in Beijing despite a China-linked hack that ripped through the Big Tech company’s security last year and exposed sensitive emails of U.S. government officials.
In a pointed hearing last week of the House Homeland Security Committee, lawmakers expressed repeated concerns that Microsoft’s presence in China exposes the company’s systems to snooping by Chinese Communist Party minders looking for access to American data and systems.
Microsoft President Brad Smith told lawmakers that his company is not complying with Chinese law, which requires it to work with the government, despite the regime’s policies of military-civil “fusion.”
“I always make sure that it’s clear to the Chinese government that if the Chinese government wants to sue somebody, they need to sue me,” Mr. Smith said.
“It’s not about suing,” said Rep. Carlos Gimenez, Florida Republican. “In China, they don’t sue you, man. They arrest you.”
Mr. Gimenez said he was skeptical of Mr. Smith’s testimony.
Microsoft’s corporate website says the company has had a presence in China since 1992 and that founder Bill Gates championed the investment. Despite rising U.S.-China tensions over trade and other issues, the company’s largest research center outside the U.S. is based in China.
Committee Chairman Mark Green, Tennessee Republican, said Microsoft’s presence in China was “one of my biggest concerns.” He noted the company’s establishment of research and development centers in Beijing and other locations in China.
Mr. Smith sought to downplay the significance of Microsoft’s China business. He said his company’s China activities were “not a major source of revenue,” amounting to at most roughly 1.5% of global revenue.
He did not recall his business’ corporate structures in China but said without elaborating that Microsoft operated as a subsidiary and had “at least one joint venture for certain activities.”
Critics say Microsoft’s security staff has done a poor job of protecting customers from China’s prying eyes. China-affiliated hackers breached Microsoft Exchange Online mailboxes in May and June 2023, including email accounts of Rep. Don Bacon, Nebraska Republican, and Commerce Secretary Gina Raimondo, according to the Cyber Safety Review Board.
The federal cybersecurity investigators said in March that the breaches exposed the digital mailboxes of 500 people and 22 organizations worldwide.
Mr. Smith said his company’s work in China is necessary to protect American businesses from cybercriminals.
“The reason I think this is so important is if you’re an American automobile company, an aircraft company, a pharmaceutical company, a coffee company, you need to use the cloud when you’re in China,” Mr. Smith said. “We want their American trade secrets to be stored in an American data center in China.”
Mr. Green pressed Mr. Smith on whether Microsoft’s footprint in China could allow the ruling Communist Party to breach the company’s most sensitive systems.
“What access does the Chinese government have to that?” Mr. Green asked about Microsoft’s data center presence in China.
“None,” Mr. Smith said. “And believe me, every time there is anything remotely close to a request, I always ensure we say no.”
Some China watchers say Microsoft’s answers to Beijing are not always refusals. Geoffrey Cain, policy director for the Tech Integrity Project, said Microsoft readily hands over its computer code to China as the price of doing business in one of the world’s largest information technology markets.
“Dating back to 2003, Microsoft has repeatedly given the Chinese government access to its sensitive source code as a de facto requirement to sell Windows in China,” Mr. Cain said on X. “As a result of a 2003 agreement, a research institute at the Ministry of Public Security was granted access to Microsoft source code.”
Mr. Cain pointed to a 2009 State Department cable revealed by WikiLeaks documenting Microsoft’s agreement to give a Chinese company access to its source code in 2003. The cable said representatives of the People’s Liberation Army were sent to Microsoft in 2004 for network security training.
Mr. Smith acknowledged pressure from the Chinese government but said his company was taking a principled stand on behalf of America.
“I was in Beijing in December. I got pushed because there was unhappiness about reports that we’ve made publicly about attacks from China, about U.S. critical infrastructure and about influence operations,” Mr. Smith testified to the committee. “And I said, ‘There are lines that we don’t believe governments should cross. We’re going to be principled, and we’re going to be public.’”
China’s version of its interactions with Microsoft appears different. Rep. Clay Higgins, Louisiana Republican, asked Mr. Smith about a rumor that he reiterated Microsoft’s support for helping China make technological advancements.
Mr. Smith said the rumor was false and came from the Chinese government, but he did not disagree with the substance of the statement.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.