Earlier this year, Microsoft claimed victory in the race to be the first major multinational tech company to win the rights to offer public cloud computing services in China. Considering that a) China’s cloud computing industry is underdeveloped, with few providers of advanced network services, and b) the cloud computing market is on track to be worth between $122 billion and $163 billion by 2015, this victory was far from an insignificant one for the company.
Indeed, not long after Microsoft’s executives announced the impending launch of Azure in China, seasoned Beijing-based Internet mogul (and former Microsoft and Google executive) Kai-Fu Lee publicly recommended that Amazon Web Services follow Microsoft’s lead to bring its own vaunted cloud computing services to the country. A new report, however, paints Microsoft China’s cloud computing services in a new light — not as an example of a major American tech company successfully accessing a potentially very lucrative Chinese market, but rather as a potential threat to U.S. national security.
The report, “Red Cloud Rising: Cloud Computing in China,” was commissioned by the Congressionally-funded U.S.-China Economic and Security Review Commission and written by the Center for Intelligence and Research Analysis (CIRA), which is part of Defense Group Inc., a Virginia-based defense contractor. In the report, CIRA, whose analysts are known for their strong educational credentials and Chinese language skills, isolates Microsoft’s partnership with 21Vianet — the Chinese data-centers operator with whom Microsoft is entering the market — as a potential security risk for two reasons:
1) Storage of U.S. citizens’ data in China
Microsoft currently plans to fully integrate the mainland Chinese cloud computing centers, which will be operated by 21Vianet, into its global cloud computing network. As CIRA states: “This means that any corporation using Windows Azure whose cloud-based systems contain information from U.S. citizens could easily store that data in China-located, China-operated infrastructure if they wanted. In such a case, the U.S. citizen might not necessarily be aware of the fact that the company has any dealings with China, much less that their data is being stored there.” In short, U.S. citizens’ data could end up being stored in China without their having any knowledge of it.
2) Chinese government cooptation of Microsoft’s global cloud network
Chinese laws give the government “incredibly broad powers to make compromising demands from information and communications technology companies operating within its borders.” Thus, in theory, the government could require Microsoft to turn over data from its networks or even information, such as source code, “that would allow (China’s) defense and intelligence services to completely compromise systems such as those to be operated by 21Vianet.”
Defense News, a weekly international publication focused on defense related issues, seized upon this portion of CIRA’s report and its use of the word “alarming” to describe the development of the Microsoft 21Vianet partnership — characterizing the entire partnership as an “area of concern” for U.S. officials. But are Microsoft China’s cloud computing services really a threat to U.S. national security?
Not exactly, for two reasons:
1) CIRA is writing about a hypothetical situation
Microsoft has not yet integrated its Chinese cloud computing centers into its global network, so no current threat exists. Rather, CIRA is focused on the potential problems associated with such a network if it is launched without appropriate safeguards. In other words, CIRA is speaking about the hypothetical risks associated with a hypothetical structure by which Microsoft would offer cloud computing services in China.
2) Microsoft can mitigate the risks identified by CIRA
As the report itself points out, these risks can be easily mitigated. When it comes to the storage of U.S. citizens data on Chinese-owned and operated infrastructure, CIRA even notes “it appears unlikely that Chinese cloud computing will be used by U.S. corporations in this manner.” As for the vulnerability of Microsoft’s global cloud computing network to Chinese government cooptation, CIRA writes: “[t]his risk can be mitigated by designing the network with appropriate data segregation and limits on network administrator privileges.”
While CIRA’s report may be a bit presumptive and Defense News’ portrayal of it a bit alarmist, “Red Cloud Rising” and the media coverage surrounding its early September release do highlight one very salient fact: for U.S. tech companies, the process of entering and maintaining operations in the Chinese market is both complicated and controversy-laden.
Microsoft’s experience is a case in point. While U.S. officials worry about the potential privacy and tech transfer concerns associated with Microsoft’s continued expansion into the Chinese market, Chinese officials fret that Microsoft is a Trojan Horse for American political values and intelligence services. As of yet, none of these concerns have completely impeded Microsoft’s aggressive push to unveil new products and services in China, but they do make the Redmond-based tech giant’s life significantly more difficult. Far from just having to navigate the process of operating in the complicated Chinese marketplace, Microsoft also has to deal with the politics associated with such operations. Simply put, Microsoft has to find a way to satisfy not just the Chinese consumer, but also the powers that be in both Beijing and Washington — powers whose preferences are often diametrically opposed.
Editor’s Note: contextChina is a Seattle-based media company following the growing impact of China on the Pacific Northwest across business, technology and policy. You can follow contextChina on Twitter @contextchina.