Microsoft Moves Former DOJ Officials Into Key Roles
In 2020, the Department of Justice (DOJ) rolled out GCC High, a cloud service from Microsoft, after reviews by both external auditors and an internal audit team. The product quickly landed a prime spot in the federal government’s cloud marketplace, boosting Microsoft’s visibility and earning free publicity.
Key Players
- Rogers – Former DOJ executive, later joined Microsoft’s enterprise cloud team. While at the DOJ, she championed GCC High and defended it before auditors.
- Monaco – Former DOJ official, now Microsoft’s global affairs president. She announced plans to leverage the False Claims Act against contractors falling short on cybersecurity standards, though no direct link to GCC High’s review was found.
Concerns Raised
Security Transparency
Auditors flagged that Microsoft had withheld detailed security practices, leaving gaps in the assessment.Conflict of Interest
Initial assessment firms were paid by Microsoft, raising questions about impartiality.
Network Vulnerabilities
The cloud network was deemed potentially exposed to insecure connections, increasing breach risk.Cyber Attacks
In 2023, evidence emerged that Chinese hackers accessed the system and exfiltrated sensitive emails from high‑ranking officials.Potential Costs
Auditors threatened to halt approval unless Microsoft restarted the process—a move that could have cost billions.
Resolution
- A 2024 review ultimately cleared GCC High for use, citing that denial would disrupt several agencies already dependent on the service.
- Microsoft maintained that Rogers’ new role had no influence over the approval and that all legal and ethical standards were upheld.
- Monaco’s involvement was deemed indirect; no evidence linked her to the review.
Criticisms
- The DOJ’s push for GCC High, coupled with Microsoft’s ties to China via research labs and partnerships, should have warranted stricter scrutiny.
- DOJ cybersecurity rules mandate U.S. personnel for sensitive IT work—an apparent deviation in the GCC High case.
