Powerful private players like Microsoft and Amazon have been working on building sensitive intelligence related tools for the government’s intelligence services.
Most regulatory bodies in Western countries “are quite open to feedback and comments offered by experts from [the] private sector. And this kind of research is critical as the regulators require deep insight and understanding of the space which is mainly shaped by the private sector,” according to a blog post by Ramin Behzadi, Managing Partner at 7 Gate Ventures.
Read More: DoD needs ‘more of a startup mentality
As private sector tech giants like Microsoft and Amazon continue to vie for the $10 billion military cloud contract JEDI, Microsoft announced two new Azure Government Secret regions that it has built to deliver cloud services to US Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and US government partners working within Secret enclaves.
These data center regions will have clearance for DoD Impact Level 6 (IL6) and Director of National Intelligence (DNI) Intelligence Community Directive (ICD 503) accreditation and hence will have additional controls to meet regulatory and compliance requirements.
While this gives access to the government to better strategize against threats, it also gives access to civilians to enter classified space.
The Microsoft blog says, “These new regions operated by cleared US citizens are built for IaaS, PaaS, SaaS, and Marketplace solutions, bringing the strength of commercial innovation to the classified space. These secure regions will deliver an experience that’s consistent with Azure Government, designed for ease of procurement and alignment with existing resellers and programs.”
Could this kind of introduction of ‘the strength of commercial innovation to the classified space’, one day, pose deeper problems for the government?
The Problem of Transparency
Julia White, Corporate Vice President, Microsoft Azure, in a blog post last year, talked about the hybrid cloud’s evolution from being a data center and public cloud integration to becoming computing units available in remote destinations in the world. Basically, the government can take the power of cloud in its missions around the globe. How well-defined are the borders here?
White goes on to say that AI will run across all systems of the intelligent cloud and intelligent edge. Technology that will bring the government further ability to ‘plan, gather information more efficiently, and deliver insight where it is needed most.’
However, most of us will remain unaware as to what the government will actually do with this kind of power, what kind of information will be gathered with it, and what groups will be targeted.
Microsoft employees have already made clear how this project is making them feel in an open letter that Medium published requesting the tech giant not to bid for JEDI. The letter cites comments from DoD Chief Management Officer John Gibson as saying, “We need to be very clear. This program is truly about increasing the lethality of our department.”
“We need to put JEDI in perspective. This is a secretive $10 billion project with the ambition of building “a more lethal” military force overseen by the Trump Administration,” the letter says.
Apart from Microsoft employees, IBM too protested with the US Government Accountability Office (GAO) that having a single cloud provider for 10 years was not a wise contract.
“No business in the world would build a cloud the way JEDI would and then lock in to it for a decade,” Sam Gordy, General Manager, IBM, wrote in a blog post.
IBM’s protest was rejected by GAO. Oracle too filed a protest in the US Court of Federal Claims on the same grounds.
As was pointed out by Tim Shorrock, the author of Spies for Hire: The Secret World of Intelligence Outsourcing, when Leidos Holdings, a major contractor for the Pentagon, and the National Security Agency merged to form the most powerful company in the intelligence-contracting industry, worth about $50 billion, “the US government, won’t have much alternative when a company screws up.”
Google’s withdrawal from the bid for the contact, claiming that it couldn’t be sure that JEDI would align with its AI principles, could be an indication that such an expensive project could be attempting to gain maybe too much power. It has also made Microsoft employees question their employer’s AI ethics.
“So we ask, what are Microsoft’s A.I. Principles, especially regarding the violent application of powerful A.I. technology? How will workers, who build and maintain these services in the first place, know whether our work is being used to aid profiling, surveillance, or killing?” Microsoft employees posited in their open letter.
The debate regarding the role of private players in national security is not a new one. A 2009 report called Confrontation or Collaboration? Congress and the Intelligence Community, states that one of the concerns has been that private contractors are progressively outnumbering government employees in intelligence community workspaces.
The increase in the population of contracted individuals within classified government spaces has resulted in private contract employees starting to complete tasks that were originally only governmental functions. These tasks include intelligence collection or analysis.
The report points out that many critics have highlighted the fact that contractors’ loyalties would lie towards their employer and not towards the government.
Private Companies in National Security
It is nothing new when private firms with specialized technical prowess are used to solve pain points in national security or to enhance already equipped systems. Historically, government agencies like the Central Intelligence Agency (CIA) and the Department of Defense (DoD) have worked with for-profit firms on several technical projects.
The CIA collaborated with private aeronautics firm Lockheed Aircraft Corporation to build the U-2 spy plane, which was used to conduct flights over the Soviet Union. Capture of one of these caused an international diplomatic incident in May 1960. The MQ-1 Predator Unmanned Aerial Vehicle (UAV) was also designed and built by a private firm for use by the US Air Force.
As the report says, as of 2007, the Defense Intelligence Agency’s (DIA) had a US$ 1 billion budget for allowing private firms to conduct ‘core intelligence tasks of analysis and collection’ for several years into the future. That future may be here now.
What Are the Rules for Contractors?
Another concern is the kind of rules that apply to these kind of contractors. Laws and regulations defining a contractor’s behavior in conflict zones still remain uncertain. For example, depending on who gets the JEDI contract, private employees of Amazon or Microsoft might be carrying out military level intelligence functions that set them apart from normal civilians. However, legally, they will still not be government employees.
So, then, if these employees decide to go ahead with questionable behaviour in a foreign country, it remains unclear who becomes responsible for investigating, prosecuting, and punishing them.
The report predicted heavy reliance on private firms for intelligence functions, which is now coming to fruition. If the balance between internally and externally sourced tasks and responsibilities tilts towards private players, trouble could follow.
The JEDI project raises fresh questions about the management and evaluation of outsourced intelligence functions. While companies like Microsoft and Amazon build sensitive intelligence processes for national security, are guidelines for identifying appropriate times and ways to engage these private firms for sensitive intelligence functions in place?
Disclosure: This article includes a client of an Espacio portfolio company