A misinterpretation of a U.S. Defense Department support contract led to concerns that Microsoft would be providing them with direct source code access. The Redmond giant signed a $927 million deal to give DoD employees a direct support channel.
Part of the contract read, “Microsoft premier support services such as tools and knowledge bases, problem resolution assistance from product developers, and access to Microsoft source code when applicable to support Department of Defense’s mission.”
“The Department of Defense does not, and will not, have access to Microsoft’s proprietary source codes. The METSS-II contract is a sole-source follow-on contract to continue and leverage Microsoft support services,” said the spokesperson.
Blue Badge Employees
In a separate statement, the DoD revealed only blue-badge Microsoft employees would be working with source code.
“The contract is for Microsoft support services performed by Microsoft ‘blue Badge’ employees. Those Microsoft employees would have access to the source codes, not DOD members,” said spokesperson Alana R. Johnson.“It appears that the contract language was misinterpreted.”
This news is comforting. Full government access is a scary prospect. It could allow for installation of backdoors or other compromises. “Blue Badge” refers to internal Microsoft employees, so outsourced contractors won’t have access either.
The DoD will use its source code consulting to help with an internal cloud email system. It will also let officials understand how the services work so they can ask for modifications to internal systems.
This isn’t the first time government agencies have been able to view Microsoft source code. The Redmond giant has transparency centers in the U.S, Belgium, Brazil, Singapore and China, where organizations can test and analyze software.
In the case of Brazil, this measure is intended to combat government snooping. The country expressed concerns over NSA spying on President Dilma Rousseff via Microsoft services. Access to source code allows them to check for such backdoors and shows that software is secure.
You can read the DoD contract for yourself on its website.