A leading-edge research firm focused on digital transformation.
Subscriber Account active since
Amazon, Google, and Microsoft have repeatedly used a common tactic to sidestep public scrutiny and work with US immigration agencies, despite employee backlash and some company policies against doing such work.
This tactic, in which the companies use third parties or act as subcontractors to sell their technology, has helped these tech giants quietly secure dozens of cloud contracts with Immigration and Customs Enforcement and Customs and Border Protection, Insider has found.
In some cases, Amazon, Google, and Microsoft provide clerical tools, like the Google Workspace suite or Microsoft Office, to ICE and CBP. In others, including more than a dozen active contracts, the companies supply cloud services or professional tools for surveillance or immigration enforcement. One recent ICE deal, for a data-mining tool called RAVEn, uses Amazon Web Services.
Employees are often not aware of the practice, though industry insiders say that using third parties is common, especially for big tech companies. Insider found these contracts because their descriptions named Google, Amazon, Microsoft, or their services. It’s unclear how many other contracts exist that are tied to these companies but do not mention their involvement.
Together these details shed new light on not only the long reach of cloud giants but the many ways these companies continue to contribute to the machinery of the US immigration system, intentionally or unintentionally. They also raise questions about the tech giants’ willingness to audit their own contracts, especially in light of employee protests or even internal policies against doing such work.
Google, in particular, said after several employee protests that it would not work on immigration-enforcement contracts with ICE or CBP. In October 2020, Google Cloud’s CEO, Thomas Kurian, told staff that Google technology would not be used for immigration enforcement at the southern border, CNBC reported at the time.
Google was involved in at least four contracts with CBP, all through third-party contractors, when Kurian made that statement, according to records that Insider reviewed. Google is involved in at least four active contracts with CBP, Amazon is involved in at least eight active contracts with ICE and CBP, and Microsoft is involved in at least 16 active contracts with ICE and CBP. All these contracts except for two of Microsoft’s involved technologies sold through intermediaries.
Just because many of these contracts are for professional tools like Google Workspace or Office 365 doesn’t mean they should be excused, Irene Knapp, former senior software engineer at Google, said.
Knapp, who’s now the secretary of the board of Tech Inquiry, a nonprofit that researches tech companies’ ties to the government, told Insider that contracts for enterprise licenses deserved the same scrutiny as data analytics or other surveillance tools. These contracts still enable the agencies’ immigration enforcement and surveillance, they argued.
“We don’t want to live under this system, and so we should not be building it or having any part of it,” Knapp said.
Google declined to comment on the record for this article. Ted Ladd, a company spokesperson, said in an email that employees were “contractually obligated not to talk about customers (or former customers or prospects)” without those customers’ permission.
Representatives from Amazon and Microsoft did not respond to repeated requests for comment.
When Amazon, Google, and Microsoft sell their products to the government, it’s usually through “reseller” programs, where another company sells the technology to the government on their behalf, according to three government contractors who have resold services from these companies for years. This practice is partly used to sidestep public scrutiny but is also used to lower costs, these contractors said. They spoke on the condition of anonymity because they still work with these companies.
Even though Amazon, Google, and Microsoft may be one or two steps removed from CBP and ICE, the companies would generally know that their technology is helping those agencies, one of the contractors said. That’s because the companies get purchase orders from intermediaries and need to sign off on their technology being used, the person explained.
There are some cases where the companies may not be aware their product is being used for immigration enforcement, such as if the use of their product is unrelated to the main work of the contract — like Microsoft providing Microsoft Office to a company doing work in facial recognition — these people said.
To complicate matters, Amazon and Microsoft are key providers of ICE’s cloud infrastructure, leading ICE to require in March 2020 that all future cloud vendors have existing, robust reseller relationships with the two tech giants.
Amazon and Microsoft in particular not only get revenue from third-party resellers who sell directly to the government, but profit through partnerships with thousands of software companies expected to be compatible with ICE’s and CBP’s existing infrastructure. The federal government also often asks these companies to work with a handful of authorized cloud providers, of which Google Cloud, AWS, Azure, Oracle Cloud, and IBM Cloud dominate.
From 2015 to 2021, Amazon used third parties to sell its cloud services at least 16 times to ICE and CBP. Google used third parties to sell various cloud and professional tools at least 28 times to these agencies. Microsoft used third parties to sell its cloud services and software more than 200 times to immigration agencies from 2002 to 2021, in addition to selling to ICE and CBP directly more than 100 times.
Since 2016, ICE has awarded the government IT provider Four Points at least eight contracts for cloud storage, two of which mention AWS. One 2019 contract involved the transfer of large amounts of identifiable information used for immigration enforcement into AWS.
Amazon has also sold AWS to ICE through contracts with Panamerica Computers, Systems Engineering Solutions, FS Partners, and DLT Solutions. The largest contract that involved AWS services and licenses went to Four Points in 2017 and was worth just under $50 million.
Many of the third-party intermediaries selling AWS are Amazon partners, though some work through another third party, Carahsoft, to sell AWS to government agencies. In these cases, Amazon would be aware that its services are being sold to the US government, the government contractors said.
Four Points has also sold Google software to ICE as recently as September 2020, though the search giant has frequently used the contractor Onix Networking to sell its tech. It sold Google Maps APIs to ICE three times between 2006 and 2010 through Onix, according to public records. One Department of Homeland Security contract awarded to Onix in 2009 described using Google Maps API to support a “covert satellite tracking system.”
Google has also sold Google Cloud platform licenses, Geocoding APIs, licenses for Chrome Enterprise, and Google Workspace (formerly Google Apps or G-Suite) using intermediaries including Onix, FS Partners, Govplace, and ThunderCat Technology.
Documents obtained by Insider show that AWS is already used in several ICE databases and programs that are otherwise not mentioned in public procurement records. For example, AWS is used to support ICE’s Student and Exchange Visitor Program Portal (which stores information on student visitors to the US), LeadTrac (a database used to track down people who have overstayed their visas), the Investigative Case Management system (ICE’s main law-enforcement database), and TECS (a tool said to help officers “determine the admissibility” of visitors to the US). One 2018 document said that all the cloud storage for FALCON, Palantir’s mobile application that ICE has used to organize workplace raids, was done through AWS. Cloud storage for SmartyStreets, an address-validation tool for student visitors, is also done through AWS.
Microsoft has used third parties to sell its technology to US immigration agencies more than any other tech giant, often through the intermediary Dell. Since 2004, more than 250 contracts awarded by ICE have mentioned the use of Microsoft services, including its Azure cloud service. From 2016 to September 2021, Dell sold Azure to ICE 18 times. One contract, awarded to Dell this year, sold $33 million worth of “annual maintenance” and “support” for ICE’s Microsoft licenses. No other third-party vendor has contracts that mention Azure.
Many contracts that never mention Microsoft may involve the use of Azure. For instance, on September 21, ICE awarded a $240,000 contract to the company Quiet Professionals for “special studies,” geotechnical analysis, and “geospatial support.” The day the contract was awarded, Quiet Professionals posted a job listing for a “geospatial analyst” that would work directly with ICE to “create and maintain a variety of analytical and mission-oriented GIS/visualization data and maps.” Quiet Professionals is a Microsoft partner and runs on Azure, according to its website.
In addition to Dell, Microsoft has sold its enterprise licenses and Dynamics 365 through companies including KCI-Acuity, InfoReliance, Blue Tech, and MA Federal.
Perhaps most notable in Microsoft’s use of third parties is its role in CBP’s Eagle II, a broad set of IT contracts worth billions of dollars. Companies like Technical and Management Resources, Ace Info Solutions, Ardent Management Consulting, and Pyramid Systems mentioned using Microsoft tools and systems as a part of their work on Eagle II, collectively worth millions.
That these companies use third parties is especially relevant in light of contracts worth $300 million that ICE is scheduled to award for a new system known as RAVEn, or Repository for Analytics in a Virtualized Environment. RAVEn is ICE’s data-mining and analytics tool that it has used to process hundreds of thousands of documents and look for evidence of people who aren’t authorized to work in the US, Insider previously reported.
Amazon Web Services and Red Hat, owned by IBM, are already used in RAVEn, according to a 2020 contract and a presentation, shown at an April informational “industry day” for the project, that Insider obtained. Neither IBM nor Amazon is listed in any of the procurement contracts for the project, instead becoming involved through third-party vendors, Insider found.
Booz Allen Hamilton, which was awarded one of the active RAVEn contracts, is a certified reseller for AWS and is authorized to use and sell the cloud platform as an intermediary.
The 2020 contract also showed that Red Hat became involved in the project through C&C Computers, which received more than $100,000 from ICE for the use of Red Hat’s OpenShift developer tools.
Some employees were unaware their companies were entering into projects like this through intermediaries. An IBM employee called their company’s work on RAVEn “gross.”
“I don’t know that what I work on would directly impact any possible venture into that stuff, but it doesn’t feel good when a company you work for actively participates in it regardless, especially when they just last year opted out of facial-recognition sales to the police,” the employee told Insider, referring to a pledge the company made during 2020’s Black Lives Matter protests to end work on facial-recognition tools.
“The sentiments from last year ring a little hollow now if they’re just going back into it,” they said.
ICE is expected to award three new contracts worth up to $300 million for work on RAVEn later this year. People who attended the April industry-day event told Insider that companies like Amazon, Google, and Microsoft would probably use intermediaries rather than bid on the contracts directly.
Google “typically will not pursue as a prime on non-cloud opportunities because of the potential conflicts of interest with ALL the other companies they work with,” a person who attended the industry day told Insider. “Google will only sub and they will be non-exclusive.”
“AWS, MSFT and Google typically sell through their reseller partners,” another person who attended the industry day told Insider.
Work on RAVEn began in 2018, but has been used in a limited capacity. Its latest version is scheduled to “go live,” a new document obtained by Insider said, “two months after” the current contract with Booz Allen Hamilton expires — meaning this November.
After Insider’s initial RAVEn investigation, employee groups and lawmakers expressed concern. The Alphabet Workers Union, which represents Google employees, called on Google not to bid on the project.
Do you work at Microsoft, AWS, Google Cloud, or another company mentioned in this piece? Got a tip? Contact this reporter at [email protected] or [email protected], or via secure messaging app Signal at +1 (785) 813-1084. Reach out using a non-work device.
A leading-edge research firm focused on digital transformation.