Microsoft calls for 'digital Geneva Convention'

Microsoft calls for 'digital Geneva Convention'

Elizabeth Weise, USATODAY 11:32 a.m. ET Feb. 14, 2017

SAN FRANCISCO – In a policy speech that puts Microsoft front-and-center in the shifting ground of both politics and nationalism, company president Brad Smith said tech companies must declare themselves neutral when nations go up against nations in cyberspace.

In the cyber realm, tech much be committed to “100% defense and zero percent offense,” Smith said at the opening keynote at the RSA computer security conference.

Smith called for a “digital Geneva Convention,” like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts.

In the 21st century such rules are needed “to commit governments to protect civilians from nation-state attacks in times of peace,” a draft of Smith’s speech released to USA TODAY said.

This digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.

While Europe and other nations are also experiencing a rise in nationalist feelings, it is no accident that Smith’s talk comes just three weeks after Donald Trump was inaugurated the 45th president of the United States. Trump’s bellicosity has caught the attention of the world and made tech companies uncomfortably aware that their realm — cyberspace — is also a likely battlefield when hostilities break out.

Smith listed a string of increasingly threatening cross-border cyber incidents, beginning with the North Korean attack on Sony Pictures Entertainment in 2014 to thefts of intellectual property by China in 2015, ending with last year’s Russian involvement in the U.S. presidential election.

“We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks,” Smith said.

Technology companies, not armies, are the first responders when cyber attacks occur, he noted. But they cannot and must not, respond in kind, or aid governments in going on the offensive, Smith said.

He called for the creation of an autonomous organization, something like the International Atomic Energy Agency that polices nuclear non-proliferation.

“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith said.

“We will not aid in attacking customers anywhere. We need to retain the world’s trust."

What this appears to mean in the near term is that tech companies should refuse to aid governments, even the government of the country they are based in, in attacking other nations. That could mean not building backdoors into programs sold in other countries and not taking part in work to create cyberweapons.

Smith’s speech is part of a general turn-around of the Seattle-area company, which a decade ago was hated by many in the tech world when it had a near-monopoly on computer operating systems.

Today, its corporate culture and ethos have changed under CEO Satya Nadella and it has fought for privacy and freedom from government intrusion for its users, if less vocally than companies like Apple and Google. Most notably it has waged a long-term legal battle to keep the U.S. government from accessing European customer data stored in Ireland, a battle Smith was instrumental in waging as Microsoft’s chief legal officer.

Microsoft has also said publicly it would not aid in building a registry of Muslims for the government, one of several companies that has made that promise.

While Microsoft has not staked out such territory as broadly and vocally as Google, with its “Don’t be evil” corporate motto, or Apple, which spent 43 days fighting FBI efforts to force it to aid in hacking an iPhone used by terrorists, with this speech Microsoft may have moved closer to that territory.

Smith’s speech lays a blueprint for an organization that hasn’t yet been created, but which may be called into being through his words. No meeting of tech companies has been called, but that would be a plausible next step. Microsoft appears to be waiting to see what the response from the rest of the tech world is before taking that step.


Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

Visualizing The Power Of The World's Supercomputers

BMW traps alleged thief by remotely locking him in car