As the public grows more concerned with state-sponsored hacking, Microsoft is calling on tech companies to form a so-called “Digital Geneva Convention” by promising to protect users from nation-state attacks and vowing to never mount offensive cyber attacks. Microsoft is also pushing governments around the world to establish norms for engagement in digital warfare.
Microsoft president and chief legal officer Brad Smith announced the initiative today at the RSA Conference. “We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks,” Smith wrote in a blog post accompanying the announcement. “Conflicts between nations are no longer confined to the ground, sea and air, as cyberspace has become a potential new and global battleground.”
Smith pointed to the 2014 Sony hack, attributed to North Korea, and the 2016 election hacks, attributed to Russia, as examples of attacks that occurred without any meaningful international norms. He nodded to the 2015 agreement between the United States and China that banned the cyber-theft of corporate intellectual property, but said that international governments need to do more to establish rules of engagement online.
Smith said the U.S.-China agreement should serve as a model for the U.S. as it responds to Russian hacking, calling it an opportunity for President Trump to “sit across the table” from Russian President Vladimir Putin and address the hacks.
“Just as the United States and China overcame mutual challenges and made important progress in 2015 to ban intellectual property cyber-theft, the United States and Russia can hammer out a future agreement to ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures,” Smith said.
Smith said the technology industry needs a treaty similar to the Geneva Convention to protect civilians from harm as governments begin to fight their wars online. This process has been underway in the United Nations and the U.S. government, but it’s unclear how U.S. efforts will progress under the new presidential administration.
If government’s don’t take action, Smith said, companies need to make sure they are protecting users.
“The tech sector plays a unique role as the internet’s first responders, and we therefore should commit ourselves to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust,” Smith wrote. “Just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyberattacks requires the active assistance of technology companies.”
Featured Image: JASON REDMOND/AFP/Getty Images