Microsoft president and chief legal officer Brad Smith, at the security-focused RSA Conference in San Francisco this week, made a call for tech companies and governments to agree to a “Digital Geneva Convention.” This would ensure tech companies never launch offensive cyberattacks, protect users against nation-state attacks, and only ever act defensively.
“The past year has witnessed not just the growth of cybercrime, but a proliferation in cyberattacks that is both new and disconcerting,” Smith wrote in a blog post that published alongside his talk. “As engineers and other employees across the tech sector meet in San Francisco, we need to ask ourselves what our response should be.”
These kinds of attacks (which include the 2014 Sony hack, thought to have come out of North Korea, and the 2016 election hacks, attributed to Russia) are a growing problem. Almost three-quarters of the world’s businesses expect to be hacked each year, and financial losses from cyberattacks are expected to hit $3 trillion by 2020.
Typically, this is the sort of thing you might expect a government to propose—and in fact, former President Obama discussed how he and other world leaders were in talks with Russia to establish some standards of cyber warfare, and the United Nations has also been working on this issue. But it’s become unclear how those efforts will continue under a Trump administration. Thus, Smith said it’s up to tech companies to take up this mantle.
“We need to make clear that there are certain principles for which we stand,” Smith said. “We will assist and protect customers everywhere—that is what we do. We will not aid in attacking customers anywhere, regardless of what government asks us to do so.”
Microsoft outlined its expectations in a six-piece proposal, outlined below.
While Microsoft says that it’s time for governments to do more, Smith said it’s also the job of tech companies to help make the internet a safer place, becoming a “Digital Switzerland” for the world.