Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Signatories to the accord will not, among other things, “help governments launch cyberattacks against innocent citizens and enterprises.”
- The accord comes amidst a wave of new attempts by governments to compel tech companies to decrypt communications.
On Tuesday, a group of 34 technology companies signed the “Cybersecurity Tech Accord,” a document that declares that the signatories will protect all of their customers from threats and will not “help governments launch cyberattacks against innocent citizens and enterprises from anywhere.”
The signatories include Microsoft and Facebook, Dell, VMware, HP and HP Enterprise, Cisco, Avast, CloudFlare, F-Secure, Symantec, Trend Micro, BT, Juniper Networks, and Telefonica, among others. Notably missing from the list of signatories is Google, which is currently facing an internal revolt over their collaboration with the Department of Defense on the use of AI to analyze drone footage. Likewise, Apple and Amazon are also conspicuously missing from the list.
The accord, available here, has four key components:
- We will protect all of our users and customers everywhere.
- We will oppose cyberattacks on innocent citizens and enterprises from anywhere.
- We will help empower users, customers and developers to strengthen cybersecurity protection
- We will partner with each other and with like-minded groups to enhance cybersecurity.
According to a report in the New York Times, the accord was spearheaded by Microsoft president and chief legal officer Brad Smith. For years, Smith has been calling for a “digital Geneva Convention” to mirror the rules of engagement in technology, in the same way that the Geneva Convention sets standards for conduct in war.
In a blog post about the accord, Smith stated that “The success of this alliance is not just about signing a pledge, it’s about execution. That’s why today is just an initial step and tomorrow we start the important work of growing our alliance and take effective action together.”
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
The issue, for Smith, is one of trust–at a roundtable discussion in 2013 about the impact of US government surveillance on technology firms, Smith said “Just as people won’t put their money in a bank they won’t trust, people won’t use an Internet they won’t trust.”
That said, Facebook’s involvement in the accord rings hollow. The social media giant is presently embroiled in a scandal involving Cambridge Analytica and related organizations harvesting user data en masse and using it for psychologically tailored political advertising. To that end, a former employee indicated in testimony to a UK Parliamentary committee that the data collection”far exceeds the previously stated figure of 87 million users.” Facebook’s view of civic responsibility appears nearsighted, as the company has been found to have a “two-tiered” privacy system that favors Facebook executives, leading ZDNet’s Zack Whittaker to declare “On Facebook, Zuckerberg gets privacy and you get nothing.”
The timing of the accord is important, as it comes just as new life has been breathed into the odyssey of government agencies around the world demanding backdoors into encryption. A bill in Australia to compel tech companies to introduce a “back door” for encrypted communications is in “advanced stages,” according to The Guardian, though it has been delayed since last November. In February, Department of Home Affairs secretary Michael Pezzullo stated that the “back door” characterization is “cartoon-like,” and incorrectly asserted the plan would not “undermine legitimate encryption.”
Likewise, the Russian government has taken to blocking IP addresses belonging to cloud service providers in an attempt to ban the messaging service Telegram following unrequited demands that the service hand over their encryption keys.