Microsoft president Brad Smith is alarmed at the rising tide of nationalism and said tech companies must declare themselves neutral when nations go up against nations in cyberspace.
Talking to the RSA computer security conference, Smith said cyberspace is the new battlefield and Tech must be committed to “100% defence and zero percent offense.”
Smith called for a “digital Geneva Convention,” like the one created in the aftermath of World War II which set ground rules for how conduct during wartime, defining basic rights for civilians caught up armed conflicts.
The speech was echoed in a blog post on Microsoft’s site that went up yesterday.
The world’s governments need to pledge that “they will not engage in cyberattacks that target civilian infrastructure, whether it’s the electric grid or the political system,” Smith said.
The digital Geneva Convention would establish protocols, norms and international processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers.
Smith listed a string of increasingly threatening cross-border cyber incidents, beginning with the North Korean attack on Sony Pictures Entertainment in 2014 to thefts of intellectual property by China in 2015, ending with last year’s Russian involvement in the U.S. presidential election.
“We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks,” Smith said.
Technology companies, not armies, are the first responders when cyber-attacks occur, he noted. But they cannot and must not, respond in kind, or aid governments in going on the offensive, Smith said.
Smith wants an autonomous organisation, something like the International Atomic Energy Agency that polices nuclear non-proliferation.
“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith said.
“We will not aid in attacking customers anywhere. We need to retain the world’s trust.”
This would mean that tech companies should refuse to aid governments, even the government of the country they are based in, in attacking other nations. That could mean not building backdoors into programs sold in other countries and not taking part in work to create cyberweapons.