A diverse group of 34 technology companies pledged to protect their users against cyberattacks, wherever they may be. The pledge also means that the tech companies will not provide any assistance to governments that may want to launch cyberattacks against users or companies from other countries.
Progressing Towards A “Digital Geneva Convention”
Last year, Microsoft called for a “Digital Geneva Convention,” (opens in new tab) an effort to update international law to protect people “in times of peace” against cyberattacks. Adding significant updates to the Geneva Convention laws from scratch is not going to be easy, especially when some of the most powerful nation states have been accusing each other of cyberattacks for the past few years.
Therefore, Microsoft and 33 other tech companies took matters into their owns hands and signed the “Cybersecurity Tech Accord,” which has similar goals to the Digital Geneva Convention.
Principles Of The Cybersecurity Tech Accord
The 34 companies that have already signed the accord have committed to four main principles.
Regardless of the authors or the motivation behind the cyberattacks, the tech companies will protect their users to the best of their abilities. This is an important principle, because as we saw in the past few years, multiple governments tried to create backdoors in products and services to make their spying efforts easier.
Therefore, it’s good to see that at least these technology companies pledge not to compromise their users’ security just so that one government or another can more easily spy on them. However, this accord likely doesn’t refer to things such as National Security Letters or court orders, but attempts to illegally (or unconstitutionally) hack users’ devices.
The companies pledge not to assist governments in cyberattacks against users and enterprise companies. They also pledged to use any anti-tampering or anti-exploitation technology available to them to stop cyberattacks.
“Hack back” legislation seems to have returned to Congress late last year, in an effort to get companies to hack back other companies or hacking groups, after it was heavily criticized and eventually killed a few years ago. The tech companies seem to disagree with this sort of “revenge” legislation.
The Tech Accord signatories committed to empowering developers, users, and businesses that use their technology to improve their capacity for protecting themselves. This may include new security practices and features that the companies can deploy in their own products and services.
The accord is also a public shared commitment from the companies to collaborate on cybersecurity efforts. The Tech Accord will remain open to other tech companies that have high security standards and can pledge to abide by the same principles.
Microsoft President Brad Smith said:
The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together. This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world.