Skip to main content

Tech Companies Pledge Not To Aid Governments In Cyberattacks

(Image credit: Microsoft)

A diverse group of 34 technology companies pledged to protect their users against cyberattacks, wherever they may be. The pledge also means that the tech companies will not provide any assistance to governments that may want to launch cyberattacks against users or companies from other countries.

Progressing Towards A “Digital Geneva Convention”

Last year, Microsoft called for a “Digital Geneva Convention,” an effort to update international law to protect people “in times of peace” against cyberattacks. Adding significant updates to the Geneva Convention laws from scratch is not going to be easy, especially when some of the most powerful nation states have been accusing each other of cyberattacks for the past few years.

Therefore, Microsoft and 33 other tech companies took matters into their owns hands and signed the “Cybersecurity Tech Accord,” which has similar goals to the Digital Geneva Convention.

Principles Of The Cybersecurity Tech Accord

The 34 companies that have already signed the accord have committed to four main principles.

Stronger Defense

Regardless of the authors or the motivation behind the cyberattacks, the tech companies will protect their users to the best of their abilities. This is an important principle, because as we saw in the past few years, multiple governments tried to create backdoors in products and services to make their spying efforts easier.

Therefore, it’s good to see that at least these technology companies pledge not to compromise their users’ security just so that one government or another can more easily spy on them. However, this accord likely doesn’t refer to things such as National Security Letters or court orders, but attempts to illegally (or unconstitutionally) hack users’ devices.

No Offense

The companies pledge not to assist governments in cyberattacks against users and enterprise companies. They also pledged to use any anti-tampering or anti-exploitation technology available to them to stop cyberattacks.

“Hack back” legislation seems to have returned to Congress late last year, in an effort to get companies to hack back other companies or hacking groups, after it was heavily criticized and eventually killed a few years ago. The tech companies seem to disagree with this sort of “revenge” legislation.

Capacity Building

The Tech Accord signatories committed to empowering developers, users, and businesses that use their technology to improve their capacity for protecting themselves. This may include new security practices and features that the companies can deploy in their own products and services.

Collective Action

The accord is also a public shared commitment from the companies to collaborate on cybersecurity efforts. The Tech Accord will remain open to other tech companies that have high security standards and can pledge to abide by the same principles.

Microsoft President Brad Smith said:

The devastating attacks from the past year demonstrate that cybersecurity is not just about what any single company can do but also about what we can all do together. This tech sector accord will help us take a principled path towards more effective steps to work together and defend customers around the world.

  • SkyBill40
    Apple is noticeably absent. Interesting.
    Reply
  • th3p00r
    How are you not helping your country?
    Reply
  • Onus
    If necessary, particularly in certain countries, I am sure Government has ways to compel cooperation.
    Reply
  • rinosaur
    Apple missing is surprising, #Israeli Intel missing isn't
    Reply
  • Adm1ra1P
    20893671 said:
    Apple is noticeably absent. Interesting.

    As are Google and Amazon whom control an obscene amount of the world's data on their servers on an equally obscene amount of servers.
    Reply
  • kilgor98
    I take those 3 absences as meaning they are already working with the government.
    Reply
  • SkyBill40
    20894197 said:
    20893671 said:
    Apple is noticeably absent. Interesting.

    As are Google and Amazon whom control an obscene amount of the world's data on their servers on an equally obscene amount of servers.

    Yes, they too are noticeably absent. That's rather telling... and somewhat bothersome.
    Reply
  • vern72
    IBM is missing too.
    Reply
  • bit_user
    Microsoft and 33 other tech companies took matters into their owns hands and signed the “Cybersecurity Tech Accord,” which has similar goals to the Digital Geneva Convention.
    This is hardly comparable to the Geneva Convention. For one thing, where are there any teeth for a signatory to this accord that either makes a discreet exception or decides to withdraw?

    The second point is that this has the notable downside of singling out which companies governments should try to infiltrate, compromise, or target their hacking efforts. So, while terrorists, dissidents, and criminals know which IT solutions to prefer, this hardly makes it a slam dunk.

    Finally, it should be noted that not all signatories are making the same level of commitment. For instance, Cloud Flare has shown a willingness to drop certain controversial customers (e.g. white supremacists). So, it means something different when they sign this, as compared with a company who provides products without the ability to control who buys it.
    Reply
  • Dark Lord of Tech
    Tech companies will do what they are told to do.
    Reply