Microsoft President Brad Smith says tech companies should remain neutral during international conflicts and has called for a 'Digital Geneva Convention' to establish rules for cyber attacks aimed at civilians.
Smith was speaking at the RSA conference in San Francisco, one of the world’s largest cybersecurity events with 45,000 security professionals attending every year, according to RSA, an encryption and security network company.
In his speech, Smith noted the growth of cybercrime for financial gain, as well as the proliferation of state-sponsored cyber attacks. He said a ‘Digital Geneva Convention’ would “commit governments to protecting civilians from nation-state attacks in times of peace.”
“We need to make clear that there are certain principles for which we stand, that we will assist and protect customers everywhere. We will not aid in attacking customers anywhere, regardless of the government that may ask us to do so,” Smith said, according to USA Today.
Smith also released a blog post on Tuesday, envisaging how the proposed organization would function.
Smith writes that such an organization should consist of a panel of technical experts who can examine attacks, share information across nations, and establish a set of binding rules that nations could agree to adopt to protect civilians.
Smith suggests rules the group should adopt, including, a collaborative effort to defend against nation-state attacks, ending attacks from private companies on behalf of governments, making software patches available across the world, and calling on nations to cease making cyber weapons.
Smith added that the groundwork for developing international cyber security rules was already laid down by the United Nations in 2015, when they brought together experts from 20 nations to suggest multilateral rules for nation-states “aimed at promoting an open, secure, stable, accessible and peaceful ICT [Information and communications technologies] environment.”
Smith also pointed to the work the US has done in signing a bilateral agreement with China in 2015, ensuring each nation would "know what the rules are" surrounding cyber attacks.
In a meeting with Chinese leader Xi Jinping, former President Barack Obama called cyber security “a global problem,” and stressed the importance of “developing an architecture to govern behavior in cyberspace that is enforceable and clear.”
“It doesn’t mean that we’re going it prevent every cybercrime, but it does start to serve as a template whereby countries know what the rules are, they’re held accountable, and we’re able to jointly go after non-state actors in this area,” Obama said during the meeting.
In the event that governments do not agree to take action, Smith says companies need to ensure they are protecting their users.
Smith mentioned the recent immigration debate as an example, saying they have “brought to the surface an important truth.”
Recently, Microsoft and over a hundred other major tech companies filed legal briefs in support of the courts challenging President Donald Trump’s executive order that temporarily bans individuals from seven Muslim-majority countries from entering the US.
Smith argued that Microsoft’s actions are protecting citizens where the government is not.
“Just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyber attacks requires the active assistance of technology companies,” Smith wrote.