Microsoft: Companies Must Do More to Save Us from Cyberwar

SAN FRANCISCO — Microsoft President and Chief Legal Officer Brad Smith has a radical proposal: he wants the technology industry to resist aiding national governments in cyberattacks, instead creating a digital Geneva Convention to protect civilians from harm.

Credit: Marta Design/Shutterstock

(Image credit: Marta Design/Shutterstock)

"For more than two-thirds of a century, nations have pledged to protect civilians in times of war. But cyberattacks are all about attacks on private citizens," Smith said at the RSA Conference here yesterday (Feb. 14). "Now is time for us to call on governments to protect civilians on the internet in times of peace."

He also urged the technology industry to form an equivalent to the International Atomic Energy Industry "to police behavior in cyberspace, to identify attackers when attacks happen."

Otherwise, Smith implied, civilian devices, data and personal information will become collateral damage as national governments steal, sabotage and undermine each other on the internet.

MORE: Best Antivirus Software and Apps

"The Sony Pictures attack was the turning point — it was an attack on a private company for its freedom of expression," Smith said.

The North Korean attack on Sony Pictures Entertainment in November 2014 — apparently motivated by the Seth Rogen/James Franco movie The Interview that satirized North Korean dictator Kim Jong Un — cost Sony Pictures millions of dollars in damages. It also resulted in the release of personal information about tens of thousands of Sony employees, former employees and contractors, and cost Sony Pictures' co-president Amy Pascal her job.

"Cyberspace is the new battlefield," Smith said. "And cyberspace is us. It's owned and operated by the private sector. It's private property, whether it's submarine cables or smartphones. We are not only the plain of battle, but we are the first responders."

And yet, Smith insisted, the power and agility of the technology industry gives it an opportunity to limit cyberattacks and cyberwar conducted by nation-states, especially in the way such attacks affect civilians.

Furthermore, he said, the tech industry should declare neutrality: It should stay out of digital conflicts, even if countries where tech companies are based are attacking each other.

"In 1949, the world sat down and created the Fourth Geneva Convention, spurred on by the International Committee of the Red Cross," Smith said. "Even in an age of rising nationalism, we as the global tech sector need to become a trusted and neutral digital Switzerland."

"We need to make clear that there are certain principles for which we stand," Smith said. "We need to be clear that we will not aid in attacking customers anywhere, no matter the government that may ask us to do so."

Such initiatives may seem impossible in the wake of the Russian attacks on the 2016 U.S. presidential election. But Smith pointed to the 2015 agreement between then-President Barack Obama and Chinese President Xi Jinping to halt digital industrial espionage between the two countries as an example of what digital diplomacy can achieve.

"If Nixon can go to China," Smith said, "the new president can sit down with Russia to reach an agreement about cyberspace."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.