Microsoft today proposed a new initiative to protect citizens from unwarranted cyberattacks by governments, taking its cues from history.
Speaking at the RSA Conference in San Francisco on Tuesday, Microsoft President Brad Smith outlined a proposed Digital “Geneva Convention” to set standards for protecting civilians from cyberattacks by nation-states.
“Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to implement the norms that have been developed to protect civilians on the internet in times of peace,” Smith wrote in a blog post Tuesday.
In this hypothetical convention, Smith thinks tech companies should play the role of Switzerland. The tech world is almost always the first to witness a cyberattack, and they often end up as the “first responders.”
In the past, companies have developed their own defensive standards, but Smith is now calling on them to come together. “As the Fourth Geneva Convention relies on the Red Cross to help protect civilians in wartime, protection against nation-state cyberattacks requires the active assistance of the tech sector,” Smith wrote.
Microsoft has already partnered with other companies on cybersecurity. Working with cloud companies such as Amazon and Google, it developed systems to combat spam and phishing sites. Now, it’s working on implementing reporting standards for abuse.
In Smith’s proposed Digital Geneva Convention, tech experts from governments, the private sector and civil society would examine cybercrime to determine if it was conducted by a nation-state. The potential response to violations is unclear. The Geneva Convention, for example, has the UN Security Council to conduct international criminal tribunals. Smith’s Convention would serve as a watchdog, but it’s unclear how it would enforce them.
“Even in a world of growing nationalism, when it comes to cybersecurity the global tech sector needs to operate as a neutral Digital Switzerland,” Smith wrote. “We will assist and protect customers everywhere. We will not aid in attacking customers anywhere. We need to retain the world’s trust.”
One of the most high-profile government attacks came in 2014, when North Korea hacked Sony Pictures and leaked personal information in the wake of a movie about the assassination of Kim Jong Un. More recently, online attackers allegedly acting on behalf of Russia hacked the Democratic National Committee in an apparent attempt to disrupt the U.S. election.