At the 2016 RSA Conference, Smith publicly supported Apple in the consumer tech giant's refusal to comply with government orders to weaken encryption technologies in the disputed iPhone; government officials claimed doing so could have made it possible for investigators to access sensitive data.
Are there rules in cyberspace? He noted this type of state-sponsored malicious behavior was becoming more common, and the potential for digital conflict is only continuing to grow.
That's why Microsoft (msft) President Brad Smith is calling for a so-called Digital Geneva Convention that he believes can help protect civilians in the same way the original Geneva Convention, adopted in 1949, helped define humanitarian protections in times of war.
The manifesto, published alongside his keynote address at the RSA conference in San Francisco on Tuesday, argued for codifying recent global norms around cyberwarfare and for establishing an independent agency to respond to and analyze cyberattacks. One of the main purposes of the Geneva Convention is to protect civilians, soldiers incapable of fighting, and prisoners of war.
According to the company, there are increased risks of governments attempting to exploit or even weaponise software to achieve national security objectives.
Smith, who previous year spoke out against the dangers of allowing government backdoors in the wake of Apple's fight with the Federal Bureau of Investigation, also called out the need for technology companies to explicitly agree to protect their users from state-sponsored attacks. He'd like for governments to agree not to target civilians, much as in the real Geneva Convention, and for them to pledge to work with the private sector to fix vulnerabilities.
This digital Geneva Convention would establish protocols, norms and worldwide processes for how tech companies would deal with cyber aggression and attacks of nations aimed at civilian targets, which appears to effectively mean anything but military servers. He has outlined six frameworks where his so-called Digital Geneva Convention will be built on. Governments would be required to exercise restraint in cyber weapon development and to commit to the nonproliferation of activities involving cyber weapons. -China agreement should serve as a model for the U.S.as it responds to Russian hacking.
As commerce and communication moved to internet-based platforms, it was expected war would as well. To that end, he also advocated the creation of a public-private consortium of the "best and brightest" in government and the technology industry to address the increased threats of nation-state cyberattacks. It also has alarmed other nations, which fear election disruption may be seen as fair game by their enemies (see Australia to Warn Political Parties of Hacking Risks). No meeting of tech companies has been called, but that would be a plausible next step.
In this hypothetical convention, Smith thinks tech companies should play the role of Switzerland. The United Nations began exploring the idea in 2015, when experts from 20 countries issued recommendations for cybersecurity norms for nation-states.