Microsoft Is Right: We Need a Digital Geneva Convention
State-sponsored hackers may have meddled in political campaigns from the US to France to the Netherlands. And while nations are finding it tough to cooperate on the issue, Microsoft is pushing for more global cooperation, not less, in proposing a Digital Geneva Convention to prevent cyberwarfare.
By invoking the Geneva Convention, Microsoft appears to want to learn from the past. And history shows that while the company is right to propose action, international agreements alone won’t fix our vulnerabilities in cyberspace. Our best chance of success starts with voluntary industry standards.
Microsoft’s president and chief legal officer, Brad Smith, pitchedMicrosoft’s ideas for international cooperation at the RSA security conference in February. Microsoft has continued to promote this agenda at conferences and in policy briefs released last month. The G7 also jointly declared the need for international norms on nation-state behavior in cyberspace.
Microsoft has suggested three components to promote international cooperation and prevent warfare in cyberspace. First, the company argues, nation-states should agree to refrain from cyberattacks as part of what the company envisions as the Digital Geneva Convention. Second, industry should sign what the company calls a Tech Accord, which would create a shared set of principles and behaviors to protect citizens. Third, a new, neutral non-governmental organization would investigate attacks and attribute them to perpetrators (though not respond to them or enforce compliance). All three components, Microsoft has argued, are necessary to build consumers’ trust in technology.