Get updates by email

Select Specific Blog Updates

Paul Zimmerman
pzimmerman@mrllp.com
310.299.5500

Photo of M&R Blog

Günter Menzl © 123RF.com

Digital Switzerland

Microsoft President Brad Smith is the force behind an admirable initiative – the Cybersecurity Tech Accord. By way of the Accord, participants seek to create a “digital Switzerland” made up of some of the leading tech companies in the world. Signatories to the Accord – to date, there are 34 in all, including ABB Group, Arm, Cisco, Facebook, Hewlett Packard, Microsoft, Nokia, Oracle, and Trend Micro – promise, among other things, not to aid or abet any government in committing cyberattacks against innocent civilians or enterprises and, at the same time, to protect victims of cyber crime.

By way of background, intelligence agencies have historically played a covert role in launching cyberattacks with global tech products that can be leveraged for nefarious purpose. For instance, the Federal Security Service of the Russian Federation (FSB) allegedly inserted so-called “backdoors” or intentional vulnerabilities that can later be exploited for data collection and other underhanded purposes. Of note, there have been accusations that Kaspersky Labs, a Russian antivirus company, was a military intelligence source for the FSB. The hands of the U.S. may be dirty as well, with our own National Security Agency (NSA) and Central Intelligence Agency (CIA) being accused of similar covert intelligence collection, including in connection with the PRISM surveillance program revealed by Edward Snowden.

With that in mind, companies that have signed onto the Accord have now stood up and said, loudly and clearly, that they aren’t willing to play along. Undoubtedly, many of these companies worry about being conscripted into world cyberwars, and it’s not good for business if their products are viewed as the tools of a rogue nation or regime. But will this declaration make a dent in the misuse of technology?

While certainly noble as a concept, the Accord may or may not have much of an impact. This is particularly true given that the signatories are primarily U.S.-based and do not include companies from some of the biggest cyber offenders (Russia, North Korea, China and Iran). Likewise, a few of the most notable tech players (Google, Amazon, Twitter and Apple) have yet to sign on, which is not entirely surprising.

Sure, by banding together, tech giants can make a united stand against malicious attacks by cybercriminal enterprises and nation-states. However, across-the-board cooperation may be difficult, as some potential signatories may already have clandestine deals in place that prevent them from joining the Accord, and others might be wary of taking an unnecessary preemptive stand that can serve to cut off key growth markets. Whatever the case may be, we can only hope that the Accord serves to suppress the frequency and severity of the debilitating cyberattacks that have otherwise become so commonplace.

This blog post is not offered as, and should not be relied on as, legal advice. You should consult an attorney for advice in specific situations.