Slashdot Mirror
Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org)
Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
...the first time one of these tech company executives is sent to jail for ignoring a court order...
Or perhaps they'll wait till they find themselves being audited by the IRS (or your local equivalent, wherever you live) every single year....
"I do not agree with what you say, but I will defend to the death your right to say it"
You know you're a big player when you're named twice in succession.
When it comes to the US, the daily standard operations of those companies are already integrated into aggressive global cyberattack infrastructure of the US state security organs.
Nobody ever builds weapons to use against "innocent civilians and enterprises".
Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.
"We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".
You do not have a moral or legal right to do absolutely anything you want.
I would remind these (and all other companies), that you are innocent until proven guilty.
"We must indeed all hang together, or most assuredly we shall all hang separately." â" Benjamin Franklin
Prove anything by multiplying Huge Number times Tiny Number
Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.
Tellingly, "Do no evil" Google is also not on the list. They probably decided that the list is not sufficiently diverse to join.
All the people in bed with the NSA aren't going to assist with government with cyberattacks? This is my believing face.
After all, if not for Microsoft operating systems and productivity products, many cyber attacks would be impossible.
The "innocent civilians and enterprises" is the giant caveat-emptor. Whatever the pledge, if the target is deemed guilty of something — and for the likes of Facebook, it can be mere misogyny — the bets are off and the company may participate with enthusiasm.
In Soviet Washington the swamp drains you.
Nothing more than that, and this will change in no time. Notice how governments are not on that list of people they wont help attack? If they were actually serious they would have said they wouldn't help with any attack at all.
Make no mistake about it, this is PR and Marketing because it involves no actual change for most of these companies anyways and in a month no one will care about this accord they will be free to break it all they want.
The real question is what this actually means and how useful this is.
Does this mean that previously did it and are now stopping. Or where they never asked? I can also easily say that I will never help a government to do it. The likelihood of them asking is extremely small.
And are they willing to do business with those companies, er, governments. What about their re-sellers? What about companies? I doubt that many governments will ask a company to hack the planet. They will have a department that has holdings that owns companies that are not linked in any way or for to the government, because "National Security"
Also nice that they can do it when the civilians and companies are guilty.
To me it sounds hollow and more marketing than anything else. These are not the companies that are asked to help. They just own products that are used to do attacks.
Don't fight for your country, if your country does not fight for you.
"innocent civilians and enterprises", but no mention of foreign governments.
We need transparency and C level execs to go to jail, not weasel-worded fake accountability and cost-of-doing-business fines.
All they need is one weak link, one participant mandated against disclosure. They already have this, and have had this for years. The sad thing is that we have had the ability to protect our private communication from third parties for a little longer. PGP is secure and the infrastructure has been in place for 15 years or so.
The fact that people don't secure their communication and data with strong crypto is just plain laziness and a gift for the jackboots.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
But assisting with government domestic mass-surveillance and data-mining is A-OK.
"We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."
With "friends" like these, who needs enemas?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
If Ladyada isn't dancing to this music, it's a meaningless ballet.
Could someone clarify whether the cyberattacks are just against innocent civilians of other states, or do american citizens also count?
Take note of the word "innocent" in their description: "INNOCENT civilians and enterprises from anywhere". A very important word which changes everything.
IBM helped the Nazi gov't enumerate concentration camp victims so no surprise that their name isn't on the list.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
Symantec is complicit in some of the most brutal repressive regimes on the planet. https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/...
same with cisco.
https://en.wikipedia.org/wiki/...
And Microsoft? theyve not only back doored every OS theyve released, they even put out a tool for governments to crack into private computers.
https://en.wikipedia.org/wiki/...
Good people go to bed earlier.
Goverments don't need help in committing attacks. They have their own hackers and systems are buggy and wide open even without backdoors. The accord is all but useless.
Censorship is where governments really need the private sector. Govs could try to build routers and firewalls, but they can't do it economically or in scale, only companies can do that. This accord would be quite useful if it covered censorship...
Hello? You can't hear me over the sound of ka-ching?
Sign pledge not to 'assist the government in attacks?' That's cute, and it won't matter if government really wants something.
For instance, how many times I wonder did Backpage CEO guy talk tough; about protecting user data or never giving into the politicians or the cops or whatever. They wheeled him down to the station, let him think about couple decades in prison, and...voila: he rolled over like Rover on his business, all his customers, and undoubtedly some close associates and friends.
Now think of tough guys like Tim Cook or Zuck getting the treatment in situation like that. Yeah, pledge lolol.
...haven't they already assisted by building crap software with back doors and other flaws that enable these attacks in the first place?
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
The tech industry is particularly wormy so these pledges are worthless
Citizen Four showed that all of the data being gathered by the tech industry is for sale and that has not changed
The only thing that will motivate tech to actually respect privacy would be meaningful laws with teeth and the people charged with making and enforcing those laws are techs best customers.
Sometimes the scandal is not what law was broken, but what the law allows. - Edward Snowden
Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.
This seems like a seriously limited promise.
its not like it stops anything. For every company that doesn't want to do it there are ten that will cash the government check.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
They wont specifically help mount cyberattacks on civilians or enterprises.
But, they will leave that bug that's known to the NSA/CIA/FBI etc open so they can do it for them.
Or, they'll happily give the source-code away to get access to a new market, or to keep from losing another one.
Not really. They have the wealth to afford the lawyers to challenge back. A court order can be fought, but very nearly everyone can't afford the price.
Can I just say HaHaHa?
Did you know that there's a smoking gun in the case of the WannaCry ransomware?
One of the specific patches Microsoft sent out was finalized and _digitally signed_ by Microsoft several months before it was rolled out.
If you think Microsoft, Google etc. aren't working with U.S. gov and supporting/enhacing their sabotage and attack capabilities, then you're lying to yourself.
Amazon hosts a US Government cloud and housed a CIA data center. Google is deeply tied to the US government and is known to supply data to NSA. As for Apple, it is very concerning since Apple computers can be used as attack vector by the US government. Governments around the world should boycott Apple until they plead not to assist US government in cyber attack.
Is that the same RSA that took $10 million dollars from the NSA to intentionally weaken its encryption algorithm so that one of its software products could be backdoored?
I think so.
Up again the wall snowflake mutha
Yo SJW shit 'bout all that I can take
Be 22 an rappin at a Soros brie-filled scrum
Save wettbakk rapists nibbaz dykes eating cake.
Would *YOU* believe RSA isn't doing anything? HAHAHAHAHA
this-
""We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent"."
"The fact that people don't secure their communication and data with strong crypto is just plain laziness and a gift for the jackboots."
B.S. People don't secure their communications because they understand how much the deck is stacked against them by multibillion dollar transnational goliaths like intel and google. When Intel and Google or the next generation counterparts start having a credible story as to how people should have confidence in their needlessly closed-source centralized communications systems, then people might not have an excuse. Sure, go ahead and spend what little time god gave you on this earth trying to secure your systems provided to you by suppliers that are stacking the security deck against you. You're lost life time.
The two biggest players with open APIs for creating bulk VPS instances are not in the list. Google's also missing.
....it's all bluster.
No one needs their help to do cyberattacks. Government entities just hire people with those skills directly.
Great idea. I'm sure it can only turn out well.
Because helping =/= selling for money.
Sure. These companies take a stand against assisting governments in cyber attacks, but do nothing to protect citizens from the constant intrusion and surveillance in our personal lives and privacy. Personal privacy really needs to be considered a basic human right.
I'm really a low 5-digit Slashdotter, but this ID is where I am now.