Slashdot Mirror
Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org)
Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Nobody ever builds weapons to use against "innocent civilians and enterprises".
Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.
"We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".
You do not have a moral or legal right to do absolutely anything you want.
The real question is what this actually means and how useful this is.
Does this mean that previously did it and are now stopping. Or where they never asked? I can also easily say that I will never help a government to do it. The likelihood of them asking is extremely small.
And are they willing to do business with those companies, er, governments. What about their re-sellers? What about companies? I doubt that many governments will ask a company to hack the planet. They will have a department that has holdings that owns companies that are not linked in any way or for to the government, because "National Security"
Also nice that they can do it when the civilians and companies are guilty.
To me it sounds hollow and more marketing than anything else. These are not the companies that are asked to help. They just own products that are used to do attacks.
Don't fight for your country, if your country does not fight for you.
But assisting with government domestic mass-surveillance and data-mining is A-OK.
"We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."
With "friends" like these, who needs enemas?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.
This seems like a seriously limited promise.