Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org)

Posted by msmash on from the fighting-back dept.

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."

36 of 67 comments (clear)

  1. This will last until... by CrimsonAvenger · · Score: 3, Insightful

    ...the first time one of these tech company executives is sent to jail for ignoring a court order...

    Or perhaps they'll wait till they find themselves being audited by the IRS (or your local equivalent, wherever you live) every single year....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:This will last until... by MrL0G1C · · Score: 1

      A court order to break the law, riiiight, makes a lot of sense that does.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
    2. Re:This will last until... by CanHasDIY · · Score: 2

      A court order to break the law, riiiight, makes a lot of sense that does.

      "Jesus, they're the government - even if it wasn't legal they'd still enforce it!"

      - Mallory Archer

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:This will last until... by jellomizer · · Score: 1

      You forget these companies political contributions.
      Nearly any company will pay political continuations to both political parties. Just so they have the people in political power attention.
      It isn't good.
      It isn't right.
      It isn't moral.
      But it is how it is done.

      Most politicians will only go so far to put pressure on these companies, usually enough to get them out of the news.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Too little, too late by barcarolle · · Score: 1

    When it comes to the US, the daily standard operations of those companies are already integrated into aggressive global cyberattack infrastructure of the US state security organs.

  3. An empty promise by Sarten-X · · Score: 4, Interesting

    Nobody ever builds weapons to use against "innocent civilians and enterprises".

    Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.

    "We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".

    --
    You do not have a moral or legal right to do absolutely anything you want.
  4. Innocent by Tokolosh · · Score: 2

    I would remind these (and all other companies), that you are innocent until proven guilty.

    "We must indeed all hang together, or most assuredly we shall all hang separately." â" Benjamin Franklin

    --
    Prove anything by multiplying Huge Number times Tiny Number
  5. Re:Amazon by msmash · · Score: 1

    That was supposed to be Apple. Fixed, thanks for pointing it out.

  6. Huawei and Samsung are not on the list by sinij · · Score: 2

    Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

    Tellingly, "Do no evil" Google is also not on the list. They probably decided that the list is not sufficiently diverse to join.

    1. Re:Huawei and Samsung are not on the list by Zocalo · · Score: 2

      It presently seems to be mostly western focussed, so the lack of Chinese companies like Huawei and ZTE, or Korean ones like Samsung doesn't seem to much of an issue, and Amazon, Apple, and Twitter are also missing on the US front, so I'm not reading too much into the current membership. If the organisation starts to gain a bit of traction and they still don't sign up, that's when you can probably start reading a little more into it - I'd also like to see Intel and AMD on there , given the security issues surrounding their on-chip management engines.

      Far more interesting to me is that despite the list being quite heavy on hardware and software vendors in the security sector, a couple of quite notable omissions are Checkpoint and Kaspersky Labs. The former because they're a company I've heard from multiple sources may have had some involvement with the development of Stuxnet, and as a perimeter firewall vendor someone you'd need to have absolute trust in (although Fortinet is another firewall vendor not on the list). The latter because you'd think they'd jump at a chance to try and further distance themselves from the allegations of their software being used as a government backdoor and restore some public trust via a little positive PR.

      Of course, none of this is going to matter if the company in question is "requested" to assist via a NSL or some other secrecy bound court order.

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:Huawei and Samsung are not on the list by thegarbz · · Score: 2

      Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

      I'm not sure what surprises me more, that you think any Asian based firm would sign up to a list of empty white country promises, or that you think that the promise is worth enough to get upset about Google missing from it.

  7. Really? by DivineKnight · · Score: 1

    All the people in bed with the NSA aren't going to assist with government with cyberattacks? This is my believing face.

    1. Re:Really? by jbmartin6 · · Score: 1

      It will be technically true, they will instead assist "researchers" or "academics" who will then covertly share everything with the government. If discovered $COMPANY will turn off the access, which will then be set up under a different "researcher".

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    2. Re:Really? by rtb61 · · Score: 1

      You are aware, that you are meant to elect representatives and they are meant to represent you in government and that government is meant to obey it's citizens. Perhaps you have become so accustomed to rolling over and taking it up the backside, that you now live in fear of demanding that your government obey the people that elect it. Well, at leas the US, isn't the only out of control government, the UK and France are right up there too and their legislative bodies are now caught up in the mess of having to consider prosecuting their leaders for failing to obey their laws and declaring war without the peoples consent via their representatives.

      --
      Chaos - everything, everywhere, everywhen
  8. But some already participate by WoodstockJeff · · Score: 2

    After all, if not for Microsoft operating systems and productivity products, many cyber attacks would be impossible.

  9. Not against "innocent civilians" by mi · · Score: 1

    they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

    The "innocent civilians and enterprises" is the giant caveat-emptor. Whatever the pledge, if the target is deemed guilty of something — and for the likes of Facebook, it can be mere misogyny — the bets are off and the company may participate with enthusiasm.

    --
    In Soviet Washington the swamp drains you.
  10. virtrue signaling by Anonymous Coward · · Score: 2, Insightful

    Nothing more than that, and this will change in no time. Notice how governments are not on that list of people they wont help attack? If they were actually serious they would have said they wouldn't help with any attack at all.

    Make no mistake about it, this is PR and Marketing because it involves no actual change for most of these companies anyways and in a month no one will care about this accord they will be free to break it all they want.

  11. That is nice of them by houghi · · Score: 4, Interesting

    The real question is what this actually means and how useful this is.
    Does this mean that previously did it and are now stopping. Or where they never asked? I can also easily say that I will never help a government to do it. The likelihood of them asking is extremely small.

    And are they willing to do business with those companies, er, governments. What about their re-sellers? What about companies? I doubt that many governments will ask a company to hack the planet. They will have a department that has holdings that owns companies that are not linked in any way or for to the government, because "National Security"

    Also nice that they can do it when the civilians and companies are guilty.

    To me it sounds hollow and more marketing than anything else. These are not the companies that are asked to help. They just own products that are used to do attacks.

    --
    Don't fight for your country, if your country does not fight for you.
  12. will not help governments ? by bagofbeans · · Score: 2

    No offense
    The companies will not help governments launch cyberattacks

    ...but if we help a cutout company working for a foreign government, it wasn't our fault, mommy!

    We need transparency and C level execs to go to jail, not weasel-worded fake accountability and cost-of-doing-business fines.

  13. Thats's great but by fred911 · · Score: 1

    All they need is one weak link, one participant mandated against disclosure. They already have this, and have had this for years. The sad thing is that we have had the ability to protect our private communication from third parties for a little longer. PGP is secure and the infrastructure has been in place for 15 years or so.

      The fact that people don't secure their communication and data with strong crypto is just plain laziness and a gift for the jackboots.

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  14. No Cyber"Attacks"? by BlueStrat · · Score: 4, Interesting

    But assisting with government domestic mass-surveillance and data-mining is A-OK.

    "We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."

    With "friends" like these, who needs enemas?

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  15. International Business Machines by MrL0G1C · · Score: 1

    IBM helped the Nazi gov't enumerate concentration camp victims so no surprise that their name isn't on the list.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  16. Too fucking late. by nimbius · · Score: 2

    Symantec is complicit in some of the most brutal repressive regimes on the planet. https://en.wikipedia.org/wiki/...
    https://en.wikipedia.org/wiki/...
    same with cisco.
    https://en.wikipedia.org/wiki/...
    And Microsoft? theyve not only back doored every OS theyve released, they even put out a tool for governments to crack into private computers.
    https://en.wikipedia.org/wiki/...

    --
    Good people go to bed earlier.
  17. Pledge? Give me a break. by TheZeitgeist · · Score: 1

    Sign pledge not to 'assist the government in attacks?' That's cute, and it won't matter if government really wants something.

    For instance, how many times I wonder did Backpage CEO guy talk tough; about protecting user data or never giving into the politicians or the cops or whatever. They wheeled him down to the station, let him think about couple decades in prison, and...voila: he rolled over like Rover on his business, all his customers, and undoubtedly some close associates and friends.

    Now think of tough guys like Tim Cook or Zuck getting the treatment in situation like that. Yeah, pledge lolol.

  18. Wait... by sycodon · · Score: 2

    ...haven't they already assisted by building crap software with back doors and other flaws that enable these attacks in the first place?

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  19. Hot air by thunderclees · · Score: 1

    The tech industry is particularly wormy so these pledges are worthless
    Citizen Four showed that all of the data being gathered by the tech industry is for sale and that has not changed
    The only thing that will motivate tech to actually respect privacy would be meaningful laws with teeth and the people charged with making and enforcing those laws are techs best customers.

    Sometimes the scandal is not what law was broken, but what the law allows. - Edward Snowden

  20. Perhaps, but... by DaveM753 · · Score: 4, Interesting

    a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

    Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.

    ...and someone please define "innocent civilians" and "enterprises" for me. I can subjectively define it by my own ideas, but how are our new, friendly "Cybersecurity Tech Accord" members going to define these terms? What does "innocent" mean to them? What does "civilian" mean to them? What constitutes an "enterprise"?

    This seems like a seriously limited promise.

    1. Re:Perhaps, but... by Anonymous Coward · · Score: 1

      Basically it means they won't attack each other. Everyone else? Fair game. It's quite frankly _disturbing_ that CDNs would even play this little game since they can't possibly do so without further controls (aka censorship). And SAP? PLEASE. This piece of shit company has databases in just about every Government and certainly large enterprise. Sounds like snowflakes at a bunch of tech companies finally realized the hell they created can and will be used against them too.

      Suspiciously absent from that list? The actual vendors like Sandvine who sell DPI boxes.

      US Government does exactly what it should have done -announces Huawei is banned from being used over spying, libtard media denounces it. Yet police forces have no problem bringing 10 year federal prison charges against some kid who downloaded a bunch of FOIA requests. What a fuckin time to be alive.

  21. This like GM promising not to make tanks by Karmashock · · Score: 1

    its not like it stops anything. For every company that doesn't want to do it there are ten that will cash the government check.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  22. Tim Cook or Zuck getting the treatment by bagofbeans · · Score: 1

    Not really. They have the wealth to afford the lawyers to challenge back. A court order can be fought, but very nearly everyone can't afford the price.

    1. Re:Tim Cook or Zuck getting the treatment by TheZeitgeist · · Score: 1

      If prosecutor really wants to get you they just get you. If they want to go get all the lawyer-docs, they'll just do that. Look at the President for an example. Think Zuck or his lawyer gets wind of FISA warrants ahead of everyone else? Not if he's target of it.

    2. Re:Tim Cook or Zuck getting the treatment by bagofbeans · · Score: 1

      The President is a bad example, because he doesn't do what his lawyers tell him, often being to simply shut up. The attorney-client privilege for MC/DT is broken when both parties claim they had nothing to do with it, e.g. the Clifford payoff.

  23. RSA? HAHAHAHAHAHAHAHAHA by the_B0fh · · Score: 1

    Would *YOU* believe RSA isn't doing anything? HAHAHAHAHA

  24. Gee, thanks. That'll be a big help to everyone. by sabbede · · Score: 1
    Everyone that isn't a Western democracy that is. I don't see any Russian or Chinese companies listed, just the ones that could help us fight back against them. Whose help we may desperately need.

    Great idea. I'm sure it can only turn out well.

  25. Facebook won't help by Daralantan · · Score: 1

    Because helping =/= selling for money.

  26. Take a stand against governments, but not people by wootcat · · Score: 1

    Sure. These companies take a stand against assisting governments in cyber attacks, but do nothing to protect citizens from the constant intrusion and surveillance in our personal lives and privacy. Personal privacy really needs to be considered a basic human right.

    --
    I'm really a low 5-digit Slashdotter, but this ID is where I am now.