Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org)

Posted by msmash on from the fighting-back dept.

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."

15 of 67 comments (clear)

  1. This will last until... by CrimsonAvenger · · Score: 3, Insightful

    ...the first time one of these tech company executives is sent to jail for ignoring a court order...

    Or perhaps they'll wait till they find themselves being audited by the IRS (or your local equivalent, wherever you live) every single year....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:This will last until... by CanHasDIY · · Score: 2

      A court order to break the law, riiiight, makes a lot of sense that does.

      "Jesus, they're the government - even if it wasn't legal they'd still enforce it!"

      - Mallory Archer

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
  2. An empty promise by Sarten-X · · Score: 4, Interesting

    Nobody ever builds weapons to use against "innocent civilians and enterprises".

    Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.

    "We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".

    --
    You do not have a moral or legal right to do absolutely anything you want.
  3. Innocent by Tokolosh · · Score: 2

    I would remind these (and all other companies), that you are innocent until proven guilty.

    "We must indeed all hang together, or most assuredly we shall all hang separately." â" Benjamin Franklin

    --
    Prove anything by multiplying Huge Number times Tiny Number
  4. Huawei and Samsung are not on the list by sinij · · Score: 2

    Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

    Tellingly, "Do no evil" Google is also not on the list. They probably decided that the list is not sufficiently diverse to join.

    1. Re:Huawei and Samsung are not on the list by Zocalo · · Score: 2

      It presently seems to be mostly western focussed, so the lack of Chinese companies like Huawei and ZTE, or Korean ones like Samsung doesn't seem to much of an issue, and Amazon, Apple, and Twitter are also missing on the US front, so I'm not reading too much into the current membership. If the organisation starts to gain a bit of traction and they still don't sign up, that's when you can probably start reading a little more into it - I'd also like to see Intel and AMD on there , given the security issues surrounding their on-chip management engines.

      Far more interesting to me is that despite the list being quite heavy on hardware and software vendors in the security sector, a couple of quite notable omissions are Checkpoint and Kaspersky Labs. The former because they're a company I've heard from multiple sources may have had some involvement with the development of Stuxnet, and as a perimeter firewall vendor someone you'd need to have absolute trust in (although Fortinet is another firewall vendor not on the list). The latter because you'd think they'd jump at a chance to try and further distance themselves from the allegations of their software being used as a government backdoor and restore some public trust via a little positive PR.

      Of course, none of this is going to matter if the company in question is "requested" to assist via a NSL or some other secrecy bound court order.

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:Huawei and Samsung are not on the list by thegarbz · · Score: 2

      Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

      I'm not sure what surprises me more, that you think any Asian based firm would sign up to a list of empty white country promises, or that you think that the promise is worth enough to get upset about Google missing from it.

  5. But some already participate by WoodstockJeff · · Score: 2

    After all, if not for Microsoft operating systems and productivity products, many cyber attacks would be impossible.

  6. virtrue signaling by Anonymous Coward · · Score: 2, Insightful

    Nothing more than that, and this will change in no time. Notice how governments are not on that list of people they wont help attack? If they were actually serious they would have said they wouldn't help with any attack at all.

    Make no mistake about it, this is PR and Marketing because it involves no actual change for most of these companies anyways and in a month no one will care about this accord they will be free to break it all they want.

  7. That is nice of them by houghi · · Score: 4, Interesting

    The real question is what this actually means and how useful this is.
    Does this mean that previously did it and are now stopping. Or where they never asked? I can also easily say that I will never help a government to do it. The likelihood of them asking is extremely small.

    And are they willing to do business with those companies, er, governments. What about their re-sellers? What about companies? I doubt that many governments will ask a company to hack the planet. They will have a department that has holdings that owns companies that are not linked in any way or for to the government, because "National Security"

    Also nice that they can do it when the civilians and companies are guilty.

    To me it sounds hollow and more marketing than anything else. These are not the companies that are asked to help. They just own products that are used to do attacks.

    --
    Don't fight for your country, if your country does not fight for you.
  8. will not help governments ? by bagofbeans · · Score: 2

    No offense
    The companies will not help governments launch cyberattacks

    ...but if we help a cutout company working for a foreign government, it wasn't our fault, mommy!

    We need transparency and C level execs to go to jail, not weasel-worded fake accountability and cost-of-doing-business fines.

  9. No Cyber"Attacks"? by BlueStrat · · Score: 4, Interesting

    But assisting with government domestic mass-surveillance and data-mining is A-OK.

    "We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."

    With "friends" like these, who needs enemas?

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  10. Too fucking late. by nimbius · · Score: 2

    Symantec is complicit in some of the most brutal repressive regimes on the planet. https://en.wikipedia.org/wiki/...
    https://en.wikipedia.org/wiki/...
    same with cisco.
    https://en.wikipedia.org/wiki/...
    And Microsoft? theyve not only back doored every OS theyve released, they even put out a tool for governments to crack into private computers.
    https://en.wikipedia.org/wiki/...

    --
    Good people go to bed earlier.
  11. Wait... by sycodon · · Score: 2

    ...haven't they already assisted by building crap software with back doors and other flaws that enable these attacks in the first place?

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  12. Perhaps, but... by DaveM753 · · Score: 4, Interesting

    a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

    Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.

    ...and someone please define "innocent civilians" and "enterprises" for me. I can subjectively define it by my own ideas, but how are our new, friendly "Cybersecurity Tech Accord" members going to define these terms? What does "innocent" mean to them? What does "civilian" mean to them? What constitutes an "enterprise"?

    This seems like a seriously limited promise.