View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 1, 2018updated 02 Oct 2018 10:53am

Microsoft Demands “Digital Peace” – What Does It Really Want?

Microsoft renews its attack on nation state "use of technology as a weapon"

By CBR Staff Writer

You may say it’s a dreamer, but it’s not the only one: Microsoft has launched a global petition calling for “Digital Peace”, renewing its attack on nation state use of “technology as a weapon” in a campaign that calls for a “peaceful digital global society”.

The campaign, in association with NGO Global Citizen and anchored by the microsite, launched over the weekend at the seventh Global Citizen Festival in New York’s Central Park.

It follows a frank critique in the wake of the WannaCry ransomware attack by Microsoft President Brad Smith last year of the stockpiling and exploitation of cybersecurity vulnerabilities, or 0days, by nation states.

“We must demand Digital Peace Now”

A petition set up by the company reads: “Governments are using technology as a weapon, which can devastate people, organizations and entire countries… We must come together as Digital Citizens and call upon our world leaders to create rules of the road that protect our digital society. We must demand Digital Peace Now”.

Computer Business Review signed the petition in the hope not just of Digital Peace, but of assessing how many others had done so, but Microsoft does not disclose the current number of signatories.

The company added, somewhat vaguely: “Digital Peace Now is going to be all about people – people banding together in one collective voice to tell their world leaders that the internet must be a peaceful, shared community. Not a battlefield.”

“There is no Peace without Digital Peace. “

The campaign launches five months after Microsoft called for a digital “Geneva Convention”, joining Arm, Cisco, Facebook, Github, Nokia and 28 other initial signatories backing a Cybersecurity Tech Accord – which includes a promise not to help any government launch cyber attacks “against innocent citizens and enterprises”.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The campaign now numbers 61 corporate members.

They have also promised to protect against “exploitation of technology products and services during their development, design, distribution and use.”

That pledge comes five years after after leaks by NSA contractor Edward Snowden revealed that Microsoft, like many other tech giants, had worked closely with the NSA’s Special Source Operations (SSO) division to put backdoors into its software, allowing, for example, encrypted Outlook chats to be deciphered and read by security services.

Nation States “Need to Take a Different Approach”

Microsoft wrote this weekend: “We know that nation-states are behind the worst digital attacks against both innocent people and the infrastructure that underpins societies – energy, transportation, health care, food and water… ”

“For example, the 2017 “WannaCry” attack – a true wake-up call – tore through cyberspace, hijacking more than 300,000 computers across 150 countries, including computers used by families, hospitals, governments and businesses. WannaCry was followed closely by “NotPetya,” an attack estimated to have caused $10 billion in damage ranging far beyond the initial targets in Ukraine.”

digital peaceWhile the website and campaign in general may appear curiously anodyne and lacking detail on precisely what the company is calling for, previous statements by Microsoft suggest it is taking aim squarely at government hoarding of vulnerabilities.

A May 2017 post by Brad Smith said: “The WannaCrypt exploits… were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.”

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

He added: “[We are calling for] governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.”

See also: New “100% UK Sovereign” UKCloud Service Takes Pot Shot at US CLOUD Act





Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.