Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Businesses Privacy Security United States Technology IT

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
This discussion has been archived. No new comments can be posted.

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks

Comments Filter:
  • by CrimsonAvenger ( 580665 ) on Tuesday April 17, 2018 @10:45AM (#56451915)

    ...the first time one of these tech company executives is sent to jail for ignoring a court order...

    Or perhaps they'll wait till they find themselves being audited by the IRS (or your local equivalent, wherever you live) every single year....

    • by MrL0G1C ( 867445 )

      A court order to break the law, riiiight, makes a lot of sense that does.

      • A court order to break the law, riiiight, makes a lot of sense that does.

        "Jesus, they're the government - even if it wasn't legal they'd still enforce it!"

        - Mallory Archer

    • ...haven't they already assisted by building crap software with back doors and other flaws that enable these attacks in the first place?

    • by rtb61 ( 674572 )

      Tech companies do not have a choice. either they force this through on government and then force binding treaties with penalties via lobbyists or there will be no multinational tech companies because they absolutely will not be trusted outside of their country of origin. That governments were not able to achieve this, is a solid sign of the kind of anal retentive ass hats in tech in government. Basically tech companies picked up all the first and second raters due to demand and only the third raters ended i

    • You forget these companies political contributions.
      Nearly any company will pay political continuations to both political parties. Just so they have the people in political power attention.
      It isn't good.
      It isn't right.
      It isn't moral.
      But it is how it is done.

      Most politicians will only go so far to put pressure on these companies, usually enough to get them out of the news.

  • When it comes to the US, the daily standard operations of those companies are already integrated into aggressive global cyberattack infrastructure of the US state security organs.
  • An empty promise (Score:5, Interesting)

    by Sarten-X ( 1102295 ) on Tuesday April 17, 2018 @10:48AM (#56451935) Homepage

    Nobody ever builds weapons to use against "innocent civilians and enterprises".

    Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.

    "We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".

  • by Tokolosh ( 1256448 ) on Tuesday April 17, 2018 @10:49AM (#56451937)

    I would remind these (and all other companies), that you are innocent until proven guilty.

    "We must indeed all hang together, or most assuredly we shall all hang separately." â" Benjamin Franklin

  • by sinij ( 911942 ) on Tuesday April 17, 2018 @10:49AM (#56451941)
    Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

    Tellingly, "Do no evil" Google is also not on the list. They probably decided that the list is not sufficiently diverse to join.
    • by Zocalo ( 252965 )
      It presently seems to be mostly western focussed, so the lack of Chinese companies like Huawei and ZTE, or Korean ones like Samsung doesn't seem to much of an issue, and Amazon, Apple, and Twitter are also missing on the US front, so I'm not reading too much into the current membership. If the organisation starts to gain a bit of traction and they still don't sign up, that's when you can probably start reading a little more into it - I'd also like to see Intel and AMD on there , given the security issues s
    • Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.

      I'm not sure what surprises me more, that you think any Asian based firm would sign up to a list of empty white country promises, or that you think that the promise is worth enough to get upset about Google missing from it.

  • All the people in bed with the NSA aren't going to assist with government with cyberattacks? This is my believing face.

    • It will be technically true, they will instead assist "researchers" or "academics" who will then covertly share everything with the government. If discovered $COMPANY will turn off the access, which will then be set up under a different "researcher".
    • by rtb61 ( 674572 )

      You are aware, that you are meant to elect representatives and they are meant to represent you in government and that government is meant to obey it's citizens. Perhaps you have become so accustomed to rolling over and taking it up the backside, that you now live in fear of demanding that your government obey the people that elect it. Well, at leas the US, isn't the only out of control government, the UK and France are right up there too and their legislative bodies are now caught up in the mess of having t

  • by WoodstockJeff ( 568111 ) on Tuesday April 17, 2018 @10:53AM (#56451971) Homepage

    After all, if not for Microsoft operating systems and productivity products, many cyber attacks would be impossible.

  • they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

    The "innocent civilians and enterprises" is the giant caveat-emptor. Whatever the pledge, if the target is deemed guilty of something — and for the likes of Facebook, it can be mere misogyny — the bets are off and the company may participate with enthusiasm.

  • virtrue signaling (Score:2, Insightful)

    by Anonymous Coward

    Nothing more than that, and this will change in no time. Notice how governments are not on that list of people they wont help attack? If they were actually serious they would have said they wouldn't help with any attack at all.

    Make no mistake about it, this is PR and Marketing because it involves no actual change for most of these companies anyways and in a month no one will care about this accord they will be free to break it all they want.

  • That is nice of them (Score:5, Interesting)

    by houghi ( 78078 ) on Tuesday April 17, 2018 @11:02AM (#56452039)

    The real question is what this actually means and how useful this is.
    Does this mean that previously did it and are now stopping. Or where they never asked? I can also easily say that I will never help a government to do it. The likelihood of them asking is extremely small.

    And are they willing to do business with those companies, er, governments. What about their re-sellers? What about companies? I doubt that many governments will ask a company to hack the planet. They will have a department that has holdings that owns companies that are not linked in any way or for to the government, because "National Security"

    Also nice that they can do it when the civilians and companies are guilty.

    To me it sounds hollow and more marketing than anything else. These are not the companies that are asked to help. They just own products that are used to do attacks.

  • by bagofbeans ( 567926 ) on Tuesday April 17, 2018 @11:08AM (#56452075)

    No offense
    The companies will not help governments launch cyberattacks

    ...but if we help a cutout company working for a foreign government, it wasn't our fault, mommy!

    We need transparency and C level execs to go to jail, not weasel-worded fake accountability and cost-of-doing-business fines.

  • All they need is one weak link, one participant mandated against disclosure. They already have this, and have had this for years. The sad thing is that we have had the ability to protect our private communication from third parties for a little longer. PGP is secure and the infrastructure has been in place for 15 years or so.

      The fact that people don't secure their communication and data with strong crypto is just plain laziness and a gift for the jackboots.

  • No Cyber"Attacks"? (Score:5, Interesting)

    by BlueStrat ( 756137 ) on Tuesday April 17, 2018 @11:13AM (#56452095)

    But assisting with government domestic mass-surveillance and data-mining is A-OK.

    "We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."

    With "friends" like these, who needs enemas?

    Strat

  • IBM helped the Nazi gov't enumerate concentration camp victims so no surprise that their name isn't on the list.

  • by nimbius ( 983462 ) on Tuesday April 17, 2018 @11:18AM (#56452137) Homepage

    Symantec is complicit in some of the most brutal repressive regimes on the planet. https://en.wikipedia.org/wiki/... [wikipedia.org]
    https://en.wikipedia.org/wiki/... [wikipedia.org]
    same with cisco.
    https://en.wikipedia.org/wiki/... [wikipedia.org]
    And Microsoft? theyve not only back doored every OS theyve released, they even put out a tool for governments to crack into private computers.
    https://en.wikipedia.org/wiki/... [wikipedia.org]

  • Sign pledge not to 'assist the government in attacks?' That's cute, and it won't matter if government really wants something.

    For instance, how many times I wonder did Backpage CEO guy talk tough; about protecting user data or never giving into the politicians or the cops or whatever. They wheeled him down to the station, let him think about couple decades in prison, and...voila: he rolled over like Rover on his business, all his customers, and undoubtedly some close associates and friends.

    Now think of toug

    • Not really. They have the wealth to afford the lawyers to challenge back. A court order can be fought, but very nearly everyone can't afford the price.

      • If prosecutor really wants to get you they just get you. If they want to go get all the lawyer-docs, they'll just do that. Look at the President for an example. Think Zuck or his lawyer gets wind of FISA warrants ahead of everyone else? Not if he's target of it.
        • The President is a bad example, because he doesn't do what his lawyers tell him, often being to simply shut up. The attorney-client privilege for MC/DT is broken when both parties claim they had nothing to do with it, e.g. the Clifford payoff.

  • The tech industry is particularly wormy so these pledges are worthless
    Citizen Four showed that all of the data being gathered by the tech industry is for sale and that has not changed
    The only thing that will motivate tech to actually respect privacy would be meaningful laws with teeth and the people charged with making and enforcing those laws are techs best customers.

    Sometimes the scandal is not what law was broken, but what the law allows. - Edward Snowden

  • Perhaps, but... (Score:5, Interesting)

    by DaveM753 ( 844913 ) on Tuesday April 17, 2018 @11:24AM (#56452195)

    a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

    Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.

    ...and someone please define "innocent civilians" and "enterprises" for me. I can subjectively define it by my own ideas, but how are our new, friendly "Cybersecurity Tech Accord" members going to define these terms? What does "innocent" mean to them? What does "civilian" mean to them? What constitutes an "enterprise"?

    This seems like a seriously limited promise.

    • by Anonymous Coward

      Basically it means they won't attack each other. Everyone else? Fair game. It's quite frankly _disturbing_ that CDNs would even play this little game since they can't possibly do so without further controls (aka censorship). And SAP? PLEASE. This piece of shit company has databases in just about every Government and certainly large enterprise. Sounds like snowflakes at a bunch of tech companies finally realized the hell they created can and will be used against them too.

      Suspiciously absent from that

  • its not like it stops anything. For every company that doesn't want to do it there are ten that will cash the government check.

  • Would *YOU* believe RSA isn't doing anything? HAHAHAHAHA

  • Everyone that isn't a Western democracy that is. I don't see any Russian or Chinese companies listed, just the ones that could help us fight back against them. Whose help we may desperately need.

    Great idea. I'm sure it can only turn out well.

  • Because helping =/= selling for money.
  • Sure. These companies take a stand against assisting governments in cyber attacks, but do nothing to protect citizens from the constant intrusion and surveillance in our personal lives and privacy. Personal privacy really needs to be considered a basic human right.

The party adjourned to a hot tub, yes. Fully clothed, I might add. -- IBM employee, testifying in California State Supreme Court

Working...