Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67
Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.
The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.
Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
This will last until... (Score:4, Insightful)
...the first time one of these tech company executives is sent to jail for ignoring a court order...
Or perhaps they'll wait till they find themselves being audited by the IRS (or your local equivalent, wherever you live) every single year....
Re: (Score:2)
A court order to break the law, riiiight, makes a lot of sense that does.
Re: (Score:3)
A court order to break the law, riiiight, makes a lot of sense that does.
"Jesus, they're the government - even if it wasn't legal they'd still enforce it!"
- Mallory Archer
Wait... (Score:3)
...haven't they already assisted by building crap software with back doors and other flaws that enable these attacks in the first place?
Re: (Score:1)
Tech companies do not have a choice. either they force this through on government and then force binding treaties with penalties via lobbyists or there will be no multinational tech companies because they absolutely will not be trusted outside of their country of origin. That governments were not able to achieve this, is a solid sign of the kind of anal retentive ass hats in tech in government. Basically tech companies picked up all the first and second raters due to demand and only the third raters ended i
Re: (Score:2)
You forget these companies political contributions.
Nearly any company will pay political continuations to both political parties. Just so they have the people in political power attention.
It isn't good.
It isn't right.
It isn't moral.
But it is how it is done.
Most politicians will only go so far to put pressure on these companies, usually enough to get them out of the news.
Re: (Score:2)
Too little, too late (Score:1)
An empty promise (Score:5, Interesting)
Nobody ever builds weapons to use against "innocent civilians and enterprises".
Instead, everyone builds weapons to use only against those evil and horrible people who are guilty of offenses against the one true ideology, or the one true religion, or the one true culture. Of course, those who are aiding those terrible villains are also guilty of aiding the enemy. Then, of course, it's a small stretch to accept that those who are neutral are still helping the enemy with their neutrality, and those who aren't helping anyone are hindering our own ability to fight.
"We won't harm innocent civilians" is just as useless as a certain other company's promise to "don't be evil", and for the same reason. It all depends on the perspective used to define what's "evil" or "innocent".
Innocent (Score:3)
I would remind these (and all other companies), that you are innocent until proven guilty.
"We must indeed all hang together, or most assuredly we shall all hang separately." â" Benjamin Franklin
Huawei and Samsung are not on the list (Score:3)
Tellingly, "Do no evil" Google is also not on the list. They probably decided that the list is not sufficiently diverse to join.
Re: (Score:3)
Re: (Score:3)
Unsurprisingly, Chinese-based Huawei and Korean-based Samsung are not on the list.
I'm not sure what surprises me more, that you think any Asian based firm would sign up to a list of empty white country promises, or that you think that the promise is worth enough to get upset about Google missing from it.
Really? (Score:2)
All the people in bed with the NSA aren't going to assist with government with cyberattacks? This is my believing face.
Re: (Score:2)
Re: (Score:2)
You are aware, that you are meant to elect representatives and they are meant to represent you in government and that government is meant to obey it's citizens. Perhaps you have become so accustomed to rolling over and taking it up the backside, that you now live in fear of demanding that your government obey the people that elect it. Well, at leas the US, isn't the only out of control government, the UK and France are right up there too and their legislative bodies are now caught up in the mess of having t
But some already participate (Score:3)
After all, if not for Microsoft operating systems and productivity products, many cyber attacks would be impossible.
Not against "innocent civilians" (Score:2)
The "innocent civilians and enterprises" is the giant caveat-emptor. Whatever the pledge, if the target is deemed guilty of something — and for the likes of Facebook, it can be mere misogyny — the bets are off and the company may participate with enthusiasm.
virtrue signaling (Score:2, Insightful)
Nothing more than that, and this will change in no time. Notice how governments are not on that list of people they wont help attack? If they were actually serious they would have said they wouldn't help with any attack at all.
Make no mistake about it, this is PR and Marketing because it involves no actual change for most of these companies anyways and in a month no one will care about this accord they will be free to break it all they want.
Comment removed (Score:5, Interesting)
will not help governments ? (Score:3)
We need transparency and C level execs to go to jail, not weasel-worded fake accountability and cost-of-doing-business fines.
Thats's great but (Score:2)
All they need is one weak link, one participant mandated against disclosure. They already have this, and have had this for years. The sad thing is that we have had the ability to protect our private communication from third parties for a little longer. PGP is secure and the infrastructure has been in place for 15 years or so.
The fact that people don't secure their communication and data with strong crypto is just plain laziness and a gift for the jackboots.
No Cyber"Attacks"? (Score:5, Interesting)
But assisting with government domestic mass-surveillance and data-mining is A-OK.
"We promise we won't help attack anyone, we'll only help governments oppress their domestic populations, the US government's domestic surveillance of the US population being at the top of the list."
With "friends" like these, who needs enemas?
Strat
International Business Machines (Score:2)
IBM helped the Nazi gov't enumerate concentration camp victims so no surprise that their name isn't on the list.
Comment removed (Score:3)
Pledge? Give me a break. (Score:1)
Sign pledge not to 'assist the government in attacks?' That's cute, and it won't matter if government really wants something.
For instance, how many times I wonder did Backpage CEO guy talk tough; about protecting user data or never giving into the politicians or the cops or whatever. They wheeled him down to the station, let him think about couple decades in prison, and...voila: he rolled over like Rover on his business, all his customers, and undoubtedly some close associates and friends.
Now think of toug
Tim Cook or Zuck getting the treatment (Score:2)
Not really. They have the wealth to afford the lawyers to challenge back. A court order can be fought, but very nearly everyone can't afford the price.
Re: (Score:1)
Re: (Score:2)
The President is a bad example, because he doesn't do what his lawyers tell him, often being to simply shut up. The attorney-client privilege for MC/DT is broken when both parties claim they had nothing to do with it, e.g. the Clifford payoff.
Hot air (Score:1)
The tech industry is particularly wormy so these pledges are worthless
Citizen Four showed that all of the data being gathered by the tech industry is for sale and that has not changed
The only thing that will motivate tech to actually respect privacy would be meaningful laws with teeth and the people charged with making and enforcing those laws are techs best customers.
Sometimes the scandal is not what law was broken, but what the law allows. - Edward Snowden
Perhaps, but... (Score:5, Interesting)
Maybe they won't help any *government*, but what about private entities like corporations or wealthy individuals? What if a corporation or a wealthy individual were to ask our new, friendly "Cybersecurity Tech Accord" members to mount a cyberattack against someone? Under that scenario, they would not be helping a government.
This seems like a seriously limited promise.
Re: (Score:1)
Basically it means they won't attack each other. Everyone else? Fair game. It's quite frankly _disturbing_ that CDNs would even play this little game since they can't possibly do so without further controls (aka censorship). And SAP? PLEASE. This piece of shit company has databases in just about every Government and certainly large enterprise. Sounds like snowflakes at a bunch of tech companies finally realized the hell they created can and will be used against them too.
Suspiciously absent from that
This like GM promising not to make tanks (Score:2)
its not like it stops anything. For every company that doesn't want to do it there are ten that will cash the government check.
RSA? HAHAHAHAHAHAHAHAHA (Score:2)
Would *YOU* believe RSA isn't doing anything? HAHAHAHAHA
Gee, thanks. That'll be a big help to everyone. (Score:2)
Great idea. I'm sure it can only turn out well.
Facebook won't help (Score:1)
Take a stand against governments, but not people (Score:1)