1 WikiLeaks2 Digital Geneva Convention
The interview comes during the same week where data privacy for users is once again in the headlines. Smith was talking after the Westminster terror attack in London, for which Microsoft provided information to UK law enforcement. Earlier today, we reported that the company acted within 30 minutes to give UK authorities information related to the recent terror attack in London. Smith says the information was given after the company assessed that the request was legal and valid. With fear growing over further attacks and cybercrimes, some argue tech companies should always be prepared to hand information, in any circumstance. However, Brad Smith has long championed a transparent process for data requests based on specific criteria. He says there should be strict limits on the data governments can get. “We will not help any government, including our own, hack or attack any customer anywhere,” Brad Smith said. “We will turn over data only when we are legally compelled to.” The comment drew heat from the press in the UK as it suggested Microsoft did not help authorities. However, it was taken out of context as Smith says Microsoft found the request to be valid. “Law enforcement needs information, sometimes it needs it very quickly to save lives. “When we get those kinds of requests, or warrants and when they are lawful, we act quickly, we can do so in a matter of minutes”, said Smith. “But when governments go too far we will say no.” Smith says Microsoft has shown it is not acting in any government’s interests, including the US. The company has already won a case against the US Department of Justice. The DoJ requested data related to the San Bernardino terror attacks. The data was held in an Irish center and Microsoft refused the request. The company argues a government has no right to demand data from centers not located within its borders. Microsoft urged the DoJ to pursue legal channels in Ireland in a bid to get the data. The company won its appeal in courts last year. “As a [global] company we need to be trusted everywhere and the only way that we can be trusted everywhere is if we put interests of our customers globally ahead, frankly, of individual interests of any single government.”
WikiLeaks
Earlier this month, WikiLeaks published documents showing the CIA can corrupt devices around the globe. The so-called Vault 7 documents reveal the US government agency can compromise consumer electronics like smartphones. With this ability, the CIA breaches undisclosed security holes in software and take over devices. WikiLeaks promised the zero-day vulnerabilities would be disclosed to Microsoft and other tech companies. We reported two weeks ago that tech giants were still waiting for the information. The delay seems to be because non-profit group wants the companies to sign an agreement. It was later reported the companies would have to sign a confidentiality agreement first. Smith says WikiLeaks has still not contacted Microsoft or any other company: “The reality is throughout the tech sector, we haven’t yet started to receive information from WikiLeaks. We’ll all learn more when we get the information. So far we know the same things journalists do.”
Digital Geneva Convention
Brad Smith has advocated the creation of a set of standards that would be like Digital Geneva Convention. This would compel participating nations to adhere to standardized rules for data collection and privacy. He announced the concept last month. “Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to implement the norms needed to protect civilians on the internet in times of peace.” Speaking to ITV, Smith says Microsoft has discussed the idea with governments, but none have offered any commitment.