The present and future of warfare takes place on computer terminals, innocent civilians worldwide are not being protected by their government, and it's time for the tech industry to pull together and call on the world's governments to come together in a Digital Geneva Convention. So said Brad Smith, president and chief legal officer at Microsoft, in an RSA 2017 keynote on Tuesday morning.
Smith opened by defining the cyberwarfare battlefield: "It’s a different kind of space: Not only can we not find [cyberspace] in the physical world, it is us. Cyberspace is owned and operated by the private sector." From the submarine cables that carry data across the ocean floor to the clpud services that contain data, the physical and virtual infrastructure is not government operated.
And so, Smith said, "When it comes to attacks, [the tech industry] is not only the plain of battle, we are the world's first responders."
As such, the tech industry should come together and call on the world's governments to conduct a digital Geneva Convention to devise and agree to rules protecting civilian use of the Internet.
"What the world needs is a new international agency … that brings together the best and the brightest in the private sectors, academic, public sector … to observe what happens, then call the question and identify the attackers when nation-state attacks happen," Smith said.
He drew strong parallels between the state of current events now and the state of the world leading up to the 1949 Geneva Convention. In a related blog post, Smith wrote:
Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace. And just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyberattacks requires the active assistance of technology companies. The tech sector plays a unique role as the internet’s first responders, and we therefore should commit ourselves to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.
In his keynote, Smith called on tech companies to act as responsible global entities, outlining codes of conduct for them too: Never to assist attacks, always to coordinate and collaborate in defense efforts, always to share solutions and patches.
Repeatedly, he called for the tech industry to be "a neutral digital Switzerland upon which everyone can rely."