Microsoft president and chief legal officer Brad Smith speaking at Microsoft WPC 2016 in Toronto (Photo: Microsoft)

Microsoft’s Brad Smith: We Need a “Digital Geneva Convention”

Brought to you by Supersite for Windows

The present and future of warfare takes place on computer terminals, innocent civilians worldwide are not being protected by their government, and it’s time for the tech industry to pull together and call on the world’s governments to come together in a Digital Geneva Convention. So said Brad Smith, president and chief legal officer at Microsoft, in an RSA 2017 keynote on Tuesday morning.

Smith opened by defining the cyberwarfare battlefield: “It’s a different kind of space: Not only can we not find [cyberspace] in the physical world, it is us. Cyberspace is owned and operated by the private sector.” From the submarine cables that carry data across the ocean floor to the clpud services that contain data, the physical and virtual infrastructure is not government operated.

And so, Smith said, “When it comes to attacks, [the tech industry] is not only the plain of battle, we are the world’s first responders.”

As such, the tech industry should come together and call on the world’s governments to conduct a digital Geneva Convention to devise and agree to rules protecting civilian use of the Internet.

“What the world needs is a new international agency … that brings together the best and the brightest in the private sectors, academic, public sector … to observe what happens, then call the question and identify the attackers when nation-state attacks happen,” Smith said.

He drew strong parallels between the state of current events now and the state of the world leading up to the 1949 Geneva Convention. In a related blog post, Smith wrote:

Just as the Fourth Geneva Convention has long protected civilians in times of war, we now need a Digital Geneva Convention that will commit governments to protecting civilians from nation-state attacks in times of peace.  And just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyberattacks requires the active assistance of technology companies.  The tech sector plays a unique role as the internet’s first responders, and we therefore should commit ourselves to collective action that will make the internet a safer place, affirming a role as a neutral Digital Switzerland that assists customers everywhere and retains the world’s trust.

In his keynote, Smith called on tech companies to act as responsible global entities, outlining codes of conduct for them too: Never to assist attacks, always to coordinate and collaborate in defense efforts, always to share solutions and patches.

Repeatedly, he called for the tech industry to be “a neutral digital Switzerland upon which everyone can rely.”

This article originally appeared on Supersite for Windows.

Get Daily Email News from DCK!
Subscribe now and get our special report, "The World's Most Unique Data Centers."

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

About the Author

Add Your Comments

  • (will not be published)


  1. Brad Smith is spot on! Great idea!!

  2. Terry Critchley

    Brad is 100% correct. What he is suggesting parallels the US DoD Orange books of the 1970s/80s which were considered mandatory security levels, A1, B1, C1, C2 etc. for vendor bids for computer business. This was a way of making sure that everyone knew the score and abided by one of the security levels set out. This is bigger than the 50 or 100 security product vendors and needs kicking into life by the likes of HP, Dell, Microsoft. IBM etc. What is needed is an agreed, solid ARCHITECTURE for cybersecurity (products come AFTER the architecture) and given an ISO no, like ISO123456. Participants: Vendors, the likes of NIST, security bodies and other bodies without an immediate monetary interest. This needs someone with enough clout/influence to bang the necessary heads together on this before the cybercriminals become cleverer than the 'cybercops'. I have documented many ideas on this theme should they ever be needed. Dr. Terry Critchley