On April 17th 2018, 34 tech companies signed the Cybersecurity Tech Accord, pledging to protect civilian and business users from cyber attacks regardless of nationality, geography or motivation of the attack. Ambitiously, the initiators refer to their project as the “Digital Geneva Accord”. Drawing on the historical Geneva Conventions one can ask: are tech companies the modern day Henry Dunant?
Almost 155 years ago, Henry Dunant called upon countries to formulate an international principle that would constitute the basis for the relief of the wounded in wartime. This led to the birth of the Red Cross and later to the four Geneva Conventions, which also protects civilians against the consequences of war. Today, most of us in Switzerland fortunately find ourselves far away from physical war zones. Nevertheless, a new potential battle is difficult to ignore: Cyber war. In May 2017, the WannaCry malware struck the UK health-care system, demanding users to pay a ransom and critically affecting hospitals. This was no unique incident. Cyberattacks are expected to trigger losses of up to USD8 trillion by 2022. Although attribution is a large problem, many attacks are believed to be state-sponsored. Hostilities are once again taking their toll on civilians and businesses not directly involved in the conflict.
Non-state actors have come up with an initiative for protecting citizens in cyberspace. On April 17th, a group of tech companies signed a Cybersecurity Tech accord, promising to improve security, stability and resilience of cyberspace in order to protect civilians regardless of nationality, geography or attack motivation. Among the 34 signatories are large online networking and IT infrastructure companies such as ABB, Cisco, Facebook, HP, Microsoft, Nokia or Oracle.
Microsoft, the initiator of the project, ambitiously referred to the accord as the Digital Geneva Accord. The company’s president Brad Smith stated that “(…) just as the Fourth Geneva Convention recognized that the protection of civilians required the active involvement of the Red Cross, protection against nation-state cyber attacks requires the active assistance of technology companies”. Microsoft committed itself to a role as a “neutral Digital Switzerland that assists customers everywhere and retains the world’s trust” and envisages an alliance of tech companies at the frontline of ensuring civilian protection in cyberspace.
As owners and operators of cyberspace, the tech companies’ commitment is absolutely crucial. With negotiations on binding international norms in an embryonic stage, it is good to see firms assuming social and political responsibilities and trying to fill a regulatory vacuum. Private initiatives and voluntary standard setting have always played an important role in addressing complex issues that arise with new technologies.
But Microsoft is not Henry Dunant, an individual with humanistic ideals, but a large and powerful tech giant with billion dollars sales per year. When Brad Smith argues that a Digital Accord is necessary to build consumers’ trust in technology, this also means that the company is responding to reputational risk the industry is currently facing. During the past months, after the Cambridge Analytica scandal, tech companies have been rocketed by public backlash for their lax handling of consumer concerns. In this light, the Cybersecurity Tech Accord could be regarded a well-timed PR coup. Even if it isn’t, fact remains that non-Western firms from countries such as Russia or China are missing in the Accord- and this puts its efficiency into question.
With this in mind, we must wait to see with what kind of initiatives companies will build from this initial commitment. The Cybersecurity Tech Accord remains voluntary, and companies cannot be held accountable for their pledges the same way governments can. While I doubt that Microsoft can act as a “neutral digital Switzerland”, it will be interesting to see how it adapts Henry Dunant’s vision to protect the innocent of the 21st century.