Microsoft and Other Tech Companies Join Cybersecurity Tech Accord

The Cybersecurity Tech Accord was announced today, with 34 tech companies pledging to follow four commitments with regard to their security practices.

The four commitments are general policy-and-procedure kinds of statements, which have broad scope in terms of commercial, public and governmental relations. The signers include software and chip makers (such as Microsoft and ARM Holdings), antimalware solution providers (such as Bitdefender, CA Technologies, FireEye, F-Secure, Symantec and Trend Micro), a telecom company (Telefonica), computer and networking equipment manufacturers (such as Cisco Systems, Dell, HP and Juniper Networks), and more, as listed in this announcement.

Even Facebook is a member of the Cybersecurity Tech Accord.

In general, the companies are pledging to protect all of their customers against cyberattacks. They promise not to help governments launch attacks on individuals or businesses, nor will they tamper with products or services to that end. They'll collaborate with businesses on improving security protections and practices. Lastly, they plan to establish "partnerships with industry, civil society and security researchers to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace."

The accord was marked today by an announcement by Brad Smith, Microsoft's president. He noted that Microsoft had earlier called on the formation of a "Digital Geneva Convention" for governments to address cyberattacks, and that other tech companies agreed with the idea. Smith described the Cybersecurity Tech Accord as "an important step" in that context. It has "broad support" from industry leaders and "cybersecurity firms," and it promises to grow over time, he indicated.

Potentially, the Cybersecurity Tech Accord could be a big step for Microsoft as well. Microsoft, as well as Facebook and other service providers, were portrayed in a leaked U.S. National Security Agency slide as being participants in the PRISM program, which siphoned off public Internet traffic. Smith later denied Microsoft's participation in that program. Participation in government spying or counter-terrorism efforts might be construed differently, though, from conducting cyberattacks, but Microsoft was also alleged back then to have altered its Skype, OneDrive and Outlook solutions to facilitate NSA access to traffic. If so, such product tampering possibly isn't permitted under the new Cybersecurity Tech Accord, at least if it were done for cyberattack purposes.

The Cybersecurity Tech Accord says nothing about government spying. It's not necessarily about protecting privacy.

Microsoft notably sparred with the U.S. government on handing over information from its servers located in Ireland in a purported drug trafficking investigation. It was an indication that Microsoft was willing to go to court to protect its paying cloud service customers from government snooping, at least when the data was located overseas. On Tuesday, Reuters reported that the Supreme Court had dropped hearing the case, which had pitted Microsoft vs. the U.S. Department of Justice.

The case was dropped, in part, because of the passage of the CLOUD Act, a mild measure that just states that cloud service providers can challenge search warrants in court when there's a conflict in laws between countries. However, the CLOUD Act also has a provision against service providers having to install backdoors or break encryption.

Since cyberattacks, and not privacy, is the subject of the Cybersecurity Tech Accord, there may not be conflict between industry and governments with the new industry accord, especially as governments continue the practice of tapping Internet and telecommunications traffic. The accord just seems to draw the line on helping to facilitate attacks.

The Cybersecurity Tech Accord is just an industry agreement. It's not a law. The New York Times reported today that Microsoft had informed the Trump administration about the accord, and there were no objections raised.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Secured-Core PCs Promise To Stop Malware at the Firmware Level

    Microsoft and its hardware partners recently described new "Secured-core" PCs, which add protections against firmware-based attacks.

  • How To Ransomware-Proof Your Backups: 4 Key Best Practices

    Backups are the only guaranteed way to save your data after a ransomware attack. Here's how to make sure your backup strategy has ransomware mitigation built right in.

  • Microsoft Buys Mover To Aid Microsoft 365 Shifts

    Microsoft announced on Monday that it bought Mover to help organizations migrate data and shift to using Microsoft 365 services.

  • Microsoft Explains Windows 7 Extended Security Updates Setup Process

    Microsoft this week described installation instructions for volume licensing users of Windows 7 Service Pack 1 to get Extended Security Updates (ESU) activated on PCs.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.