And that includes refusing to cooperate if governments ask them to help launch digital offensives.
The news: The so-called Cybersecurity Tech Accord brings 34 firms together, all of them making a promise to “defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states.” Among those signed up are Microsoft, Facebook, HP, Dell, Arm, Symantec, and Cisco.
How it works: The firms say they’ll use four guiding principles to protect users: stronger defense, no offense, capacity building, and collective action. Among them are a number of (more intelligible) promises—such as to protect against exploitation of their products, better coordinate vulnerability disclosures, help people guard against threats for themselves, and never help governments launch cyberattacks.
Why they’re doing it: Brad Smith, the president of Microsoft, pictured, tells the New York Times that the threat of cyberattacks needs to be approached “in a principled way,” and “if we expect to get governments to do that, we have to start with some principles ourselves.” This new accord, thinks Smith, is a first step toward some kind of digital Geneva convention, which he’s advocated for years.
Who’s missing? Conspicuous by their absence are Alphabet, Amazon, and Apple. It’s currently unclear if they plan to join at a later date.