Microsoft boss tells ITV News: 'We will not help any government hack any customer anywhere'

Microsoft
Hacking
Business
Technology
Monday 27 March 2017 at 1:37pm

Joel Hills

Business and Economics Editor

The president of Microsoft has told ITV News there should be strict limits to the data governments can obtain from private citizens.

Technology companies are under pressure to allow the intelligence agencies greater access to their networks after last week's terrorist attack in London.

In an interview with ITV News - recorded after the terror attack in London but prior to Amber Rudd's attack on WhatsApp on Sunday - Brad Smith said Microsoft would not automatically provide the security services access to the data they seek.

"We will not help any government, including our own, hack or attack any customer anywhere," Brad Smith said. "We will turn over data only when we are legally compelled to."

Sometimes even a court order is not enough. Microsoft has sued the US government on four occasions, when the company felt it was being asked to provide more information than it had a legal obligation to.

"Law enforcement needs information, sometimes it needs it very quickly to save lives.

"When we get those kinds of requests, or warrants and when they are lawful, we act quickly, we can do so in a matter of minutes", said Smith. "But when governments go too far we will say no."

In 2014, Microsoft resisted a demand by the US Department of Justice to release emails stored at an Irish data centre that were said to contain details of narcotics sales.

The company fought the case in the courts and, last summer, won on appeal.

Microsoft is a US company, but Brad Smith insists it will not act in US interests. "In the world today technology is at the core of everyone's lives in every country in the world.

"As a [global] company we need to be trusted everywhere and the only way that we can be trusted everywhere is if we put interests of our customers globally ahead, frankly, of individual interests of any single government."

Of course, if governments want information they don't have to ask for it.

Earlier this month, Wikileaks alleged that the CIA in the United States had found a way to hack into a range of electronic devices, including PCs running Microsoft Windows, Apple's iPhone and Samsung televisions.

Wikileaks published almost 9,000 documents - which it called "Vault 7" - and claimed they proved the CIA was using the software vulnerabilities it had found to monitor people.

Brad Smith admits Microsoft doesn't yet know if the CIA have found a secret way to use the company's technology to spy with.

"The reality is throughout the tech sector, we haven't yet started to receive information from Wikileaks. We'll all learn more when we get the information. So far we know the same things journalists do."

But he added "any day that we learn and read about more governments taking more steps to hack their way into private technology is a day our concerns should grow."

Brad Smith refused to comment further on the surveillance activities of the US government, but points out that the amount of hacking being carried out nation states more generally has increased in both frequency and severity, and that companies and individuals are often the targets.

"Since last summer we've seen nation states, major governments attacking 60 of our customers in 49 different countries, hacking their way into their networks, accessing and in many instances stealing their email," Smith told ITV News.

Brad Smith described the cyber attack by North Korea on Sony in 2014 as "a turning point". Since then, he says state-sponsored attacked have become more widespread than most people imagine.

Smith told me that hacking from China continues, despite an agreement with the US in 2015 not to conduct or support cyber attacks on businesses. Although he notes "there has been a reduction."

Last week the FBI confirmed it is investigation Russian interference in last year's US Presidential election. Does Microsoft have evidence that Russia managed to hack into the White House? Smith won't say.

"I think the stakes are serious," he insists. "Fundamentally, what we see is nation states not just attacking and stealing email but preparing in the future to take steps that would involve attacking infrastructure: whether it's the electrical grid, the healthcare system, the water system, the accounts of journalists or - as we saw last year - accounts of citizens involved in the infrastructure of our democracies, our electoral process itself."

Brad Smith has identified a problem that he is calling on national governments to fix.

His suggestion is a digital equivalent of the Geneva Convention - a universal, legally binding pledge by nation states that they will not attack civilians.

"This is not a time of war, there should be limits," Smith insists. "Governments have understood for centuries that they will spy on each other but that doesn't mean they should spy on private citizens".

The international agreement Smith is calling for creates an obvious tension. Every (good) government instinctively wants to protect its people while reserving the right to snoop on others.

A digital Geneva Convention is therefore both a compelling and deeply unattractive idea. Smith says Microsoft has shared the idea with governments - to date none has committed to sign-up.

Brad Smith's ambition for tech companies to remain neutral is already being challenged. If he's right and a cyberwar between nation states rages online then the battlefield is the wires, pipes, and servers belonging to private companies.

Everyone agrees there's a balance to be struck between national security and individual privacy.

The problem is that governments and companies draw the boundaries rather differently - as the political reaction to the murder of four people in Westminster last week shows.