With growing evidence that Russian cyberwarfare technology was used to try to influence an American election, it is increasingly apparent that current computer-security technology is inadequate.
Microsoft President Brad Smith ’81 offered a solution March 22 at the Princeton-Fung Global Forum in Berlin: a “digital Geneva Convention” to protect the world from a new kind of warfare.
Smith’s proposal builds on the meetings held in Geneva in 1949 in the wake of World War II to establish ground rules for the conduct of warfare and the treatment of civilians during war. He called for the creation of an organization parallel to the International Committee of the Red Cross to establish rules and limits against internet attacks.
The two-day forum focused on the question of whether liberty can survive in the digital age. It included talks by Smith; Vint Cerf, a Google executive who was one of the designers of the underlying technology used to create the internet; and Neelie Kroes, the former vice president and commissioner for digital economy and society of the European Commission.
The event also included six panels on challenges posed by the growing influence of the internet on society, ranging from privacy and surveillance and “the internet of things” to the recent phenomenon of “fake news.”
It was Microsoft’s president, however, who captured the attention of forum attendees. “I thought it was worth taking a page out of the history books ... to start to talk about creating a digital Geneva Convention,” Smith said.
His proposal, first made in February at a computer-security conference in San Francisco, is to bring together like-minded governments to pledge they will not attack civilian infrastructure. A new Geneva Convention would cause governments “to step back and pledge that they will not hack the accounts of journalists or other private citizens who are involved in the infrastructure of our democracy,” Smith said.
The biggest challenge facing a new treaty organization for the digital era would be finding a way to ensure attribution — to determine where an internet attack actually comes from, he said. What sets cyberwar apart from traditional warfare is that it is maddeningly difficult to determine an attacker’s identity.
“The truth is that we in the private sector often know,” Smith said. “But we have employees in these countries that we need to protect.” Finger-pointing is needed to discourage and deter this kind of action, he added.
Among the 450 attendees, there was both support for his proposal as well as some pessimism about the prospects of limiting cyberwar with new treaties and new actors. “Unfortunately, Microsoft is not the Red Cross,” said Julia Pohle, a senior researcher at the WZB Berlin Social Science Center.
John Markoff reported on technology for The New York Times from 1988 to 2017.