In 2012, it was revealed that somebody, we’re still not sure precisely who, engineered and released the first cyber weapon — Stuxnet. Built to exploit a series of security flaws, Stuxnet was designed to destroy Iran’s nuclear capability. Since then, however, talk of cyberweapons has mostly been hype. Still, hype can be scary and today, a cadre of major tech companies signed an accord to fight cyberweapons as a unified front.
Gizmodo reports that a host of tech giants, from behind-the-scenes sites like Github and Cloudfare, to major consumer-facing companies like Facebook and Microsoft, have signed the Cybersecurity Tech Accord, which is a pledge to both work together to stop data breaches and crime, and also to refuse to engage in what it calls “offense”:
The companies will not help governments launch cyberattacks against innocent citizens and enterprises, and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution.
That mission may be a contentious matter, even at home. The tensions between the demands of law enforcement for unfettered access to our phones and profiles and tech companies who at least nominally want to protect our privacy have been rising ever since Apple went to war with the FBI over device encryption, which led to a cascade of tech companies implementing tools like end-to-end encryption, making it impossible for anybody to “wiretap” your Facebook messages or your Snapchat. These aren’t perfect, of course, and there is a trade-off; after all, crooks talk about their illicit activities on Facebook and enjoy that blanket too. But this move throws up another roadblock in attempts to gather information without our knowledge or consent.
The cyber weapon conversation may become particularly urgent as governments become aware of the potential for attacks to advance their own agendas. While Robert Mueller’s probe into Russian election interference has gotten the majority of the attention, there are other, even scarier stories out there, such as reports that political parties and bad actors are using social media to whip up pro-genocide sentiment. And while stories of Russian efforts to take down the internet or shut down power grids have all been overblown, the fact that a couple of college kids running a Minecraft scam can put crucial infrastructure at risk highlights just how dangerous active malice might actually be.
That said, this is a voluntary pact, and it’s missing a few key names — such as IBM, Google, and Apple, not to mention the unsurprising lack of any defense or aerospace companies. Still, as we learn just where our data’s going and how it’s being abused, any action is a net positive.