Microsoft is again calling on governments to take action on data security and privacy.
As part of an IT industry that is still reeling from the National Security Agency (NSA) cyber-spying scandal, Microsoft continues to turn up the volume on its campaign to push for stronger data protections. This time, using the RSA security conference in San Francisco as a backdrop, Microsoft is pressing for action from all stakeholders, including governments and the Redmond, Wash.-based tech giant's peers.
Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, explored the roles governments play in the cyber-security landscape during a speech at the RSA event. He noted in a related blog post that those roles oftentimes overlap or conflict with one another. Governments fall into four categories: users, protectors, exploiters and investigators.
Months after ex-NSA contractor Edward Snowden leaked classified documents detailing the United States' extensive intelligence-gathering capabilities, the latter two have cast a harsh spotlight on tech companies.
"Military espionage and other surreptitious activity reminds us that governments often have other interests that conflict with their role as protectors," asserted Charney. "These overlapping and conflicting roles have given rise to the thorny issue that underpins much of the current dialogue on cyber-security: How should governments act when they have competing objectives?"
In fulfilling their roles as investigators, questions linger over how governments seek access to user data both within and outside their borders. In January, Brad Smith, Microsoft general counsel and executive vice president of legal and corporate affairs, raised similar concerns.
"We need an international legal framework—an international convention—to create surveillance and data-access rules across borders," he wrote in a Jan. 20 blog post. "The issues of the last year have reminded the world that the strong protections afforded by the U.S. Constitution and in U.S. law seldom apply to other countries' citizens," he said.
Addressing allegations that his company worked with the NSA to undermine its own famed encryption mechanisms, RSA security chief Art Coviello echoed some of those same themes in a Feb. 25 keynote address in front of RSA Conference attendees. "All governments and intelligence agencies need to have a governance model that allows them to do more to defend us and less to offend us," he said.
Charney's prescription calls for an international legal framework and reforms that "ensure that all surveillance is narrowly tailored, governed by the rule of law, transparent and subject to oversight." The IT industry can also play a part by continuing to innovate and advance, "technology options that enable greater data protection and by sharing information that promotes an informed public dialogue."
Entrusted with user data, tech companies walk a tightrope, noted Charney. "It must be responsive to both customer and government concerns, encouraging transparency and promoting legal processes that help ensure appropriate oversight exists when customer data is sought."