Rating Qualities

10
Applicable
Eye Opening
Hot Topic

Tools and Weapons

The Promise and the Peril of the Digital Age
Brad Smith and Carol Ann Browne | © 2019
From TOOLS AND WEAPONS by Brad Smith and Carol Ann Browne
Summarized by arrangement with Penguin Press, an imprint of
Penguin Publishing Group, a division of Penguin Random House LLC.

Information technology dominates every aspect of our lives, and will soon become as ubiquitous
as electricity. However, in the wrong hands it can be a weapon. That is why Brad Smith, President
of Microsoft, insists that governments must work with the tech sector to build a safer future.
Privacy and security are key, but so is recognizing that data is a renewable resource that should
be shared, for the benefit of humanity. Smith offers detailed insight into our collective tech future
based on his years of experience managing relationships among competitors and nations. Smith
warns of the potentially catastrophic consequences of not getting ahead of powerful technology.

Take-Aways
• The NSA Snowden affair raised the question: What is more important, people’s privacy or
public safety?
• Information technology is a tool. Like any tool it can also be a weapon.
• Disruptions on social media caused by rival regimes threaten democratic norms.
• A Digital Geneva Convention would address cybersecurity issues and protect human rights.
• Governments must facilitate more access to technology to redress social inequality.
• Corporations and governments must work together to develop an ethics of AI.
• The United States and China have the most complex diplomatic and economic relationship in
history.
• Data is the world’s most renewable resource, but is so powerful it must be protected and
monitored.

www.getabstract.com

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 Summary

The NSA Snowden affair raised the question: What is more important, people’s
privacy or public safety?

In 2013, Microsoft was just as alarmed as the public when The Guardian published a bombshell:
The world’s biggest tech companies had contributed masses of private information from their
customers’ accounts to a consortium called PRISM. Leaked documents from Edward Snowden at
the US National Security Agency revealed that the United States government had been accessing
citizens’ private information without the tech companies’ knowledge or consent.

“As technology continues to advance, can the world control the future it is creating?”

Such an invasion of privacy violated the personal property rights of American citizens. No
government can seize a citizen’s information without a warrant. Now, with servers holding
people’s mail and personal information, the same laws should apply. Companies like Microsoft
are like a bank where customers from all over the world store their data. Microsoft declines to turn
over customer data without a proper legal process.

“The pressure to put data centers in more countries is giving rise to what rapidly is
becoming one of the world’s most important human rights issues.”

Microsoft would inform its customers if the government made requests for their data, and if
faced with a gag order, it would challenge the order in court. The company’s lawyers use the
First Amendment (freedom of speech) and the Fourth Amendment (protection from unlawful
search and seizure) as their guide. Your phone, they argue, should be considered the same as
your home, and its contents, much of them private, should be protected in the same way. After
two years of litigation, the Department of Justice agreed to a new policy with set rules regarding
when prosecutors could pursue gag orders. Microsoft “won” but the lawsuit only proved that
tech needed more open conversation and legislation to protect millions of customers using cloud
services. It built a huge data center in Ireland, because that country is known for its resilient and
robust respect for human rights. Never forget that less democratic countries can use people’s
data to prosecute, or even execute, them. Microsoft may have a big money stake in protecting its
relationship with customers, but it has a big moral stake as well.

Information technology is a tool. Like any tool it can also be a weapon.

The WannaCry cyberattack on government systems in May 2017 warned governments all over the
world about the risks of using outdated software. The WannaCry virus had been developed in the
United States, but Microsoft suspected that North Korea may have procured it and launched it as
a “cyber missile.” The virus hobbled the United Kingdom’s National Health Service and affected
300,000 computers worldwide. MS’s most up-t0-date OS was protected, and it urged customers

www.getabstract.com
2 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 that were using an older OS to upgrade, but its personnel were surprised by the complacency they
encountered. The company gave away patches for free to stem the spread of the virus.

“In a world where everything is connected, anything can be disrupted.”

The US government had detected and exploited vulnerabilities in the Microsoft operating system
without alerting MS. This was not a business issue, but a geopolitical one. Microsoft had a
responsibility to its customers, but also to the common good. It urged governments to safeguard
their cyberweapons from theft or misuse. The US government, however, was reluctant to discuss
the threat in more detail, although that would have helped Microsoft protect its customers.

Another attack, shortly after, by Russia on the Ukraine underscored further the urgency in
protecting citizens from cyberattacks. The NotPetya virus disabled crucial infrastructure, drawing
attention to the stark fact that the world now runs on computers and, without them, people might
freeze, or have no running water or access to food. However, the United States and other nations
remain complacent, arguing that these attacks are “just machines attacking machines.”

North Korea and Russia should be held accountable for their cyberattacks, not shielded by
governments that focus more on protecting themselves than protecting their citizens. Microsoft,
Facebook and another unnamed tech company successfully undertook to hobble North Korea’s
malware. The United States, along with Canada, Australia, Japan and the United Kingdom, all
publicly attributed the attack to North Korea, the first such announcement. This proves that when
big tech and governments work together, they can address threats.

Disruptions on social media caused by rival regimes threaten democratic norms.

Social media giant Facebook was not prepared for attacks from Russia’s Internet Research
Agency (IRA) during the 2016 Presidential campaign. Millions of Americans were exposed to
fake news, calibrated by Russia to undermine the democratic process. Estonia, once oppressed
by Russia, built a museum in Tallinn to remind democratic societies that they must vigilantly
protect freedom from authoritarian efforts to dismantle it. The desire for freedom unites people;
however, once they consider themselves free, their common bond slackens. They become isolated
and tribal. The United States has come to take freedom for granted, and it is not vigilant enough.
Facebook was not created as a space for foreign governments to disrupt democracy, but it
also had not created any defense against disruption. However, it was accountable for selling
personal information about its customers to Cambridge Analytica, which used the data for
partisan political purposes. In defending his company during 2018 Congressional hearings,
Mark Zuckerberg claimed to support better regulation in social media, but confessed he didn’t
know what kind of regulation it should be. The tech sector determined that regulation was “an
inevitability” but no one proposed guidelines.

www.getabstract.com
3 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 “Leave it to the public to decide what is true. But let them make that decision based on an
accurate understanding of who is speaking.”

When a young domestic terrorist used social media as a platform to broadcast his rampage in
Christchurch, New Zealand, Prime Minister Jacinda Ardern, placed accountability for the video’s
spread squarely on the tech industry. Microsoft, among others, rallied to her demand that social
media must make its users aware when they are getting information from a real person or an
automated “bot” spreading false or unwanted information indiscriminately. For too long, social
media lacked accountability for the content on its platforms because Congress shielded the
internet from the US Communications Decency Act in 1996.The United States has used technology
to help spread democracy. Now it must use technology to protect it.

A Digital Geneva Convention would address cybersecurity issues and protect human

rights.

In 2017, Denmark created a new government role: “tech ambassador.” The Danish foreign
minister went so far as to say that “these companies have become a type of new nation.” Other
countries have created similar roles.

If technology becomes weaponized, Microsoft identifies three strategies to protect the tech
industry and the public from cyberattacks:

1. Strengthen technical defenses.

2. Improve operational security (capacity to detect threats, deter them and counter attack)
3. Stronger international rules and diplomatic call to action.

The first two strategies are not effective without the third. The tech sector must coordinate with
international governments. When Microsoft brought these concerns to the White House in 2016,
its representatives realized that, with growing nationalism at home and abroad, tech needed an
“intellectual foundation to act in global way.” They called for a “Digital Geneva Convention” that
would enshrine “norms” to protect citizens from human rights abuses via cyberattacks. Opponents
feared that when the United States limited its own military capabilities, the country made
itself vulnerable to attack by bad actors. Microsoft retorted that having rules promised better
accountability, and was certainly preferable to having no rules at all. The DGC would not ban or
limit cyberweapons, but it could put limits on how governments fight wars. The problem with
cyberweapons, unfortunately, is that bad actors can use them clandestinely. That is also part of
their allure.

“Instead of relying on governments alone, a new approach to multi-stakeholder

diplomacy brings governments, civil society, and tech companies together.”

The Paris Call for Trust and Security in Cyberspace led by French President Emmanuel
Macron turned the tables on this issue. By early 2019, the agreement had 370 signatories

www.getabstract.com
4 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 from business and international governments. The United States declined to participate. The
Christchurch Call soon followed. This new, multilateral approach to diplomacy included “non-
state actors” (private companies), which made this agreement different from the Geneva
Convention. Having cybersecurity agreements without cooperation with the companies that
develop the technology is unrealistic. To prevent catastrophic conflict, governments must
coordinate with tech innovators.

Governments must facilitate more access to technology to redress social inequality.

In 2017 the United States had to contend with two immigration crises: the decision to rescind
President Barack Obama’s Deferred Action for Childhood Arrivals (DACA) and President Donald
Trump’s executive order banning immigration from Muslim countries. The impact on tech was
substantial. Not only were such policies discriminatory, they were bad for the economy. In a
world where tech is ubiquitous in every industry, diverse talent is crucial. In both the DACA and
Muslim bans, Microsoft pursued legal action against the government to protect its employees who
were affected by the legislation. This does not mean that companies should neglect American-born
workers. When Microsoft lost its antitrust case in 2003 and had to pay $1.1 billion to California
consumers, it donated that money in vouchers for new computer technology for schools. It
founded Technology Education and Literacy in Schools (TEALS) and is the biggest funder for
Code.org, a website dedicated to teaching kids computer science.

“The spread of new technology is not just an economic imperative. It needs to be treated
as a social cause.”

In 2019, Microsoft took another bold step into public policy: tax reform. Brad Smith proposed
levying a special tax on businesses that rely on the education system for talent. Microsoft and
Amazon would pay the highest taxes toward the Workforce Education Investment Act, which
will make education in tech more accessible to Washington State students. Unfortunately, this
is only a drop in the bucket; access is still a problem among racial minorities, women and rural
residents. Most critically, the Seattle area has an affordable housing shortage, which Microsoft
also identifies as a problem the tech sector should help alleviate. The company has donated $500
million to build low- and middle-income housing, but key to success is close collaboration with
city planners.

Corporations and governments must work together to develop an ethics of AI.

The decade between 2010-2020 is the era when artificial intelligence (AI) found its footing. In
that time, traditional logic-based reasoning used in computation gave way to machines that
became able to learn. By 2016 AI had found applications in predicting outcomes, lending credence
to the fear that machines might take over the world. However, to Microsoft, AI posed a more
immediate ethical problem: machine bias. Machines can only learn from the data they receive, and
overwhelmingly, data sets used for facial recognition software programs are those of white men,

www.getabstract.com
5 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 clearly lacking diversity. Machine bias reflects human bias, and such inaccuracy could lead to AI
misidentifying, for instance, people of color, which sometimes could put them at risk.

Microsoft CEO Satya Nadella identified the need for “a full-blown approach to ethics” in AI.
Together with Google, Microsoft settled on six principles: fairness, reliability and safety, privacy
and security, inclusiveness, transparency and accountability. Accountability requires that humans
remain in the loop, especially when machines make decisions that affect people’s rights and
freedoms. For this to succeed, there needs to be governance. The law and regulations would give
these ethics backbone, and there needed to be protocols sooner than later. Military weapons in
particular pose concerns. What is the safe threshold for war to be automatized? Should companies
like Google or Microsoft work on defense contracts? Microsoft looked to Human Rights Watch,
which recommends that governments “prohibit weapons systems that can select and engage
targets without meaningful human control.”

“When your technology changes the world, you bear a responsibility to help address the
world that you have helped create.”

AI is global in character. Technologists want it to work the same everywhere, but it will be abused
by bad actors. AI developers should take ethics and humanities courses. There should be a
“Hippocratic oath for coders.”

The United States and China have the most complex diplomatic and economic
relationship in history.

China’s president Xi Jinping made a visit to Seattle in 2015 that drew the CEOs of every top
tech company in America. Of the top 10 companies in the world, seven are tech. Two of these
are Chinese. However, the Chinese government controls tech in their country and prevents
competition from abroad. Only Apple has succeeded in getting its products to market there.

“The only way to succeed globally as a technology leader is to be respected globally.”

Why does the United States have trouble penetrating Chinese markets? Firstly, US and Chinese
consumers have different needs. Secondly, China’s market is difficult to access due to restrictions.
The government mostly only sanctions joint ventures, which are hard to administrate. Thirdly,
China focuses more on public order than on human rights. Social conduct rests on the axiom:
Know thy place. The West is based on freedom of movement and expression. It is crucial that the
two cultures learn from one another. The tech world is divided almost equally between the United
States and China, yet neither has enough influence alone to dominate the globe. Both will lose if
they shut the other out of their markets. If the US and Chinese governments each allege that the
other country’s homegrown technology can’t be trusted, there’s a risk that the rest of the world will
conclude that both are right and turn toward other sources.

www.getabstract.com
6 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET

 Data is the world’s most renewable resource, but is so powerful it must be protected
and monitored.

Data is most valuable when it is aggregated and shared, and when it is renewable it is also “non-
rivalrous.” Currently, however, most data is “siloed” in different institutions. Sharing it effectively
means overcoming not only technical hurdles but legal, organizational, social and even cultural
ones. Data is not the “new oil” as some have described it. It is more like the air people breathe.
The debate about ownership is not unlike the open-source code debates in the 1990s. At that
time, Microsoft protected its code like a patent. They have since learned that innovation relies on
sharing knowledge and resources.

The 2016 election is a potent example of the benefits of collecting data from diverse sources
that are widely shared. The Democratic National Convention calculated the Democrats’ strategy
using specialized “deep” data they collected themselves. The Republican National Convention
used readily available “broad” data from commercial sources instead. This helped them identify
Wisconsin and Michigan as key swing states, which were key to Donald Trump’s victory. The
RNC’s model for calculating strategy “changed the course of American history.”

“Technology innovation is not going to slow down. The work to manage it needs to speed
up.”

Data may be free and ubiquitous, but it can be powerful and needs to be protected. Individual
data should be “de-identified” or aggregated to protect individuals. Companies need to work
together to ensure security, and should be allowed to share data without necessarily giving up
ownership. The US government has made more data publicly available, but there is still more
work to be done. Finally, organizations should agree on a common technical platform. Ultimately,
data should be as accessible as electricity.

About the Authors

President of Microsoft Brad Smith works with international associates on issues regarding
cybersecurity, privacy, artificial intelligence, immigration, human rights and the environment.
The New York Times labeled him the “de facto ambassador for the technology industry at
large.” Carol Ann Browne is the senior director of communications at Microsoft. She works
with Brad Smith on corporate communications worldwide.

Did you like this summary?

Buy book or audiobook
http://getab.li/37640

This document is restricted to the personal use of Nehal Shah (nehal.shah@sap.com)

getAbstract maintains complete editorial responsibility for all parts of this review. All rights reserved. No part of this review may be reproduced or
transmitted in any form or by any means – electronic, photocopying or otherwise – without prior written permission of getAbstract AG (Switzerland).

7 of 7

LoginContext[cu=5368769,ssoId=2725451,asp=2825,subs=6,free=0,lo=en,co=US] 2020-12-11 19:55:39 CET