Do as we say, not do as we do — that seems to be the message from Microsoft, which has criticized the UN for tabling a cybercrime treaty that it says will increase state surveillance in authoritarian regimes. But perhaps we shouldn’t be too quick to buy into Big Tech virtue-signaling.
The upshot of Microsoft’s statement, published on LinkedIn on August 29th, appears to be: it’s fine for Big Tech to collect and manipulate reams of personal data on the public, either for profit or at the behest of Western governments, but it’s not OK when other regimes seek to do it.
Just to be clear, regimes like Iran have been well-documented for their use of tech surveillance to shore up often brutal repression of their citizens. But to anyone with a memory that stretches back more than a decade, Microsoft’s statement must surely reek of hypocrisy.
Its cybersecurity spokesperson Amy Hogan-Burney wrote and published the statement, which essentially criticizes the wording of the treaty in its current form, to coincide with the latest round of UN negotiations on the drafted legislation being held this week. The latter aims at establishing a legal framework to help countries cooperate in the global fight against cybercrime.
“The risk is that the treaty will not be a tool for prosecuting criminals but rather a weapon that allows for intrusive data access and surveillance instruments,” says Hogan-Burney. “The result could be an international agreement granting authoritarian states the power to suppress dissent under the guise of fighting cybercrime.”
Claiming that the “broad scope” of the draft treaty released in May “leaves too much to interpretation,” Hogan-Burney adds: “It should not provide an avenue for authoritarian states to criminalize online content, introduce new surveillance powers, expand cross-border government access to personal data, or potentially criminalize common security practices because of ambiguity in the text.”
This may well be a fair point. However, one can’t help but question Microsoft’s true motives here. Let’s not forget that the company itself was implicated by the Edward Snowden whistleblower leaks in 2013, which accused it of handing over troves of user data to the National Security Agency in the US. Not to mention investing heavily in AI, which feeds on user data at scale to turn a profit.
Indeed, given that democracies have proven to be more than capable of intrusive data collecting practices with the collusion of Western tech companies, pointing the finger at authoritarian regimes, repressive though they may be, might not be the smartest play for Microsoft.
Rather than make it look like a guardian of the online ‘good guys,’ its declaration on LinkedIn — itself long-criticized as a platform for corporate types wishing to virtue-signal while circle-jerking to their hearts’ content — simply invites the all-too-obvious question.
And, just in case that needs spelling out, it is: could it be that Microsoft, like all Big Tech companies, fears not so much authoritarian regimes but rather democratically elected governments, who might finally be responding to citizens’ growing awareness and criticism of their data being used without consent?
Apparently unfazed by such considerations, Hogan-Burney writes: “The text [of the UN treaty draft] also does not contain language protecting lawful cybersecurity work that keeps the digital ecosystem secure. We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected.”
Provisions for what constitutes criminalization, she adds, are too vague and do not include a reference to “criminal intent” to “ensure activities like penetration testing remain lawful.”
White-hat hackers and Iranian dissidents, you can sleep soundly in your basement bunkbeds from now on: because Microsoft has your back.
“Surveillance could unfold in total secrecy, undermining human rights and national security,” Hogan-Burney adds. “Such a broad expansion of state surveillance powers will inevitably clash with existing data protection standards around the world, lead to significant jurisdictional disputes, and ultimately undermine rather than boost global efforts to fight cybercrime.”
And what existing data protection standards might those be, one wonders? The ones that still allow tech giants like Google and Microsoft, or AI nouveau arrives such as OpenAI, to hoover up vast amounts of the stuff and sell it on to third-parties or use it to train their super machines for a profit, without even giving us, the true custodians, a cut?
Authoritarian regimes like China, Iran, and Russia are notorious, and probably deservedly so — but that notoriety makes them easy targets, at least in the Western world. Tech giants hiding in plain sight appear to be more difficult, and that is precisely why we should beware of them.
Your email address will not be published. Required fields are markedmarked