back to article Microsoft president says the world needs a digital Geneva Convention

Microsoft president Brad Smith appeared before the UN in Geneva to talk about the growing problem of nation-state cyber attacks on Thursday. Smith, also Redmond's chief legal officer, last month publicly accused North Korea of the WannaCry ransomware attack. During the UN session on internet governance challenges, Smith made …

  1. Anonymous Coward
    Anonymous Coward

    Geneva Convention

    Worked so well for torture and waterboarding...

    1. Mark 85

      Re: Geneva Convention

      Add in several wars and all the bad crap happening to civilians in Africa and other places that UN says should stop but never do anything to stop it.

      I won't get into the corruption and self-centeredness of the delegates to this organization and the amount of time and money spent on the trappings such as banquet food, travel, redecorating, etc.

      1. Trigonoceps occipitalis

        Re: Geneva Convention

        " ... UN says should stop but never do anything to stop it."

        The UN has no way to apply economic or violent power. It has to rely on the member states stepping up. The UN can be many things to many people but has to rely on political influence for all it's actions. Have a go at your government if you have a beef with the efficacy of the UN.

    2. TheVogon

      Re: Geneva Convention

      "Worked so well for torture and waterboarding..."

      Well it could do but the US chooses to ignore the ICC which could prosecute such offences...

  2. hplasm
    Devil

    Be careful what you wish for-

    A digital 'Geneva Convention' could lead to charges for 'Digital Warcrimes', eh, Microsoft?

    1. Anonymous Coward
      Anonymous Coward

      Digital Warcrimes

      Can we call the inventor of farmville to the hague?

    2. Anonymous Coward
      Anonymous Coward

      Re: Be careful what you wish for-

      For real, being that MSFT is probably more responsible than any other organization for the vulnerabilities.

      1. Anonymous Coward
        Anonymous Coward

        Re: Be careful what you wish for-

        "being that MSFT is probably more responsible than any other organization for the vulnerabilities."

        You must not use Java, Flash or Adobe Reader then?!

  3. bombastic bob Silver badge
    Facepalm

    yet another meaningless symbolic gesture

    a "cyber geneva convention" - what, do evil hackers have to SIGN ONTO this before they begin cracking your systems?

    It's a meaningless symbolic gesture, like wearing a silly ribbon, or giving a Nobel prize to someone who didn't really do anything [no names here but his initials are B.O.], or half a dozen OTHER "symbolism over substance" things that anyone paying attention could think of [because it happens a LOT].

    Usually when _I_ make a symbolic gesture, it has a binary value of 00100, and carries an explicit meaning. I give this "symbolic gesture" to the whole CONCEPT of a "digital Geneva Convention" for the obvious reasons.

    Icon because I'm facepalming (another symbolic gesture that is not so meaningless)

    /me points out that it's usually not GUMMINTS doing this crap. And if it IS gummints doing it, and people know about it, they've completely *FAILED*.

    1. Teiwaz

      Re: yet another meaningless symbolic gesture

      [no names here but his initials are B.O.

      Jeez Bob, is that only when it came to your attention Nobel prizes were now given out like honorary degrees???

      Take a gander at the list of the buttered up well after the N.I. Good Friday agreement....

      These days former Presidents with one is practically a formality.

  4. Anonymous Coward
    Facepalm

    Instead of more regulation...

    ... try to get hold of people who actually know what they're doing to get the job done for you.

    And also listen to them. If some co-worker warns you about the fact that the IOT stuff you sell is pretty bogus then don't fire them because of bad motivation, but listen to what they have to say so that you can work a middle ground to actually improve on your product.

    But as long as money is more important than quality then this is what you get. And when you produce crappy software then it's only a matter of time because someone is going to try and abuse it. No shit sherlock!

  5. Anonymous Coward
    Anonymous Coward

    Yes, we need a digital 'Geneva Convention'

    And Microsoft should not be invited to attend it.

    1. Mark 85

      Re: Yes, we need a digital 'Geneva Convention'

      And Microsoft should not be invited to attend it.

      Nah.. by all means invite them and give them special status: "How not to do stuff such as solid code, security, etc".

    2. Anonymous Coward
      Anonymous Coward

      Re: Yes, we need a digital 'Geneva Convention'

      Just as observers. This is diplo-speak for "can't add anything useful to the discussion".

  6. Anonymous Coward
    Anonymous Coward

    Microsoft spends $1bn on security innovation a year.

    Maybe if they'd coded properly in the first place they wouldn't need to?

    So here's a question for Microsoft: How much do you spend per year that isn't fixing flaws in your own code base? I'm guessing not much.

    Now subtract the effort spent fixing not the code, but the exploitations, and I'm guessing down to the lowest round number. Assuming "zero" counts as a number. Mathematicians, over to you.

    1. Mark 85

      Re: Microsoft spends $1bn on security innovation a year.

      Point of order... replace "innovation" with "cluster f**ks" in your title and you're spot on.

  7. Jim-234

    Typical pass the blame for bad design

    Yet another self serving line of PR garbage. Take the last sentence:

    "90 per cent of attacks begin with someone clicking on an email... We need to protect people from their bad habits," he noted. ®"

    How about you don't make products that can be totally hijacked by opening up an e-mail or viewing a web page.

    Calling garbage insecure design from the get go people's bad habits is a bit self serving.

    Asking people nicely to please not hack into your insecure products is about the same as asking the burglars to please not open your door and walk out with all your stuff because a good lock is too hard to make or replace.

  8. DagD

    Speaking of Microsoft

    They need to be more worried about all the scanning nodes that are being hosted in their Azure cloud.

    Especially Singapore.

    1. Chemical Bob

      Re: Speaking of Microsoft

      Ah, but those nodes are being set up by Paying Customers. If MS did something about that, they'd lose Paying Customers which leads to Not Making Money. And nobody has figured out how to monetize Not Making Money.

      On second thought, Uwe Boll has figured out how to monetize that...

  9. Anonymous Coward
    Anonymous Coward

    Start

    They should start by talking to the biggest offenders of MS software, the NSA and CIA....

  10. Anonymous Coward
    Anonymous Coward

    Montreal Convention

    For lost / leaked data maybe might be a better idea, but better payouts than lost luggage....

  11. Dave Lawton

    Disapointed

    Before I read the article, I thought it might be about The Doctor's alter ego, or Sarah Janes' computer :(

  12. Dave Lawton
    Holmes

    Email

    "90 per cent of attacks begin with someone clicking on an email... We need to protect people from their bad habits," he noted.

    Perhaps spending some of your billions to produce a decent, standards compliant , properly threading, HTML free email client, would a very good start.

    1. Charles 9

      Re: Email

      What standard?

      And non-HTML left the stable long ago as money-saving customers likely requested it, and you know what they say about the customer (especially the money-saving one) always being right...

      1. sitta_europea Silver badge

        Re: Email

        [quote] What standard? [/quote]

        You've never been a mail administrator, have you?

  13. unwarranted triumphalism

    Terrorists' Charter

    Now we can have an online version, hooray for us.

  14. Anonymous Coward
    Terminator

    Microsoft on the sorry state of IoT security :]

    "Microsoft president Brad Smith .. made the case for a cyber equivalent of the Geneva Convention. He started off by noting the sorry state of IoT security"

    Haaaar :]

    "If you can hack your way into a thermostats you can hack your way into the electric grid"

    Only if you're controlling the grid through SCADA systems running on Microsoft Windows.

  15. Gigabob

    Well OK then...

    If we just trust one another and sit together by the campfire and sing cum bay ya. It worked so well for Donald Trump. When he had an issue with US Electioneering influence - he went right to the source, Vlad Putin and Putin convinced him he had noting to do with it and Russia was not involved. God what I could do with that guy and the great potential for more Florida swamp land.

  16. fishman

    And the MPAA and RIAA

    The MPAA and RIAA would be right there to ensure that copyright issues would be at the top of the pile.

  17. Gigabob

    But would the US Sign on?

    Note the effort to ban landmine use throughout the world. With 164 UN signatures - there are a few prominent exclusions - the US, Russia, China, India, the Koreas, etc. I expect to see the same exclusions on a Geneva Code of Conduct for Cyber Behavior. That said - it is still a good idea to codify proper cyberspace behavior. The best thing that can come from it is a series of standards on how to protect your organizations, security standards that need to be in place for network and data traffic including encryption.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon