The Red Cross Presses Silicon Valley To Fight Cyberwarfare
Atrocities in Syria, Sudan, Yemen, and Myanmar may mock the concept of rules of war. But the Geneva Conventions on humane treatment of soldiers and civilians at least offer a vocabulary to call out crimes. They also provide a mandate and framework that enables the International Committee of the Red Cross (ICRC), created in the same 1860s activist movement as the Geneva Conventions, to deliver humanitarian aid in war zones. That challenge is in stark relief this week: (October 12, 2017), the group said it would “drastically” reduce its operations in Afghanistan after seven of its members were killed in attacks this year. (Natural disaster relief is provided by affiliated organizations like the American Red Cross.)
But war zones and war relief extend to cyberspace—through hacks that take out infrastructure as effectively as a bomb, through online posts that can provoke real-life violence, and through humanitarian needs that encompass connectivity and education. That’s the view of Peter Maurer, a Swiss diplomat and United Nations veteran who became president of the Geneva-based ICRC in 2012. Fast Company met up with him while he was on the U.S. West Coast to visit companies like Microsoft, Twitter, Facebook, and Salesforce, as well as the Gates Foundation and the Swissnex incubator in San Francisco.
During his meetings with top tech execs like Salesforce CEO Marc Benioff, Maurer didn’t just ask for tech assistance, like help developing apps or analyzing data. Maurer challenged companies to recognize that their products can not only be attacked (as in the hack of Sony in 2014), but can also be weaponized, as in the ability to amass compromising personal data.
He also pressed them to appreciate humanitarian law concepts like proportionality, precaution, and distinction that distinguish between military targets that can be attacked and civilian entities to be spared. Believing that governments are currently uninterested in limiting cyberwar, Maurer is instead encouraging companies to prevent their technologies from becoming instruments of war.
The following are highlights from a longer conversation.
Fast Company: You’re visiting tech companies on the West Coast. What’s the occasion?
Peter Maurer: We live in an environment in which connectivity and cyberspace are transforming all workplaces, including the humanitarian workplace. And in that sense I would say the traditional model of the humanitarian organization, which fundraises and transfers money into humanitarian services, is also challenged by the fact that people are increasingly connected, and we are increasingly living in a virtual world.
How can we think, together with digital companies, of how to respond to the fact that conflict is moving into the virtual space? What is the humanitarian impact of an adverse cyberattack on critical civilian infrastructure? What is the threshold from just an incident to an act of war?
FC: Would something like inciting violence fall under cyberwar?
PM: I wouldn’t exclude inciting violence as an element of concern because we know [it] can have humanitarian impact…The Rwandan genocide 23 years ago was an inciting of violence through radio, which led to a major humanitarian disaster.
FC: Would you say you’re at the early stage of getting the dialog started? Are there particular agenda items?
PM: Basically my sense is the following: There are two options, and each one starts with the same [task.] We have to have some common understanding of terms and terminologies and the problem…What is an attack? What is a military operation?
Then we come to the question: Is there a political will to regulate some of those aspects [of technology]? At the present moment, it is our assessment that none of the countries that have cyber warfare capacities…has a pronounced political will to engage in a legal negotiation about regulating this kind of conflict.
The second, softer approach will be: Can professional communities working on those issues develop norms and standards, which will make their way into regulating the sector?
I mention this because ICRC is an organization that…brings communities of practice together, developing standards…for humanitarian assistance…If I look for instance at our standard-setting practice for protection [of prisoners] in detention or…on war surgery…it’s saving lives. So standard setting of professional communities and companies can have the potential of life saving and therefore is a positive contribution to an overall humanitarian objective.
FC: Are there particular concrete things that you’ve been talking to companies about?
One of the critical problems is the transformation of needs. I think that for 150 years when you asked anybody in the world what humanitarian [aid] was, they would have told you it’s about medical [care], water, sanitation, shelter, food. [But] today a lot of what we do is basically electricity, connectivity. That has become a need. Education has become a need. Psychosocial concerns have become a need… How do we read in a more sophisticated way that needs landscape?
It’s kind of a no-brainer to find the app, which [helps] doctors and nurses to assess diseases in children between 0 and 5 years old. But what is the analytics app to identify or to help victims of sexual violence to overcome the trauma?
What I’ve found immensely encouraging in these conversations with companies is these “wow” moments. We say, “Wow, I didn’t know this technology exists.” And they say, “Wow, I didn’t know that this problem exists.”
Related: Inside The 3D-Printed Limb Factory
FC: What are some of those “wow” moments?
PM: [For companies, it was] the delicacy of using data in highly sensitive environments. What are the data security frameworks that we should work upon? What are the protocols for exchanging data?…The use of data in a country like [the U.S.] is a data privacy issue, which is important. [But] the use of data in the context in which we operate is a matter of life and death. (The ICRC released a handbook on data protection policies earlier this year.)
FC: In terms of cyberwarfare are there any “wow” moments that you can discuss?
PM: I think many [companies] have not thought about the details of…the Geneva Conventions and how to read cyberwarfare in that perspective…What ICRC brings to the table is perspective identifying the 10 or 15 key terms and terminologies that have regulated the minimal rules in warfare in the past. Proportionality, precaution, distinction [between civilian and combatant], attacks, civilian, military, direct participation [of civilians in hostilities]—these are the key concepts of what international humanitarian law represents.
FC: What could Microsoft, for example, do to make cyberwarfare harder? Would it be through some security protocols or licensing terms of technology?
PM: What we would hope for is awareness about the dangers and the readiness to agree on some rules to respect. It’s a conversation, which has to be broader than just with Microsoft, but I mention them because they have been at the avant garde of thinking about and articulating these concerns. (In February, Microsoft called for a “Digital Geneva Convention” to rein in cyberwarfare.)
I think [it would be helpful] even if we would have some ideas on the key concept, on the basic rules to respect, on…where do you build blockages into cyber capacities.
There is an interesting convergence between the private sector and humanitarian organizations on some points…Business has a strong interest of being neutral in conflict because [that] makes your business grow…If you are not in weaponry and if you think that your main market is the peaceful use of cyber capacities to solve problems—not to screw up the world—then neutrality is an interesting posture. And impartiality and professionalism are interesting postures.
Fast Company , Read Full Story
(89)