Today, Jean-Baptiste Lemoyne, France’s Minister of State attached to the Minister for Europe and Foreign Affairs, announced remarkable progress toward securing cyberspace. The community of Paris Call signatories is growing and taking new initiative to thwart attacks that threaten our democracies, economies and public services. The number of signatories of the Paris Call for Trust and Security in Cyberspace, announced a year ago, has nearly tripled to more than 1,000 and now includes 74 nations; more than 350 international, civil society and public sector organizations; and more than 600 private sector entities. These commitments to the Paris Call from around the world demonstrate a widespread, global, multi-stakeholder consensus about acceptable behavior in cyberspace.
The principles in the Paris Call address real-world challenges we’re facing today, like preventing foreign interference in elections, protecting availability of the internet, and curbing attacks on critical infrastructure. Importantly, supporters are committed to working together in a multi-stakeholder model, with governments, industry, academia and civil society collaborating to protect our cyberspace from nation-state threats, including attacks on our democratic processes.
Nations now supporting the Paris Call reflect the broadening mandate for international action to address cyberthreats with 10 Latin American nations, 13 Asian and Pacific signatories and eight African nations joining with 42 European states and Canada. In total, Paris Call signatories represent almost 40 percent of United Nations member states.
Enterprises in more than 60 countries and civil society groups in more than 65 countries have now joined, with respected retailers like Migros of Switzerland and Rakuten of Japan; financial services and insurance companies like CIMB Group in Malaysia and AXA Group in France; the global logistics leader Deutsche Post DHL Group; media and telecommunications providers like Sky and Telefonica; as well as civil society organizations like the German Marshall Fund of the United States and the Vatican’s Pontifical Academy for Life. More than 60 enterprises and civil society groups in India have joined, although the Indian Government has not yet made its commitment…
It never occurred to me that Hospitals are soft targets. I’m mostly not alone in this fact. The reasons why scare the daylights out of me, and with cost pressures and the movement towards everyone being able to participate, this will only get work.
Now would be a good time to think of Hospital security in the same manner of our Election systems and other government entities, even if the Hospital is an official for-profit facility. The bad actors don’t make the distinction.
Over 32 million people have had their health information breached this year, in 311 hacking incidents against health care providers that are under investigation by the Department of Health and Human Services.
The big picture: Complex, bloated hospital systems are a glaring weak spot in U.S. cybersecurity — and there are limits on the government’s power to help…
Today we’re sharing that the Microsoft Threat Intelligence Center has recently tracked significant cyberattacks originating from a group we call Strontium, also known as Fancy Bear/APT28, targeting anti-doping authorities and sporting organizations around the world. As the world looks forward with anticipation to the Tokyo Summer Games in 2020, we thought it important to share information about this new round of activity.
At least 16 national and international sporting and anti-doping organizations across three continents were targeted in these attacks which began September 16th, just before news reports about new potential action being taken by the World Anti-Doping Agency. Some of these attacks were successful, but the majority were not. Microsoft has notified all customers targeted in these attacks and has worked with those who have sought our help to secure compromised accounts or systems.
This is not the first time Strontium has targeted such organizations. The group reportedly released medical records and emails taken from sporting organizations and anti-doping officials in 2016 and 2018, resulting in a 2018 indictment in federal court in the United States…
You can protect yourself from these types of attacks in at least three ways. We recommend, first, that you enable two-factor authentication on all business and personal email accounts. Second, learn how to spot phishing schemes and protect yourself from them. Third, enable security alerts about links and files from suspicious websites.
With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.
Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia, are needed more than ever to help defend democracy.
So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.
Our ElectionGuard demo will showcase three core features.
First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.
Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.
Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.
ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.
No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.
Microsoft recently hosted a screening of the documentary film “Netizens”, which examines the online harassment of women and the non-consensual distribution of intimate images, what is commonly but unartfully referred to as “revenge porn.” The event, which included a multi-stakeholder panel discussion, underscores the need for all groups to work together to tackle online hate and abuse and to promote digital civility and safer and more respectful online interactions.
At Microsoft, we believe “whole society” strategies hold the greatest promise for addressing issues like online harassment and the non-consensual distribution of intimate images. It was nearly four years ago that we announced our approach to the non-consensual distribution of intimate images on our consumer services. At the time, we sought to put victims back in control of their privacy, stating that when contacted by a victim or his or her representative, Microsoft would remove links to photos and videos from Bing search results and remove the content itself when it was shared on OneDrive or Xbox Live. We created a dedicated web form for making such reports to us.
Digital civility and ‘Netizens’
In addition, Microsoft was eager to collaborate with Lowen and her team given the close alignment to our own ongoing campaign for digital civility, fostering safer, healthier and more respectful online interactions among all people. Our work in digital civility started in 2016, and we’re about to field our fourth installment of global perception and attitudinal research. Each year, we survey teens and adults about their exposure to more than 20 online risks, including “sexploitation” and the non-consensual distribution of intimate images.
To learn more about the film, visit the “Netizens” website and consult these Microsoft resources: online bullying and harassment factsheet, risks of sexting factsheet. For more on general online safety issues, visit our website and resources page. And, for regular news and information about online safety, connect with us on Facebook and Twitter.
Over the last few months, there has been a debate in our industry about when and how technology companies should work with the government, and specifically whether companies should supply digital technology to the military, including here in the United States. Yesterday, Satya Nadella and I addressed this issue in a conversation with our employees at the company’s monthly Q&A session. Given the public interest in this question, we want to be transparent both internally and externally on where Microsoft stands on these issues.
As we explained at our Q&A session, our work as a company in this space is based on three straightforward convictions.
We believe in the strong defense of the United States and we want the people who defend it to have access to the nation’s best technology, including from Microsoft.
We appreciate the important new ethical and policy issues that artificial intelligence is creating for weapons and warfare…
We understand that some of our employees may have different views…