Today, with the launch of the CyberPeace Institute, the world will gain an important new ally in understanding the impact of cyberattacks, in working to develop rules for proper conduct in cyberspace and in helping the most vulnerable victims of cyberattacks become more resilient.
Today’s news is important because cybersecurity is one of the more critical issues of our time. The escalating attacks we’ve seen in recent years are not just about computers attacking computers – these attacks threaten and often harm the lives and livelihoods of real people, including their ability to access basic services like health care, banking, and electricity. In May 2017 it took the WannaCry attack just hours to impact more than 300,000 computers in 150 countries including systems that supported the National Institute of Health in Great Britain. Six weeks later, NotPetya disabled an estimated 10 percent of all computers in Ukraine, crippling businesses, transit systems, and banks there before halting the systems of multinational corporations around the world and suspending operations of one of the world’s leading shipping companies. At Microsoft, we track cyberattacks by dozens of nation-state actors, and activity continues to increase.
It will take a multi-stakeholder effort to address these issues. The internet is the creation of the private sector, which is primarily responsible for its operation, evolution, and security. But governments have an important role to play in observing and enforcing norms for conduct in cyberspace and in deterring damaging attacks by other nations. Governments, the private sector, civil society and academia must be part of discussing solutions and taking concrete steps to protect people. Badly needed in the fight against cyberattacks is a credible source of research and analysis about the impact of cyberattacks around the globe on world citizens. Another important gap is the need for immediate help and advocacy for the most vulnerable victims of these attacks. For years, nongovernmental organizations around the world have provided on-the-ground help and vocal advocacy for victims of wars and natural disasters, and have convened important discussions about protecting the victims they serve. It’s become clear that victims of attacks originating on the internet deserve similar assistance, and the CyberPeace Institute will do just that.
For these reasons, Microsoft has joined the Hewlett Foundation, MasterCard and other leading organizations as initial funders of the institute. The institute will be independent, and we anticipate it will have a significant impact on the three core areas where it will function:
Assistance: Coordinating recovery efforts for the most vulnerable victims of cyberattacks and helping vulnerable communities and organizations become more resilient to attacks.
Accountability: Facilitating the collective analysis, research, and investigation of cyberattacks, including by assessing their harm, and bringing greater transparency to the problem so everyone has better information to inform action.
Advancement: Promoting responsible behavior in cyberspace and advancing international laws and rules.
We believe customers have a right to know when law enforcement requests their email or documents, and we have a right to tell them. The reason is simple – we believe our customers own their data and have the right to control it. Absent extraordinary circumstances, government agents should seek data directly from our enterprise customers, and if they seek our customers’ data from us, they should allow us to tell our customers when demands are made. We believe strongly that these fundamental protections should not disappear just because customers store their data in the cloud rather than in file cabinets or desk drawers.
When a law enforcement agency presents Microsoft with a legally valid warrant, court order or subpoena requesting data that belongs to one of our enterprise customers, we seek to redirect that request to the customer. And in the vast majority of cases, that is exactly what happens. There are times, however, when the government comes to us for data and prevents us from telling our enterprise customers that it is seeking their data. We agree that there are some limited circumstances in which law enforcement must be able to operate in secret to prevent crime and terrorism and keep people safe. And while we agree that secrecy orders that prevent us from notifying our customers may be appropriate in those limited circumstances, we also believe there are times when those orders go too far. In those cases, we will litigate to protect our customers’ rights.
Curbing the overuse of secrecy orders
We filed a lawsuit in late 2018 to protect these rights, which was recently unsealed by a U.S. District Court. This legal challenge follows our prior litigation to curb the overuse of secrecy orders and highlight the growing need for principles to govern law enforcement access to data in the United States and internationally. This is an important fight we take on out of principle, and it is a fight we will continue to mount.
We take this responsibility seriously and have repeatedly called for principles to govern law enforcement access to data in the United States and internationally. The first such principle is the universal right to notice — i.e., absent narrow circumstances, users have a right to know when the government accesses their data, and cloud providers must have a right to tell them. Moving into the 21st century should not mean a brand-new rule that allows the government to execute a warrant without any notice to the target of that warrant.
What I find coincidental about this posting on the same day history-making news was announced surrounding national political events. The announcement of impeachment inquiries has in part been a result of insecure voting. As the great national security philosopher, Malcolm Nance, once stated: Coincidences take a lot of planning.
In May, Microsoft CEO Satya Nadella announced ElectionGuard, a free open-source software development kit (SDK) from our Defending Democracy Program. ElectionGuard is accessible by design and will make voting more secure, verifiable and efficient anywhere it’s used in the United States or in democratic nations around the world. Today we’re announcing that ElectionGuard is now available on GitHub so that major election technology suppliers can begin integrating ElectionGuard into their voting systems.
The ElectionGuard resources available on GitHub today extend across four GitHub repositories, or storage spaces, each described below.
ElectionGuard specification. The ElectionGuard specification includes both “informal” and “formal” road maps for how ElectionGuard works. The informal spec is authored by Dr. Josh Benaloh of Microsoft Research and provides the conceptual and mathematical basis for end-to-end verifiable elections with ElectionGuard. The formal spec contains detailed guidance manufacturers will need to incorporate ElectionGuard into their systems, including a full description of the API – which is the way voting systems communicate with the ElectionGuard software – and the stages of an end-to-end verifiable election.
Software code. This repository contains the actual source code vendors will use to build their ElectionGuard implementations. It is written in C, a standard language commonly used by open-source software developers and includes a buildable version of the API. This documentation is also viewable here. This code was built together with our development partner Galois.
Reference verifier and specification. As we announced in May, ElectionGuard enables government entities, news organizations, human rights organizations, or anyone else to build additional verifiers that independently can certify election results have been accurately counted and have not been altered. The resources available on GitHub today include a working verifier as well as the specifications necessary to build your own independent verifier.
The dialogue at this year’s United Nation’s Climate Summit has a refreshing air of sober reality. The urgency of the climate crisis has by now fully been absorbed, and the conversation has turned to the practical matter of what needs to be done to mitigate the worst impacts of a rapidly changing climate and adapt to that which we cannot avoid.
This means that the time of raised ambitions and grand announcements without clear action plans is also past. That is why we are focusing this week on new and specific contributions both inside and outside our four walls that have the potential to meaningfully impact environmental outcomes. We have been doing this work for more than a decade and, in April of this year, we doubled down on our ambitions with a clear focus on doing more where it makes the most difference — beyond operational changes and increasingly on how we put technology to work for the planet. With that in mind, I’m sharing several concrete developments and markers of progress, including:
Aligning our operations with a 1.5C climate scenario: It’s clear, given the science, that targets should be even more ambitious than the Paris Accord targets, which mapped to a 2-degree rise. Today, we’re pleased to say that our renewable energy target has been certified by the Science-Based Target Initiative (SBTi) as aligned to a 1.5-degree Celsius future. The certification is meaningful for two reasons — first, we believe that actions should be driven by the best available science, and SBTi uses that as a core criterion for approval and second, because what is most important is not just setting targets — it’s meeting them. Science-based targets offer important measurement and accountability that is critical to assess if we’re making the progress the world needs, in the time frame we have available.
Extending carbon reduction work into our supply chain: Today, we’re setting a target reduction for our value and supply chain via our new SBTi-certified target, which will see us cut these emissions by at least 30 percent by 2030. Our supply chain referred to in carbon accounting as Scope 3 emissions as indirect carbon emissions associated with anything from manufacturing to customer use of devices to employee airline travel, are far larger than our operational footprint. This is true for many companies and nearly all technology companies. We have already worked to drive transparency in this space, with more than 105 of our top suppliers reporting through the CDP (formerly the Carbon Disclosure Project), and will look to continue to do more in this space in the coming year.
Going from carbon-neutral operations to carbon-neutral products: Microsoft’s business operations have operated carbon neutral since 2012. Today we are beginning the journey of extending that to our products and devices with a pilot to make 825,000 Xbox consoles carbon neutral. These are the first gaming consoles to be carbon neutral. While just a pilot, we’re already looking at what we can do to further reduce and neutralize carbon across devices in the future.
Putting technology in the hands of others for the good of the planet: The investments we’ve made to make our devices and datacenters and supply chain greener are good for the planet but have an exponential impact when the world is using these greener computing resources to power new AI breakthroughs for the planet. That’s why we’re continuing to expand our AI for Earth program with new grant partners like Conservation X Labs, National Geographic Society, and World Resources Institute. We now have more than 430 grantees in 71 countries and just released our first APIs and code on our website and GitHub. The newest members of AI for Earth include the young leaders who participated in the Youth Summit’s Summer of Solutions.
…But progress is indeed possible. That’s not a naïve hope but one based on evidence: technology breakthroughs over the past few years, new work underway across our business, and a growing appetite from customers to digitally transform their businesses with sustainability in mind. We’re celebrating today in New York, and tomorrow we get back to work. I hope you’ll join us.
Today, as part of Microsoft’s Defending Democracy Program, we are announcing that we will provide free security updates for federally certified voting systems running Windows 7 through the 2020 elections, even after Microsoft ends Windows 7 support. I would like to share more on why we help customers move away from older operating systems and why we’re making this unusual exception.
We launched Windows 7 in 2009, the same year the Palm Pre launched, Twitter took off, mobile phone navigation was just coming to market, and floppy disks were still selling by the millions. Software built for that era cannot provide the same level of security as a modern operating system like Windows 10. When we released Windows 7, we committed to supporting it for 10 years, and we’ve honored that commitment. We’ve also reminded customers about this along the way including, most recently, in January and again in March. This process is similar to how we’ve ended support for other operating systems in the past, and the majority of our customers have already made the move to Windows 10.
As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process – a process we are working with government officials to update and make more agile.
Since we announced our Defending Democracy Program, we’ve focused on bringing the best of Microsoft’s security products and expertise to political campaigns, parties, the election community, and democracy-focused nongovernmental organizations. This includes our AccountGuard service, which we offer at no additional cost, and ElectionGuard, which we’re making available for free and open-source…
Microsoft applauds the European Banking Authority’s revised Guidelines on outsourcing arrangements which, in part, addresses the use of cloud computing.
“The EBA framework is a great step forward to help modernize regulation and take advantage of cloud computing,” writes Microsoft Assistant General Counsel Dave Dadoun in a post on Transform.
“Because this is such an important milestone for the financial sector, we wanted to share our point-of-view on a few key aspects of the guidelines, which may help firms accelerate technology transformation with the Microsoft cloud going forward,” he says.
An aerial view of part of Iceland. Photo by Anders Jildén.
By Andrea Erickson-Quiroz, Managing Director, Water Security at The Nature Conservancy
As astronomists look out further into the vast expanse of space, it’s increasingly clear how unique our blue planet is. Our oceans and rivers separate Earth from every other planet we’ve discovered so far. But in our daily lives, we don’t always appreciate how precious this natural resource really is.
In fact, water insecurity is a growing threat around the world, and it will get worse if we don’t arrive at some immediate innovative solutions. And while technological innovation shapes nearly every other aspect of our lives, we’ve been slow to apply tech solutions toward one of the greatest challenges of our time.
As our changing climate puts more stress on the availability and quality of water worldwide, we urgently need a shift in perspective with a new focus on innovative solutions to water security.
CONIN uses the Microsoft cloud to help eradicate child malnutrition in Salta, Argentina. Photo courtesy of CONIN.
Two years ago, we brought together a team of engineers, philanthropists, sales and business development professionals all with the singular focus to help every nonprofit to transform with technology. Our aim has been to create solutions that are purpose-built for nonprofits to help them both be more efficient operationally and effective programmatically.
The majority of nonprofits around the world each have less than 10 employees. These are often local community organizations on the frontlines of saving lives, providing critical education support in underserved communities, protecting the environment and wildlife, delivering meals to those who need it most, and so many other critical missions. Small nonprofits are at the greatest risk of being left behind in the digital world. Their size, funding and infrastructure do not always accommodate purchasing the latest technology, training their employees on how to use it, employing designated IT staff, or investing in resources to keep their organization secure. In fact, a study from Microsoft found that 60 percent of nonprofits report having no organizational digital policy to manage cybersecurity risk, and 74 percent do not take critical security steps to ensure email accounts are not compromised.
As a result, many small nonprofits are missing out on modern collaboration tools and operational efficiencies in the cloud that can create greater value. Due to limited capacity, outdated solutions are often deployed that offer limited security, leaving small nonprofits — and their beneficiary and donor data — vulnerable to cybersecurity attacks from hackers who see them as an easy mark. The consequences of this are real: If nonprofits don’t have cybersecurity practices in place, their data is at risk, especially for nonprofits based in high-risk areas where factors such as war and geo-politics are at play.
At Microsoft, we are committed to learning how to better serve this sector each day and evolving our social business model to help move nonprofit missions forward and drive social good. And driving that deeper impact can be furthered with our best-in-class productivity tools in a secured cloud environment for every nonprofit…
It’s been clear to us for some time that the digital divide in this country is an urgent national crisis that must be solved. Since 2017, we’ve been working with internet service providers to do just that, through our Airband Initiative, and we’re on track to cover 3 million Americans in unserved rural areas by 2022.
It’s encouraging to see this issue rise in national prominence, through funding from the administration, congressional legislation and most recently new proposals introduced by several candidates for the Democratic presidential nomination. While there’s been some progress already, solving the broadband gap will require active engagement as well as effective policy proposals from all parts of the public sector.
It’s time to recognize that inequal access to broadband translates into inequality of opportunity. People in rural areas that lack broadband face higher unemployment rates, see fewer job and economic opportunities and place children from these communities behind their suburban and peers in school. Of course, this is not just a rural issue – broadband deserts exist within very urban areas as well, where costs can be unaffordable and availability non-existent...<snip>
The objective of the GIFCT has always been to substantially disrupt terrorists’ ability to promote terrorism, disseminate violent extremist propaganda, and exploit or glorify real-world acts of violence on our services. We do this by joining forces with counterterrorism experts in government, civil society and the wider industry around the world. Our work centers around three, interrelated strategies:
Joint tech innovation
Knowledge sharing
Conducting and funding research
Today, building on the commitments we made as part of the Christchurch Call to Action, we are adding a fourth pillar to our work that will focus on crisis response. Specifically, we are introducing joint content incident protocols for responding to emerging or active events like the horrific terrorist attack in Christchurch, so that relevant information can be quickly and efficiently shared, processed and acted upon by all member companies. We are also releasing our first GIFCT Transparency Report and a new counterspeech campaign toolkit that will help activists and civil society organizations challenge the voices of extremism online.
And as we head into our third year as GIFCT, we are pleased to welcome Pinterest and Dropbox as members. We will continue to add new members, particularly smaller companies that could benefit from the collective experience of GIFCT members.
More than 200,000 unique hashes now in our joint database
When terrorists misuse the internet, they often upload the same piece of content to multiple platforms to maximize their reach. To disrupt this behavior, we jointly developed a shared industry database of “hashes” — or digital fingerprints — that allows us to safely share known terrorist images and video propaganda with partner companies. This enables us to more quickly identify and take action against potential terrorist content on our respective platforms…
First GIFCT Transparency Report
We have heard loud and clear from government and civil society that we need to be more transparent about what we are working on as an industry. As a result, today we are releasing our first-ever GIFCT Transparency Report. The report goes into detail about the GIFCT’s primary work streams, providing greater insight into how the Hash Sharing Consortium has defined terrorist content, and the volume and types of content included in the database. The full transparency report, which is available here, will complement the transparency reports put out by individual GIFCT member companies.
A toolkit to counter violent extremism
When we committed to the Christchurch Call to Action and issued a nine-point plan outlining concrete steps we plan to take as an industry, we said, “We come together, resolute in our commitment to ensure we are doing all we can to fight the hatred and extremism that lead to terrorist violence.” Never has that commitment been more important. As industry partners, we continue to prioritize and deepen engagement with governments, civil society, and smaller tech companies around the world…
Enabling and empowering companies to respond to crises like Christchurch
Perhaps most importantly, today we are adding a fourth pillar to the GIFCT’s core mission: enabling and empowering companies to respond to crises like Christchurch. The horrific terrorist attack highlighted the importance of close communication between members, and between government and the wider industry, which is why we are introducing joint content incident protocols to enable and empower companies to more quickly and effectively respond to emerging and active events…
We are grateful for the support of and collaboration with governments, international organizations, and NGOs around the world, including the EU Internet Forum and the UN Counter-Terrorism Executive Directorate. We look forward to sharing more updates in the coming months.
Microsoft president Brad Smith sent the following email to all Microsoft employees following announcements by the U.S. Department of Justice and the U.S. Securities and Exchange Commission that they had reached an agreement with Microsoft to settle claims of violations of the Foreign Corrupt Practices Act.
From: Brad Smith
Sent: July 22, 2019
To: Microsoft – All Employees
Subject: There is no room for compromise when it comes to ethical business practices
I’m disappointed to share some news today that I hope we’ll never need to repeat – about the announcement of an agreement with the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to settle claims of violations of the Foreign Corrupt Practices Act, or FCPA.
More specifically, it was announced that our Hungarian subsidiary has entered into a Non-Prosecution Agreement, or NPA, with the DOJ and we have agreed to a Cease and Desist Order with the SEC. This follows Microsoft’s cooperation with a multi-year government investigation, reported previously, into potential violations of the FCPA between 2012 and 2015. (An NPA is a public contract between the DOJ and a company in which the company agrees to take certain actions; it does not involve the filing of any charges in court. The SEC Cease and Desist Order similarly is based on an agreement and doesn’t involve a court filing.)…
But it’s even more important that we take the time to learn from this moment, applying some broader lessons that are even more fundamental:
First, today’s settlements involved employee misconduct that was completely unacceptable. We conducted our own investigation and provided complete information to the DOJ and SEC. In Hungary, where the most concerning conduct took place, we fired four Microsoft Hungary employees over three years ago and terminated relationships with four resellers. Some of the resellers responded by complaining to local regulators in an attempt to restore their business and some of the employees responded by suing us. We’re grateful that local courts and regulators have backed up our decision to cut all ties with individuals and businesses that, in our view, behaved in a wholly unethical manner. We’re also grateful that the agreements with both the DOJ and SEC recognize the extent of our cooperation and the DOJ agreed that we deserved the maximum credit allowable for cooperation in determining a monetary penalty…
Second, we appreciate that strong words need to be backed by effective deeds. The first critical step, taken more than five years ago, was to learn from these issues and identify our own opportunities for improvement, especially in the systems and controls that reduce the risk that even a small number of employees and resellers can evade our policies. We’ve learned a lot from the work leading to today’s announcement and have continued to build on these efforts in a way that’s important for the issues in Hungary, as well as in three other countries described by the SEC today, and more globally as well…
Finally, I want to offer some words to each of you – our more than 140,000 Microsoft employees. Satya and every member of the company’s Senior Leadership Team readily recognize that the overwhelming majority of you are committed to doing business ethically and consistently with our high standards. Today’s announcement is a testament in part to the big problems that can be created by a few people. It took misdeeds by only a few people between 2012 and 2015 to lead to today’s $26 million settlement with two government agencies. That entire amount relates to conduct in Hungary, just one of the more than 120 countries in which we do business…
Ethical business conduct will always remain a team sport. We’re grateful for the support you’ve provided for this work around the world, and as we go forward, it’s critical that every individual employee come to work in the morning with the appreciation that you’re both our first and last line of defense.
It’s a never-ending job that deserves our focus and attention each and every day.
Microsoft ElectionGuard demos on July 17, 2019 at the Aspen Security Forum in Aspen, Colorado.
With the elections coming up, regardless of who you support, this is vital. I haven’t seen any other major tech company coming up with solutions, though it’s mentioned inside the full blog post.
Starting today at the Aspen Security Forum we’re demonstrating the first voting system running Microsoft ElectionGuard as an example of how ElectionGuard can enable a new era of secure, verifiable voting. The demo shows how it’s also possible to make voting more accessible for people with disabilities and more affordable for local governments while increasing security. Finding new ways to ensure that voters can trust the election process has never been more important. The world’s democracies remain under attack as new data we are sharing today makes clear. ElectionGuard and the range of offerings from Microsoft’s Defending Democracy Program, as well as tools from others in the technology industry and academia, are needed more than ever to help defend democracy.
So the problem is real and unabated. It is time to find solutions. Governments and civil society have important roles to play, but the tech industry also has a responsibility to help defend democracy. As part of our contribution at Microsoft, we believe ElectionGuard will be an important tool to protect the voting process and to ensure that all voters can trust the outcome of free democratic elections.
Our ElectionGuard demo will showcase three core features.
First, people will be able to vote directly on the screen of the Microsoft Surface or using the Xbox Adaptive Controller, which Microsoft originally built in close partnership with organizations like the Cerebral Palsy Foundation to meet the needs of gamers with limited mobility. We hope this will help show the community how accessibility hardware can be built securely and inexpensively into primary voting systems and no longer requires separate voting machines to meet the needs of those with disabilities – ultimately making it easier for more people to vote.
Second, people using the demo will be provided with a tracking code that, when voting is complete, they will be able to enter into a website to confirm their vote was counted and not altered; the website will not display their actual votes. In the ElectionGuard software development kit (SDK) this verification feature will be enabled by homomorphic encryption, which allows mathematical procedures – like counting votes – to be done while keeping the data of people’s actual votes fully encrypted. The use of homomorphic encryption in election systems was pioneered by Microsoft Research under the leadership of Senior Cryptographer Josh Benaloh. This tracking code is a key feature of the ElectionGuard technology. For the first time, voters will be able to independently verify with certainty that their vote was counted and not altered. Importantly, in its final form, the ElectionGuard SDK will also enable voting officials, the media, or any third party to use a “verifier” application to similarly confirm that the encrypted vote was properly counted and not altered.
Third, the demo will show how ElectionGuard can enable end-to-end verifiable elections for the first time while retaining the familiarity and certainty of paper ballots. The demo will provide voters with a printed record of their votes, which they can check and place into a physical ballot box, with verification through the web portal serving as a supplemental layer of security and verifiability.
ElectionGuard is free and open-source and will be available through GitHub as an SDK later this summer. This week’s demo is simply one sample of the many ways ElectionGuard can be used to improve voting, and the final SDK will also enable features like Risk Limiting Audits to compare ballots with ballot counts and other post-election audits.
No one solution alone can address cyberattacks from nation-states. As we’ve seen, attackers will take any avenue to gain intelligence and disrupt the democratic process. That’s why Microsoft’s Defending Democracy Program has also offered Microsoft 365 for Campaigns and AccountGuard to protect political campaigns, parties and democracy-focused NGOs, and it’s why we’ve partnered with NewsGuard to defend against disinformation.
It’s hard to ignore the anxieties and even polarization that one sees in so many places around the world today. The forces of globalization are reshaping our communities in tangible ways. Increasingly, more people voice concerns about their place in society and their cultural identity and heritage. We see this not only in the United States, but across Europe, in Asia and elsewhere.
Our new AI for Cultural Heritage program will use artificial intelligence to work with nonprofits, universities and governments around the world to help preserve the languages we speak, the places we live and the artifacts we treasure. It will build on recent work we’ve pursued using various aspect of AI in each of these areas, such as:
Work in New York , where we have collaborated with The Metropolitan Museum of Art and MIT to explore ways in which AI can make The Met’s extensive collection accessible, discoverable and useful to the 3.9 billion internet-connected people worldwide.
Work in Paris at the Musée des Plans-Reliefs, where we have partnered with two French companies, HoloForge Interactive and Iconem, to create an entirely new museum experience with mixed reality and AI that paid homage to Mont-Saint-Michel, a French cultural icon off the coast of Normandy.
And in southwestern Mexico, where we’re engaged as part of our ongoing efforts to preserve languages around the world to capture and translate Yucatec Maya and Querétaro Otomi using AI to make them more accessible to people around the world.
These projects have given us confidence that we can put AI to innovative uses that can help communities expand access to culture and explore new perspectives and connections through shared experiences. We’ve realized that this work deserves more than a handful of projects. That’s why we’re bringing these efforts together in a more comprehensive program that will explore and pursue new opportunities with institutions around the world.
As with our three other AI for Good Programs — AI for Earth, AI for Accessibility and AI for Humanitarian Action — we look forward to innovating and learning together with individuals and institutions around the world. And we look forward to sharing what we learn with others in the hope that we can all help inspire each other to use the planet’s most advanced technology to help preserve some of the world’s timeless values.
Every year on June 20, World Refugee Day, the world focuses its attention on the growing crisis of human displacement; a mounting global tragedy, as there are more refugees today than any time seen since World War II.
A few months ago, I was humbled by my first visit to the Kakuma Refugee Camp, a United Nations camp that opened in 1992 following the arrival of the 23,000 “Lost Boys of Sudan.” The camp was designed to provide capacity for approximately 70,000 residents and now has nearly 190,000 refugees from more than 20 countries. I was awestruck by the vastness of the camp and inspired by the stories of the refugees and the amazing efforts of humanitarian organizations to create opportunities for them.
International Rescue Committee CEO David Miliband. Photo credit: Kellie Ryan/IRC
Seeing the Kakuma camp opened my eyes to the scale and graveness of today’s refugee crisis. It also reaffirmed my conviction that the world needs to do more to respond. As International Rescue Committee CEO David Miliband writes in his book “Rescue: Refugees and the Political Crisis of Our Time ,” “Refugees and displaced people have lost everything. But the refugee crisis is also about ‘us’ – what we, living in far greater comfort, stand for, and how we see our place in the world. It is a test of our character. Pass the test and rescue not just refugees but ourselves.” The challenge is immense with over 70 million refugees and internally displaced people. At Microsoft we certainly don’t have all the answers, but we do know that in order to do more, we also must shift our lens from a traditional approach of corporate social responsibility, to an approach of total social impact to better support the crucial work of nonprofits.
Our response starts with the commitment to the Sustainable Development Goals (SDGs) created by the United Nations. These are benchmarks that paint the vision that the global community wants to see and what we aspire to, across the government, nonprofit and private sectors. But the world needs more than the goals; it needs the resources to achieve them, and according to the United Nations Sustainable Development Group there is a $2.5 trillion dollar annual funding gap across the SDGs. Well-resourced organizations around the world – public and private – will need to do more to make up this gap. Beyond the foundational moral imperative of doing more, there is a strong long-term business case. A recent analysis shows that by meeting the SDG goals, we will unleash an estimated $12 trillion of market opportunities and create 380 million new jobs by 2030.
At Microsoft, we are working to better address this opportunity through our core philanthropic initiatives focused on equipping underserved communities around the world with the digital skills they need to effectively participate in the 21st century economy. We are also working to amplify the impact of our employee engagement and giving. However, we are going beyond traditional philanthropic models and creating a social business focused on helping nonprofits access deeper levels of innovation to address social challenges – using our technology and expertise to help humanitarian organizations scale the impact of the workers on front lines, manage and allocate aid, and help populations who need it most. All incremental profits generated from this affordable social business model are then reinvested into philanthropy and innovation for the nonprofit sector. This creates a self-reinforcing flywheel that fuels more impact. By integrating philanthropy with affordably designed social business models we create a total social impact plan that has the ability to scale innovation and impact beyond more traditional approaches.
Outlined below are two examples of how we are leveraging this model to invest in solutions to better support refugees, displaced people, and the communities that host them:
Artificial intelligence to support refugees and displaced people: Last year at the UN General Assembly, Microsoft built on its longstanding support to humanitarian organizations with AI for Humanitarian Action, a $40 million, five-year program. Through AI for Humanitarian Action, we are harnessing the power of artificial intelligence and machine learning to improve the lives of over 70 million displaced people in the world, nearly 26 million of whom are refugees.
As a part of this work, today we are announcing AI for Humanitarian Action projects with two nonprofit organizations, Asylum Seeker Advocacy Project (ASAP) and KIND, to help combat wrongful deportation of asylum seekers in the United States. Both organizations provide legal assistance to asylum seekers and governments’ current processes are challenging while the cases are time sensitive. ASAP works with approximately 3,000 asylum seekers on any given day connecting them with the tools they need to take control of their legal cases and advocate for their families. Using Microsoft speech-to-text artificial intelligence and an Azure-based database, ASAP and KIND are partnering with volunteers and other legal aid organizations to assist families fleeing persecution in their home countries. The AI tool helps their respective staffs efficiently track changing court dates and prioritize cases most in need of emergency legal services.
Digital skills to empower refugees and displaced people: Refugees and displaced people live lives that are disrupted, often forced from the information and basic resources we sometimes take for granted. Yet, they have tremendous energy and are a force for positive change in the world. That’s why we must use the power of technology to route information, skills and knowledge in better ways to displaced people, using technology channels to provide access to education, and help them pursue a new future. Microsoft is working with a number of organizations providing digital skills, including:
International Rescue Committee (IRC) to create sustainable programming for refugees and displaced populations around the world, and increasing the efficiency and efficacy of the IRC staff who serve them. This includes “Digital Skills for New Americans in the U.S.,” and “Technology for Livelihoods in Crisis” in Jordan. These programs are designed to be contextually relevant for refugees and the job markets in these countries to find new ways to empower refugees, including women and girls. Through this partnership with Microsoft, IRC aims to create a foundation for career development programming that will be delivered to 45,000 IRC clients over the next five years in the U.S., and to eventually expand trainings for refugee and displaced clients across Europe, the Middle East and Africa. These programs build on deep investments by Microsoft in IRC programs that help IRC provide humanitarian aid and digital skills to crisis-effected communities.
Norwegian Refugee Council to deliver education services and solutions to help 400,000 displaced people with digital skills enabling new opportunities.
United Nations High Commissioner for Refugees (UNHCR) to reach over 25,000 refugee young women and men in Kakuma by 2020 with access to accredited, quality and relevant digital learning and market-oriented training opportunities. The partnership will include training and knowledge sharing with UNHCR international teams and local partners, who will help deliver the content. It’s the first stage of a project we intend to scale across multiple countries.
UNICEF to ensure that displaced children and young people have access to the education skills they need, are better prepared to reach their potential and are enabled to be the future leaders our world will need. UNICEF and Microsoft, together with the University of Cambridge, are partnering to develop a digital platform, “The Learning Passport,” that will facilitate learning opportunities for displaced young people within and across borders.
As I reflect on my Kakuma visit, it is a vivid memory for me that lives are at stake. I encourage us all to continue working to think how your organization can make an impact. We must push the boundaries of our traditional philanthropic and business models so that our social impact is proportionate to the power and resources we command. We have an obligation and an opportunity to advance a future for everyone. Together, we can do more.
This isn’t some one-off PR move by Microsoft, they have a real commitment to Veterans companywide. It didn’t start with Satya Nadella, but he has enhanced it during his tenure. Even though I was not a veteran, most of my family was, so I have an appreciation for those that chose to serve.
Our nation’s Veterans have contributed to our country in so many ways, in countless locations around the globe. When they return home, many Veterans who reside in rural areas are not able to access broadband internet which is critical to using telehealth services, gaining educational opportunities, and growing a small business or running a family farm.
There are 2.7 million Veterans enrolled in Veterans Affairs (VA) who are living in rural communities, 42% of them do not have internet access at home which could support their use of VA telehealth services, according to the U.S. Department of Veterans Affairs’, Veterans Health Administration’s Office of Rural Health. These rural Veterans live in areas where access to fast, reliable internet service may be limited or inaccessible and are facing higher rates of unemployment, longer drives to reach the nearest clinics and medical centers, and lower levels of educational attainment compared to their urban counterparts. Connectivity has the potential to improve this reality — with broadband, they can access telehealth services offered by the VA, identify and compete for well-paying jobs, improve and grow their own businesses, and take advantage of online education classes.
Microsoft and VA have been strategic partners, working together to improve the lives of Veterans, for more than 20 years. Today, I’m excited to share that Microsoft will begin expanding that work by helping VA to help bring connectivity to many Veterans living in rural towns and communities. Microsoft and its partners will be working with VA to provide capital, technology expertise, and training resources to bring broadband access to people in these underserved communities. Our hope is that this effort will unlock new economic opportunities, while also enhancing quality of life.
Through the partnership, we’ll help VA identify communities with Veterans in need and work with our internet service provider (ISP) partners across the nation to bring broadband services to those regions. Following our Airband Initiative model, we’ll also provide the Veterans in these newly connected communities with digital skills training so they can take advantage of the tools and services connectivity enables, including critical telehealth services provided by VA.
In the past 22 months, through the Microsoft Airband Initiative, we have seen firsthand just how many communities lack connectivity at broadband speeds and how this can hinder growth and new opportunities. We’ve also seen that partnering with ISPs to serve those most in need is an effective strategy to make progress quickly on this important issue. Our work with VA builds on those lessons and approach, which has resulted in partnerships that will bring connectivity to 1 million unserved rural residents in 16 states to date, with a plan to reach 3 million by 2022…
May 25 marks one year since the European Union’s General Data Protection Regulation officially went into effect. GDPR is a groundbreaking privacy framework that empowers residents of the EU to control their personal information so they can use digital technologies to engage freely and safely with each other and with the world.
A lot has happened on the global privacy front since GDPR went into force. Overall, companies that collect and process personal information for people living in the EU have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose…
Empowering people to manage their information through our privacy dashboard
The driving force behind the global movement to modernize privacy laws is the new understanding people have of their right to privacy as technology changes how people create and share information. Around the world, there is a growing expectation that everyone should benefit from digital technology without losing control of their personal information. This is why Microsoft was the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe…
But the demand is truly global. Japan ranks No. 2 in using the privacy dashboard and Canada is fifth. Other countries in the top 10 included Brazil, China, Mexico and Australia.
Transforming culture and advancing privacy throughout the digital economy
To elevate the importance of privacy and embed it in their operational systems, companies like Microsoft that have fully embraced GDPR have undergone a profound cultural shift that begins at the executive level and reaches across the entire organization. Today, at Microsoft our responsibility to protect our customers’ privacy is the starting point for everything we do. Our commitment to greater user control and empowerment is stronger than ever…
Toward a framework for new privacy laws in the U.S. and interoperability around the globe
No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments. Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today…
Today, we are celebrating the eighth annual Global Accessibility Awareness Day (GAAD). The day was founded by two individuals, Jennison Asuncion and Joe Devon, who wanted to raise the awareness and visibility of accessibility around the world. Recently, I chatted with Jennison, an employee at LinkedIn, about where GAAD started and how the progress over the last eight years has surpassed all expectations. He noted that, “the goal of GAAD was to start a conversation, to get people interested about a topic that they may not think about on a day-to-day basis and raise awareness of the need for accessibility at every level.”
Jennison Asuncion
Jennison’s and Joe’s thinking has inspired our approach to GAAD this year. We want to make accessibility easy to learn, use, build, and master. Ultimately, we are all developers, whether we’re writing an email or making a website. Making accessibility part of how we do business around the world is essential. Thinking about it as a cultural shift, and how we manage a business is core to achieving this goal. Here are some areas where we can make a difference together.
Accessibility training
One of the most common questions on accessibility is, “Where do I start?” Whether an expert in the field or new to this gig, accessibility training materials are available to progress your skills and understanding. Over the last couple of years, we have been writing and producing materials, tried and tested them within the company and are now sharing with you all. Three resources for you to check out:
Snackable Training Series. “Accessibility at a Glance” is an animated series of short, snackable videos that includes a mix of technical and non-technical subjects, highlighting everything from how to present inclusively to how to leverage User Interface Automation to build accessible Windows applications.
Webinars. The Disability Answer Desk team recently launched a monthly webinar series to fill up your buckets with accessibility knowledge on common use case scenarios.
Inclusive Design. One of the most important constructs to accessibility is Inclusive Design. Our Inclusive Design Series has hit a huge milestone with 1 million downloads of the toolkit series on https://www.microsoft.com/design/inclusive/.
What technology can empower you?
Technology is moving faster than ever before so our job is to make it easier to find what you need and empower you in that moment.
Summer Sway. Today we launch the 2019 Microsoft Accessibility Feature Sway (summer edition) for a quick and easy view of all features broken out by disability type updated with the latest wizardry.
Technology in the Classroom. Our friends at Microsoft Education are dedicating all of today’s episode to helping make it easier for teachers to include all their students.
Product features that change perspectives
Website Accessibility. Recently, we launched Accessibility Insights, to help software developers and website designers build more accessible software and websites.
Captions in PowerPoint now ready to use. Captions empower those of us who are deaf or hard-of-hearing, helping us get value out of presentations, engage in team meetings, and stay connected to friends and colleagues over long distances.
<snip>
At Microsoft, we are on a journey to be a learn-it-all company, not a know-it-all company. We don’t have all the answers, but we are constantly learning and working every day to improve our products, services and programs. We take pride in our approach and absolutely love your feedback! Please share your thoughts, feedback or questions with us through the Disability Answer Desk and Accessibility User Voice Forum. #LearningTogether
This course of action is the smart and wise thing to do as a society and a government. Then there is POTUS45 (Paywall).
On May 15, New Zealand Prime Minister Jacinda Ardern and French President Emmanuel Macron brought together government leaders and representatives of technology companies to announce the “Christchurch Call to Action To Eliminate Terrorist and Violent Extremist Content Online.” In response to the Call, Amazon, Facebook, Google, Twitter and Microsoft issued a joint statement. The companies also published nine steps they’ll take to implement the Christchurch Call.
The terrorist attacks in Christchurch, New Zealand, in March were a horrifying tragedy. And so it is right that we come together, resolute in our commitment to ensure we are doing all we can to fight the hatred and extremism that lead to terrorist violence.
<snip>
– Amazon, Facebook, Google, Microsoft, Twitter
________________________________________________
In addition to signing the Christchurch Call, Amazon, Facebook, Google, Twitter and Microsoft are publishing nine steps that they will take to address the abuse of technology to spread terrorist and violent extremist content. These nine steps include five individual actions that each company is committing to take, and a further four collaborative actions they’ll take together <snipped>.
As online content sharing service providers, we commit to the following:
Five Individual Actions
Terms of Use. We commit to updating our terms of use, community standards, codes of conduct, and acceptable use policies to expressly prohibit the distribution of terrorist and violent extremist content.
User Reporting of Terrorist and Violent Extremist Content. We commit to establishing one or more methods within our online platforms and services for users to report or flag inappropriate content, including terrorist and violent extremist content.
Enhancing Technology. We commit to continuing to invest in technology that improves our capability to detect and remove terrorist and violent extremist content online, including the extension or development of digital fingerprinting and AI-based technology solutions.
Livestreaming. We commit to identifying appropriate checks on livestreaming, aimed at reducing the risk of disseminating terrorist and violent extremist content online.
Transparency Reports. We commit to publishing on a regular basis transparency reports regarding detection and removal of terrorist or violent extremist content on our online platforms and services and ensuring that the data is supported by a reasonable and explainable methodology.
This is very much a step in the right direction. A challenge to open-source advocates to do something similar (LibreOffice are you listening!)
Today, at Microsoft’s Build Developer Conference, Microsoft CEO Satya Nadella announced a new service from our Defending Democracy Program called Microsoft 365 for Campaigns, which brings the high-end security capabilities of our Microsoft 365 Business offering to political parties and campaigns.
The majority of security breaches faced by political campaigns originate from malicious phishing attacks and target email and filesharing systems. But many campaigns are ill-equipped to deal with these threats from nation-states and criminal scammers. We talked with campaign staffers and leaders in campaign technology and heard repeatedly that security solutions for email often were too hard to configure and too expensive. M365 for Campaigns addresses both issues by making it easy to deploy advanced security features at a much lower price.
M365 for Campaigns will be available in June to all federal election campaigns, federal candidate committees, and national party committees in the United States, and we are exploring ways to bring the service to other countries in the future.
As we said when we announced the Defending Democracy Program, threats to our democratic processes from cyber-enabled interference have become a critical concern. We must all partner and do more to protect free and fair elections, and securing campaigns is an important part of this work.
Microsoft can afford to do this as a large tech company because their business model is not mostly dependent on the collection of data, unlike some other firms that happen to be based in Silicon Valley. I applaud them for this initiative.
Today we are announcing new steps to give customers increased transparency and control over their data that is used by Microsoft’s major products.
Privacy is one of the defining issues of our time. As technology becomes more engrained in our lives and our work, people want to understand how and why their data is collected and used, and they want to be able to make appropriate choices. We have longstanding commitments to privacy and have regularly taken steps to give customers more information and more choice, including, for example, being the first large company to voluntarily extend strong privacy protections to customers around the world. Our Trusted Cloud is built on our commitments to privacy, security, transparency and compliance, and our Trust Center provides access to validated audit reports, data management capabilities and information about the number of legal demands we received for customer data from law enforcement.
Categorizing the data we collect as ‘required’ or ‘optional’
First, for all our major products, we’ll categorize the data we collect from devices as either required or optional.
Data in the required category will consist of data that is necessary to making our products and services work as expected by the customer, or to help ensure their security. Required data includes things like the terms of a search query so we can return relevant search results, the IP address, type and version of your device so that we can provide connectivity to our cloud services and security patches that keep your experience safe and secure, and diagnostic data so that we can detect significant feature failures.
Increasing transparency about the data we collect from devices
Second, we will increase transparency about the data we collect by improving product documentation. Specifically, we’ll ensure that documentation for our major products and services describes the data we collect in each of these categories.
New biannual report describing changes to our data collection
Third, we’re introducing a new report that will be published twice a year at privacy.microsoft.com. This report will highlight any new required data collection we believe is fundamental to provide, secure, update or maintain the performance of our products. We will also note instances when we stop collecting certain types of data from devices (because product or service changes mean the data is no longer required). Last, we will explain when we make changes to our data collection in response to new privacy laws, industry standards and regulations.
Literary Nirvana 