As Microsoft tightens its focus on cybersecurity issues, its president, Brad Smith, crisscrosses the country spreading the message.
In the past seven days, Brad Smith told Congress that Microsoft would support Apple in its fight with the FBI, urged attendees of a San Francisco security conference to push for an update to technology laws, and — back in Seattle — hosted a meeting Thursday with local leaders for Secretary of Defense Ash Carter.
The Microsoft president’s recent dividend of frequent-flier miles, a coincidence of scheduling as it is, nevertheless highlights the software giant’s increasingly public posture on cybersecurity issues.
Microsoft and its peers are facing worried business customers after Edward Snowden’s revelations about the extent of government Internet surveillance, as well as malicious data breaches that struck the likes of Sony and Target. On the other side, national law-enforcement agencies are eager to exert control over cyberspace and the companies that have a presence there.
Microsoft and Smith have tried to strike a balance that reassures both sides its services can be trusted, while at the same time linking the company’s reputation to security at every opportunity.
Most Read Business Stories
It is “an imperative for the U.S. technology sector to restore trust in American technology,” Smith told the House Judiciary Committee last week. “It is fundamental to our ability to succeed globally in the future.”
Microsoft faced a narrower set of policy issues during its earlier days as a seller of out-of-the-box software Windows and Office software. And at the time, the company didn’t have a sterling reputation for security.
Initial releases of Windows XP proved unprepared for a new wave of Internet-enabled attacks, badly bruising Microsoft’s reputation for security and sparking a companywide effort to create more secure programs.
The company’s software was so ubiquitous that Microsoft was a target of a lot of criticism during the early days of computer viruses and other malware.
As Microsoft’s business in the past decade shifted toward delivering things like email and business tools via the Internet, and often across national borders, the company has found itself entangled in a global debate about privacy and security in the information age.
The company is planning to open data centers in the United Kingdom and Germany, a nod to concerns in those countries about data flowing across borders and into U.S. control.
In Brazil, a Microsoft executive was detained last year after the company refused to turn over Skype chat data stored in the U.S., which Microsoft said would violate U.S. law. Brazil continues to levy criminal fines on the company in that case.
“Law and regulation have become so important to technology companies,” said Craig Newman, chair of the privacy and data security practice with law firm Patterson Belknap Webb & Tyler in New York. “That wasn’t always the case.”
In November, Microsoft introduced what it called a Cyber Defense Operations Center at its Redmond campus, a photogenic home to coordinate its response to attacks. CEO Satya Nadella told an audience of potential government clients that Microsoft was spending $1 billion a year on security technologies and programs. Smith that same month wrote a 3,000-word security manifesto on Microsoft’s website.
“They’re a lot more publicly vocal than they used to be for a whole host of reasons, among them is concern about consumer perceptions,” said Jennifer Daskal, a professor at American University’s law school in Washington who testified on the same panel as Smith last week. “They get stuck in the middle of really complex problems.”
Among them is Microsoft’s yearslong fight over a warrant seeking the contents of a customer’s email account stored in an Irish data center.
Microsoft, arguing that U.S. authorities are overreaching in trying to grab data stored abroad without working through the Irish government, has mounted a very public challenge to the court order. The company’s appeal is awaiting a ruling in the 2nd U.S. Circuit Court of Appeals. The government contends existing electronic communications law gives it the authority to compel U.S. companies to turn over customer data, regardless of where it’s stored.
Smith flew to Washington last week to testify about some of the issues raised by that case and legislation that would clarify the government’s powers.
But much of the discussion at the long-planned hearing was hijacked by more recent events: Apple’s decision to challenge a court order that it help the FBI unlock an iPhone owned by one of the perpetrators of December’s mass shooting in San Bernardino.
Microsoft, to that point, hadn’t specifically addressed the case.
Smith came prepared to change that. When a congresswoman asked about Microsoft’s position on the Apple case, Smith threw Microsoft’s support behind its rival, pulling out a century-old adding machine Microsoft had bought as a prop to illustrate the age of the one of the laws the government was deploying to regulate modern technology.
By Tuesday, Smith was on stage at the RSA cybersecurity conference in San Francisco, condemning measures that weaken security and urging the technology industry to unite to urge governments to apply traditional values of privacy and the rule of law to modern technology.
On Thursday, Smith was back in Seattle, hosting Defense Secretary Carter at a Seattle breakfast of business and civic leaders.
The ramped-up focus on cybersecurity has raised Smith’s profile, several months after the former general counsel was appointed company president and chief legal officer. That move was partly aimed at freeing him from day-to-day management of Microsoft’s legal department to allow more space to work on cross-company and industry issues of the sort that sent Smith across the country in the last week.
He’s also ramped up the rhetoric.
“The path to hell starts at the back door,” Smith told RSA attendees, an unequivocal stance against engineered vulnerability in security measures.
Neil MacDonald, a vice president and fellow with researcher Gartner who was in the audience, was surprised by the strength of that statement.
“The future viability of U.S. technology is at stake” in the court cases and policy debates under way now, MacDonald said.
“If not Microsoft, who would fight these battles?” he asked. “It has to be someone with the resources of an Apple or a Google or a Microsoft to take on these very complicated and contentious issues.”