Posted by Scott CharneyCorporate Vice President, Trustworthy Computing For more than two decades, people have struggled to understand the cyber threat, evaluate the risks to individuals, organizations (including nation-states), and society at large, and craft appropriate responses. Although many organizations have invested significantly in information assurance, most computer security experts believe that a well-resourced and persistent adversary will more often than not be successful in attacking systems, especially if raising defenses is the only response to an attack. For this reason, increasing attention is being paid to deterring such attacks in the first instance, especially by governments that have the power to investigate criminal activity and use a wide range of tools to respond to other public safety and national security concerns. Notwithstanding this emerging discussion, it appears to many people that neither governments nor industry are well-positioned to respond to this highly complex threat and that, from a policy and tactical perspective, there is considerable paralysis. In my Rethinking Cyber Threats and Strategies paper I discuss a framework for categorizing and assessing cyber threats, the problem with attribution, and possible ways for society to prevent and respond to cyber threats. In my speech today at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, I proposed one possible approach to addressing botnets and other malware impacting consumer machines. This approach involves implementing a global collective defense of Internet health much like what we see in place today in the world of public health. I outline my vision in a new position paper Microsoft is publishing today titled “Collective Defense: Applying Public Health Models to the Internet.”
Posted by Richard BoscovichSenior Attorney, Microsoft Digital Crimes Unit
Just over a year ago, we successfully took down the botnet Waledac. Based on the knowledge gained in that effort, we have successfully taken down a larger, more notorious and complex botnet known as Rustock.
Posted by Brad SmithGeneral Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft
To followers of technology issues, there are many days when Microsoft and Google stand apart. But today our two companies stand together. We both remain concerned with the Government’s continued unwillingness to permit us to publish sufficient data relating to Foreign Intelligence Surveillance Act (FISA) orders.
Each of our companies filed suit in June to address this issue. We believe we have a clear right under the U.S. Constitution to share more information with the public. The purpose of our litigation is to uphold this right so that we can disclose additional data.
On six occasions in recent weeks we agreed with the Department of Justice to extend the Government’s deadline to reply to these lawsuits. We hoped that these discussions would lead to an agreement acceptable to all. While we appreciate the good faith and earnest efforts by the capable Government lawyers with whom we negotiated, we are disappointed that these negotiations ended in failure.
Posted by Jeff MeisnerEditor, Microsoft on the Issues
Join us on Xbox LIVE or The Atlantic website TODAY at 2:30 p.m. EDT for Conversations with the Next Generation, a youth town hall discussion convened in partnership between Microsoft, National Journal and The Atlantic, being held in Charlotte, N.C. during the Democratic National Convention. The event is designed to engage our nation’s current and up-and-coming leaders on the important issues facing America's young and emerging workforce, including job creation and educational opportunity.
Posted by Bill HarmonAssociate General Counsel, Microsoft Digital Crimes Unit
The scale of the online child pornography problem and the amount of data associated with these types of investigations is massive. This is why we are proud to announce that we are partnering with NetClean to make our Microsoft PhotoDNA image matching technology available to law enforcement at no cost to help enhance their child sex abuse investigations – empowering them to more efficiently identify and rescue victims and bring abusers to justice.
Since 2002, the National Center for Missing & Exploited Children (NCMEC) has reviewed more than 65 million images and videos of child sexual exploitation reported by law enforcement. The images continue to grow increasingly violent and the victims younger, with 10 percent of the images reviewed by NCMEC today being infants and toddlers who can’t tell anyone about their abuse. When child pornography images are shared and viewed amongst predators online, it is not simply the distribution of objectionable content – it is community rape of a child. These crimes turn a single horrific moment of sexual abuse of a child into an unending series of violations of that child.