Last December, Microsoft intercepted traffic on users’ PCs and helped break up a botnet. And nobody complained. So the company very tentatively asked at a session on ethics and policy in Brussels this week whether it should do more.
John Frank, Microsoft's VP of European Government Affairs, explained how Microsoft had helped white hats, the FBI and Europol take the Dorkbot botnet infrastructure offline.
“We detect when your PC is infected and 'phones home' as much as four times an hour. We then redirect that back to our sink hole and identify that with our national computers, and work to get those machines cleaned up,” said Frank.
But he hinted it could do more, with greater information sharing and co-ordination between technology companies, CERTS and crime fighters.
“I wonder if we’re being ambitious enough with our cybersecurity policy?”
More co-operation could pay dividends, Frank suggested, with platform companies like Microsoft and ISPs working more closely with Europol. Why should an “unsafe” (infected, remotely controlled) be permitted on the internet, when an unsafe car isn’t?
“Perhaps we should treat it as a health issue,” he mused.
Speaking for Europol, Olivier Burgersdijk, of the body’s European Cybercrime Centre, agreed in principle.
“In your car you would immediately be stopped if something wasn’t working.” The same could apply to PCs that are “being infected and… being used for committing crimes.”
But Europol doesn’t have the authority to do more than it already can, he noted.
Kill switches are now mandatory on Californian phones, but disabling an infected PC doesn’t necessarily mean installing a “kill switch” at platform level. It could entail diverting traffic from known bad IP addresses, something Windows already does with your consent.
And a kill switch is at odds with Microsoft’s view on backdoors for government encryption - the company is against them. As Frank explained, there’s no guarantee that only judicially compliant Feds would use the backdoor - bad guys could too.
“There should not be backdoors, because you don’t know who else can use it,” said Frank. “We’re open to other solutions, but encryption is extraordinary important to protecting the privacy of governments, the privacy of individuals and the privacy of enterprises, and we all want to communicate securely.”
Frank is the architect of Microsoft's challenge to the US government to prevent the US government accessing over 90 per cent of Europeans' data without them knowing it.
Microsoft played host to a number of policy sessions yesterday, a recognition that the cloud won't succeed by singing Kumbaya. People need to be able to trust it. ®