Why We're Not Ready for a Digital 9/11 Attack - Rolling Stone
Home Politics Politics Features

We’re Not Ready for a Massive Digital Terror Attack

In a new interview with Rolling Stone, Microsoft’s Brad Smith says Cambridge Analytica was the Three Mile Island of privacy and Big Tech must work together to stop future meltdowns

The excesses of the post-September 11 period continue to haunt us.

The excesses of the post-September 11 period continue to haunt us.

Photographs used in illustration by Barton Gellman/Getty Images; Pavel Golovkin/AP/Shutterstock; Mark Baker/AP/Shutterstock; Shutterstock, 2

The leaders of Google, Yahoo, Apple, Facebook, and other tech giants filed into the Roosevelt Room at the White House. Opposite them was the top brass of the Obama administration, including President Obama himself. It was a few days before Christmas 2013. The tech execs had come to convince the government to roll back its mass surveillance regime that had recently been revealed thanks to a whistleblower named Edward Snowden.

The two sides, tech and government, went back and forth, civil but tense. At one point, Obama said that as angry and concerned as Americans were about the NSA’s practices, the tech companies in the room collected far more information on people than the government did. “I have a suspicion,” Obama told the executives, “that the guns will turn.”

That eerily prescient moment is told for the first time in Tools and Weapons: The Promise and the Peril of the Digital Age, a new book by Brad Smith, the president of Microsoft, and coauthor Carol Ann Browne, a member of Smith’s team. A long-time adviser to Bill Gates, Smith leads a huge swath of Microsoft but is also a public conscience of sorts for the grow-at-all-costs tech sector. He consults with presidents, foreign officials, and fellow tech leaders; the New York Times dubbed him “a de facto ambassador for the technology industry at large.” Smith was in the Roosevelt Room in 2013, and he has been a driving force behind Microsoft’s lawsuits against the Obama and Trump administrations as well as its efforts to unite tech giants, governments, and nonprofit groups to combat terrorist and extremist content online.

Smith’s book is not the typical vanity project churned out by so many Fortune 500 leaders, the generic tomes on leadership and teamwork stocked at airport bookstores near the neck pillows. Tools and Weapons is a glimpse behind the curtain as Microsoft reckoned with the Snowden revelations, defended against the vicious cyberattacks, and took both the Obama and Trump administrations to court. Smith also doesn’t shy away from taking Big Tech to task.

Smith recently spoke with Rolling Stone at Microsoft’s offices in Times Square. We discussed breaking up Big Tech, why the Cambridge Analytica scandal was the Three-Mile Island of the tech sector, and what a digital September 11th attack on the U.S. could look like. “We are not yet prepared either to fully prevent such an attack,” he says, “or to know how we would respond as a nation if it happened.” The interview has been edited for length and clarity.

The first story you tell in Tools and Weapons is about the Snowden leak in 2013. From that day to today, it feels like the major technology-driven events have skewed more toward peril than promise. Russian active measures, the Equifax hack in 2017, Cambridge Analytica in 2018, the Christchurch attacks in 2019. Are we at a crossroads, an inflection point, in how we think about technology and how it shapes our lives?
It is fair to say we have reached a crossroads. We reached it last year when the Cambridge Analytica issue exploded. For years, there had been a debate within the tech sector about privacy and whether people actually cared about it. One school of thought said that privacy was dead and people should get over it, and another school said that that was not the case.

I have long felt that the tech sector ran the risk of following in the footsteps of the nuclear power industry in the United States. It was so enthusiastic about the good things it was creating that it wasn’t preparing itself or the public for a broader conversation about potential privacy challenges. Cambridge Analytica was a bit of a Three Mile Island moment. Suddenly, attitudes changed in Washington D.C., and it’s as if we hit a fork in the road, went down a different path, and things like the Christchurch attack accelerated the progress down that path.

Author Brad Smith. Photo credit: Brian Smale

The Three Mile Island comparison is a powerful one. You think that Cambridge Analytica is something we’re going to continue to talk about for years to come?
We may or may not talk about Cambridge Analytica specifically, but there was the nature of the conversation in the United States before Cambridge Analytica; it is a different conversation today. I don’t think there’s any going back to what existed before. Just in the same way that I don’t think one can go back to pre-Snowden times when it comes to government-accessed information.

The New York Times once described you as a “de facto ambassador for the tech industry at large.” Was that something that you set out to do, or tripped into along the way?
I was first pressed into service, if you will, when I was fortunate to become Microsoft’s general counsel in 2002. My first mission was to make peace with governments across the world, and to build bridges across the technology sector. It was all about trying to find a more stable path for Microsoft on our antitrust issues. 

The Snowden events were an inflection point for many people across the tech sector, certainly including me. But they also pressed us into a more adversarial relationship with our government. It was a real rubicon to cross to file a lawsuit against the United States government. It was especially a rubicon for somebody like me who had spent a decade making peace and ending lawsuits to now be the one who was initiating them. In the years since we sued the Obama administration four times over surveillance issues. We’ve sued the Trump administration over immigration. And yet we need to work with government at the same time.

There are days when we get up and the world changes. For Microsoft, one day was when the Department of Justice sued the company in the late 1990s. Certainly, one day was when Edward Snowden decided to share documents, including information that even we were not aware of. Another day was the election of Donald Trump.

Did you see a space there that needed to be filled?
We saw spaces that needed to be filled, but we have seldom ever wanted to fill spaces by ourselves. I will say we, like everyone, have had certain learning moments over time. Interestingly enough, one key learning moment was on a different issue in 2012. It was the year the Washington state legislature was debating marriage equality. We decided we wanted to speak out. We also decided we didn’t want to speak out by ourselves. We said we would speak out if we could get four other companies to speak with us. 

With the deadline to speak only 48 hours away, there was only one other company that was prepared to speak. I remember making the decision that come hell or high water, we would go forward, even if it meant going almost alone. And what we learned is once we said we would go, others found more courage as well. By the time 48 hours had passed, we had five companies, but what I’ll always remember is, a week later after we went, Amazon and Starbucks joined us. 

That is a lasting lesson. In order to lead, others have to follow. Ideally, you’d all like to take the first step together, but sometimes you have to be prepared to go at it alone. 

You talk a lot about that in the book — collaboration, cooperation. How do you balance that work when it’s suing the federal government? When it involves privacy and surveillance, I see that connection pretty clearly. What about when it’s over immigration policy?
We felt there was also a close connection to issues that are fundamental to our business. Just as I think a company like ours should protect customers first, in many ways we have to protect our employees second. The industry is so fast changing that, in truth, we’re only as good as the next product as distinct from the product we finished yesterday. Our next product is only as good as our employees can make it.

We have employees from around the world, even in the United States. We will stand up for our employees, and we will protect them. When the White House rescinded DACA and put literally the freedom of Dreamers at risk, that changed the potential future course of dozens of Microsoft employees who are Dreamers. The most emphatic statement that we made was when I said that if the federal government wanted to deport any of our employees, they would have to go through us. 

That was a decision that we made quickly. It was not a hard decision. We felt as a matter of principle that these individuals were, for the most part, as American as anyone else. They’re people that deserve protection, and our business requires that we stand up for the people who bet their jobs, and in some cases their careers, on our company.

In a chapter on cybersecurity you write, “In a world where everything is connected, anything can be disrupted.” You go on to mention the idea of a digital 9/11. What would that look like? Are we prepared for it?
I don’t think we’re prepared for the kind of digital 9/11 that the world could confront. Especially because a digital 9/11 could take many different forms. One form of a digital 9/11 for the United States, or any democracy, would be to find the day after an election that we have no confidence in the tabulation of the votes because they were distorted by the interference of a foreign government. We are not yet prepared either to fully prevent such an attack or to know how we would respond as a nation if it happened.

The best way to envision this is to understand what happened in Ukraine when the Russians unleashed the NotPetya attack against that nation. Banks stopped working; people could not get cash out of ATMs. They couldn’t use their credit card at the grocery store because the grocery store registers stopped working. They couldn’t buy gas for their cars because they had no way to pay for it. In the worst case you can imagine the electricity going off, the heat being lost in the middle of winter, and hospitals stop working. That was a real-life issue as we share in the story about what happened at St. Bartholomew’s hospital in London as a result of WannaCry.

If you want to just look ahead a decade or more, in some ways I think an ultimate digital 9/11 is a government or some other nefarious actor hacking their way and destructing autonomous vehicles. What does it mean when cars are going 60 miles per hour down the highway, controlled by computers, and then someone else takes control of those systems?

We believe emphatically that the public is not yet fully alert to these issues. Until we have an informed public, I think the danger of a digital 9/11 will continue to increase.

There’s an idea in the book that comes up in the book through the voice of Denmark’s first-ever tech ambassador, which is the idea of the world’s largest tech companies as nation-states basically. Do you agree with that?
I mostly don’t like the comparison. I believe companies should be regulated by governments and not ever be considered equals to them. I believe that one of the fundamental tenets of American history is that no one is above the law. That means that no individual, government, company, or technology is, or should be, above the law. 

There is something distinctive about the role of technology companies that create the opportunity for us to hopefully contribute to new solutions in new ways. Technology is global. Technology companies are global. Cyberspace, unlike land, water, and air, is constructed and operated by the private sector. We have arguably a unique role to play in addressing these issues. The 21st century requires a new era of not just multilateral, but multi-stakeholder initiatives. We need to bring governments, companies, and nonprofits together, because we can do so much more together than we’ll ever accomplish if we’re all separate or apart.

Something stuck out to me in the beginning and end of the book. It’s in Bill Gates’ introduction, and it’s a point you make in the book’s conclusion. You write, “Microsoft was in the hot seat two decades ago. We recognize that we needed to change. I took from our battles three lessons that we continue to learn from and apply,” and you go on to describe what those lessons are. The hot seat is Microsoft’s antitrust battle. Does it only take a similar experience for any of the other of the world’s largest tech companies to make the sort of changes that you and everyone at Microsoft have?
Many things helped force Microsoft to change beginning in the late 1990s. But most fundamentally, the collection of pressures from the government and the media — and it really was both — forced us to look in the mirror and see ourselves not as we wanted to see ourselves, but as other people saw us. 

We were forced to see what other people saw in us. Once we saw that, we could appreciate in a better way that there were impacts that we were having that were affecting others in a manner that we didn’t necessarily intend or anticipate or even understand. That was the first step in what really was a multi-year journey to find a new way of working with everyone else.

I think the entire tech sector needs to go on something like that journey. That’s the only way across the industry we’re all come to appreciate the various needs and opportunities to change.

Do you think that moment of recognition, that kind of reckoning of sorts, needs to be a more updated, revamped, aggressive antitrust policy?
Any time you want someone to slow down, you engage in the proverbial warning shot across the bow. And if someone heeds the warning shot, you don’t need to fire again. And if they fail to heed the warning, then clearly more and stronger steps will be needed. The question for all of us in the technology sector is whether we’re listening sufficiently to the warning shots that are now being fired by many governments and many other people around the world. 

On the positive side, I would say, that in some critical respects, the answer is yes. You hear people talking about the importance of regulation in ways that were unheard of in the tech sector just 24 months ago. On the negative side, until people go beyond talking about this as a generality and roll up their sleeves with some thoughts about what it may mean specifically, it’s not yet clear that we are where we’ll need to go. 

If tech companies are the ships in this metaphor, what happens if you get so large that the shot across the bow becomes a pea shooter?
I don’t think companies tend to become too big to be beyond the reach of regulation. People can become too hard-headed to listen and, often times, when governments feel compelled to bring the toughest of antitrust cases, it is because the company is big and the individuals are pretty darn hardheaded. I personally am not an advocate for breaking up companies in part because I think it tends to be a very long process that is less impactful than many other approaches for solving a problem.

Having lived through it ourselves, it was a wake-up call that we heeded. It’s not wise to force people to feel they have no alternative but to break you up. You’re much better off listening before then. You’re better off figuring out how to solve the problems that are bothering people. You should learn from our experience that life does go on, and that nobody ever died of humility.

Privacy, the size of major tech companies, and antitrust are having a moment in the Democratic presidential primary. What do you see in what these candidates are saying that you think is on the right or the wrong track?
It is unusual, and even ironic, to see so much populism in the world at a time when macro-economically, we have had almost a decade of growth. Most of the time, you see populism rise economies fall. The first thing we have to do is ask: What is going on and why is this happening? The answer, fundamentally, is that some people are moving forward while other very large and important groups of people feel left behind.

Inequality.
Yes. But what is most interesting about the present moment is we’re seeing populism on both sides of the political aisle. In the United States, we’re seeing populism fuel the Republican Party, in part based on rural communities that feel left behind. We can go to major cities like New York and San Francisco and Seattle where left-wing populism is very strong. We’re seeing the people who have traditionally lived in those communities being pushed out. That, too, has a technology root.

What do we do? My fear is that we will fail to understand the technology forces as fully as we should. That’s why we spend time in the book talking about what it’s like to see the inside of a data center, because only when you see the inside of a data center do you understand how these technology forces work. It’s why we take readers on a trip to Ferry County in the little town of Republic, Washington, so they can see for themselves what it’s like when other people don’t have access to what those in major cities take for granted every day. It’s why we tell the story about the affordable housing issues in Seattle and how they evolved. 

You ask in the book, “If technology continues to advance, can the world control the future it’s creating?” What are the fundamental elements of trying to control that future technology is creating?
It is one of the most important questions for our country and every country for the next decade. We do analogize explicitly in the book to the 1930s. Albert Einstein captured, in such a prescient way, the huge problems that were arising with the maturation of the machine age. He said that the organizing power of mankind needed to keep pace with humanity’s ability to keep moving technology forward. And as history showed, it failed, and tens of millions of people paid the price.

We’re not here to say that we’re on the horizons of approaching World War III, but the same question applies today. Do we have the will and determination to do what needs to be done? Second, let’s appreciate the 21st-century tools we have to address these problems. Namely, we can move ourselves forward as an industry to be creative and effective in new ways. Let’s also push governments, and help governments move faster so they can catch up with the pace of innovation. Let’s then build on multi-stakeholder opportunities that didn’t really exist, in a significant way a century ago like the Christchurch call and the Paris call so we bring governments, companies, and nonprofits together.

Cultural change is needed for us as an industry. At an even more fundamental level, cultural change is needed for us as a broader community of people in this country and in other countries. We can’t just spend year after year arguing with each other. We’ve got to build the coalitions of the willing, and we can’t stop based on our daily shortcomings and winning support from everybody, because we will have those shortcomings every day. But if we start strong, move forward, and just persist through sheer determination, there’s at least a path.

Arrow Created with Sketch. Calendar Created with Sketch. Path Created with Sketch. Shape Created with Sketch. Plus Created with Sketch. minus Created with Sketch.