Microsoft, founded in 1975 and based in the USA, is one of the world’s leading technology companies. It develops, manufactures, and sells computer software, as well as other information and communications technology (ICT) services, devices, and solutions.
Microsoft’s overall mission is ‘to empower every person and organisation on the planet to achieve more’. In line with this mission, the company is dedicating efforts to achieving a more secure digital space, and to empower individuals to make use digital devices and the Internet in a safe and secure manner. For example, its Digital Crimes Unit (DCU) aims to fight global malware and reduce digital risks for individuals worldwide. The Unit is composed of attorneys, investigators, data scientists, engineers, analysts, and business professionals which work together to fight against cybercrime. DCU also collaborates with law enforcement agencies and other governmental authorities to take action against cybercriminals, as well as with computer emergency response teams (CERTs) and other industry actors such as Internet service providers in order to notify and assist victims of cybercrime.
Another initiative undertaken by Microsoft in the cybersecurity field is the PhotoDNA technology, created in partnership with Dartmouth College. The technology is aimed to help detect and disrupt the distribution of child sexual abuse material online.
In recent years, Microsoft has been actively contributing to debates regarding the roles and responsibilities of various actors in the field of cybersecurity. In December 2014, the company published a white paper on International Cybersecurity Norms. Reducing Conflict in an Internet-dependent World, recommending six cybersecurity norms that could help reduce the possibility that ICT products and services are use, abused, or exploited by nations states as part of military operations. This was followed, in 2016, by a new white paper – From Articulation to Implementation: Enabling Progress on Cybersecurity Norms – which proposes a three-part organising framework for the cybersecurity norms dialogue: offensive norms applicable to nation-states, defensive norms relevant to both governmental and non-governmental actors, and industry norms outlining industry’s role in mitigating the risks facing technology users from nation-state activity in cyberspace.
One year later, in 2017, Microsoft proposed a Geneva Digital Convention' that 'will commit governments to protecting civilians from nation-state [cyber] attacks in times of peace’. The company also suggested the creation of an independent organisation, spanning the public and private sectors, that ‘can investigate and share publicly the evidence that attributes nation-state attacks to specific countries’.
Microsoft is an active participant in Internet governance processes such as the global IGF and its regional offsprings.