Microsoft is taking an approach to quantum computing that is entirely different from our dozen or so competitors in this space. The enemy of quantum computing is “noise”—that is, electronic interference like cosmic rays, bolts of lightning, and even your neighbor’s cell phone—which is very difficult to overcome and is one of the reasons that most quantum technologies operate at extremely low temperatures. By building on Michael Freedman’s original work, our Station Q team has developed a topological quantum computing (TQC) approach in conjunction with collaborators from around the world. TQC reduces the quantum resource overhead by two to three orders of magnitude over other approaches. This kind of a topological qubit is naturally less error-prone than other approaches because it’s more impervious to noise. While this approach requires discovery in new areas of fundamental physics, the potential benefits are incredible.
Don’t imagine that one day a quantum computer will take the form of a new stand-alone, super-fast PC that will sit on your desk at work. Instead, a quantum computer will operate as a coprocessor, receiving its instructions and cues from a stack of classical processors. It will be a hybrid device that sits in the cloud and accelerates highly complex calculations beyond our wildest dreams. Your AI agent, acting on your behalf, might tackle a problem for which there are a billion graphs to check by using a quantum computer that can scan those billion possibilities and come back to you instantly with just a few choices.
Experimental development of qubits has progressed to the point where scalable qubit technology now exists. Looking ahead to the next few years, we can expect to see the development of small quantum computers. This will allow for the creation of early applications using short quantum algorithms that will outperform classical computers on certain problems. More important, once we have a quantum computer we can accelerate the path toward the development of longer, “logical qubits” as well as engineering efforts to scale to bigger, robust quantum computers.
The quantum hardware architecture that could ultimately lead to scalability will require today’s computer scientists, physicists, mathematicians, and engineers to work together to overcome challenges on the path toward universal quantum computing. At Microsoft, we’re betting that quantum computing will make artificial intelligence more intelligent and mixed reality an even more immersive experience.
Chapter 7
The Trust Equation
Timeless Values in the Digital Age: Privacy, Security, and Free Speech
On the morning of November 24, 2014, the computer systems at Sony Pictures Entertainment were hacked by a group identifying itself as the Guardians of Peace, an organization U.S. intelligence officials have alleged was sponsored by the North Korean government. The hackers released a tranche of stolen Sony emails that revealed embarrassing comments made by company executives about movie stars and other celebrities. The Guardians of Peace reportedly targeted Sony in protest of its satirical political movie, The Interview. In the film, costars Seth Rogan and James Franco absurdly arrange an interview for their talk show with North Korean leader Kim Jong-un. In the film, an opportunistic CIA hastily recruits Rogan and Franco to assassinate the North Korean dictator. In typical Hollywood fashion, hilarity ensues.
Finding no humor in the film’s plot, the hackers threatened Sony and any cinema that chose to show the film. An online message read: “Stop immediately showing the movie of terrorism which can break the regional peace and cause the War.” On December 1, stolen Sony files began to appear on file-sharing sites. And by December 19, the FBI pointed the finger squarely at North Korea, and Sony pulled the film’s theatrical release.
Sony was at risk of tremendous financial losses and began reaching out to potential partners who might be willing to stream the film over the Internet. Microsoft as well as other media and tech companies faced a crisis of conscience. Should we stand up for free speech by helping to distribute The Interview? Or should we stand clear and let the political drama play out without getting involved? If Microsoft did choose to distribute the film, our security engineers warned us, the North Korean hackers could very well train their sights on Microsoft’s data centers next, threatening the billion customers who rely on our online services with costly outages and loss of private data. We were already anticipating a Christmas Day attack from the shadowy black-hat hacking group known as Lizard Squad.
Confronting North Korea could prove to be enormously costly. A lot was on the line, including our brand. But, in the end, we determined that something far more important was at stake: Who we are. Free speech, privacy, security, and sovereignty are timeless, nonnegotiable values.
In the days just before Christmas, I was visiting family in India. Brad Smith, then our general counsel, was in Vietnam, where he began coordinating an industrywide response, and Scott Guthrie, the executive in charge of our cloud computing services, led a robust engineering effort in Redmond to ensure we could stand up to multiple attacks. We remained in continuous contact via email and Skype with engineers who gathered in a makeshift war room on campus. For all of us, it was about taking a principled stand and being prepared.
On Christmas Eve, I wrote to our board of directors, “I’ve concluded that being bold in supporting the right of American citizens to exercise their Constitutional rights is consistent with Microsoft’s core purpose, business, and values.” I also assured the board that we would be on high alert.
And so those same security engineers who’d warned us of the risks gave up their holiday vacations with family to work around the clock devising a plan that would enable us to safely release the film. We had breakthroughs and setbacks, but, ultimately, we linked arms and released the film Christmas Day, with great success, on our Xbox Video platform. The experience was intense and could have led to disastrous consequences. But it was the right thing to do.
What’s become clear is that the world needs a Digital Geneva Convention, a broader multilateral agreement that affirms cybersecurity norms as global rules. Just as the world’s governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, this digital agreement would commit governments to implement the norms that have been developed to protect civilians on the Internet in times of peace. Such a convention should commit governments to avoiding cyberattacks that target the private sector or critical infrastructure or the use of hacking to steal intellectual property. Similarly, it should require that governments assist private-sector efforts to detect, contain, respond to, and recover from these events and should mandate that governments report vulnerabilities to vendors rather than stockpile, sell, or exploit them.
In retrospect, our preparation for defending our company values and building trust in the face of an international crisis had begun with a very public challenge that had occurred just over a year earlier.
When the former National Security Agency contractor Edward Snowden boarded a plane in May 2013 to flee the United States for China on his way to asylum in Russia, the very founding principles of America—not to mention those of our own company—immediately came into play. I was to become CEO in only a few short months, but at the time I ran our cloud and enterprise business, which stored many terabytes of emails and other data on servers worldwide. The battle between individual, timeless liberties like privacy and freedom of speech and public demands for safety and security was now at my door.
As you may recall, Snowden used his access to secret government documents to blow the whistle on a clandestine National Security Agency data surveillance program called PRISM, which collected Internet communications like emails stored in the cloud and on servers. This NSA spying program grew out of increased security measures stemming from the terrorist attacks of September 11, 2001. Snowden’s leaks to the news media of emails and documents captured through PRISM created a firestorm of screaming headlines, protests from civil liberties organizations, and recriminations from government leaders at the highest levels.
Microsoft, Google, and other tech companies
were implicated in the controversy after initial press reports falsely claimed that law enforcement and intelligence services had been given direct access to private emails hosted on U.S.-based servers. Our servers. News stories reported allegations that the government was intercepting—without search warrants or subpoenas—customer data as it traveled between servers or between data centers. The public wanted and deserved answers. Unfortunately, federal rules prevented Microsoft and other tech companies from revealing to the public any requests we received from the law enforcement and intelligence communities.
The Snowden revelations ignited a full-court press on our campus and throughout Silicon Valley. It was imperative that we immediately set the record straight for our customers and partners who entrusted us with their data. We needed to take action—in court and elsewhere—to defend our values as leaders of the information-age economy. So, that is where we set our sights. Brad Smith led the charge, working closely with our entire senior leadership team.
In the first days of the crisis, we issued a corporate statement making clear that Microsoft provides direct access to customer data only when required to do so by a legally binding subpoena. We joined with Google in filing a lawsuit that would permit us to publish more data relating to the Foreign Intelligence Surveillance Act (FISA) orders we received.
We also wrote privately to Attorney General Eric Holder, stating that we could be more transparent if we were granted greater freedom to disclose government requests to the public. This was the only way to end the confusion about just how much of our customers’ and partners’ data we were sharing with the government. Companies like Cisco, IBM, AT&T, and others in the industry wanted an explanation of what the NSA was doing overseas to collect data. We made public the fact that we were calling on the attorney general to personally take action to permit Microsoft and other companies to share publicly more complete information about the national security warrants and orders we received and how we handled them.
In the letter to Attorney General Holder we wrote, “[we] comply with our legal obligations to disclose customer information in response to valid, compulsory legal process. At the same time, we place a premium on protecting our customers’ privacy, and therefore have set up rigorous processes to review all disclosure demands we receive to ensure that they fully comply with applicable law.”
Expanding the effort even further, we joined with AOL, Apple, Facebook, Google, LinkedIn, Twitter, and Yahoo in forming an alliance called Reform Government Surveillance. The members of the alliance insisted on limiting the authority of the United States and other governments to collect users’ information. We called for greater oversight and accountability, advocated for transparency about government demands for data, and highlighted the need for governments to respect the free flow of information. We also asked governments to avoid conflicts among themselves, which can create a tangle of contradictory requirements that make it almost impossible for companies to fully comply with the law.
Our recommendations were driven by the values of freedom of speech and individual privacy, but also by hard-nosed economic and business concerns. We made the case that governments can best support a growing global economy by avoiding policies that inhibit or discourage access by companies or individuals to information stored outside their countries.
Inside Microsoft, we mobilized to do what we could to further protect the security of the data entrusted to us. We moved quickly to expand encryption across all of our services and enhanced the transparency of our software code, which helped reassure our customers that our products did not contain so-called backdoors that would enable governments or anyone else to access their data. I went to work on the decision to reengineer our data centers, which required an enormous investment of new resources, but, again, it was the right thing to do.
Although the federal government, in our view, was taking a strident position, President Obama remained open to hearing other points of view. In the closing months of 2013, Brad and other industry representatives met privately with the president to make our case. Negotiations with the government began, and on January 16, on the eve of a presidential announcement making changes to NSA surveillance, we received a call from the Justice Department saying that they would settle our case on more favorable terms. The following month, President Obama agreed for the first time to permit tech companies to more fully disclose information about legal orders issued by U.S. national security. Press reports and public debate about the role of tech companies in safeguarding data security became more accurate and well informed. But while we appreciated the president’s efforts, we continued to insist that more work needed to be done to reform policies relating to government access to data. We were not yet out of the woods.
Just a few months earlier, in December 2013, U.S. prosecutors ordered Microsoft to turn over data from the email account of an individual as part of a narcotics case. The data was stored on a Microsoft server located in a company facility in Dublin, Ireland. Here again, we were confronted with tension between public and private responsibilities—in this case, the understandable desire of prosecutors to protect public safety by punishing criminals and our own duty to stand up for individual privacy and freedom of speech. Somehow we needed to maintain the trust of both government partners and our customers.
After careful consideration, Microsoft asked a federal district court to quash the government’s order. We contended that an American company could not be required to turn over information located in an Irish data center, since American law does not apply there. As an editorial supporting our position in The New York Times explained, if the United States could require a company to turn over information in Ireland, what’s to prevent a Brazilian agency from ordering American companies doing business in Rio to turn over information stored in San Francisco?
Litigation of this kind is costly, but we need to push back against government orders when we see core values endangered. After all, our products may come and go, but our values are timeless. The federal district court ruled in favor of U.S. prosecutors, but we appealed the decision, and the United States Court of Appeals for the Second Circuit backed Microsoft’s position. Circuit Judge Susan L. Carney wrote the ruling, which relied on what she called the “longstanding principle of American law that legislation of Congress, unless a contrary intent appears, is meant to apply only within the territorial jurisdiction of the United States.” As this book was going to press, the DOJ decided to appeal the decision to the U.S. Supreme Court.
It was against this backdrop of conflicting values, intense public debate, and evolving law that the Sony hacking crisis erupted.
The difficult challenge of balancing individual liberties and public safety came even more starkly into view following the awful terrorist attack in San Bernardino, California, in December 2015. A husband and wife pledging allegiance to the so-called Islamic State (ISIS) attacked celebrants at an office party, killing fourteen and injuring twenty-two. Believing that the iPhone used by one of the shooters might contain information that would illuminate just what had happened and thereby help prevent future attacks, the FBI filed suit to force Apple to unlock the phone.
Apple pushed back. Tim Cook, Apple’s CEO, argued that his company could breach the phone’s security only by creating new software that would expose a so-called backdoor that anyone could then infiltrate. The FBI, in Apple’s view, was threatening data security by seeking to establish a precedent that the U.S. government could use to force any technology company to create software that would undermine the security of its products. Other technologists backed Apple’s position.
Once again, Microsoft faced a difficult decision—one that weighed heavily on me personally. I have relatives who have worked in law enforcement, and I understand the need to obtain evidence to protect public safety—in many cases the safety of our customers. With public anxiety about terrorism running high, it would have been easy for Microsoft to support the government’s position or simply distance itself from t
he debate.
In the end, however, Microsoft joined many of its fiercest competitors in supporting Apple in its legal battle. We did so out of shared concerns about the potential ramifications of the case for technology and for our customers. Generally speaking, there is no question that backdoors are a bad thing; they lead to weakened security and heightened distrust. So to deliberately design a backdoor to facilitate access to someone’s personal data would be a dangerous thing.
At the same time, we recognized that the solution to this problem was too important to be left to a bunch of tech CEOs. So we also called for a multi-constituent body to debate the problem and work toward a real legislative solution—one that protects security while also allowing for law enforcement access when appropriate. Getting the proper balance is essential; it’s easier to be a zealot for one value or the other, but that doesn’t make it right. Individuals care as much about their safety as their privacy. Companies also care about both, since security and trust are both essential to economic growth. And a global solution is necessary because countries are not isolated. Without a trustworthy international system, no nation is secure.
In the wake of the iPhone debate, businessman and former New York City mayor Michael Bloomberg wrote an op-ed in The Wall Street Journal that expressed my sentiments perfectly. He pointed out the irony in the fact that leaders of an industry that thrives on freedom are in fact resisting government efforts to safeguard that freedom. He went on to say, while it’s too much to expect Silicon Valley tech experts to enlist as government tools in the fight against terrorism, a little cooperation shouldn’t be too much to ask.
The dilemma framed by each of these high-profile cases—Sony, Snowden, San Bernardino, and the Irish data center—is the conflict between protecting individual liberties of privacy and free speech and civil society requirements like public safety. This conflict creates a moral or ethical dilemma, one which, of course, has been debated throughout history. Philosopher Tom Beauchamp defines such a dilemma as a circumstance in which moral obligations demand or appear to demand that a person adopt each of two (or more) alternative actions, yet the person cannot perform all the required alternatives. In such a circumstance, some evidence indicates that an act is morally right while other evidence indicates that it is morally wrong, but the evidence or strength of argument on both sides is inconclusive. Unfortunately, that summed up Microsoft’s situation—which is precisely why the decisions that I faced as CEO, and that we faced as an organization, were so difficult, painful, and controversial.
Hit Refresh Page 15
