How Microsoft became tech’s good guy

Once upon a time, Microsoft symbolized all that was wrong with the tech world: greedy, monopolistic, single-mindedly focused on profits while caring little about the public good. In the heyday of Bill Gates and Steve Ballmer, the company ran roughshod over competitors in its attempt to corral the worldwide market for both operating systems and application software.

But today, Microsoft has embraced the role of the tech world’s better angel. And as events show in recent weeks, that’s not hype. The company has, to some extent, tried to act as the industry’s conscience as well as taking actions for the greater good.

One case in point: Microsoft’s recent revelation that it had uncovered evidence that the Russian government had targeted three congressional campaigns in the upcoming midterm elections — and that it had helped thwart the plot. Microsoft discovered the attempts as part of its long-running battle against the Russian government–backed hacking cyber-espionage group called Fancy Bear. Microsoft, which has been playing whack-a-mole with the group for well over a year, targets the command-and-control servers that control malware that Fancy Bear plants on victims’ computers, as well as associated websites that install malware on targets’ computers when the victims visit them as a result of a spearphishing attack.

To fight Fancy Bear, last year Microsoft got a court order to force domain registrars to turn to over to Microsoft trademark-infringing domains that the hackers use to route malware-related traffic to their servers. Microsoft then redirects traffic from those domains to its own servers, foiling the attack.

That’s exactly what happened recently after Microsoft discovered the attack on congressional campaigns, including that of Democrat Sen. Claire McCaskill, who is up for re-election and vulnerable because her state of Missouri voted big time for President Trump.

Tom Burt, Microsoft’s vice president for customer security and trust, explained at the Aspen Security Forum in late July: “We did discover that a fake Microsoft domain had been established as the landing page for phishing attacks, and we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for elections in the midterm elections. We took down that domain and, working with the government, actually were able to avoid anybody being infected by that particular attack.”

Microsoft revealed the information in the midst of ongoing denials by Trump that the Russians targeted the 2016 presidential campaign or is intent on influencing the upcoming midterm elections. If Microsoft were concerned only about the bottom line, it would have stayed out of the political fray altogether and not made any announcement about what it found. And it certainly wouldn’t have made the announcement when Russian hacking was still top of the news.

The second incident that shows Microsoft may be trying to become the tech industry’s conscience is the company’s call for the federal government to regulate face-recognition technology. Microsoft President Brad Smith warned in a blog post in mid-July that the technology “can catalog your photos, help reunite families or potentially be misused and abused by private companies and public authorities alike.” He detailed some of the dangerous uses of the technology: “Imagine a government tracking everywhere you walked over the past month without your permission or knowledge. Imagine a database of everyone who attended a political rally that constitutes the very essence of free speech. Imagine the stores of a shopping mall using facial recognition to share information with each other about each shelf that you browse and product you buy, without asking you first.”

He continued, “The only effective way to manage the use of technology by a government is for the government proactively to manage this use itself. And if there are concerns about how a technology will be deployed more broadly across society, the only way to regulate this broad use is for the government to do so. This in fact is what we believe is needed today — a government initiative to regulate the proper use of facial recognition technology, informed first by a bipartisan and expert commission.”

This is about as dramatic a turnaround as imaginable from a company that fought and lost an antitrust battle with the government almost 20 years ago. Back then, the company railed against federal overreach. Today, it’s calling on the feds for more regulation.

Why the change? The cynical explanation: Microsoft is no longer at the bright, hot center of the technology industry. Facebook, Google and Amazon are taking hits right now over potential misuse of facial-recognition software. So Microsoft has a lot to gain by becoming the industry’s conscience, potentially hurting competitors and gaining the good will of consumers.

The less cynical explanation: Corporations, like people, mellow as they hit middle age and beyond and start thinking about their legacies. The company was founded more than 40 years ago, which by tech standards is ancient, and so it has matured and truly believes it can help technology do good things.

The way I see it, the reason that Microsoft changed its tune doesn’t matter. It should keep trying to stop the Russians from hacking our elections and use its weight to call for government regulation of technology when it’s warranted. Good is good, regardless of the underlying motivations. And Microsoft, at least in these two instances, is on the side of the good.