Tag: Microsoft on the Issues

Today, the Court of Justice for the European Union issued a ruling in a case examining transfers of data from the EU. We appreciate that some of our customers may have questions about the impact of this ruling.

We want to be clear: If you are a commercial customer, you can continue to use Microsoft services in compliance with European law. The Court’s ruling does not change your ability to transfer data today between the EU and U.S. using the Microsoft cloud.

For years we have provided customers with overlapping protections under both the Standard Contractual Clauses (SCCs) and Privacy Shield frameworks for data transfers. Although today’s ruling invalidated the use of Privacy Shield moving forward, the SCCs remain valid. Our commercial customers are already protected under SCCs.

Read our full reaction to the ruling here.

Tags: data, data privacy, data sharing, EU, GDPR

Today, we have an exciting announcement we believe will help increase election security while enabling election officials to take advantage of the advanced capabilities of cloud computing.

For years, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and state and local governments throughout the United States have worked with the non-profit Center for Internet Security, Inc. (CIS) to monitor the security of election-related data. This is enabled by Albert Network Monitoring, which examines internet traffic and connection attempts on networks owned and run by election officials – including voter registration systems, voter information portals and back-office networks.

Albert provides network security alerts for both basic and advanced network threats, helping organizations identify malicious activity such as attempted intrusions by foreign adversaries or cybercriminals. Data from these sensors is sent in near-real-time to the CIS Security Operations Center, which is monitored around the clock every day by expert cybersecurity analysts.

To date, cloud computing providers, such as Microsoft Azure, have not been compatible with Albert sensors. This presented election officials with the difficult choice of selecting powerful, secure and cost-effective cloud computing options, or hosting the data on local servers if they wanted to take advantage of the added security of Albert. Today, through a partnership with CIS, we’re providing a new choice by making Microsoft Azure compatible with Albert for the first time.

We’re starting this journey through a pilot, which will begin this week, with 14 county Supervisors of Elections in Florida. Moving forward, Microsoft and CIS will look to open the capability to states and jurisdictions across the United States.

Today’s announcement is the result of collaborative work between Microsoft’s Azure Global engineering team and CIS’s engineering team, in partnership with Microsoft’s Defending Democracy Program. In the coming months, we look forward to sharing more details about our work to help secure the 2020 elections and future elections in the U.S. and around the world.

Tags: Azure, cybersecurity, Defending Democracy Program, elections, Microsoft Azure

Today’s sunny morning in Seattle brightened even further with the good news from the United States Supreme Court that restores legal protection for nearly 700,000 Dreamers, including more than 60 Microsoft employees. It was on their behalf that, in 2017, Microsoft filed a lawsuit with Princeton University and a Princeton student, Maria Perales Sanchez, to object to the rescission of the Deferred Action for Childhood Arrivals program, or DACA. We acted quickly because we saw firsthand this issue’s importance to the nation’s talented Dreamers and DACA’s critical benefits for every part of the American economy.   

Little did we know in 2017 that this case would bring Microsoft to the steps of the Supreme Court for the fifth time in a little more than a decade. This has been a good week at the Supreme Court for the rights of people who live in the United States. As a company that has brought a wide range of important issues before the court, we constantly appreciate the hard work that takes place within its four walls. Today’s decision marks an important milestone, and we’re gratified that the court once again has provided a thoughtful and fair outcome to a complicated legal issue. 

We also appreciate that today’s decision, while critical, is but one more step in a long and winding road. The DACA debate will continue, and the big question now is what comes next. 

Our plea is for a national discussion that involves more light and less heat. A path that starts with a recognition of the Dreamers’ collective importance to our country. A conversation that brings people together in a bipartisan spirit in a creative search for common ground. A discussion that encourages the White House and Congress to work together. An approach that gives people the time and space to be thoughtful. A route that avoids precipitating another crisis in a year that has already had more than its share. 

Some may suggest that this path sounds more like a dream itself. But it’s what the nation and our economy need. 

Consider this: While Microsoft was the only company in the country to file a lawsuit to contest DACA’s rescission, when the case reached the Supreme Court, we were no longer alone. By last year, 145 businesses signed amicus briefs supporting DACA. And the business community was joined by an even broader group that included 210 educational institutions, 129 religious organizations and 109 municipalities. All of us stood together to underscore the Dreamers’ talent and importance to the economy and the country. 

And that was before anyone had heard of COVID-19. 

The past few months have provided even more dramatic evidence of the role that DACA registrants play in our country. More than 30,000 of them work in the healthcare space alone. They are nurses, lab technicians and respiratory therapists who serve Americans from all backgrounds as our country responds to a pandemic that is unique in our lifetimes. Another 200,000 Dreamers provide other essential services, working in pharmacies and grocery stores and delivering vital goods to our front doors. In the middle of a pandemic, any step that puts Dreamers at risk can put all of us at risk. 

We filed this lawsuit because we believed at Microsoft that it was important to stand up for our employees. To make clear that we had their backs. But along the way, we’ve come to appreciate even more clearly how important the Dreamers are for all of us.  

The summer of 2020 comes in a year of crisis, but it provides a potential inflection point for the nation’s future. As we’ve seen in recent weeks, it’s a time to reflect on and recommit ourselves to racial equity and justice, especially for the country’s African American and Black populations. It’s a time that calls for thoughtful action to protect the rights of people in a fair manner. It’s a discussion that needs to bring people together, while making room for the nation’s Dreamers. 

Tags: DACA, Dreamer, Immigration, SCOTUS

Many years ago when I was on active duty as a Marine officer in the 1980s, I went through cold weather training carrying a 1950s-era sleeping bag and “waterproof” clothing from the 1970s. At the time, I could have gone down to the local store and bought gear that would have kept me warm and dry, but alas that wasn’t yet in the USMC supply system. I was not happy about this. Also, I was cold and wet.

So when it comes to making sure the U.S. Military has the latest and best technology available, I’m a huge supporter, and the Department of Defense’s (DoD) decision to source a Joint Enterprise Defense Infrastructure (JEDI) contract to deliver the latest advancements in enterprise cloud could be a great step forward. But only if Amazon gets out of the way.

We received notice on Tuesday that Amazon has filed yet another protest – this time, out of view of the public and directly with the DoD – about their losing bid for the JEDI cloud contract. Amazon’s complaint is confidential, so we don’t know what it says. However, if their latest complaint mirrors the arguments Amazon made in court , it’s likely yet another attempt to force a re-do because they bid high and lost the first time.

The only thing that’s certain about Amazon’s new complaint is that it will force American warfighters to wait even longer for the 21^st-century technology they need – perpetuating Amazon’s record of putting its own interests ahead of theirs.

This latest roadblock is disappointing but not surprising. As my colleague Jon Palmer made clear in a recent blog, Amazon wants a do-over on JEDI . As Jon wrote, “Amazon would have you believe that it lost the award because of bias at the highest levels of government. But Amazon, alone, is responsible for the pricing it offered. As the government explained in its brief: ‘AWS and Microsoft each had a fair chance to build pricing for the entire procurement, based on their overall business pricing.’ Amazon did build its pricing for the entire procurement, and it wasn’t good enough to win.”

From the DoD’s independent Inspector General’s report, to the court’s granting of a preliminary injunction, to refusing to even give the DoD a chance to address court’s narrowly scoped concerns, you have to ask, “When will enough be enough for Amazon? When will they say that they’ve been heard?”

This latest filing – filed with the DoD this time – is another example of Amazon trying to bog down JEDI in complaints, litigation and other delays designed to force a do-over to rescue its failed bid. Think about it: Amazon spent the better part of last month fighting in court to prevent the DoD from taking a 120-day pause to address a concern flagged by the judge and reevaluate the bids. Amazon fought for a complete re-do and more delay. Amazon lost. The judge granted the DoD’s request for a timeout in the litigation to address her concerns.

And now Amazon is at it again, trying to grind this process to a halt, keeping vital technology from the men and women in uniform – the very people Amazon says it supports. Why do this? Is it because the DoD won’t completely unwind the JEDI procurement process to the beginning? Again, we don’t know the content of Amazon’s complaint, as it avoids the public scrutiny of a court filing. But we do know that the changes DoD have made based on the judge’s ruling do not allow Amazon to undo its earlier business decision to bid high, which resulted in their loss. It does not allow Amazon to completely re-do its pricing, especially now that it knows Microsoft’s price and has a target to shoot at. And it does not allow Amazon to tilt the playing field in its favor.

Amazon may make a lot of noise about bias and interference, but the DoD’s independent Inspector General made it clear that the department established and followed a proper procurement process. And no one forced Amazon to bid high in the procurement. Amazon alone made the choice to bid high, but now wants to find a way to avoid the consequences of its own bad business decisions.

At the end of the day, putting the customer first is a good business strategy and one where Amazon has traditionally excelled. In this case, I think about the customer not as a singular “DoD” but as the individual soldier, sailor, airman or Marine who wants and deserves the very best tools to do their job. And the best way Amazon can put these customers first is to stand down on its litigation, stop asking for a do-over and let JEDI proceed.

Tags: Amazon, Defense, JEDI, Microsoft Azure, military

Today the Inspector General for the Department of Defense released a report into the DoD’s handling of the JEDI contract. With this report and some legal milestones around the corner it is a good time to reflect on where we are in litigation on the award of the contract, and how we got here.

For all of the heat and noise around this case, there is a very specific issue before the court at the moment. It may seem arcane and procedural, but the back-and-forth arguments between Amazon and the government raise a key question of principle and fairness that should matter to us all. Namely, should a company—like Amazon—that bid high and lost, now get a do-over, especially now—as the IG’s report makes clear—Amazon received additional proprietary information about Microsoft’s bid that it should never have had. That’s what Amazon wants. The government rightly says no.

A central premise of the federal procurement system is that “full and fair competition“ on a “level playing field“ means that competitors are asked to make their best bids without knowing what the other has bid or will bid. That principle ensures that companies seeking to do business with the federal government offer their best price from the beginning. They can’t offer a higher price in the hope they’ll win the bid anyway, and then turn around and ask to bid again if they lose. Amazon is not asking to be on a level playing field. It’s arguing that the field be tilted in its favor.

Microsoft won the JEDI contract because the Department of Defense found that we offered “significantly superior” technology at a better price. Four months later, the Court stopped work on the contract based on an error the judge found in one part of the DoD’s procurement process.  The DoD then filed a motion to suspend the litigation for 120 days so it can very specifically address the judge’s concern—but without allowing Amazon and Microsoft to revise their original pricing.

That brings us to where we are today. The DoD is seeking to be responsive to the issue the Court raised in issuing the preliminary injunction. But that’s not good enough for Amazon. Amazon doesn’t want a solution that addresses the Court’s concerns and sticks to the original pricing in the competitors’ bids.  According to its brief, it wants no “constraint on the offerors’ ability to revise their pricing.”

This, according to the government, is a “a transparent effort to undercut Microsoft on price, now that [Amazon] has a target at which to aim.”  Amazon dresses its argument in the language of fairness and level playing fields, but the government’s brief looks right through it: “That AWS now regrets its pricing strategy is no reason to allow AWS a do-over, after it gained significant information about its competitor’s pricing, enabling it to use the currently prevailing information asymmetry to underbid its competitor in an effort to secure the contract.”

But Amazon does not just want to re-do its pricing now that it has information about Microsoft’s pricing. It wants the DoD to go back and broadly re-do its evaluation of many issues, hoping to rescue its losing proposal.  Amazon, as an unsuccessful bidder, lawfully received some information about Microsoft’s winning price.  The Inspector General’s report now reveals that Amazon also received Microsoft proprietary information it should not have received or used —information that the IG states could potentially give it “an unfair advantage in the cloud services marketplace.”  Now that Amazon has this retained knowledge of Microsoft’s proprietary information, a complete re-do can only hurt Microsoft and benefit Amazon.

We can all agree that bid protest cases, and the judges that preside over them, serve an important function in helping to ensure fair procurements. But Amazon’s suggested approach – bid high, lose, try again – isn’t fair.  It’s the opposite.

The JEDI procurement has lasted more than two years. The DoD reviewed our bid against eight distinct evaluation factors and 55 individual sub-factors. The department subjected our products and services to four individual test scenarios, which were composed of more than 78 individual steps. The result? We were rated equal or superior to Amazon in every evaluation factor.

There is a simple explanation for Microsoft’s victory – the strength of our technology, and our willingness to listen to and respond to our potential customers. More than 95 percent of Fortune 500 companies run Microsoft Azure. More than 10,000 government organizations are our customers. Much of the $1 billion (USD) we spend on security each year goes toward Azure. Even if you believe that Amazon may have started as the front runner, it’s clear our team worked hard to catch up and surpass them by investing in our technology and listening to the DoD.

What we learned and developed during the months leading up to the final proposal enabled us to better grasp the DoD’s requirements and what they were looking for so we could adapt our approach to best meet the DoD’s needs. Through the procurement process, we invested significant time and engineering resources into our products, we delivered new innovations including native edge devices that can withstand the challenging environments in which the DoD operates, and we demonstrated that we are capable of meeting their criteria at the best price point.

Our commitment to the DoD runs deep, and we believe our nation’s men and women in uniform deserve this technology now. As Microsoft President Brad Smith wrote in October 2018, “we believe in the strong defense of the United States and we want the people who defend it to have access to the nation’s best technology, including from Microsoft.” That guiding principle remains true today.

We are ready to help the DoD fulfill its important mission. Since we were awarded this contract, we’ve met every deadline established by the DoD. We were ready to move the first DoD early adopter units to the cloud on schedule on February 14. We’ll remain ready to serve the DoD as this process continues to move forward.

Amazon would have you believe that it lost the award because of bias at the highest levels of government. But Amazon, alone, is responsible for the pricing it offered.  As the government explained in its brief: “AWS and Microsoft each had a fair chance to build pricing for the entire procurement, based on their overall business pricing.”  Amazon did build its pricing for the entire procurement, and it wasn’t good enough to win.  And now it wants a re-do.  That’s not good for our war-fighters.  That’s not good for confidence in public procurement. That’s not good for anybody but Amazon.

Tags: Amazon, Defense, JEDI, Microsoft Azure, military

It’s critical when we’re facing crises that we protect our core values, including democracy. Democracies were already facing adversaries intent on using cyberattacks to disrupt our elections and democratic processes. Now, as the world battles the COVID-19 pandemic, we have seen, and others have reported, that nation states and cybercriminals are taking advantage of the crisis by using virus-themed phishing attacks and other techniques to attack critical institutions. We must assume they will use these techniques to target our elections as well.

Today, we are announcing several steps our Defending Democracy program is taking to help our democratic processes become more resilient in light of all these threats. First, starting today, we’re expanding our Defending Democracy Program to include a new service, Election Security Advisors, which will give political campaigns and election officials hands-on help securing their systems and recovering from cyberattacks. Second, we are expanding our AccountGuard threat notification service to cover the offices of U.S. election officials and the U.S. Congress as many are working remotely. Third, we are extending Microsoft 365 for Campaigns to state-level campaigns and parties. And, finally, we are publishing our public policy recommendations for securing elections, including ways to secure them while confronting the COVID-19 public health crisis.

Introducing Election Security Advisors

Today, as part of Microsoft’s Defending Democracy Program, we’re announcing a new service called Election Security Advisors, bringing Microsoft’s cybersecurity preparedness and remediation expertise to election officials and political campaigns. Through Election Security Advisors, campaigns and election officials will be able to choose from two offerings from Microsoft’s Detection and Response Team (DART). The first is an assessment of an organization’s systems and then providing expert help in configuring them securely to close any security gaps. The second is an incident response service helping these organizations find the cause of an attack, root it out and provide the direction required to restore their systems.

Microsoft founded the DART team in 2012 to provide proactive and reactive incident response and resiliency services to customers with the most challenging security needs, including investigation and remediation following attacks. The team currently includes a variety of cybersecurity experts including forensic investigators, reverse engineers and crisis experts across more than 33 cities on five continents who are able to rapidly deploy to customers around the world. These experts have been on the cyber front lines, addressing hundreds of incidents in 52 countries, spanning 26 industries and numerous government agencies. We published a case study of the team’s work today here.

Election Security Advisors is available today to all campaigns for federal office in the United States, state and local election officials, and private vendors serving the campaign and election community. These services have been packaged especially for the needs of the campaign and election community and will be priced significantly lower than comparable services for enterprises. We are also examining ways to bring these services to other democracies in the future. Those eligible for Election Security Advisors can learn more by emailing [email protected].

AccountGuard expansion

Since we announced our AccountGuard threat notification service in August 2018, we’ve expanded it to political campaigns, parties and democracy-focused non-profits in 29 countries around the world. It now protects more than 90,000 accounts. Starting today, AccountGuard is now also available to members of U.S. Congress and their staff as well as state election officials across the country, and sign up is available here. As many of these officials and their staff are engaging in their duties while working remotely, we hope this extra layer of security will help.

AccountGuard is a free service that notifies organizations of cyberattacks, tracking threat activity across email systems run by organizations as well as the personal accounts of its employees who opt-in. It’s open to Office 365 customers and can track threats targeting Microsoft’s consumer email services, including Outlook.com and Hotmail.  More on AccountGuard is available in our August 2018 announcement here. AccountGuard also includes access to cybersecurity training, and we’ve trained more than 1,500 campaign staffers and consultants on cybersecurity to date.

Microsoft 365 for Campaigns expansion

As we’ve continued to engage with those involved in the democratic process, one thing we hear routinely is that enterprise-grade email and filesharing services with world-class security are often too expensive for campaigns or are too difficult to set up and manage. Based on this feedback, last summer, we announced Microsoft 365 for Campaigns, bringing our best and most secure email services to political campaigns at the federal level.

Starting today, we’re bringing Microsoft 365 for Campaigns to anyone running for political office and political committees at the state level in the U.S., including those running for state legislatures and gubernatorial races. Those wishing to sign up can do so here. As campaigns and committees think about working remotely to support upcoming elections, we believe this will give them the world-class productivity, email, file-sharing and conferencing tools to do so in a way that’s affordable, easy to use and secure. Microsoft 365 for Campaigns provides the features of Microsoft 365 Business to these customers at a low price and with setup tools that help enable any campaign staffer to configure it securely for a campaign environment in about five minutes.

Policy recommendations

Today, we also published a set of policy recommendations and suggested actions government can take to secure the election system, including recommendations for conducting secure elections while addressing the need for social distancing to fight COVID-19.

To accommodate the possible need for social distancing leading into the November 2020 U.S. elections, Microsoft’s Defending Democracy Program is urging governments to

• Look at options like increasing access to absentee voting
• Enable curbside or portable voting solutions.

To enable absentee voting, states can, for example, waive the requirement that voters submit a reason for requesting an absentee ballot and allow people to request an absentee ballot online. Portable or curbside voting solutions, which exist today mainly to accommodate people with disabilities, should be expanded, which will require new tools like e-pollbooks that can ensure voters are eligible without being tied to a single polling place.

While COVID-19 is a new and unexpected threat to U.S. elections, it is certainly not the only one. Challenges of nation-state interference and concerns about the security of election systems were already at the forefront of many officials’ minds going into this year. To address this, the policy recommendations also lay out five specific suggestions for securing the elections in general:

• A paper trail should be required for all elections
• Election results should be confirmed through post-election audits
• Elections should be end-to-end verifiable, meaning voters and members of the public should be able to confirm the accuracy of results
• Consistent funding needs to be provided by the federal government, so that state and local officials know when they purchase new technology that they’ll have funds to keep it secure through updates and improvements
• Everyone impacted by cyber threats, including the election community needs to be part of the discussion about changing what’s considered acceptable behavior in cyberspace by joining multi-stakeholder initiatives like the Paris Peace Call for Trust & Security in Cyberspace

Of course, we don’t have all the answers, but we’re sharing these recommendations based on what we’ve seen as we’ve tried to offer new technologies to the community and based on discussions with other technology providers, election officials and the academic community. We hope others offer their suggestions and contribute to the conversation.

In closing, there’s one important note about today’s AccountGuard and Microsoft 365 for Campaigns news. Due to local regulations, we are currently unable to offer AccountGuard to state election departments or M365 for Campaigns in the following states at this time: Colorado, Delaware, Illinois, Oklahoma, Wisconsin and Wyoming. We encourage customers in those states to explore additional offerings here. In many cases, it’s law or regulation – not technical capability – that is preventing us from helping to secure democratic institutions as much as possible. We’ve been pleased that so many government officials around the world have worked collaboratively with us to break down existing barriers, and we’ll continue to work with government officials to find solutions.

Tags: COVID-19, Election Security Advisors, ElectionGuard, elections, Microsoft 365 for Campaigns, Microsoft AccountGuard

Amid the current need to continually focus on the COVID-19 crisis, it is understandably hard to address other important issues. But, this morning, Washington Governor Jay Inslee has signed landmark facial recognition legislation that the state legislature passed on March 12, less than three weeks, but seemingly an era, ago. Nonetheless, it’s worth taking a moment to reflect on the importance of this step. This legislation represents a significant breakthrough – the first time a state or nation has passed a new law devoted exclusively to putting guardrails in place for the use of facial recognition technology.

In 2018, we urged the tech sector and the public to avoid a commercial race to the bottom on facial recognition technology. In our view, this required a legal floor of responsibility, governed by the rule of law. Since that time, the issue has migrated around the world with a wide range of reactions, with some governments banning or putting a moratorium on the use of facial recognition. But, until today, no government has enacted specific legal controls that permit facial recognition to be used while regulating the risks inherent in the technology.

Washington state’s new law breaks through what, at times, has been a polarizing debate. When the new law comes into effect next year, Washingtonians will benefit from safeguards that ensure upfront testing, transparency and accountability for facial recognition, as well as specific measures to uphold fundamental civil liberties. At the same time, state and local government agencies may use facial recognition services to locate or identify missing persons, including subjects of Amber and Silver Alerts, and to help keep the public safe. This balanced approach ensures that facial recognition can be used as a tool to protect the public, but only in ways that respect fundamental rights and serve the public interest.

While regulation in this field will clearly evolve, Washington’s new law provides an early and important model. Some of the new law’s features are especially important.

Testing requirements

First, the law will accelerate market forces to address the risk of bias in facial recognition technology. Beginning next year in Washington, a state or local government agency can deploy facial recognition only if the technology provider makes available an application programming interface (API) or other technical capability to enable “legitimate, independent and reasonable tests” for “accuracy and unfair performance differences across distinct subpopulations.” In addition, vendors must disclose “any complaints or reports of bias regarding the service.”

In our view, this approach is both necessary and pragmatic. The risk of bias is real. Recent NIST research demonstrated that some facial recognition technologies have encountered higher error rates across different demographic groups. As documented in the  “Gender Shades” research, this problem arises when trying to determine the gender of women and people of color. As we’ve found, no customer wants to purchase a facial recognition service that is flawed. But, without the ability to subject these services to third-party testing, it is impossible to know the accuracy of the available technologies. Thus, market forces cannot work effectively to push tech companies to improve their technology as quickly as they should. Washington’s new law shows how regulation and market forces can move forward together in a way that advances innovation to meet public needs.

Transparency and accountability

The new law also advances two other ethical and human rights principles that are fundamental for all aspects of artificial intelligence (AI): transparency and accountability. Before a state or local agency can begin to use facial recognition, it must first file a public notice of intent and “specify a purpose for which the technology is to be used.” This ensures that the public is informed at the very beginning of the technology adoption process.

Perhaps even more important, the new law also establishes a thorough accountability model for public adoption of facial recognition technology. Agencies that use facial recognition must establish “a clear use and data management policy” (including detailed protocols that control how the technology will be deployed), data integrity and retention policies, and strong cybersecurity measures. They must also provide the public with information about the facial recognition service’s “potential impacts to privacy” and the service’s “rate of false matches, potential impacts on protected subpopulations, and how the agency will address error rates, determined independently, greater than 1%.” This is all subject to public consultation requirements, including notice and comment processes, and community consultation meetings.

The law also requires that humans, not machines, be responsible for decisions using facial recognition technology, which is an important check on how these systems can be used. For example, if the use of facial recognition would result in a potential denial of service, a human must verify the individual’s identity to avoid decisions based on false results. This obligation to ensure “meaningful human review” naturally requires well-trained personnel. The new law therefore requires that agencies must conduct periodic training for everyone who operates a facial recognition service or who processes personal data obtained from it. This training must cover both the capabilities and limitations of the service, as well as how to interpret facial recognition output.

Protection of civil liberties

Through some of the new law’s most important provisions, Washington state has become the first jurisdiction to enact specific facial recognition rules to protect civil liberties and fundamental human rights. While the public will rightly assess ways to improve upon this approach over time, it’s worth recognizing at the outset the thorough approach the Washington state legislature has adopted.

First, there is protection against mass surveillance. Under the new law, a public authority may not use facial recognition to engage in “ongoing surveillance, conduct real-time or near real-time identification, or start persistent tracking” of an individual except in three specific circumstances. These require either (1) a warrant; (2) a court order “for the sole purpose of locating or identifying a missing person or identifying a deceased person;” or (3) “exigent circumstances,” a well-developed and high threshold under state law.

Second, there is added protection for specific human rights. For example, the authorities may not use facial recognition to record any individual’s exercise of First Amendment rights. In addition, an agency may not use facial recognition based on a person’s “religious, political or social views or activities” or “participation in a particular noncriminal organization or lawful event.” Similarly, they may not use the technology based on a person’s “actual or perceived race, ethnicity, citizenship, place of origin, immigration status, age, disability, gender, gender identity, sexual orientation or other characteristic protected by law.”

Third, there are procedural safeguards for criminal trials. For example, authorities must disclose their use of facial recognition technology to criminal defendants in a timely manner prior to trial. This will provide defendants with the right to challenge the use of the technology if it’s flawed or was used unlawfully.

Fourth, there are detailed transparency requirements relating to civil liberties. The new law details public reports on the warrants that were sought and granted for the use of facial recognition. These reports include information on the number and duration of any extensions of the warrant, the agencies that sought the warrants and the nature of the public spaces where surveillance was conducted.

Putting Washington’s new law in context

Finally, it’s important to consider Washington’s new law in the context of the broader developments in AI that are both advancing the public’s needs and putting the world’s timeless values at risk.

First, a new law in no way absolves tech companies of their broader obligations to exercise self-restraint and responsibility in their use of AI. As of today, only one U.S. state out of 50 provides the public with the specific protection they deserve when it comes to facial recognition. The first question for the rest of the world is whether tech companies will step forward voluntarily to adopt and implement responsible AI principles. We should all hope that more tech companies will do so – and that customers will reward those who act responsibly.

Second, the new law is a testament to what legislative leaders can accomplish when they focus not just on whether facial recognition should be used, but how. Many facial recognition debates, including one that took place last year in Washington state itself, have foundered in gridlock over whether to ban this new technology. But, as this new law so clearly illustrates, there is so much to be gained from more thorough consideration of ways to protect the public from the risks of facial recognition by regulating its beneficial use. We owe a special thanks to the legislative leaders who led the legislature’s consideration of these issues, including Representative Debra Entenman and Senator Joe Nguyen, who also works as a Microsoft employee when not spending time in our state capital when the legislature is in session.

Ultimately, as we consider the continuing evolution of facial recognition regulation, we should borrow from the famous phrase and recognize that Washington’s law reflects “not the beginning of the end, but the end of the beginning.” Finally, a real-world example for the specific regulation of facial recognition now exists. Some will argue it does too little. Others will contend it goes too far. When it comes to new rules for changing technology, this is the definition of progress.

Tags: civil liberties, facial recognition technology, Privacy, privacy laws, Washington state

As the world grapples with COVID-19, local officials and businesses here in the Puget Sound are taking necessary and unprecedented steps to protect public health, ease anxiety and prevent the spread of the virus. Conferences and events have been postponed or canceled, large meetings limited, and employers are asking their employees to work from home. While these moves to stem COVID-19 are critical, we realize they come with an economic and societal price. A price that is especially high for those closest to the crisis and members of our community already facing health and economic disparities.

Last week, we announced in the Puget Sound region that we’ve asked our employees who can work from home to do so. While reducing the number of people on our campuses has also reduced the need for onsite support from hourly workers supporting our operations, we will continue to pay them their regular wages, whether their services are needed or not. It’s encouraging to see Amazon, Expedia, Facebook, Google, and Salesforce announce that they’ll do the same. As large corporations we can take this step and should. But not all businesses will be able to do so.

As our community focuses on public health needs during the COVID-19 outbreak, it’s important that we also rally together to address the unmet economic needs developing around us. That’s why we’re partnering today with the two largest broad-based regional foundations to strengthen the community’s safety net through this crisis. The Seattle Foundation, United Way of King County, Microsoft, Amazon and Starbucks, in coordination with King County and the City of Seattle, will launch a regional COVID-19 Response Fund (CRF) to address the emerging community needs of COVID-19. . Microsoft is making an initial $1 million anchor donation to help launch this effort immediately.

Given that the outbreak will impact many communities that are already facing health and economic disparities, the fund will provide financial support to nonprofits and community-based organizations on the frontlines of the response. This support will include rental assistance to keep people housed; help ensure children, seniors and families have access to food; and support healthcare workers on the front line.

In addition to contributing to the COVID-19 Response Fund, our employees want to and can play a vital role. We will encourage and facilitate employee donations to support these efforts, which will be matched by the company on a dollar-per-dollar basis.

Criteria for the initial emergency response stage are being developed to ensure the dollars are allocated in a targeted, agile and responsive manner where the dollars are needed most. Initial grants will support organizations doing work with priority populations, such as: people without sick leave or health insurance; medically fragile populations; hourly and gig economy workers; healthcare workers and people with limited English-language proficiency. The group will raise funds throughout the epidemic and recovery phases, to allocate resources as needs emerge and evolve.

Microsoft’s products and services can also play a vital role in supporting people and organizations through this crisis, especially for public health officials working tirelessly to reduce the impact of COVID-19 and businesses and universities that are moving to remote meetings and classes. Across the global economy, we’re working to enable people to work remotely without sacrificing collaboration, productivity and security.

While local philanthropy has an important role to play, the COVID-19 crisis requires more funding than the corporate and philanthropic sector can contribute. There is clearly a need for additional state and government assistance. We look forward to working with state, county and local leaders who have been playing such an important and vital role in recent days.

In times of trouble, the greater Seattle community has a strong track record of pulling together. This is a time that calls for the community to come together once again.

Tags: Health, Puget Sound region

As we’ve done in recent years, I’d like to share what we’re focused on for Washington State’s current legislative session, as well as share our reaction to one key November 2019 election result. As we’ve said in the past, we believe in the transparency that comes from publishing a preview of the positions we’ll be sharing with legislators as they work in Olympia.

As a company, Microsoft is committed to furthering policies that create new jobs, opportunities and innovations here in Washington State. With more than 50,000 Microsoft employees and their families calling Washington home, these goals and the outcome of the decisions made today aren’t abstract – they’re personal.

As we embark on a new year, we are more committed than ever to two chief objectives: 1. Ensuring Microsoft’s success contributes to the overall success of the state; and 2. Engaging with elected officials and our neighbors to find ways in which we can help improve the quality of life for everyone who lives or works here.

From the 2019 Election to the 2020 Legislative Session

1. I-976
2. Affordable housing
3. Data privacy
4. Facial recognition
5. Broadband access
6. Cascadia Innovation Corridor – High-speed rail

Looking through the joint lenses of economic opportunity and quality of life, we were disappointed in the passage of Initiative 976, which will eliminate billions of dollars of much-needed funding for major transportation projects, city-level street maintenance, transit services, ferries and state patrol services over the coming years. Microsoft was a major supporter of the diverse business-labor-environmental coalition that opposed this measure, and we continue to believe that investments in transportation infrastructure are critical for the vitality of our state in the years ahead.

What’s next: While I-976 clearly resonated with voters, we believe it offered a false promise, namely that important transportation and transit service funding could be slashed without impacting the quality of life for Washingtonians. In the coming weeks and months, we’ll be engaging with the public entities that will have to further prioritize their expenditures as a result of the new shortfall created by I-976. Our hope is these conversations will be forward-looking and productive and will help identify strategies to keep our state moving forward.

Turning now from the ballot to the halls of Olympia, I’d like to share a few thoughts on where we stand on the key issues that the legislature will be tackling in its upcoming 2020 session.

We believe a lack of affordable housing presents a real barrier to many who are looking to become full participants in their communities. Today, this housing shortage is reaching crisis point in a number of cities across Washington. It’s the reason why, in January 2019, Microsoft announced a $500 million commitment to support the creation of additional affordable housing options. Earlier this month, we announced an additional $250 million commitment to affordable housing in the form of a line of credit to the Washington State Housing Finance Commission, bringing Microsoft’s total commitment to $750 million. This additional capital will create an estimated 3,000 additional units of much-needed affordable housing.

We also announced $55 million in investments and grants towards our original $500 million commitment. This brings our total to $380 million allocated over the past year to support the preservation or creation of over 6,500 affordable housing units in the greater Seattle area.

We were gratified to see the legislature similarly increase the state’s commitment to the Housing Trust Fund substantially, to $175 million for the 2019-21 biennium. But we must also work together to enact public policies that will build on the positive impact of these and other investments. Public and philanthropic funding alone will not solve the problem.

Last year, lawmakers enacted HB 1923, providing incentives for municipalities to adopt policies that encourage increasing local housing stocks.  We must do more of this, by pursuing a broad range of actions at all levels of government to enable and encourage development of more housing across the spectrum of affordability, but particularly for middle-income residents. One important tool to support this goal would be an extension of the Multiple Family Tax Exemption, which would maintain and expand the existing stock of affordable middle-market housing options.

What’s next: Microsoft will continue to work collaboratively with others in both the public and private sectors to support the creation of a larger supply of affordable housing.

While our state’s housing affordability crisis is the direct result of local economic trends, the need for Washingtonians to enjoy greater privacy protections for their personal data is a direct result of global economic and technology trends.

We have long advocated for state legislators to enact a data privacy law to protect Washington State consumers. As Carol Ann Browne and I wrote in our recent book, Tools and Weapons, at Microsoft we view personal privacy as a fundamental human right. We acknowledge that Microsoft and other tech firms have a responsibility to own the consequences of the technologies we create. We also recognize that we can’t do it alone. We need government action to provide common guardrails across the industry.

Since the 2019 legislative session, legislative leaders have been working on new data privacy legislation for consideration in the upcoming legislature. We believe that it’s important for Washington to enact strong data privacy protections, not only for the benefit of all state residents, but also to demonstrate our state’s leadership on what we believe will be one of the defining issues of our generation.

For our part, because of our commitment to privacy, Microsoft is taking an important step on the self-regulation front. We will voluntarily extend the core rights given to California residents by the California Consumer Privacy Act to our customers nationwide.

What’s next: We will continue to work with interest groups including consumer advocacy groups, to encourage legislators to bring robust privacy protections for consumers within state law.

A related issue is the need to begin addressing the responsible use of facial recognition technology. This technology has many positive potential applications and allowing its continued use will allow others to emerge.  However, we need to preserve those benefits while simultaneously imposing rigorous regulations to restrict bias, discrimination and uses that could impinge on our democratic freedoms.

What’s next: This is another critically important issue on which Washington state could serve as a model for the rest of the nation by enacting a thoughtful regulatory framework. To that end, we will continue to work with legislative leaders and all interested stakeholders in pursuing facial recognition legislation, either within the context of a broader privacy bill or as a separate measure.

Another challenge facing the digital economy is that not every community has the ability to take full advantage of the opportunities that the digital economy provides. Too many rural communities in our state and across the country don’t have access to the latest broadband communications.

The legislature took a major step in addressing this problem in our state by creating a new State Broadband Office and appropriating $21.5 million to offer grants and loans to spur deployment of broadband in underserved areas. We applaud both their commitment to this effort and their announced intention to invest another $80 million in the coming years.

What’s next: At Microsoft, we share lawmakers’ commitment to increasing access to broadband. Through our AirBand initiative, we will continue to work with local partners on targeted investments to bring the power of artificial intelligence and cloud computing to more Washington businesses, farms and families. And we will continue to work with the new State Broadband Office to identify other ways in which we can help.

But, while broadband communications can facilitate new relationships, sometimes face-to-face interactions are needed to build on those relationships. And that’s where the Cascadia Innovation Corridor comes in.

We continue to believe Seattle, Portland and Vancouver can accomplish more by collaborating than they can by working independently. Such collaboration will strengthen our position as North America’s gateway to Asia and further establish the region as a global center of innovation and trade.

As discussed at a recent major high-speed rail conference held on our Redmond campus, high-speed rail would unlock stronger partnerships between businesses, educational and research institutions, non-profits and governments in these three markets. But that’s just the beginning. Shrinking the time it takes to travel between these hubs will help accommodate the tremendous growth that has occurred throughout the Cascadia corridor, reduce freeway and arterial congestion, and reduce greenhouse gas emissions. As additional communities are efficiently linked to major employment centers, employees would enjoy increased access to more affordable housing choices and employers could draw from a broader pool of potential employees.

Initial feasibility studies confirm the economic viability of the proposed high-speed rail system. But there are financing and governance questions that need to be addressed in order for the project to move forward. And that’s why it’s so important to continue the momentum that is building for this system.

What’s next: We will collaborate with the other funding partners in the current development work to identify funding, financing and governance strategies that will allow this project to become a reality. With these strategies identified, legislative champions will have the framework necessary to enact legislation in 2021 that authorizes Washington to help create a multi-jurisdictional authority to begin tackling these challenges.

These are, of course, just a few of the issues lawmakers will be tackling in the coming weeks. But they are issues of great importance to our business, our employees, our community and our future. We look forward to engaging constructively and transparently on these issues and others.

As always, we are eager to get to work finding solutions to the challenges ahead and welcome your feedback and ideas.

Tags: affordable housing, Airband initiative, broadband access, Cascadia Innovation Corridor, data privacy, facial recognition technology, high-speed rail, Initiative 976