Challenges in Digital Technology Then and Now

Welcome to my site Challenges in Digital Technology Then and Now I will share with you Challenges in Digital Technology Then and Now

digital technology Microsoft

Challenges in Digital Technology Then and Now

digital technology Microsoft should say Br adjoined Microsoft in 1993, which may be several eras ago in internet history. He took up legal affairs in Europe for Microsoft, when he first started, and then took a path that led him through being general counsel of Microsoft, later president, chief legal officer, chief compliance officer– some simultaneously concurrent, rather than consecutive sentences, as it were– and is somebody who has, during that entire time period, not just done all of those jobs, with respect to the company and its both internal operations and external-facingambassadorial roles, but has been thinking a lot about the evolution of technology.

I first encountered Brad atone of several propeller-hatted legal and tech conferences, where Brad would be presenting a paper, along with everyone else, adjoining the debate as fulsomely as everyone else. And I think he’s considered these days, indeed, a sort of dean ofthe US tech sector.

And very pleased to have achance to talk to you today, so thank you, Brad, for joining. Well, thank you, Jonathan. You and I have had thechance to, as you mentioned, interact so many times,usually in person. It’s great to see you today,and I look forward to the day when we can be in the sameroom at the same time, at Harvard or somewhere else. Indeed

. Well, thank you. So just to start off, I wantto go back to that sweep that I mentioned inyour bio for how long you’ve been thinking aboutthese issues and kind of in the midst of them. And I can’t help on the academicside but think of it almost as bookended by a 2001article you wrote on the third Industrial Revolution,”Policy-Making for the Internet.” I don’t know if Klaus Schwabor the World Economic Forum just wanted to one up youwith the fourth Industrial Revolution. I assume at some pointyou’ll have the fifth. But looking at that article andyour most recent book on tools and weapons asbookends to this, I’m wondering ifthere’s anything you would want to tell yourformer self back in 2001, or even 1993, with all ofthe benefit of hindsight from today.

And I say that assomebody who, in kind of looking over thosebookends, there’s a lot that’s consistentbetween the two of them, including both a desire foran effective self-regulation, and failing that,a willingness, even an encouragement, to governmentsto actually play a role. But I’m wonderingwhat you’d want to tell your former selfthat maybe you figure you wouldn’t have known then. Yeah, I think the thing thatis interesting to consider is just how the issues thatyou’ve been working on, that others atHarvard and people like me have been workingon in the tech sector, have just gotten biggerand more impactful and more an issue abroad publicattention each and every year

. I think you captured the phrasewell when you and I first crossed paths. Let’s just say it was anarrower and more geeky crowd. And we intersected with twosets of geeks, technology geeks and legal geeks, orlegal and policy geeks. That 2001 articlethat you referenced came out of a setof lectures I gave at the Hague Academyof International Law in the year 2000. And at that pointit was a rare day that you would see somethingaround tech policy in The New York Times, or say somethinglike Time or Newsweek, the major weeklypublications of the day. If there was somethingin that space, it was a big antitrustcase against a company like Microsoft

And what has beenso interesting is to see two things evolve overthe course of, say, 20 years. The first is theseissues become so part of the popularpublic conversation for the simple reason that theyimpact everybody so broadly. And so, yeah, I would havegiven myself advice 20 years ago to think even earlierabout how to make these ideas approachablefor other people and not just interestingfor the deep conversations that, say, technology geeksor academics need, really, to have. But the second thing thatI think is interesting is, to go back intime, so to speak, I remember in thelate 1990s, there was no such thingas a privacy lawyer, for the simple reasonthat there was barely any such thing as privacy law. There was just a Europeandata protection directive that was enacted in 1996. And now you meet peopleall the time who say, I’m a privacy lawyer.

And I think if youtake those thoughts and you put themtogether, I think the real relevance for,say, students at Harvard Law School or anywhere elsetoday is that we’re seeing new fields born,including in the legal field. There clearly will be people 10,15 years from now who will say, hey, I’m an AI ethics lawyer,an AI human rights lawyer. And yet I will say the needfor a broad perspective, even while these fields continueto proliferate and deepen, will remain. And I think that’s what you’vealways brought in your work. It’s what I’ve tried tobring together with others.

So let me ask specificallyaround privacy– perhaps around security, too,of course they are distinct– if I’m a member of the public,typically reading Newsweek– I remember Newsweek back in theday, and its equivalents now– and seeing some ofthese tech issues occasionally pop intobroader consciousness, if I’m looking atthat sweep, it’s not as if privacy,quote, “got solved.” In fact, if anything, it feelslike it’s gotten more difficult and I’m feelingless secure online, despite the lawyersthat have been working on it, that may becynically would say because of them. But both from a securityand privacy point of view, if we just went byheadlines, it would seem as if we’re barelyholding the line, or maybe even falling behind.

And that’s despite, forexample, in the security front, Microsoft startinga trustworthy computing initiative all thoseyears ago saying, wow, we’ve really got torethink these architectures. And I’m curious, is that justa headline-grabbing thing, or how would you characterize? Is it possible to characterizethe slope of the curve for privacy for theaverage consumer today? Well, the firstthing I would say– again, sort of drawing ona broader perspective– look, once something becomesimportant in public life, it very seldom everreally gets solved, which is to say the issuedoesn’t really go away. Civil rights hasn’t been solved.

Voting rightshaven’t been solved. Immigration hasn’t been solved. World hunger hasn’t been solved. Certainly diseasehasn’t been solved. If you were to goback to the year 1900 and look at the questionspeople were talking about, especially at the dawnof the progressive era, you would find adefinite similarity between those questionsand the questions people are asking today. The nature of thedebate, the advances, of course they’ve beenenormous, but the issues never really, in my view,typically get solved. Now, having said that,privacy has advanced.

I mean, there’s morethan 100 countries that have privacy laws,and 30 years ago it was you can countthem on one hand. So the field has advanced. There are moreprotections in place. But of course, as technologyhas become more ubiquitous, I think you could also saythat the challenges to privacy, perhaps even thethreats to privacy, have actually become morepronounced at the same time. And I think that explainswhy it hasn’t been solved. Yeah, it’s certainlyharder these days not to have somethingrecorded and shared than it is torecord and share it, and that is a definite flip.

And I guess maybefor many consumers, without even maybe having aworked out sense of privacy injury, there’s oftenmaybe just privacy surprise when paper of record doesa story about location data and how much your locationdata it turns out as share. I had no idea of Farmville. I thought it was a virtual farm. Why do they need to knowwhere I am at all times in order to play theirgame kind of thing? And it conjures up a visionof the ducks serenely going across the pond whileunderneath, the feet are madly paddling, gatheringdata, processing it, in what otherwise feelslike an organic experience. And I guess, just tyingit back, of course, to the public health topicthat looms over all of us at the moment,I’m curious if you have a sense of what it wouldlook like to responsibly repurpose the commercialinfrastructures built around data sharing– the advertising and targetedand all that kind of stuff– for which there may besome sense that it’s time to trim that back. And some of that data absolutelyis personal health information. It’s personally sensitive. Yeah, and in some ways,some of the governments that I’ve seen bethe most effective have, frankly, just been reallygood at managing their hospital capacity, knowing wheretheir ICU beds are, knowing whetherthey’re occupied, knowing how long a patienthas been in that bed, knowing what thatpatient’s ailment is, knowing, in particular, whetherthat patient has COVID-19. I had a conversation withthe prime minister of Greece. He can sit in his office athis home, look at a laptop, and see a dashboard that hasdata, real-time, on all the ICU beds in the nation of Greece. So that’s one example. There are other examples whereyou’re seeing mobility data

You have just aggregated andused, in really important ways, by governors inthe United States, by mayors, to try to know,are there social distancing measures working? In other words, arepeople staying home? And that is a verygood indicator. As we get more into this, we’reseeing additional questions emerge, additional toolscreated, including, obviously, things like apps for tracingand tracking and the like. And that’s where youhave potential tensions between privacy forpeople and the protection of public health. That’s what led us to publishseven privacy principles. You all have focusedvery similarly at Harvard and elsewhere. And I actually think thatit’s a really good indicator. If you look at bothof these issues together and take a principledapproach, protection of public health,protection of privacy, you can start to synthesizethese two at the outsetAnd I think Googleand Apple have done a very good job in openingup their platform in this way. And then you’ll get other issueswhere there is real friction or tension, and that’s where, Ithink, public authorities need to decide, based ontheir local values, how they want to strikethe balance between privacy and public health

. And in ensuringprivacy, there have been tugs of war over theyears, the encryption battles, the classic case of theSan Bernardino iPhone, in which Microsoft weighedin on that dispute, largely, if I’m notover simplifying on Apple’s side in that debate. Yeah, we did. Yeah. And I’m justwondering if you have a sense of the blend ofprotections for privacy, as against government abuse– how much of that blend iswise laws and agreements and legal institutionalstructures versus just making the technology such that it’sself-protecting as much as possible, that we’vegot various forms of technological separation,encryption, data minimization, so that even if agovernment was of a mind to go beyond whateverit had promised or to disregard whateverinternational consensus there might be, thatgovernment simply can’t do it. How do you think aboutthat kind of blend? Well, I think technology isa powerful tool, including for protecting privacy. But we do live in a worldwhere the rule of law does override the codethat people write. Now, ultimately,the laws of physics tend to trump everything,and if it can’t be done, it can’t be done. But if you look at whatAustralia did a year ago, for example, theydid pass a law that imposed on, say, cloudservice providers and others additional legal obligations,in certain circumstances, to decrypt. And so I think thingslike encryption have proven to be offundamental importance.

The whole industryshifted rapidly to encryption atrest and encryption in transit for data in 2013in the wake of the Snowden disclosures, and therehas been this debate ever since aboutwhether this was unduly undermining the effectivenessof law enforcement and national security. But I would just say,at the end of the day, governments do prevailwithin their territory. And they can set the terms forwhether a company can offer a service to the public there,and they can put a company in a position of thenjust having to decide, do I go there or do I not? And the same is true for data.

We make careful decisionsbased on elaborate human rights reviews before we decide to puta data center in a new country, before we make decisions aboutwhether to store consumer data in the datacenter in that country. Because once the data isthere, the government’s law is going to be applied, ifthe government so chooses. One possibly subtledistinction that may be worth brieflymaking is a sense that the San Bernardinocase was really just kind of anappetizer, in the sense that if the government had,using exactly the power and authority asyou’re talking about, ordered Apple to make effortsto get into that phone, Apple, for that particularphone and technology, was in a position to do it. Later versions of thatphone, and generally there is an evolutionof technology, I can discern sometimesattempts by the companies to just design thetechnology so they’re in no particularprivileged position to decrypt if they’re askedto, that the data is stored encrypted and there’s nokey held by the company, and there’s new technologiesto still make it useful, even if the companyitself can’t get to it. I imagine the response to that,if a government is feeling like it reallywants access, would be what you calltechnology mandate, saying you’re just not allowedto build a service, or even a product, thatdoesn’t keep the keys somewhere in a back pocket atthe company making it. And I’m just curious,just in your crystal ball, do you think we’ll seethose kinds of technology mandates become common? I think it’s a reallyinteresting question, and your thoughts forthat matter, as well, because you’ve beeninvolved in this, obviously, as long as I have. It is so interesting onthe encryption debate because it tends to becomean issue front and center. You think it’s going to come toa head, and then it dissipates. There is never really thatmuch of a successful effort, at least, to evenidentify whether there is potential common ground. It is an issue that doestend to drive people into their corners. Yes. Basically, the privacyadvocates, and typically with the tech companies,explain why were opposed to technology mandates.

Law enforcement usually thenis quick to parade its parade of horribles, in terms ofterrible crimes that are, indeed, heinous, and theymay feel that they cannot investigate and prosecute. And then there’s a lot of dramaand then the chapter ends. The next chapter sortof starts the same way. I think the realquestion in some ways is, why have we seenthat for a decade without the kinds offorcing functions, or even of some meeting ofsome common ground? Is it just a casethat this issue is so binary that that’simpossible, or is there some other aspect? And what do you think? Well, I think that I findmyself sympathetic to having in the blend technologicalprotections that, at the very least, represent abright line of paint on the side of the road. So everybody’saware if that line is being crossed, maybewith a warrant, maybe not.

But you can establishboundaries and code that can reinforcewhatever boundaries seem wise in corporatepolicy, or ultimately in law. But it’s also true that iftoo much stock is placed in the code as the lastrefuge of protection, it also then creates akind of digital divide, that the people who knowhow to just tweak just so. I mean, bless somethinglike PGP, Pretty Good Privacy, an elderlyplug-in, at this point, for securing email andother documents and the end. But an average user trying toget pretty good privacy going, it’s hard. And I think whatit would mean is it might be nice to come to anaccommodation about what would even be offered by default soyou don’t have to be a rocket scientist in order to enjoy thehypothetical protections you could, if only you knew howto configure the technology. I’m mindful of our mutualcolleague Bruce Schneier, who, at one point, securityexpert, decided he wanted to set up adefinitively secure laptop and ended up in thesame place all of us have been, with customersupport and drivers that don’t work, and allof that kind of stuff, and that’s a cross-platformkind of issue. Yeah. I actually think thatobservation is important because I think it doesexplain why this issue doesn’t come to a head. I think you do see more techcompanies create strong privacy protection features, butthey’re not necessarily turned on by default.

Yes. And I think it turns out thatcriminals are not the smartest people on the planet. And so I think on manydays, law enforcement is able to get what itactually needs to get, because the user who iscommitting a criminal act didn’t turn on theprivacy protection. Yeah. A strange analogcounterpart to that in the Americanconstitutional context is the famed Miranda Warningthat says, anything you say can and will be used againstyou, from the ’60s Warren Court and known to watchers ofLaw and Order worldwide. Is an important right. You’ve gotta say those magicwords to a person under arrest or anything they later say maybecan’t be used against them. At the same time, whilethat is a right, as you say, many criminals talk anyway.

You can imagine a stationhouse lawyer, whose only job is to sit inthe police station, and as the peoplearrested are brought in says, hi, I’m willingto be your lawyer. And here’s my onlypiece of advice– I’ll put it on a card–don’t say anything. And that would probablyhave a material impact on what the police could elicitfrom the people they arrest. And my guess iscivil libertarians, who among us feel verysupportive of Miranda, all right, we’ve got tothink through additionally whether we would reallywant it to work that well, understanding, though, thatwe fight for it as a right. It’s a similarthing about defaults and that sort of thing. Yeah, that’s a good point. Now, there’s another areajust worth bringing up, that if it had been,if we were in 2001, would probably be thefirst one, and that’s copyright and the open code,intellectual property, which maybe over the years hasreceded, even though, as you’ve pointed out, it’s not like itwas ever definitively settled. And there’s such aprovocative, interesting quote from Tools andWeapons, in which you say Microsoft had been onthe wrong side of history. And what a just fascinatingobservation, kind of reflection to make. And I’m just curious,looking at things now, how to think throughthe role of copyright, or even later, patent.

I remember once at a conference,it was surprising to me at the time, yousaid, yeah, we’re not thinking so muchabout copyright for code. But patent, that’skind of interesting. And I’m justcurious, as you think about the development ofintellectual property law, with respect to code, andmaybe for data protection, if you want to unpacka little bit more how your thinking has evolved. Yeah. The first thing I would say isone of the interesting things about intellectualproperty is that it has four distinct fields,patents, copyrights, trademarks, and trade secrets. And it, for many, worksThey’re going toprotect not only against the copyingliterally of code, but of the essentialexpression in it. And then the SupremeCourt was less than enthusiastic about that andpeople shifted the patents. When I started atMicrosoft in 1993, there were probablyonly two patent lawyers. It wasn’t just because wewere a smaller company, it’s because patents were notthought to be as important. And then the early 2000s sawan explosion of patent law. And then slowly, butsurely, the power of patent protection forcode was whittled back through a combinationof judicial action and congressional reform. That’s a zone in whichMicrosoft is both the hunter and the hunted, right? I mean, Microsoftcould just as easily find itself defending againsta patent infringement suit as making one. Well, one of the thingsI’ve always really liked about working at Microsoftis because our business is so diversified, onany one of these issues, we have a foot in each shoe. And that forces us to thinkabout it from both sides. It definitely doesn’tmean we get it right, but it’s a really positivething they have to do. The specific referenceI made in our book was that we were on thewrong side of history, and I personally was definitelyon the wrong side of history. It was really areference to open source. And Microsoft as acompany in the early 2000s leaned in on patentprotection, specifically to protect what we sawas the valuable features in Windows, in termsof what it meant to see something like Linux. And ultimately, weended up concluding that it wasn’tjust about getting on the right side of history,it was getting it right. And getting it rightbasically meant becoming part of theopen source community, even if it didn’t mean thatall of our code is open source. But like any big techcompany, not all of its code is open source. But we now contributemore code to more projects that are open source thanany company on the planet. And I think as you look atdata in this whole next trend, in terms of wheretechnology is going, we’re now advocates foran open data movement. We launched acampaign a week ago. We call it theOpen Data Campaign. We published opendata principles. We’ve committed ourselves to20 open data collaborations in the next two years. And I would say,broadly speaking, success and technology thesedays is about innovation, meaning moving faster. It means aboutbuilding an ecosystem, and that meanscollaborating more broadly. All of this is much morelikely to influence success than the ability to lock up,so to speak, your inventions. Doesn’t mean that it’snot important to have patent protection in avariety of spaces or fields, but I just think the indicatorsof success have really changed. Let’s just talk harmfulcontent for a moment. And again, an evolutionfrom the early days. As best I can tell, it’salmost like a couple eras. The first I describe,in American terms, as a rights era, in whichoften the sensibilities among the technical folks andamong some of the companies was we’re here toempower the user, and then kind ofget out of the way. We give you an operating system. You want to load Napster onit, that’s your business. Maybe we don’t approve of it,but the recording industry, don’t come to Microsoftexpecting Microsoft to shoot down Napster onWindows installations, as if it were malware,because that’s not our job. And maybe startingaround 2010, I’d identify a newthread that is now sharing the spacewith the rights sensibilities, which I’dcall, first metaphorically– and today, it’s hardnot to be literal about it– the public healthsensibility, which says instead of it being paramountfor companies to let their users justdo what they want, have encrypted conversationswith the people they want to talk to, run thesoftware they want to run, collect the datathey want to collect, now it’s, gosh, these companies,they shouldn’t be abdicating. They need to be taking a moralstance about the behaviors they facilitate andshould do something. And as you say, Microsoft hasso many different services and areas in which it operates.

Maybe the one mostclearly amenable to feeling thesharpness of that debate would be in a searchengine, like Bing. And I’m curious how youthink about what role the company’s own sensibilitiesshould have on good content, bad content,misinformation, not, versus just being a vesselfor Window onto the web and what people findis their own business. Well, I think there’stwo broad themes that are worth reflecting on. The first is that not alltechnology is the same, and the second is that even thesame technology should perhaps be treated differentlyas technology evolves in different moments in time. When I think about technologytoday and the obligations, either informally orlegally under the law, a technology suppliershould assume, I do tend to think ofthree distinct categories.

One is platform, space. Second is, especiallywhen you’re talking about content,communities, really social media. And the third is search. And we’re in all three spaces,not with equal success, but we’re in all three spaces. We have Windows and Azure ashugely important platforms. LinkedIn and GitHubare both really popular community-oriented spaces, asis something like Xbox Live. So we have a numberof places where people share comments andeven content with each other. And then, of course, we’ve gotBing with the search engine space. Then if you put this in thecontext of time, in the 1990s, the sense was, look. Let’s give all technologypretty much a pass. That’s what Section 230 of theCommunications Decency Act did. And I think it did it forgood reason at that time. These technologies were young. Nobody really hada model for how to impose any kind ofbalanced regulation on them. There was a real danger thatregulation would choke them off before they hadthe chance to grow.

Certainly in 2000, you sawthe pendulum start to shift. I would say 2019 wasa watershed year. It was a watershed year,I think, for two reasons. First and mostimportantly, in the wake of the Christchurchterrorist attack, the Australian government,and then others, really move forward with muchmore aggressive regulation, so much so that if you don’t getextremist violent content off of your service expeditiouslyunder Australian law, your executives risk threeyears of imprisonment and your companyrisks paying a fine equal to 10% of its revenue,worldwide, potentially. So that gets people’s attention. And then second, I thinkreally led by, frankly, good reporting byThe New York Times, there is more scrutiny ofthe tech sector, including Microsoft, askingwhether we were really doing a good enough job tocombat child exploitation. And the answer was no. We needed to do more. We continue to domore and we continue to need to do even more. So I do think search,in particular, has certain sensitivities. Because I think if you can’tfind something on the web, you’re almost denied yourplace in the public square, and I think that counsels, Ithink, for a less restrictive public policy for search. I do think that in thesocial media space, and we saw itafter Christchurch, whether it was for Twitteror YouTube, the two biggest platforms, but also forthose like LinkedIn, we did recognize that there werecertain places where we needed to impose the ability tointerrupt live streaming, exercise some more control overthe nature of live streaming. And yet, I think we’ve alsowisely decided that it probably doesn’t make sense to impose thesame granularity of obligations on the platforms because thenyou have two people trying to police the exact same thing. So I actually think there’sbeen some interesting progress.

There’s been new ideasemerging, some new consensus. The Christchurch Call for Actionhas more than 50 governments on board, as well as really thewhole big tech sector, at least in the big tech companies. And it’s not aSection 230 model. It’s a model that says, we dohave certain responsibilities and we’re going tofollow through on them. What’s been interestingto me is to see– maybe a company in the eraof rights and public health– is an emergingthird era I’d call– it doesn’t have the best name–process or legitimacy, which says that as companiessay, all right, we’ve got to maybe bemore involved here and we’ve got toapply principles, and those areinherently value-laden, what are some of the externalsources, the compasses we can turn to so that not everyvalue-laden decision is treated as a customer service issueinternal to the company? And I think of Facebook’sstill standing up external review boardfor its content decisions as a first effort in thatarea of seeing how it still might be a decisioneffectuated by the company, but one very much more porousto outside decision-making, in this case literallytaking some of the authority Facebook would otherwise haveand having an outside group populated to make it.

So I don’t know ifthere’s anything in your I think that’s aninteresting insight. I think what itreally suggests is we’re on a path towardsgreater regulation. If you’re going to surrenderyour decision-making responsibility to a groupof unelected officials, does it makeultimately more sense to have elected officials,or at least people who are appointed by government officials who, in turn, are elected to reflect thepublic well, obviously, and especially indemocratic societies? Yes. Because these are, ultimately,I would say timeless values. And something likethat review board is an interesting way oftrying to run down the middle and say, well, maybe it won’tbe a government body doing it. And of course the kindof speech restrictions that privatecompanies might impose on social media, at leastin the American context, would be nonstartersunder the First Amendment, if the government didit, but still, again, having it both be externalto the company but not an artifact of the government. And I don’t knowif that’s the best or the worst of both worlds. Well, I think whatyou’re pointing out, and I think it’sa good point, is the United States is reallyunique with the First Amendment. If you take you 200nations and rank them from left to right,in terms of which is the most protectiveof free expression and which is the least,yeah, it is one area where the UnitedStates is always the most protective of freeexpression because of the First Amendment. And there’s a lotof great things that have come out of that.

But I actuallythink in the world today, if you’re aglobal tech company– if the UK and Germanyand France and Australia and New Zealand and Japan andCanada all pursue a common path and they all regulatecontent more than the First Amendment would permit theUnited States government to do, I think, frankly, mostcompanies are going to snap to a global standard. And you are goingto see regulation, and in fact, we areseeing regulation. It’s just less likely to bedriven by the United States government, especiallyat the national level. It calls to mindthe observation

. I forget if it was JohnPerry Barlow or John Gilmore who said on theinternet the First Amendment is a local ordinance. One last question before we turnto some of the questions that have entered thequeue, and that is another comparison betweenall those years ago and now. And you said there are justa handful of patent lawyers. There were also a handfulof government affairs folks at Microsoft, and Ithink the American West Coast, whether north or further south,had a sense of being apart from all those games inWashington kind of thing. And I think maybe oneof the big milestones in your professional career andin the development of Microsoft as a company, in the wake ofthe antitrust case, was saying, it’s time to make peace. It’s time to actuallytake seriously what’s going onwith governments, and that’s even reflected inmany of your reflections today.

And I see, for example– this is worthy of inclusionin your bio at the outset– you chair a nonprofit,kids in need of defense, providing pro bonofree legal support to unaccompanied immigrantchildren facing deportation in eight of the largestUS seated cities. That is both a clearcouldn’t be a more classic pro bono activity fora lawyer to undertake. It’s also a politicalact in this environment. And I juxtapose thatwith the observation you’ve made that when actingin the political realm, getting thingsdone means you have to deal with theworld of politics, and politics isabout pragmatism, not just principle alone. And I’m just wondering howyour thinking has evolved in squaring both corporatepolitical activities, donations, lookingto be able to be an effective actor inthe company’s interests and its values whenthat might mean supporting politicians thathave a very different matrix of commitments and priorities. And further, youreferenced heading up Microsoft as being more deanor provost to the university, rather than CEO of acompany, that there is a lot of viewsunder your roof that the employees might have. So I don’t knoweither if there’s any thoughts you have onthose external relationships with government,and when it’s time to act on what you’dview as principal and when it’s time to beable to bend not break and be a pragmatist, and what itmeans to have corporate values, knowing that you’ve got auniversity’s worth of people underneath that may all havevery different sensibilities. Well, I thinkyou’ve just captured so many really interestingand important elements. And I guess I would justoffer three pieces to it. First, I do think it’s justreally important in a company today, at least aswe aspire to lead it, to have good listeningsystems and to hear from our employees,as well as groups outside the company, includinggroups like the Berkman Center, which have been really importantand influential, in terms of our thinking over time. It doesn’t mean thatyou agree with everyone, because you cannotagree with everyone.

The diversity ofviews is so vast. But you wouldn’tlisten to everyone. Because I think when you do,you come to understand better the problems you need to solve. We tried to go from thatunderstanding to then the articulation ofdefined principles that will guide our work. And those principles alwaysmean that we will do some things and we won’t do others. And there are always peoplewho disagree with the decisions that we make, and they do itfor all the right reasons, out of great sincerity. But I do find evenwhen they disagree with our ultimate decision,they do value the fact that we have sought toarticulate principles, and they know in amore transparent way where we’re going. So that’s the first thing. The second thing is this blendof principle and pragmatism, I think, has been a reallyinteresting challenge, I’ll say, especiallyduring the last four years of American politics, witheven a more polarized, public, and electorate. And obviously, leadershipin the White House, that is very different from,I’ll just say, the opinions that we tend to hold onsomething like immigration. And what I’ve foundis the best way, in that particular context, toblend principle and pragmatism, is to get comfortable just saying what we think, not hesitating if it will leadto a disagreement, but frankly, always staying focused onthe policy and the merits and not on the peopleor the personalities. And always to give creditwhere credit is due, but also be quickto identify where we want to take a different stand. And so like evenover the last month, every time we’ve gone to theWhite House in the last month and asked for help toget surgical supplies into the country to expeditean importation process to solve a practical problem, theteam at the White House has been quick to respond,effective in its efforts, and we’ve been quick to saythank you, not just privately, but to acknowledgethat publicly. That might be Monday. But by Thursday, there’s thelatest immigration proposal, and you just sortof go, oh my gosh. Do we have to do this yet again? And it happened onyour green cards over the last coupleof weeks, and we were equally quickto say, we don’t think this is the right course. Even, interestingly,on the issue of DACA, we’re the one company that hassued the federal government, not just as an amicus,but as a plaintiff. We are a plaintiff, with Princeton university and a Princeton now alumni,in the Supreme Court. And yet we’re ableto balance those two. And I just find as people get– if they know what you’re goingto do, if you’re predictable, and you don’t make it personal, you can blend principleand pragmatism. I will say you have this addedfeature in the United States.

As we all know, US politicsis based, to some degree, on people writingchecks for donations, including from a politicalaction committee, like the one wehave as a company. And the hardest thingthere is almost inevitably, almost everyone whohelps you on one issue is not someone that willhelp you on every issue. And so there are somemembers of Congress, the House, or the Senatewith whom we vigorously disagreed on something,like H-1B issues or DACA or the rights of women ormarriage equality and the like. I mean, we’ve hadvigorous disagreements, and sometimes continue to do so. And yet you find that on aparticular green card reform bill, where we have thousandsof employees in a green card backlog because they’resafe from India or China, the same senator isthe key senator who is working to advance thelegislation on which so many of your employees depend.

And so we try to thinkbroadly ourselves. We do focus onvalues and the like. But it is a worldwhere we do, frankly, sometimes feel that, hey, look. We’ve got to workwith people, and we’ve got to use that workover time to nurture a relationship that wehope just might enable us to change people’s minds. When we persuadedWashington state to become one ofthe first states in the country to recognizemarriage equality back in 2012, it was because we were ableto persuade four Republicans in the state senate. That was the differencebetween victory and defeat. They had long beenopposed to it. We had worked with themanyway on other issues. And we had trust, and we usedthat to persuade them to change their views and their votes. So I sometimes just remindmyself, remind the people we work with, the viewthat somebody has today does not necessarilyguarantee the views they’re going to havetwo years from now, and we’re only goingto have an opportunity to change their mind ifwe actually know them. Thank you so much. So we should do someQ&A. And knowing that there’s a hard stop inapproximately, or maybe even exactly, 10 minutes, we’ll thinkof it as a lightning round. And for all but one I’lljust read the question, on behalf of vox populi. But for the very first one, ourmutual colleague David Wilkins, I think, is able to popin, kind of surprise cameo, and ask a question himself. Our colleague, professorof the legal profession. Yeah. I know David well. It’ll be great tosee or hear him. David, over to you. Well, thank you so much. And Brad, it’swonderful to see you. And thank you for youramazing leadership, not just on these issues,but in the profession, in general, and at our center.

We’re so grateful to haveyou on our advisory board. My question really isabout the legal profession and what role yousee lawyers playing in these sorts of matters. At the Center on theLegal Profession, we’ve actually beenwatching a trend that we wonderwhether it’s going to be accelerated becauseof the current crises, like so many others. Like everybody else, we’reall working virtually. Technology is so important. Again, we have tothank you because we’re working on teams,and Microsoft, which has been incredibly importantfor our team to stay together. But the trend Iwant to talk about is lawyers, like you, taking onmore capacious responsibilities around these bigglobal challenges, you’re kind of apatient number 1. And Jonathan brilliantlytalked about your career, but you were the firstone to really become not just general counsel,but then chief legal officer, and then president of Microsoft. But if we look around we seeKent Walker, for example, at Google becoming senior vicepresident of global affairs, or Amy Weaver at Salesforcebecoming president and in charge of global security, or Sara Moss, not in the tech industry,but in Est e Lauder, becoming now the vicechair of the company.

And I wonder, why do youthink this is happening? What are the skills that lawyers bring to these broader roles? And do you think this issomething we may see accelerate in the coming years? Thank you so much, David. Over to you, Brad, forthe lightning round. Yeah, and I’ll try to be brief. But David, first,thanks for everything that you personally havebeen leading in the centre, and I’ve always been personally passionate, and Microsoft hasbeen, for your work. I do think it is a trend that has been ongoing that will continue to accelerate. Part of it is call it therise of the in-house legal department, somethingyou, perhaps more than anyone, betterthan anyone, has documented. And recessions actuallytend to lead, typically, to more work coming in-housebecause people are looking for new ways to economize. If you look at the lawyersin the profession in, say, the ’60s or ’70s, the really influential figures in the world of public affairswere in the great law firms. And the great lawfirms are still great, but you also see peopleplaying a very broad role in a lot of differentother organizations, especially, say,companies and nonprofits. I absolutely continue to believethat if you want to change the world, go to law school. At least think about it. Because at the end of the dayin the democracies of the world, it is the laws of the world thatwill continue to have the most impact on societies. And as laws andcompanies intersect, as companies use their voicethrough the kinds of government affairs efforts thatJonathan was describing, as we do and strive to doin a very transparent way, it does give us the opportunity to think broadly.

Just as people documented outside lawyers in the ’60s and ’70s who aspired to be not just great lawyers for their clients, but also statesmen, I think the people you’redescribing are statesmen, they’re stateswomen, they’re real leaders, and I think it’s all about breadth of perspective. And I think if people think broadly, think about the public interest, even put the public interest first and forward, yeah, I think itis a powerful way to contribute to the public good. As I always like to say, you can be a public service even if you’re not employed in the public sector. Thank you, David,for that question. And that actually captures a bunch of the questions. Many I think are from law students or others who are law adjacent, asking about the role of the lawyer and the legal profession in this. From a different angle, this is from– we invoked his name earlier, I did– Bruce Schneier. He says, I taught your digital Geneva Convention and your Tech Accordlast week in my class at the Kennedy School. Now, a few years later,what’s your assessment of the initiative? What’s changed today? What would you do differently if you were starting over? I continue to be a big believer in the need for the international rule of law to govern the actions of nation-states when it comes to cybersecurity attacks. I continue to believe that when we are going to need stronger rules and more formalized international laws in the future. I continue to believe that when there are gaps in the legal system today, that we need to fill in. And I think the nation-state attacks around this information, including in the COVID-19 pandemic, and especially around threats to democracy, really shine a light on that. When we started down the path, I gave a speech in 2017 calling for a Digital GenevaConvention, just to put off-limits these kinds of nation-state attacks on civilians. One of the things I said was this was going to be at least a decade. It will be at least a decade. I think that we understood going into it that it would be complicated, that it would require persistence, that it would be hard on certain days to get people off the sidelines, to actually join the group, the movement that I think is needed to protect people around the world. Maybe I would have advised myself to be prepared to be even more patient and persistent and pragmatic as well. It goes back to your point, Jonathan. You’ve got to be principled, you’ve got to be idealistic, but you’ve got to be pragmatic. I’m glad we undertook what we did. We are making some real progress. I think that’s good. The Tech Accordis a good example, 120 companies around the world have signed that. We’re going to have to be persistent and just keep at this every year, to be honest. That’s certainly a high mountain to climb, but a worthy challenge. I think this will probably be our last question, and then we’ll be sure to bundle up all of the questions that came through– I see just under 60 of them– so that you can have a look at it and be aware of what people are asking about and thinking about afterwards. And this is, again, from our quite strong student contingent. What’s your advice law students to best prepare themselves for the digital economy, including skillsets and knowledge beyond the traditional JD education? And a bonus question of– talk about a broad question– if you had to pick a topic to start a PhD today, what would it be? I don’t know if it’ll have the chance to reflect enough to answer that one well, but let me just say generally, of course, take the courses in law school that have always been important in law school. If you have any interest in using digital technology or working in a digital world, and the whole world is becoming digital, I would encourage you to take a course or two that might be outside the law school, or more informally, to acquire some background. Not just in computerscience, but increasingly statistics and data science. I think the future is going to be about data as much, or even more than code. If I were back in law school, I probably would have found a way totake one or two courses in the business field, just because it doesn’t matter what you’re going to do. I find that business thinking helps you organize whatever you want to do in life. And I find a lot of classic business school thinking needed right now in governments around the world to manage COVID-19. I would definitely be a strong voice for the liberal arts. I constantly encourage engineers at Microsoft and elsewhere to think about this, to think about history. Because all of these issues need to come together because we need to ensure that technology actually serves people and is governed ethically. But I’d actually conclude with the phrase that you used, Jonathan, describing the Digital Geneva Convention. You said it is a high mountain to climb. My number one piece of advice, my request, climb high mountains. You have a whole career ahead of you. It’s going to start in valley, the valley of COVID-19, but that valley isn’tgoing to last forever. We’ll pull ourselves out of it. You are the people who actually will play such an important role in the decades to come, in not just influencing, but defining the high mountains that we climb a country and as a world.

Leave a Reply

Your email address will not be published. Required fields are marked *