In my forthcoming book, I talk a lot about tech, trust, and cooperation as important for technology governance and building trust in innovation.

That being said, it’s been a few years since we’ve seen a good tech “alliance”. So, I’m excited to see what Microsoft, et al., put together with the new “Trusted Tech Alliance” announced at the Munich Security Conference. There’s definitely reasons to be optimistic here. If you’ve followed my work on digital trust, some of the principles of this new alliance will be familiar:
*Transparent Corporate Governance and Ethical Conduct
*Operational Transparency, Secure Development, and Independent Assessment
*Robust Supply Chain and Security Oversight
*Open, Cooperative, Inclusive, and Resilient Digital Ecosystem
*Respect for the Rule of Law and Data Protection

These are great principles – transparency, ethics, security, resilience, auditability and good oversight. For years, we’ve known that those help ensure the trustworthiness of digital systems. I’m very hopeful that this will get some traction and the community will expand. It’s rather a sad time that they specifically have to call out “respect for the rule of law” as a principle, but the recent history of tech and of the US federal executive branch makes it necessary. I’m hoping that some of the signatories to this new alliance take that seriously, because I haven’t seen too much commitment to the rule of law from some of them. Perhaps a tiger can change its stripes.

We need to move beyond principles to standards and I think the execs leading this effort understand that. Principles are important, because they give people something to weigh their actions against, but a lot more needs to be done in order to get to the place where the principles can help earn trust. What needs to happen next – and it needs to be communicated as transparently as these principles – is operations and assessment. The big questions this alliance leaves open are:
*What are these companies going to actually do to show they are adhering to these principles?
*How will we know that they are taking those steps?
*What standards of practice or technical standards show progress against these principles?
*How are we going to be able to assess these companies and what can we do when they fall short?

Will certainly be watching this space.