Tag Archives: Government

Five Eyes wants to weaken encryption, or legislation may be needed

Five Eyes — the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. — issued a threat to tech companies that don’t find ways to comply with law enforcement in the face of encrypted data and devices.

Following a meeting in Australia on Aug. 30, representatives of the Five Eyes nations detailed principles expressing support for privacy and claimed they did not want to weaken encryption. The coalition described a vision of cooperation between government and tech companies that would allow law enforcement to gain access to encrypted evidence. However, the Five Eyes partners reserved the right to take stronger action, if necessary.

Many of the points made by the Five Eyes governments are arguments the infosec community has heard before in pleas from the FBI, for example. But this is the first time the coalition of major Anglosphere countries has issued a joint statement on encryption.

In the “Statement of Principles on Access to Evidence and Encryption,” Five Eyes claimed “encryption is vital” to economies and for protecting information, but added that these protections are also being abused by “child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.”

“Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute,” the Five Eyes partners wrote. “It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards.”

Although the statement did not mention encryption backdoors or how companies would have to weaken encryption in order to provide law enforcement access, there were also no details on how the Five Eyes partners expected tech companies to comply.

“The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries,” the Five Eyes report read. “Governments should not favor a particular technology; instead, providers may create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.”

Much like past arguments about how to gain access without having to weaken encryption, the statement urged cooperation and said government access to encrypted data should be “underpinned by the rule of law and due process protections.”

However, the statement ended with a threat: “Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”

Experts defend encryption

Just as the Five Eyes argument for lawful access echoed past statements from law enforcement, experts took to Twitter with many of the same arguments used against previous law enforcement efforts to weaken encryption.

Chad Loder, founder of Rapid7, based in Boston, said even if law enforcement got its way, other software services would arise.

Others noted that even if the governments of the Five Eyes countries were to legislate weakened encryption, those laws would only apply to software companies based in one of the five countries.

Sergei Boeke, researcher and lecturer at the Institute of Security and Global Affairs and Cyber Security Academy at Leiden University in the Netherlands, expressed doubt that the Five Eyes partners would see the cooperation it hoped.  

Craig Lawson, research vice president at Gartner, said legal access was impossible without weakening encryption.

Senator wants government to stop Adobe Flash use

Sen. Ron Wyden (D-Ore.) is once again advocating in favor of better cybersecurity for the U.S. government in a new letter asking that all government domains stop Adobe Flash use.

Adobe Flash has long been under fire from the infosec community for security risks, and major web browsers have been moving away from the platform in favor of HTML5, leading Adobe to announce that the end-of-life date for Flash will come in 2020.

Sen. Wyden addressed the letter to Kirstjen Nielsen, secretary of the Department of Homeland Security (DHS); Walter Copan, undersecretary of Commerce and director of the NIST; and Paul Nakasone, director of the NSA and commander of U.S. Cyber Command, advocating that the government stop Adobe Flash use.

Wyden asked that these three agencies collaborate to stop Adobe Flash use in government “in light of its inherent security vulnerabilities and impending end-of-life.”

“The federal government has too often failed to promptly transition away from software that has been decommissioned. In just one example, agencies were forced to pay millions of dollars for premium Microsoft support after they missed the deadline to transition away from Windows XP at its end-of-life in 2014, even though the technology’s last major update had been six years prior,” Wyden wrote in the letter. “The U.S. government should begin transitioning away from Flash immediately, before it is abandoned in 2020.”

Chris Olson, CEO and founder of The Media Trust, a digital media risk management company based in Maclean, Va., noted that the reason government agencies tend to fail at these transitions is due to budgets.

“Government budgets are strapped. As a result, they tend to retain legacy systems, software, and machines that take time to patch and update. The budget issue is worse for state, municipal, and other local government entities,” Olson wrote in an email. “The situation won’t change anytime soon, so agencies should continuously scan their websites and mobile apps in real-time for any unauthorized actors and activities.”

Wyden noted that DHS, NIST and the NSA “provide the majority of cybersecurity guidance to government agencies,” but none have issued public guidance calling for agencies to stop Adobe Flash use.

Wyden suggested a three-step plan to stop the deployment of new Flash-based content within 60 days, remove Flash from some agency computers by March 2019, and then require the removal of all Flash content from websites by August 2019.

Olson applauded the multistaged approach to having government agencies stop Adobe Flash use.

“Flash is just the tip of the iceberg. There are a growing number of other attack vectors, including HTML5, a variety of content management systems, browsers, etc. Any organization will need to keep up with the various developments that are being nurtured in the underground economy of cybercrime,” Olson wrote. “Agencies and any organization with digital assets will need to work closely with their third parties to enforce security policies, police what code is being executed in their digital ecosystems with the help of continuous, real-time scanning, and root out unauthorized actors and code.”

Microsoft’s Council for Digital Good calls on US policymakers to promote digital civility – Microsoft on the Issues

In an open letter to U.S. law- and policy-makers, Microsoft’s Council for Digital Good is calling on government to address digital-world realities like cyberbullying and “sextortion” by modernizing laws and promoting in-school education to encourage positive online behaviors.

“As young people who have encountered some of these problems firsthand, our goal as the Council for Digital Good is to provide strategies, solutions and resources for other young people in these situations,” council members wrote. “For our sake and for that of future generations, it is imperative that we amplify discussions about making the internet a more productive, civil, and safe place.”

Council for Digital Good logo

The letter, shared last week at an event featuring the 15-member council at Microsoft’s Innovation and Policy Center in Washington, D.C., touts the benefits of awareness-raising of digital risks. The council also recommends that in-school online safety and behavioral education be supported and prioritized, and requests that laws be updated and brought into the digital age. The letter and its recommendations to policymakers is the culmination of the council’s work after 18 months of other assignments, activities, learning and fun. In addition to the council members and a parent or chaperone who accompanied each of them to the event, the young people also hosted leaders from other technology companies, non-governmental organizations and D.C.-area influentials.

Youth shine in the nation’s capital
The event, “Is there a place for civility in our digital future? Conversations with Microsoft’s Council for Digital Good,” featured two panel discussions, comprised of teens sharing their work and views, and two sets of three adult panelists, each responding and reacting to the young people’s presentations. The first panel focused on the state of online civility today and included Christina W., Jazmine H., Judah S. and Miosotis R. These four young people, ages 14 to 17, went above and beyond their regular council assignments, taking it upon themselves to speak in their schools and communities on or around international Safer Internet Day this past February. They then brought those learnings to this panel discussion.

From left, Judah S., Miosotis R., Christina W. and Jazmine H. following their panel discussion.

From left, Judah S., Miosotis R., Christina W. and Jazmine H. following their panel discussion.

Christina spoke of the rewarding experience it was to see parents interact with one another after hearing her guidance for staying safer online; Jazmine noted the importance of awareness-raising and education among all groups; and Judah highlighted the importance of respecting age requirements on social media. Miosotis talked about her peer-to-peer outreach in both Florida and Puerto Rico. The adult respondents from Google, Born This Way Foundation and Columbia University were impressed by the young people’s drive, determination and knowledge of the issues.

The second panel focused on building and growing a culture of digital civility. Indigo E., Jacob S. and Sierra W. presented the cohort’s written manifesto for life online first released in January, while Bronte J., Rees D. and William F., unveiled the open letter. Adult respondents from Snap, Inc., Tyler Clementi Foundation and UNICEF posed some provocative and important questions and offered instructive advice for reaching policymakers with their message.

Jacqueline Beauchere speaking

Jacqueline Beauchere summing up after a second panel with Council for Digital Good members and adult respondents.

Erin R., Robert B. and Isabella W. showcased their individual art projects, and Katherine C. and Champe S. shared highlights from their council experiences, and assisted me in opening and closing the event, respectively. These 11 council members range in age from 14 to 18.

“The CDG council members are impressive and inspiring,” said retired U.S. Ambassador Maura Harty, president and CEO of the International Center for Missing and Exploited Children, who attended the event. “Their kindness and maturity are matched by their desire for effectiveness. With their manifesto, they have provided a well-considered road map and a path to greater digital civility for all of us. Emphasizing awareness, skills, and yes, ethics and etiquette, they have modeled the behavior we all should emulate.”

Program highlights importance of the youth voice
We assembled this impressive group as part of a pilot program in the U.S., launched in January 2017. The council served as a sounding board for Microsoft’s youth-focused, online safety policy work. Prior to last week’s event, the council met for a two-day summit last August where they each drafted an individual manifesto for life online. They were then tasked with creating an artistic or visual representation of those written works. The written cohort manifesto and a creative cohort manifesto followed, all leading up to the crafting of the open letter and the youth assuming a more visible role as a full group.

As I’ve mentioned before, we thought the in-person portion of the program would conclude after the August summit. But after meeting these youth, we knew it would be a missed opportunity not to bring them together again and in a more public way. We wanted others to appreciate their passion and perspectives and to hear from them in their own words. Indeed, for us at Microsoft, the program underscores the importance of the youth voice and the need for young people to have a say in policy matters – be they governmental or corporate – that affect them. We shared a lot and we’ve learned even more from these youth. I’m planning a more reflective account of the full program soon.

Following the D.C. event, first lady Melania Trump met with the council members, and spent time with each teen personally to learn about their individual creative projects and to hear about the cohort’s 15 online safety tenets.

Afterward, we held a brief capstone event, where we honored each council member for his or her unique contributions to this pilot program. We are excited to learn that many council members want to stay involved in these issues and to remain in contact with us at Microsoft and many of our partner organizations.

As the youth concluded in their open letter: “Now is the time for action, and we need your help in the push for change in online culture. If we gain the ability to always harness the internet in a positive and productive way, we will be able to use our generation’s signature swiftness, effectiveness, and global platform to make a difference.”

Learn more
Read the council’s full open letter here; view all of their individual, creative projects at this link, and learn more about digital civility by visiting www.microsoft.com/digitalcivility. Look for our latest digital civility research releases leading up to Safer Internet Day 2019 in February and, until then, follow the Council for Digital Good on our Facebook page and via Twitter using #CouncilforDigitalGood. To learn more about online safety generally, visit our website and resources page; “like” us on Facebook and follow us on Twitter.

 

Tags: ,

Data analytics in government efforts lack structure

CAMBRIDGE, Mass. — The U.S. government is adept at collecting massive amounts of data. Efforts to deploy data analytics in government agencies, however, can be weak and disorganized.

At some agencies, officials say there’s a lack of a cohesive system for government analytics and management.

“I recently learned that we have no real concept of data archiving, and data backup and protection,” said Bobby Saxon, CTO at the Centers for Medicare & Medicaid Services (CMS).

“We have archived everything in every place,” Saxon said. “It’s really just wasted data right now.”

Data analytics struggles

Speaking on a panel about data analytics in government at the annual MIT Chief Data Officer and Information Quality (CDOIQ) Symposium at the university’s Tang Center, Saxon spoke on the struggles his agency has with analytics.

CMS, finally moving out of crisis mode after dealing with widely publicized IT problems with its healthcare.gov website, has an “OK” structure for data analytics and management, Saxon said.

While Saxon said he and his colleagues are working to improve the situation, currently the organization tends to rely on outside vendors to deal with difficult and pressing analytics problems.

“In the world of predictive analytics, typically the average vendor or subject expert will ask what are your questions, and go off and try to solve questions for you, and then ask if you have any more questions,” Saxon said.

Panelists at the annual MIT CDOIQ Symposium in Cambridge, Mass.
Left to right: Bobby Saxon, CTO, Centers for Medicare & Medicaid Services; John Eltinge, U.S. Census Bureau; and Mark Krzysko of the Department of Defense at the annual MIT CDOIQ Symposium in Cambridge, Mass.

Outside help costly

Ultimately, while government analytics problems tend to be fixed to some extent, the IT corrections solutions can take weeks, and often simply are too expensive in the long term, Saxon explained.

I recently learned that we have no real concept of data archiving, and data backup and protection.
Bobby SaxonCTO, Centers for Medicare & Medicaid Services

In addition, employees aren’t learning additional data analytics in government techniques, and can’t immerse themselves in the problems at hand and actually be able to discover the root issues of what might be going wrong.

Panel moderator Mark Krzysko of the Department of Defense’s Office of the Under Secretary of Defense for Acquisition, Technology and Logistics, noted a similar problem in his agency.

Krzysko said he had honed a personal strategy in his early years with the agency: “Use the tools they’ve given you.”

When a data dilemma arose, often he might see employees making calls to the Air Force or the Army for answers, instead of relying on their own government analytics tools, he said.

The panel, “Data Analytics to Solve Government Problems,” was part of the 12th Annual MIT CDOIQ Symposium, held July 18 to 20.

The panel also included John Eltinge of the United States Census Bureau.

UNH InterOperability Lab expands IPv6 testing amid SDN growth

The University of New Hampshire InterOperability Lab updated its IPv6 testing program to comply with new government requirements specified by the National Institute of Standards and Technology. UNH-IOL, a technology testing facility in Durham, N.H., also added support for SDN protocols in its updated program.

The testing program applies specifically to U.S. government agencies, such as NASA, that procure networking equipment and need independent certification that the products meet regulation, according to Timothy Winters, senior IP manager at UNH-IOL. The new requirements come as IPv6 adoption continues to grow globally, as indicated by Google, which said over 20% of its users now have IPv6 addresses, Winters added.

Agencies and product vendors that are UNH-IOL members send devices that need certification to the lab, where UNH students and staff test the products for a month to ensure they support IPv6 and comply.

UNH-IOL tests a range of products, including routers, switches, phones, printers and security cameras. Increasingly, however, agencies and service providers have requested UNH-IOL’s help with SDN and IoT devices, Winters said.

“We’re encountering more devices we haven’t seen,” he said. “Some of this is because of IoT, where things are actually being networked and put on a network. They’re not sitting on a proprietary link anymore.”

IPv6 testing ramps up

Timothy Winters, UNH-IOL senior IP managerTimothy Winters

As operators and service providers realize IPv4 address space is decreasing, they’ve started moving to IPv6-only networks, Winters said. This transition caused UNH-IOL to update its IPv6 testing program accordingly.

“UNH-IOL is trying to push that support, so people building applications and services — or even routers and switches — can know which things work or don’t work in an IPv6-only network,” he said. These changes look at the requirements for building, installing and updating applications — processes that sometimes sound simple, but can actually be quite complicated, he added.

UNH-IOL also patched security loopholes in the IPv6 testing program and made the overall testing more generic, so governments outside the U.S. and other user groups could adopt it, Winters said.

Equipment suppliers have two years to comply with the new IPv6 testing specification. As a result, UNH-IOL will likely see 200 to 300 devices return to the lab to undergo the updated testing, according to Winters.

“I’m sure there are companies that have made some products legacy or don’t sell them anymore, so those won’t come back in,” Winters said. “But that’s a challenge: We have to get everybody back through the program.”

USGv6 testing program flow chart
This flow chart relays the process vendors undergo for IPv6 testing on their products.

IPv6 complements SDN

For us, the exciting part is getting students involved in learning a technology like this. It gives students the ability to build tools, see devices and test them.
Timothy Winterssenior IP manager, UNH-IOL

Additionally, he said the lab now regularly receives routers without a command-line interface to test. This change comes as more service providers and equipment providers find value in SDN — and discover how IPv6 complements SDN deployments, Winters said.

“For SDN, the ability to address multiple services is helpful when you’re trying to get into networks that are so complex they have to be programmed,” he said. Service providers, for example, can use IPv6, along with disaggregation, network slicing and segment routing. The IPv6 address helps identify to which service any particular packet is going.

Along with the other testing updates, UNH-IOL added support for SDN protocols, such as NETCONF and YANG, as well as specs for IoT capabilities. By doing so, Winters said he hopes the lab will help push IPv6 deployments. And, as another plus, UNH-IOL students tackle “the latest and greatest stuff” in networking.

“For us, the exciting part is getting students involved in learning a technology like this,” he said. “It gives students the ability to build tools, see devices and test them.”

Accused CIA leaker charged with stealing government property

The Department of Justice has formally charged the suspected CIA leaker with stealing government property and more in connection with the theft and transmission of national defense information.

The accused CIA leaker, Joshua Adam Schulte, has been in the custody of law enforcement since August 2017 when he was charged with possessing child pornography; the FBI reportedly thought it had enough evidence to charge him with stealing and leaking the Vault 7 files to WikiLeaks as early as January. Government prosecutors said in mid-May that there was a new indictment set to be filed and that superseding indictment was filed on Monday, June 18, by the U.S. Attorney’s Office for the Southern District of New York.

The new indictment lists 13 charges against Schulte, including charges of illegally gathering and transmitting national defense information, theft of government property, unauthorized access of a computer to obtain information from a government agency and obstruction of justice, in addition to three charges related to child pornography.

Manhattan U.S. Attorney Geoffrey S. Berman wrote in a public statement that the accused CIA leaker, Schulte, was a former employee of the CIA and “allegedly used his access at the agency to transmit classified material to an outside organization.”

“We and our law enforcement partners are committed to protecting national security information and ensuring that those trusted to handle it honor their important responsibilities,” Berman wrote. “Unlawful disclosure of classified intelligence can pose a grave threat to our national security, potentially endangering the safety of Americans.”

The Vault 7 data provided to WikiLeaks by a CIA leaker included close to 9,000 documents, including hacking tools and zero-day exploits for iOS, Android, Windows and more. The CIA has never admitted that the Vault 7 data was its own and the indictment itself does not refer to the stolen data being from the CIA.

However, the press release from the DOJ did write: “On March 7, 2017, Organization-1 released on the Internet classified national defense material belonging to the CIA (the “Classified Information”). In 2016, SCHULTE, who was then employed by the CIA, stole the Classified Information from a computer network at the CIA and later transmitted it to Organization-1. SCHULTE also intentionally caused damage without authorization to a CIA computer system by granting himself unauthorized access to the system, deleting records of his activities, and denying others access to the system. SCHULTE subsequently made material false statements to FBI agents concerning his conduct at the CIA.”

Not a cliché: When being ‘out and proud’ is a call to action – Microsoft Life

One of Microsoft’s directors of government affairs kept his authentic self quiet and closed off for too long. Now, he’s working to make that path easier and safer for fellow LGBTQ+ people.

By Candace Whitney-Morris

John Galligan spent half of his adult life as a closeted gay man, a time he describes as not truly living. In fact, he said he didn’t start to live his life until his early thirties.

“I was trying to be something I wasn’t,” he said. “And that slow release of power and energy, it’s exhausting and was always affecting my work. Being very good at acting like something I wasn’t . . . it’s the art that I’d perfected.”

That all changed when Galligan met his partner, now husband, 20 years ago, who helped him accept who he was, to live as a gay man proudly, and to even confront some of his own prejudices about what he assumed people could or couldn’t handle. “I thought I was protecting people by not confronting them with who I was,” he said. “I was wrong.”

The past two decades with his husband have been a journey not only of love and fun, he said, but also in helping Galligan be more accepting of his own sexuality, who he is, and who he could become.

Galligan is now out and active in his community. He’s also a senior director for Microsoft’s global government affairs team, working to protect and advance the rights of all people, including those who are LGBTQ+ and who don’t feel safe or welcome.

Across the globe, the cultural views and tolerance around being gay still vary widely. Galligan’s team focuses in part on making sure LGBTQ+ employees are safe and supported within the walls of their workplace wherever they live.

“Microsoft can be a safe place for people to bring their authentic self, even if the outside world is hostile to them, even if their friends and family might not accept them,” he said. “They can come to a place that will accept them not just for who they are but also for who they can be.”

“I thought I was protecting people by not confronting them with who I was. I was wrong.”

Because Galligan knows what it’s like to not live his truth at work, he’s determined to help Microsoft support the rights of its employees and live up to its values of empowering every person on the planet—even when the outside culture is slow to adapt and when equality for LGBTQ+ people is lacking.

Before moving to Seattle, Galligan and his partner lived in Singapore, where there are still laws criminalizing homosexuality. And while these laws are rarely enforced, he did feel the discomfort of living in ambiguity. “The middle path is in some ways the most uncomfortable because it doesn’t challenge you to actually go out and confront systemic intolerance.”

That’s why it’s important to him that he doesn’t get too comfortable—that he remembers what some LGBTQ+ people and employees face and does what he can to help. Working in a company where the culture is attuned to human rights near and far reminds him of what inclusion feels like and what to strive for in his advocacy.

“Microsoft can be a safe place for people to bring their authentic self. They can come to a place that will accept them not just for who they are but also for who they can be.”

“I’ve never felt, in any way, excluded [at Microsoft]. I think that’s a tribute to the company, but I also think that’s a tribute to the tens of thousands of people who continue to move the company increasingly toward a diverse and inclusive environment.”

Galligan reminds himself all the time that there’s still so much to fight against. But when feelings of powerlessness threaten to steal momentum, he focuses on the power of individual contribution.

“I think the most weak and ineffectual thing we can do is to not think about what can be done on an individual level. I may not be able to change laws, but I can be proud of who I am and show others to be proud of who they are.”

He hopes that being a visible, comfortable, and confident gay man will inspire others to also be themselves and to take up the fight, because “being out and proud is not a cliché,” he said. “It’s a call to action.”

“Everyone can make a contribution, even if that contribution is to be yourself and use whatever influence you have to make the world and workplace more inclusive, more diverse, and more welcoming for everyone.”

Meet more Microsoft employees who are changing hearts and minds and advancing human rights.
https://news.microsoft.com/life/topic/pride/

See how Microsoft is celebrating Pride 2018 and how you an be an ally.
https://www.microsoft.com/pride

Learn how Microsoft and its LGBTQ+ employees push for change across borders.
https://news.microsoft.com/life/pride/

Not a cliché: When being ‘out and proud’ is a call to action – Microsoft Life

One of Microsoft’s directors of government affairs kept his authentic self quiet and closed off for too long. Now, he’s working to make that path easier and safer for fellow LGBTQ+ people.

By Candace Whitney-Morris

John Galligan spent half of his adult life as a closeted gay man, a time he describes as not truly living. In fact, he said he didn’t start to live his life until his early thirties.

“I was trying to be something I wasn’t,” he said. “And that slow release of power and energy, it’s exhausting and was always affecting my work. Being very good at acting like something I wasn’t . . . it’s the art that I’d perfected.”

That all changed when Galligan met his partner, now husband, 20 years ago, who helped him accept who he was, to live as a gay man proudly, and to even confront some of his own prejudices about what he assumed people could or couldn’t handle. “I thought I was protecting people by not confronting them with who I was,” he said. “I was wrong.”

The past two decades with his husband have been a journey not only of love and fun, he said, but also in helping Galligan be more accepting of his own sexuality, who he is, and who he could become.

Galligan is now out and active in his community. He’s also a senior director for Microsoft’s global government affairs team, working to protect and advance the rights of all people, including those who are LGBTQ+ and who don’t feel safe or welcome.

Across the globe, the cultural views and tolerance around being gay still vary widely. Galligan’s team focuses in part on making sure LGBTQ+ employees are safe and supported within the walls of their workplace wherever they live.

“Microsoft can be a safe place for people to bring their authentic self, even if the outside world is hostile to them, even if their friends and family might not accept them,” he said. “They can come to a place that will accept them not just for who they are but also for who they can be.”

“I thought I was protecting people by not confronting them with who I was. I was wrong.”

Because Galligan knows what it’s like to not live his truth at work, he’s determined to help Microsoft support the rights of its employees and live up to its values of empowering every person on the planet—even when the outside culture is slow to adapt and when equality for LGBTQ+ people is lacking.

Before moving to Seattle, Galligan and his partner lived in Singapore, where there are still laws criminalizing homosexuality. And while these laws are rarely enforced, he did feel the discomfort of living in ambiguity. “The middle path is in some ways the most uncomfortable because it doesn’t challenge you to actually go out and confront systemic intolerance.”

That’s why it’s important to him that he doesn’t get too comfortable—that he remembers what some LGBTQ+ people and employees face and does what he can to help. Working in a company where the culture is attuned to human rights near and far reminds him of what inclusion feels like and what to strive for in his advocacy.

“Microsoft can be a safe place for people to bring their authentic self. They can come to a place that will accept them not just for who they are but also for who they can be.”

“I’ve never felt, in any way, excluded [at Microsoft]. I think that’s a tribute to the company, but I also think that’s a tribute to the tens of thousands of people who continue to move the company increasingly toward a diverse and inclusive environment.”

Galligan reminds himself all the time that there’s still so much to fight against. But when feelings of powerlessness threaten to steal momentum, he focuses on the power of individual contribution.

“I think the most weak and ineffectual thing we can do is to not think about what can be done on an individual level. I may not be able to change laws, but I can be proud of who I am and show others to be proud of who they are.”

He hopes that being a visible, comfortable, and confident gay man will inspire others to also be themselves and to take up the fight, because “being out and proud is not a cliché,” he said. “It’s a call to action.”

“Everyone can make a contribution, even if that contribution is to be yourself and use whatever influence you have to make the world and workplace more inclusive, more diverse, and more welcoming for everyone.”

Meet more Microsoft employees who are changing hearts and minds and advancing human rights.
https://news.microsoft.com/life/topic/pride/

See how Microsoft is celebrating Pride 2018 and how you an be an ally.
https://www.microsoft.com/pride

Learn how Microsoft and its LGBTQ+ employees push for change across borders.
https://news.microsoft.com/life/pride/