Is Tools and Weapons worth reading?

Yes, particularly if you work in technology, policy, or business and want a detailed account of how a major company thinks through technology ethics in practice. It is more specific and candid than most corporate statements on these issues.

Is the book too favorable to Microsoft?

It's written by a Microsoft executive and tells Microsoft's story from Microsoft's perspective. Readers should apply appropriate skepticism to the self-presentation. The book's value is in the specific cases and the insider detail, not as an independent critique.

How has the landscape changed since the book was published in 2019?

Substantially. The AI governance challenge has accelerated dramatically with the rise of generative AI. Many of the regulatory gaps Smith identified remain unfilled. The facial recognition concerns he raised have materialized in specific controversies. The book reads as prescient in several areas.

Who should read this book?

Technology executives and product teams, policy analysts, students of technology ethics, and anyone trying to understand how the decisions about AI, privacy, and cybersecurity get made at the major technology companies whose products shape everyday life.

Tools and Weapons by Brad Smith & Carol Ann Browne: Summary & Discussion Questions

Summary

Tools and Weapons is Microsoft President Brad Smith's account of the technology policy and ethical dilemmas that major tech companies face in the contemporary world. Co-written with Carol Ann Browne, Microsoft's Chief Communications Officer, the book works through a series of specific cases: government data requests, election interference, nation-state cyberattacks, facial recognition, AI ethics, and the digital divide. Smith's thesis is captured in the title — the same technology that enables human progress can also enable surveillance, manipulation, and violence — and that technology companies have an obligation to govern their products accordingly.

Smith writes from the inside. He was present for the legal battles over government data requests that pitted Microsoft against the U.S. Department of Justice, and the chapters on those conflicts are among the most specific and revealing in the book. He describes the company's decision-making process in cases where commercial interest, legal obligation, and ethical principle were genuinely in tension. The candor is unusual for a sitting executive and gives the book more weight than most corporate statements on technology ethics.

The book's treatment of cybersecurity and nation-state attacks is particularly detailed. Smith documents how Microsoft's Digital Crimes Unit and its intelligence operations track state-sponsored hacking campaigns — including those attributed to Russia, China, and North Korea — and grapples with the question of how a private company should respond when its infrastructure becomes a theater of geopolitical conflict. The chapter on the 2017 NotPetya attack, which devastated Ukrainian infrastructure and spread globally, illustrates the genuine stakes.

Tools and Weapons is ultimately a case for tech companies engaging with governments rather than resisting regulation, and for industry-wide norms rather than individual company policies. Smith argues that the internet governance vacuum — created by the rapid expansion of technology faster than legal and regulatory frameworks could adapt — must be filled by a genuine partnership between the private sector, governments, and civil society. Readers skeptical of corporate self-regulation will find that skepticism engaged but not fully answered. The book is most valuable as a detailed insider account of the dilemmas that arise at the frontier of law, technology, and ethics.

Key takeaways

1.
Technology is neither inherently good nor bad — it is a tool and a weapon simultaneously, and the outcomes depend on who uses it and how it is governed.
2.
Technology companies cannot remain neutral when their products enable surveillance, cyberattacks, or election interference. Neutrality in the face of misuse is itself a choice.
3.
Nation-state cyberattacks have created a new kind of warfare that governments have not yet agreed how to govern, and private companies often bear the first impact.
4.
The regulatory vacuum that allowed the internet to scale globally is now a liability. Effective tech governance requires international coordination that currently does not exist.
5.
Facial recognition is the most dangerous near-term AI application because it enables mass surveillance at scale. Smith argues for a moratorium and legislative framework before deployment accelerates.
6.
Privacy is not a luxury but a human right, and governments and companies that treat it as negotiable will erode the trust that modern institutions require.
7.
Corporate ethics in technology cannot be purely reactive. Smith argues that companies must anticipate the foreseeable misuses of their products and build governance before the harm occurs.
8.
The digital divide — the gap between populations with internet access and skills and those without — is a structural problem that will deepen inequality unless addressed at a policy level.

Discussion questions

Use these on your own, with a book club, or as chat starters in Superbook.

1.
Smith argues that tech companies must engage with governments rather than resist all regulation. Is that a genuine ethical position or a strategic calculation to preserve industry influence over the regulatory process?
2.
The book documents Microsoft's response to government requests for user data. How should a company weigh its obligations to users against legal obligations to governments in authoritarian countries?
3.
Smith makes the case for a digital Geneva Convention to govern cyberwarfare. What would enforcement look like, and which actors would need to be at the table to make it effective?
4.
Facial recognition appears in the book as the technology Smith is most concerned about. Given what has happened since 2019, was that concern accurate?
5.
The book was written by a sitting executive about his own company. How much does that context limit what can be said, and where do you sense the limits of candor?
6.
Tools and Weapons argues that tech companies have become de facto governance actors. Is that a problem to be solved or an inevitability to be managed?
7.
Smith describes the 2017 NotPetya attack as a case where a state-sponsored weapon escaped its intended target and caused global collateral damage. What obligations does a government have when its offensive cyber tools cause harm beyond the intended target?
8.
The book suggests that the Silicon Valley libertarian tradition — technology as inherently democratizing and resistant to government control — is inadequate for the current moment. Do you agree?
9.
What would a genuine partnership between tech companies, governments, and civil society look like in practice? What would each party have to give up?
10.
Smith's prescription for AI governance is to slow deployment until regulatory frameworks are in place. Is that realistic given competitive pressures, or does it require the kind of international coordination that has historically been difficult to achieve?
11.
The digital divide discussion in the book is less developed than the security chapters. Why do you think that issue received less space, and what does that tell us about where industry attention is focused?
12.
If you were advising a government regulator responsible for AI governance today, which three issues from this book would you treat as most urgent?

Themes

Technology policy Digital ethics Privacy Artificial intelligence Corporate responsibility

Frequently asked questions

What is Tools and Weapons about?

It's an insider account of the ethical and policy dilemmas that Microsoft has navigated: government data requests, nation-state cyberattacks, facial recognition, AI ethics, and the digital divide. Smith argues that technology companies must actively shape governance rather than resist it.
Is Tools and Weapons worth reading?

Yes, particularly if you work in technology, policy, or business and want a detailed account of how a major company thinks through technology ethics in practice. It is more specific and candid than most corporate statements on these issues.
Is the book too favorable to Microsoft?

It's written by a Microsoft executive and tells Microsoft's story from Microsoft's perspective. Readers should apply appropriate skepticism to the self-presentation. The book's value is in the specific cases and the insider detail, not as an independent critique.
How has the landscape changed since the book was published in 2019?

Substantially. The AI governance challenge has accelerated dramatically with the rise of generative AI. Many of the regulatory gaps Smith identified remain unfilled. The facial recognition concerns he raised have materialized in specific controversies. The book reads as prescient in several areas.
Who should read this book?

Technology executives and product teams, policy analysts, students of technology ethics, and anyone trying to understand how the decisions about AI, privacy, and cybersecurity get made at the major technology companies whose products shape everyday life.

About Brad Smith & Carol Ann Browne

Brad Smith has served as President and Vice Chair of Microsoft since 2014 and as the company's chief legal officer since 2001. He has been a central figure in Microsoft's transformation from a company primarily associated with antitrust conflict to one that has positioned itself as a leader in technology ethics and policy. He serves on the boards of numerous organizations focused on digital rights, cybersecurity, and AI governance. Carol Ann Browne is Microsoft's Chief Communications Officer and has worked with Smith on external communications and public affairs throughout his tenure at the company.

More books by Brad Smith & Carol Ann Browne