Facebook CSO says Snowden disclosures brought security to forefront

The disclosures made it easier to have a conversation about security, according to Joe Sullivan

Facebook continues to upgrade its security infrastructure while also closely scrutinizing law enforcement requests, said CSO Joe Sullivan.
Facebook continues to upgrade its security infrastructure while also closely scrutinizing law enforcement requests, said CSO Joe Sullivan.

Facebook was already implementing stronger security controls when the U.S. National Security Agency's expansive surveillance program was revealed in June, its chief security officer said Thursday.

The social networking site has continued upgrading its security infrastructure, said Joe Sullivan[cq], who spoke to IDG News Service by phone from the Hack in the Box security conference in Kuala Lumpur.

Former NSA contractor Edward Snowden's disclosures "maybe made it a little bit easier to have that conversation publicly and show the effort that has been going on behind the scenes all along," Sullivan said.

On Tuesday, the Washington Post reported that the NSA was collecting email and instant messaging address books as the lists are transmitted on the Internet from services including Facebook, Yahoo, Microsoft and Google.

The company said it was unaware that data was collected and did not assist. Sullivan said information such as chat contact lists are now encrypted, as Facebook has enabled TLS (Transport Security Layer), or "https" encryption by default. That would shield the data unless the interceptor could decrypt it, although Facebook just turned on that feature for all users in July.

Facebook's security roadmap includes moving from 1,024-bit to 2,048-bit RSA encryption, Sullivan said. It also plans to implement Perfect Forward Secrecy, an encryption feature that limits the amount of data that can be decrypted if a private key is compromised in the future. Sullivan said he hopes that work is finished by year's end.

Facebook was one of many companies, including Microsoft, Google, Yahoo and Apple, that were wrapped into NSA's Prism program, which collected a wide variety of electronic data from service providers, according to slides published by the Washington Post.

After discussions with the U.S. government, Facebook and other technology companies were allowed in June to release some figures related to data collection requests from the U.S Foreign Intelligence Surveillance Court and National Security Letters.

But Facebook, Google and Yahoo are pushing to disclose more. The companies filed petitions on Sept. 9 asking the U.S Foreign Intelligence Surveillance Court for permission to release more information on orders and directives.

Sullivan said Facebook has had in place "very robust practices around scrutinizing every single law enforcement request so that when we had an opportunity to be transparent, we could feel good about that."

In August, the company released its first Global Government Requests Report. In many cases, Facebook didn't turn over data to a government despite a request.

Law enforcement often don't know how to ask for the information they're looking for, such as not being specific enough about what user they're seeking information on, Sullivan said. Other times, the account requested doesn't exist or can't be identified.

All requests are reviewed manually by a team to ensure they meet legal standards, which can be incredibly complicated. "As is apparent from the statistics, a decent percentage of requests that we get are not legally sufficient," Sullivan said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

Conversations over a cuppa with CMO: Microsoft's Pip Arthur

​In this latest episode of our conversations over a cuppa with CMO, we catch up with the delightful Pip Arthur, Microsoft Australia's chief marketing officer and communications director, to talk about thinking differently, delivering on B2B connection in the crisis, brand purpose and marketing transformation.

More Videos

Great content and well explained. Everything you need to know about Digital Design, this article has got you covered. You may also check ...

Ryota Miyagi

Why the art of human-centred design has become a vital CX tool

Read more

Interested in virtual events? If you are looking for an amazing virtual booth, this is definitely worth checking https://virtualbooth.ad...

Cecille Pabon

Report: Covid effect sees digital events on the rise long-term

Read more

Thank you so much for sharing such an informative article. It’s really impressive.Click Here & Create Status and share with family

Sanwataram

Predictions: 14 digital marketing predictions for 2021

Read more

Nice!https://www.live-radio-onli...

OmiljeniRadio RadioStanice Uzi

Google+ and Blogger cozy up with new comment system

Read more

Awesome and well written article. The examples and elements are good and valuable for all brand identity designs. Speaking of awesome, ch...

Ryota Miyagi

Why customer trust is more vital to brand survival than it's ever been

Read more

Blog Posts

A Brand for social justice

In 2020, brands did something they’d never done before: They spoke up about race.

Dipanjan Chatterjee and Xiaofeng Wang

VP and principal analyst and senior analyst, Forrester

Determining our Humanity

‘Business as unusual’ is a term my organisation has adopted to describe the professional aftermath of COVID-19 and the rest of the tragic events this year. Social distancing, perspex screens at counters and masks in all manner of situations have introduced us to a world we were never familiar with. But, as we keep being reminded, this is the new normal. This is the world we created. Yet we also have the opportunity to create something else.

Katja Forbes

Managing director of Designit, Australia and New Zealand

Should your business go back to the future?

In times of uncertainty, people gravitate towards the familiar. How can businesses capitalise on this to overcome the recessionary conditions brought on by COVID? Craig Flanders explains.

Craig Flanders

CEO, Spinach

Sign in