After a Year of NSA Revelations, Facebook Exec Talks Security, Safety Measures
Gil C / Shutterstock
Internet companies have faced the fallout of mistrust over the past year as reports emerged that the National Security Agency has tapped into private user data. Perhaps no one company’s reputation has been damaged more than Facebook’s, a repository of personal data for more than a billion people.
Facebook wants to fight back. While far from perfect, the company has made efforts to boost internal security over the past year, stressing the importance to employees while rolling out some new features to make its site more safe.
In particular, the company highlighted its rollout of HTTPS — or Hypertext Transfer Protocol Secure — a safer way to access webpages like Facebook.
This wide rollout prevents certain types of attacks that the NSA had reportedly carried out in the past, in which the government agency allegedly used a fake Facebook server to infect other computers with malicious software, according to a report from The Intercept.
“That particular attack hasn’t been viable since Facebook implemented HTTPS widely,” Joe Sullivan, Facebook’s chief security officer, said in a roundtable interview with reporters on Tuesday. The rollout began as an opt-in choice in 2011 and was finalized site-wide at the end of 2013; Sullivan said nearly one-third of Facebook users chose to turn on the security setting upon its initial release.
Sullivan’s comments come at a time where Internet companies like Facebook, Google and Yahoo are fighting to regain user trust in the wake of continued revelations from former NSA contractor Edward Snowden. Among other things, Snowden claimed that his former government employers instituted multiple programs to obtain user account information from some of the world’s largest Internet companies.
The result, as Sullivan explains it, has been a net loss for all Silicon Valley companies — not just Facebook. So much so that Internet companies have taken to actually working with one another on these issues, while still competing in other areas of the business.
“I think it’s fair to say that companies don’t compete on security in Silicon Valley but collaborate very closely,” Sullivan said. Last year, for instance, Facebook learned about a “watering hole” attack from another Internet company, helping the social network to isolate a threat before it became a major issue.
These companies have also banded together to make an aggressive statement on U.S. surveillance policy. Facebook joined Google, Apple, Microsoft and other Silicon Valley giants to create ReformGovernmentSurveillance.com, essentially a public call to limit the government’s authority to collect user data.
And just last week, Facebook CEO Mark Zuckerberg personally telephoned President Barack Obama, expressing his dismay at the alleged NSA activity unearthed by The Intercept earlier this month.
Despite lost user trust, there may be a net positive to come of the events of last year, Sullivan said.
If we’ve reached a “world where people care more about security and things like encryption, then that’s the silver lining on this,” he said.