Facebook Fights Back Against the NSA Spy Machine
Mark Zuckerberg was apparently peeved enough to phone the president when he read recent reports that the NSA was using fake Facebook websites to intercept the social network’s traffic and infect private computers with surveillance software. But Joe Sullivan—the ex-federal prosecutor who now serves as Facebook’s chief security officer—said the company has now steeled its online services so that such a ploy is no longer possible.
“That particular attack is not viable,” the 45-year-old Sullivan told a room full of reporters yesterday at Facebook headquarters in Menlo Park, Calif. It hasn’t been viable, he explained, since the company rolled out what’s called SSL data encryption for all its web traffic, a process it completed in the summer of last year.
Facebook Chief Security Officer Joe Sullivan. (Photo: Ariel Zambelich/WIRED)
According to outside security researchers, there are still ways of working around Facebook’s encryption. But these methods are much harder to pull off, and Sullivan’s message was clear: The situation around the NSA’s surveillance campaigns isn’t quite as dire as many have painted it. Unlike his counterparts at places like Google and Microsoft, Sullivan said the revelations from NSA whistleblower Edward Snowden aren’t really that surprising, and he indicated that the leaked information has changed little about how his company approaches security.
Sullivan’s message stands in contrast to the one Zuckerberg unloaded on his Facebook page after phoning the president. The Facebook founder expressed extreme frustration over the NSA’s practices, calling for sweeping changes to government policies. But the contrast isn’t that surprising. It very clearly shows the awkward situation that has engulfed companies like Facebook in the wake of Snowden’s revelations, which started tumbling out last summer. The giants of the web are certainly concerned over NSA surveillance—despite indications that they may have been complicit in some ways—and they’re actively fighting against it. But they must also reassure customers that the situation is well in hand—that it’s safe to use their services today. This can be a difficult line to walk.
Certainly, the web’s largest operations—including Google, Yahoo, and Microsoft, as well as Facebook—have now taken at least the basic steps needed to guard their online traffic against interlopers. Facebook not only uses SSL, or Secure Sockets Layer, encryption to protect all data moving between its computer servers and virtually all of the more than 1.2 billion people who use the social networking service, but it has also installed technology that uses similarly hefty encryption techniques to protect information that flows between the massive data centers that underpin its online empire. This is just the sort of thing Snowden himself called for last week while appearing via video feed at a conference in Texas.