Joe Sullivan sat in a suite atop the Rio Hotel, with his iPhone's Bluetooth and WiFi capabilities shut off. Eighteen floors below Sullivan, who is the chief security
officer at Facebook, were thousands of hackers who had descended on Las Vegas for their annual DEF CON gathering -- many of whom could break into Sullivan's phone if he's not careful.
But Sullivan and many other corporate executives come because they need to stay ahead of the next threat, and in order to do so, they need to see not only the "white hat" hackers who play defense but also some of the community's more nefarious elements.
The [Los Angeles] Times sat down with Sullivan to talk about Facebook's security strategy.
Yahoo announced that next year it will begin allowing its email users to encrypt their messages so that only senders and recipients will be able to read the content. Any plans to do something similar with Facebook messages?
We focus on making sure all the communications through Facebook Messenger and Chat are encrypted but they're not encrypted in the way where the consumer has the key and we don't have access to it.
We have worked hard to make sure our messenger products work well with third-party products so that if people want to do encryptions where they hold the key, they can.
We've definitely spent a lot of time thinking about it. Obviously we've talked to Alex (Stamos, chief information security officer) at Yahoo about what they're working on. We've talked to Google about the stuff they're working on. We've been experimenting with different stuff. We're excited that people are innovating in this area but to date we have nothing to announce.
Facebook gets lots of requests from law enforcement for user data. Do you have any concerns about that process?
When law enforcement does get a search warrant, judges are not appreciating enough the amount of data they're giving access to. We'd like to see some changes in the law.
Think about this in the context of a physical search. If the police got permission to go into your home...they don't get to take everything they find and keep it until trial. They actually have to go through and they have a finite amount of time to extract what they think is relevant and tell a judge what they took. In the context of online, when they take an account, they're asking to take the whole account. We're saying they should have to specify something narrow. (continued...)
© 2014 Los Angeles Times (CA) under contract with NewsEdge. All rights reserved.
Posted: 2014-08-18 @ 4:32pm PT
Proper encryption, where information is only readable to sender and recipient, is the enemy of Facebook and the other data miners, because they won't be able to datamine what is encrypted. By encrypting stuff with their own keys, Facebook keeps other eavdroppers out, but still keeps its own nose in user's affairs. No thanks, Facebook.