Journalist Glenn Greenwald released a bunch of new documents from “the Snowden archive” today to coincide with the publication of his book No Place To Hide.
Those documents include a presentation from Britain’s Government
Communications Headquarters (GCHQ) about obtaining user data from
Facebook.
The presentation is titled, “Exploiting Facebook traffic in the
passive environment to obtain specific information” and, according to
the book, was given at the Five Eyes conference back in 2011. It
describes social networks like Facebook as “a very rich source of
information on targets,” including personal details, connections, and
“patterns of life.”
The challenge, GCHQ says, is the fact that many profiles aren’t
public, “but passive offers the opportunity to collect this information
by exploiting inherent weaknesses in Facebook’s security model.” The
slides then point to the way that Facebook worked with content delivery
network Akamai to serve photos, which apparently left an opening for
government eavesdroppers to obtain Facebook IDs and images, as you can
see in the slide above and read about in more detail on page 82 of the PDF.
Again, the presentation dates back to 2011, and it’s not clear
whether anyone ever actually followed the method outlined in the slides.
(I’ve emailed Facebook and Akamai for comment and will update if I hear
back.) Nonetheless, it seems noteworthy for the way it illustrates
government interest in social networks and in circumventing those
networks’ privacy safeguards.
In a recent presentation, Facebook chief security officer Joe Sullivan said Snowden’s revelations prompted the company to be more public about its security measures.
Update: A Facebook spokesperson sent me the following statement:
" We don’t have any evidence of these allegations. The slides are dated several years ago, during which time our security technology improved in many important ways. We continue to believe that governments should be more transparent about the requests they make of companies like Facebook, and that they should use established legal channels"
Source: http://techcrunch.com
No comments:
Post a Comment