The internal connections between Facebook data centers must be secured
Facebook admits that the company is not yet encrypting everything that’s being sent between the company’s own data centers, but says that it plans to do just that.Considering the current issues with the National Security Agency and everyone fearing for their own online privacy, the fact that Facebook doesn’t yet encrypt data between its data centers is certainly going to annoy a lot of people.
Of course, this wouldn’t have really been such a concern had it not been revealed that the NSA had broken into the connection linking data centers of Google and Yahoo in order to avoid all the encryption layers that would have given the agents a headache otherwise.
According to Joe Sullivan, Facebook’s head of security, his team is already working on protecting more and more data. While the internal traffic between its data centers hasn’t been locked down completely, Sullivan’s team had identified key data streams that needed attention first and they’re taking care of those.
Joe Sullivan has been a big protester of the NSA mass surveillance program, going as far as to angrily call the White House about a week ago to complain about intelligence agents using the social network to spy on people.
Even so, he says he wasn’t too surprised when the entire scandal broke out. “I don’t think anyone who focuses on security has been surprised by the specific things that we’ve seen,” Sullivan stated.
“As security people, we’re paranoid, so we assume all of these things are happening, but when you actually see concrete evidence of an implementation, that moves it from paranoia to professional security advice,” Sullivan said.
The social network started implementing HTTPS back in 2009, allowing users to turn it on by 2011, something that many users have done. A while back, this became the default option for all users, hiding everyone behind a layer of encryption.
Facebook, along with Mark Zuckerberg, has tried on numerous occasions to take a step back from the entire scandal, as most tech giants have done, mostly because this is really bad for the company’s image.
According to media reports, the National Security Agency has forced numerous tech companies to participate in programs such as PRISM, where they couldn’t even publicly argue in favor of their case. Other times, however, the NSA went straight to the source, forgoing warrants and data requests and just taking the desired data straight from Internet fiber cables or data centers.