Sunday, June 23, 2013

FACEBOOK's Former Security Chief Now Works for NSA

About a year after Facebook reportedly joined PRISM, Max Kelly, the social network's chief security officer left for a job at the National Security Agency, either a curious career move or one that makes complete sense. - The Atlantic

The Chief Security Officer at a tech company is primarily concerned with keeping its information inside the company. Now working for an agency that tries to gather as much information as it can, Kelly's new job is sort of a complete reversal.

Facebook, among other tech companies, has distanced itself from the government, claiming it only cooperates when it is legally required to. But, "current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the NSA and to make their customers' information more accessible to the agency," report the New York Times's James Risen and Nick Wingfield.

It's unclear what Kelly exactly does at the NSA — he might have a job that has nothing to do with PRISM. Though, the Times report suggests the feds recruited him because of his Silicon Valley ties. "To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly," they write.

...Facebook linked up with the NSA for PRISM in June of 2009, according to the slide below. Kelly left almost a year to date after that — though it's unclear if he went right to the NSA. This Venture Beat report calls him a "civilian" three weeks after his departure. The feds may have wanted him for his cybersecurity expertise. Or, maybe that plus his connections made him the perfect NSA recruit....

FISA Court 'a body of law separate from the one on the books' - Washington Post

◼ Besides sharing information with the government spies: Anger mounts after FACEBOOK's 'shadow profiles' leak... - zdnet

According to Reuters, the data leak spanned a year beginning in 2012.

The personal information leaked by the bug is information that had not been given to Facebook by the users - it is data Facebook has been compiling on its users behind closed doors, without their consent.

A growing number of Facebook users are furious and demand to know who saw private information they had expressly not given to Facebook....

According to the admissions in its blog, posted late Friday afternoon, Facebook appears to be obtaining users' offsite email address and phone numbers and attempting to match them to other accounts. It appears that the invisible collected information is then being stored in each user's 'shadow profile' that is somehow attached to accounts.

Users were clearly unaware that offsite data about them was being collected, matched to them, and stored by Facebook.

Looking at comments on ◼ Facebook's blog and community websites such as ◼ Hacker News, Facebook users are extremely angry that the phone numbers and email addresses that are not-for-sharing have been gathered and saved (and now accidentally shared) by Facebook.