Today Matt Perault visited the Watson Institute for International and Public Affairs. Matt has been the head of Facebook's Global Policy Division for the past five years. Here I provide some commentary on his comments today.
Perault claims that the Snowden revelations were wrong. Specifically he pointed to an article in the Washington Post on PRISM saying that the NSA did not have a back-door to Facebook. I had never heard this before, and wondered if Facebook was simply not on that particular list. Perhaps the article lead the reader to believe that Facebook did install backdoor when in fact it was only Skype.
Well here's the article: U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program
hmm... let's check the document:
No, it seems pretty clear "Collection directly from the servers..." Wait, what did Matt say? Matt said that there was no direct connection between the NSA servers and Facebook servers. Either he is still under a gag order, or he is protecting his company's face under the guise of the connection not being "direct enough."
Encryption and Whatsapp
He claims "we have end-to-end enryption, with the best algorithm out there". This is true, but he also claims that Whatsapp can't give governments the data because it isn't stored on their servers. This does not rule-out the NSA from installing their own data collection techniques. The EFF has posted their opinion on Whatsapp. One of the core complaints is that Whatsapp stores backup data unencrypted. While the data is not stored on Whatsapp servers, it is backed up to various other cloud providers. These backups are unencrypted on easily accessible provider websites. The picture that Whatsapp is using the strongest encryption techniques is (in my opinion) merely a ploy to convince more users to use the insecure service.
Quick, featuers on reading messages
Perault throws in a quick tidbit about how great it is to have Facebook detect that you may need a ride. Such a thing isn't possible if the chat is encrypted.
Perault uses a pivot which is so incredibly dumb I'm offended that he even went for it. When presented with a description of an intrusive advertisement which makes the user uncomfortable, Perault responds that Facebook is looking to improve it's advertisement experience and that they will serve less and less "crappy ads". He feigns having now knowledge of uncomfortable encounters with Überwachungskapitalismus, then presses for a specific example. The specific example can then easily be refuted or trivialized. Thus the initial charge is ignored.
"We provide more privacy settings than almost any others"
When asked a specific question he ironically responds:
"I think we're pretty transparent on what we do"
Government and Encryption
Twice Perault mentions how "governments are realizing the value of encryption", without ever specifying that value. Only once is a particular example invoked, and that comes from the defense department. There are a couple problems with this.
- Governments recognize the value of encryption. They invented most of it for Christ's sake. Years ago the government made it illegal to share the encryption algorithms outside the military.
- This "governments are realizing the value"-stance aligns well with the faux security we see in the implementation of whatsapp encryption.
One audience member asks if Facebook has any plans to limit the use of data collected from Facebook. Specifically if they plan to add a clause preventing the sale of data to police forces or for government surveillance.
Perault responds by saying Facebook immediately terminated business with Geofeedia as they were breaking FB's terms of service regarding the sale of public information.