|Facebook's Chief Security Officer Joe Sullivan claims that the alleged NSA ability to intercept traffic to and from the social network and masquerade as an official Facebook server is "not viable." The executive pointed to the company's shift to SSL data encryption for all Facebook traffic last summer as the primary method of defense against intelligence-gathering agency surveillance.
The remarks by the company's security chief come days after Facebook head Mark Zuckerberg spoke with President Obama regarding the NSA revelation of mass malware implantation. Sullivan addressed some of Facebook's concerns about surveillance, Facebook user monitoring, and Edward Snowden in a meeting with press yesterday.
"I'm not in a position to pass judgement," Said Sullivan on NSA whisteblower Edward Snowden. "Has this been a good thing or a bad thing, these last nine months? It's hard to deal with stops and spurts when a story comes out." Of the fallout about the Snowden documents, he observed that "a world where people care about security, that's the silver lining."
Sullivan did admit that the company doesn't completely shut down the US legal system in regards to user data. He noted that "Sometimes we do work with law enforcement. We know just playing defence and whack-a-mole and removing those accounts over and over doesn't make the problem go away, so in that context we'll build investigations and our own proactive referrals to law enforcement."
Addressing the company's security efforts, including a "Hacktober" event where the security team uses various exploits against Facebook to find exploits, a Facebook bug bounty program, and the company's other ongoing security efforts, Sullivan believes that "if you're thoughtful about planning ahead, you're not just slapping on security in the end."