Facebook wants end-to-end encryption

Facebook is wrong. Completely.

End-to-end encryption means that Facebook doesn’t have access to the content of messages. Right now, ONLY Facebook can read your private message content, but that will change. (Actually, that’s not true – your employer can too, and that won’t change, but it’s beside the point)

Given Facebook’s entire business model is collecting and selling personal data on its users, this might sound strange. You can bet it’s nothing to do with making the world a safe place for political activists in repressive countries. Such countries can simply block Facebook.

But there are three reasons they may wish to do this:

  1. Right now law enforcement can ask Facebook for data. If Facebook refuses, there can be a stink. If it hands it over, there can be a stink. If Facebook can shrug its shoulders and say “can’t be done”, it’s off the hook. Apple has done this.
  2. If Facebook’s system is insecure, someone may steal personal data from it in the future, leading to embarrassment and GDPR complications. If it’s encrypted while at Facebook, this cannot happen.
  3. Hard core criminals know all about how to use encryption. Facebook is used for recruiting. If Facebook has to face the music for this, with end-to-end encryption they have plausible deniability.

It’s worth noting that political activists have well established secure communication channels too. Paedophile networks have the knowledge to do this, and do. There are plenty of “dark web” options to keep things secret.

So far from protecting the public, the only reason Facebook has to do this is to protect itself.

Facebook has user data slurped





The following has just appeared on Facebook’s press release page:

Security Update

“On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts….”

“Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted… a feature that lets people see what their own profile looks like to someone else.”

Mark Zuckerberg’s understated response to the incident was “I’m glad we found this and fixed the vulnerability. It definitely is an issue that this happened in the first place. I think this underscores the attacks that our community and our services faces.”

Wall Street’s response so far has been a 3% drop in Facebook’s stock.

I’m now waiting to see which of my sock puppets is affected.

Facebook shares worth a punt





The confected row about Facebook and CA’s mining of the latter’s users’ data beggars belief. Facebook’s raison d’être is to profile its users and sell the information to anyone needing to target messages (adverts). The punters sign up to this because access is free. They might not understand what they’re agreeing to; a quick look at Facebook shows that many users are far from the brightest lights in the harbour. Buy hey, it’s free!

This is basically how Web 2.0 works. Get the punters to provide the content for you, collect information of value to sell to advertisers, and use the money to pay for the platform. Then trouser a load of tax-free profit by exploiting the international nature of the Internet.

So why the brouhaha now? Where has the moral outrage been for the last ten years? How come punters have only just started talking of a boycott (about twelve years after I did)? What’s changed?

The media has suddenly taken notice because some messages were sent on behalf of Donald Trump’s presidential campaign. What might broadly be called “left-wing” politicians have been exploiting unregulated social media to sway opinion for a very long time. Some became very uncomfortable when Trump gained traction by “speaking directly to his supporters” on Twitter. And now they’ve finally woken up to the way that the simple majority using a social media platform are able to propagate fake news and reinforce their simplistic beliefs.

But it wasn’t until the recent revelations that Donald Trump was using it that anyone batted an eyelid.

This rabbit hole goes very deep.

Does this spell the end of Facebook? I somehow doubt it. Social media addicts are just that. They don’t want to lose all their virtual “friends”. They want people to “like” them. Those that realise it’s a load of fluff try to cut back, or “detox” for a few weeks, but they always come back for more. And for those who see social media for what it and have nothing to do with it are constantly pressured by the addicts, like a drug user turned pusher.

“You don’t use Facebook? How are we supposed to contact you?”

No. This row doesn’t spell the end of Facebook. I know MySpace, bix, CompuServe, Geocities and the rest went out of fashion, but Facebook and Twitter are too well established, and even promoted on the BBC. And if the addicts were outraged enough to move to a different platform, where would they go? Part of their addiction comes from Facebook being “free”, and no one has come up with an alternative business model that works. They’ll stick with the devil they know.

Meanwhile investors have the jitters and the share price has fallen. This won’t last.

Apple is too cool for the CIA to touch

Tim Cook 2009 cropped
Tim Cook – time he was sent to jail?
You can’t have missed the furore over Apple’s refusal to help the CIA get the data from a terrorist murderers iPhone. On the one side the CIA says that we need the data to protect the public, a line with the judiciary of the USA agrees with, and Apple should do everything possible to get it for them. On the other side there’s Apple’s PR engine trying (successfully) to spin the story and avoid complying with the court order.

In the mean time the Brazilians haven’t shown such deference to a cultural icon when it comes to Facebook owned WhatsApp refusing to hand over data concerning a major drugs trafficker, even after several court orders. The Brazilian authorities have arrested Diego Dzodan, Facebook’s hancho in Latin America, and thrown him in jail until such time as the company obeys the law.

Perhaps he Americans could try that with Tim Cook – you break the law, you go to jail.

Meanwhile, Apple might seem to be setting itself up as the criminals friend over this. In the land of the free where profit is king, I guess their money is as good as anyone else’s so perhaps we should be too judgemental. But in an outrageous spin, Apple has told the world that if they comply with the court order then all Apple handsets will have a backdoor and no longer be secure. This is disingenuous. The situation is this:

Apple encrypts the data stored on the phone. You have to enter a password to unlock it. If you enter ten wrong passwords it will wipe the data from the phone. The CIA has asked Apple to modify this handset to disable the data wiping feature, so the CIA can then just keep throwing passwords at it until it unlocks. Clearly, this is going to have no physical effect on any other handset anywhere else in the world. So what’s Apple’s problem?

If Apple helped the CIA break in to the handset, Apple can no longer claim that its handsets are invulnerable. Terrorists, fraudsters and anyone up to something will know that the authorities can get at Apple data even more easily than if it was stored on iCloud. Note well: the fact that Apple hasn’t produced the mod needed to do this (publicly), doesn’t mean that its not possible right now; and it may even be happening. But Apple wants to maintain the illusion that it can’t.

Put another way, it’s easy enough to bypass the locks on a front door. You just need a large enough sledge hammer. Doubt this? Look at the footage of a police raid taking place – a few burly coppers with a battering ram and it’s open in seconds. Apple is selling locks and trying to pretend there’s no such thing as a sledgehammer.

So why, might one ask, don’t the US authorities stop messing around and get the court order enforced? Are they really scared of Apple?

What’s really worrying about this situation is that “civil liberties campaigners” and some corporate America is rushing to put out statements in Apple’s defence. In other words, big business reckons it’s above the law made by the people using a democratically elected government.

Safe Harbour Agreement on Data Sharing with Uncle Sam ruled unlawful

Causing trouble – Court of Justice of the European Union

The long awaited ruling about whether the Safe Harbour agreement allowing free transfer of data concerning European citizens to the USA is valid under European Law has  just been published. And it’s a doozie.

Basically a Safe Harbour agreement (note the use of the indefinite article here) means that you won’t be sent down the river for doing something that might otherwise be illegal. The specific Safe Harbour agreement in this case (2000/520/EC) says it’s okay for European data controllers to send whatever they like to the American’s because Uncle Sam is a good friend. This would otherwise be a no-no because you’d be giving up control over information that would otherwise be protected by European privacy laws.

This situation is currently being misrepresented in the popular press as being about Facebook (social media being their favourite subject after themselves); it’s not. It’s about all data. The case was brought by Austrian civil rights campaigner, Max Schrems in the Irish courts to test the legality of Facebook doing just this, as a high-profile example. A lot of American companies like to base their data centres in Dublin because, up until now, the Irish courts have been quite relaxed about what goes in compared with certain other European governments. (And lets not forget the tax breaks, and that Dublin is a nice place to be).

Hanging over this is the shadow of Edward Snowden (yet again), raising public awareness and anxiety over government access to PII. The fact that this PII is already in the hands of the likes of Facebook, Amazon, Microsoft, Google and Twitter with the full knowledge of the subjects doesn’t seem to matter – it’s the principle of the thing!

Anyway, the ruling basically says that the initial ruling is incompatible with European Law, and we can’t trust the Yankees to look after it without further safeguards. Where this leaves American companies with European data centres remains to be seen.