SBN

Tech companies, privacy and vulnerabilities: How much transparency is enough?

Views and opinions published in this article are intended to foster productive thought and discussion around challenges in the cybersecurity industry. Views expressed in this article do not necessarily represent the views of Infosec. 

 

Introduction

In late June 2020, a story was published by Vice’s Motherboard technology investigative platform with a revelation that sent shockwaves through the privacy and security communities. In 2017, Facebook hired a cybersecurity company to develop a new exploit for a security-focused operating system — a zero-day. Once completed, the social media brand then passed the exploit on to the FBI through an intermediary, which the FBI then used to track down and eventually arrest a child predator.

Followers of security and privacy will likely recall that this isn’t the first time that the FBI shared headlines with a private cybersecurity company over the use of zero-day exploits in order to support their law enforcement duties. A year prior, in 2016, the FBI battled with Apple in court to get their help in unlocking the phones of the San Bernardino terrorists, but ultimately paid an unnamed cybersecurity firm to use a zero-day 

During the 2016 court battle with the FBI, Apple and many of their rivals, including Amazon, Samsung, Dropbox, Microsoft, Yahoo and even Facebook, fought for the security of their customers’ privacy. Apple’s chief executive, Tim Cook, stated that “privacy is a fundamental human right.”

In the years since this high-profile court case, Americans’ concerns surrounding private companies and their right to privacy has only continued to grow. In fact, only 9 percent of American social media users “were ‘very confident’ that social media companies would protect their data.” 

According to Pew Research, about half of users were not at all or not too confident their data were in safe hands. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/gyDzjCWK4Hs/