zlacker

Fun quotes from all of two months ago:

'Facebook is clearly aware that losing its chief security officer and dissolving its dedicated security team, in the middle of all that’s going on, is not a great look. So many of the company’s statements today are clearly designed to address obvious concerns that arise.

“We expect to be judged on what we do to protect people’s security, not whether we have someone with a certain title,” a spokesperson said. In another statement, Facebook said it is “investing heavily in security to address new types of threats” and that its new security structure has “helped us do more to keep people safe.”'

Source: https://www.theverge.com/2018/8/1/17640852/facebook-cso-alex...

>>itsdre+(OP)
It is essential that tech companies, especially ones that provide critical infrastructure, place technical excellence above other priorities. Denigrating meritocracy is like pollution: the impact may not be immediate, and in the short term, it may look like you can have your cake and eat it too, but the universe is not caring and not kind, and if you forget about the need for excellence in the continual struggle against entropy, nature will eventually get around to teaching you a harsh and remedial lesson.

>>quotem+52
Is Facebook now considered critical infrastructure?

>>gaahrd+g2
According to some in the US government, Facebook can change the result of an election, so I guess that would qualify

>>gaahrd+g2
It should be.

>>gaahrd+g2
Anyone who has data on billion users should.

>>gaahrd+g2
The "surface" of Facebook may not be, but the parts of it that keep "personal information" certainly are, due to the scope of what can happen if it leaks.

>>farees+e3
> According to some in the US government, Facebook can change the result of an election, so I guess that would qualify

Essential infrastructure describes "assets that are essential for the functioning of a society and economy" [1]. Not things that can cause a lot of damage. Bombers aren't essential infrastructure. Facebook is non-essential.

[1] https://en.wikipedia.org/wiki/Critical_infrastructure

>>itsdre+(OP)
For what it's worth, Facebook did not dissolve its dedicated security team. That statement is misreporting on the part of The Verge. Facebook's security team is actually expanding its presence.

There is lot of misinformation about the Stamos debacle on all sides.

>>gaahrd+g2
If everything facebook knows about all its users and their contacts who are not themselves facebook users becomes public, people will get hurt.

>>JumpCr+S3
Bombers don't cause damage if they are neglected and unmaintained. A better analogy might be explosive material or radioactive material like involved in the Goiânia accident. There are consequences to the public when these are neglected. I don't know if those semantically qualify as critical infra, but its security is important for our security.

>>gaahrd+g2
To my two SMEs, yes, it is. It is responsible for 95% of our Marketing effort and 60% Sales. So to us, FB brings in the money.

>>JumpCr+S3
The information contained within Facebook is the payload. Facebook itself is the structure that holds and protects (or lack thereof in this case) that payload.

Nuclear missiles themselves aren't critical infrastructure, but you better bet the launch systems, and specifically the security of those systems, are utterly critical to society's continued functioning as we know it.

>>JumpCr+S3
According to your linked article, it could be considered 'Critical.' Not sure how it doesn't fit under the 'telecommunications' umbrella. Subjectively I don't like facebook nor people's dependence on it to label it 'critical', but objectively I'm not sure the linked article supports those subjective inclinations. At the very least, it's certainly debatable that facebook could be considered Telecommunications infrastructure.

>>chairm+l6
But it's a self fulfilling prophecy. It's only "critical" because it exists. If we shutdown every Facebook server tomorrow and set fire to their data center, it would no longer exist. And therefore have no influence on much of anything.

>>gaahrd+g2
Facebook is positioning itself to be a -- the -- private source of a "social score", somewhat akin to what the Chinese government is doing.

As that comes into place and use, how many companies are going to be basing their pricing -- their entire product offers, in light of the availability of this information, this "score" (and all the categorization behind it) -- upon it?

Bingo. Critical infrastructure. (Like it or not, for some of us.)

>>rodolp+76
The fact that you are dependent on FB for revenue does not make it "critical infrastructure". Few people are harmed if you go out of business.

>>jerf+t3
What exactly would happen?

Edit: people take my comment to mean it won't be a big deal. It will be. However, not on the same scale of taking out the power grid, or the water system, which would lead to hundreds or thousands of deaths. Facebook is not critical infrastructure.

>>wolf55+35
You're absolutely, completely, 100% correct. Facebook holds an immense trove of private information that in the wrong hands could be leveraged to inflict unimaginable pain and suffering.

With that said, is it perhaps possible that some people might view this as subtly distinct from power plants, hospitals, roads, and ISPs? Those are what are generally considered "critical infrastructure".

>>quotem+52
"For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." - Richard Feynman [0]

[0] https://science.ksc.nasa.gov/shuttle/missions/51-l/docs/roge...

>>vlan0+c9
I'm not so sure I follow this argument, one could say the Earth itself is only critical infrastructure because it "exists". So therefore if we destroy the Earth, it wasn't actually "critical" infrastructure, even though any associated infrastructure on the Earth went along with it. Maybe the distinction needs a little more fleshing out.

>>gaahrd+g2
Lmao. I hope not.

>>dunpea+6c
That definitely turned out to create a terrible misfortune for all of the world and set the evolution of civil rights back about 70 years.

>>dunpea+6c
A lot of adultery would come to light </half-sarcasm>

>>throwa+04
Do you have a source for this, "throwaway"?

>>EpicEn+eb
Excellent point.

>>vlan0+c9
I support your ideas and wish to subscribe to your newsletter!

>>quotem+52
This is the classic meaning of "begging the question": an argument that sneaks its conclusions into the premises.

>>ErikAu+2f
No need for the anti-anonymity here. Politely asking for a source is fine.

>>dunpea+6c
If it leaks, there is a direct impact on users monetary expenses. One of the examples: FB may know their user's lifestyle - eating habits, drinking habits etc. (based on the content/media users upload) If this info is leaked to insurance companies, it'll have direct impact on the premium you pay.

>>pjmorr+6d
Oh wow, I'm saving this. If I ever have a company with a physical office this goes on the wall.

FWIW though, investors can be fooled.

>>chairm+jd
If you destroy the Earth, we're all dead.

If you destroy Facebook, Google+ gets some more users.

>>smbull+Of
Eh. The irony of an anonymous person defending a company which forbids anonymity is not lost on me :)

>>comboy+rh
It's not just the quote, the whole appendix ought to be taught to every engineer (and manager, and investor), and deserves to be hanging on the wall in many places.

>>Angost+Bh
But we won't "exist" so it's not "critical".

>>ErikAu+2f
With regards to the implication: this isn't a throwaway account, it's just ironically named. Take a look at my comment history; I'm not affiliated with Facebook in any official capacity, but I do know security engineers who work there and I've been to Facebook offices.

A true statement is that Facebook's security teams have been shifted around in several reorgs. A false statement is that Facebook has dissolved its security teams. The latter is a mischaracterization of the former, because while some security staff have left Facebook for a variety of reasons, the company is not deliberately reducing its security staff nor encouraging their departure. It still employs a huge number of engineers specializing in every major domain of information security.

If you'd like evidence that Facebook is expanding its security presence, you can take a look at its careers portal. It's aggressively hiring security staff in satellite offices that previously weren't focus areas for security engineering.

In my opinion, Alex Stamos' company memo gives a clearer picture of what's happened in Facebook's security org recently.[1] You should read that in addition to media reports.

______________

1. https://www.buzzfeednews.com/article/ryanmac/facebook-alex-s...

>>Kalium+Ac
If you also add the ability to micro-target voters at scale using everything facebook knows about them using secret ads and niche content that only those voters will see and no one knows need debunking, and thus changing the government, then it is very much like the power plants.

I understand the point that you don't need facebook the way you need the ability to feed the people in the cities (and thus need roads and power plants). If facebook disappears, life will go on. But as long as it exists, control of it is critical like control over power plants.

>>wolf55+qn
In the sense that it allows for power, you're completely correct!

In the sense that it's an immediate need for the continued basic functioning of the state, it's possible that there may be some distinctions that could be drawn. Some might opine that these are the distinctions that matter for the designation of what is and isn't critical infrastructure.

>>throwa+Wm
Thank you.