Skip to Content

Cyber Saturday—Facebook Data Ownership, WhatsApp Phone Hack, ‘Blockchain Week’

Fortune's Robert Hackett (R) moderating a panel at Consensus 2019 featuring Tom Glocer (center), lead director of Morgan Stanley and former CEO of Thomson Reuters, and Nadav Zafrir, CEO of startup foundry Team8 and former head of cyber for the Israeli Defense Forces. The session, titled "Cat and Mouse? Securing Digital Assets and the Future of Adoption" took place on May 13, 2019.Fortune's Robert Hackett (R) moderating a panel at Consensus 2019 featuring Tom Glocer (center), lead director of Morgan Stanley and former CEO of Thomson Reuters, and Nadav Zafrir, CEO of startup foundry Team8 and former head of cyber for the Israeli Defense Forces. The session, titled "Cat and Mouse? Securing Digital Assets and the Future of Adoption" took place on May 13, 2019.
Fortune's Robert Hackett (R) moderating a panel at Consensus 2019 featuring Tom Glocer (center), lead director of Morgan Stanley and former CEO of Thomson Reuters, and Nadav Zafrir, CEO of startup foundry Team8 and former head of cyber for the Israeli Defense Forces. The session, titled "Cat and Mouse? Securing Digital Assets and the Future of Adoption" took place on May 13, 2019.Photo by Byline PR

New York City’s just-concluded “blockchain week” was palpably more subdued than it has been in years past. (Or maybe I was just not invited back to the parties after my 2018 travelogue.)

In any case, I took a brief break from the madness of the Fortune 500 issue close to drop by the Consensus conference, the week’s marquee event, where I moderated a security-themed panel on Monday. My panelists were Tom Glocer, the lead board director of Morgan Stanley and former chief executive of Thomson Reuters, and Nadav Zafrir, the CEO of startup foundry Team8 and former head of the Israeli Defense Forces’ Cyber Command and Unit 8200, Israel’s equivalent of the U.S.’s National Security Agency. (For a recording, see video No. 15 here.)

Below are some soundbites from our conversation. I asked Glocer about a post he had published in the fall on his excellent personal blog in which he pondered who, or what, should own people’s data. His response imagined a world in which people might own their own information and where they would, using individual digital wallets, license the rights to corporations.

Rather than the current situation where we just weren’t paying attention and Google and Facebook, etc., built up huge caches of our private information, you would have the choice to sell Google your search history in return for a micropayment. Or you would sell Apple your photos in return for a micropayment, etc. I think it’s an interesting way of turning the current model on its head. But we’re not going to get there without some very significant government intervention along the lines of the debate that’s been raging about Facebook. Tech alone won’t achieve this jiu-jitsu move.

Since he brought it up, I asked Glocer for his thoughts on breaking up Facebook.

Just breaking up Instagram, Facebook, and WhatsApp won’t be enough. Facebook has over 2.5 billion folks. If you really wanted to go after them, I think you would have to go deeper and essentially declare a date by which they’d have to erase all of the data they’ve achieved to date and start fresh with what I’d call an informed consent and maybe, yes, micropayments. There’s no intrinsic reason why it’s awful that [Facebook] owns Instagram and WhatsApp…. If Mark [Zuckerberg] came out and just declared that on June 30th of next year we’re going to wipe out our histories—here’s your chance to download your own, in case you want to keep it, and here are the new rules of the road that you get to explicitly opt into—I would leave all those companies in his world.

The audience tended to agree. When I asked them whether Facebook should get the Sherman Anti-Trust treatment, only about a third of the crowd raised their hands.

Facebook, through the malicious hijacking of its targeted marketing machinery, has greatly contributed to an erosion of faith in traditional institutions. Nadav Zafrir summed up the predicament well. When I asked him what is the most pressing, most frightening threat the world faces, he replied without hesitation.

In one word: Trust. We are now in a world where it’s very hard for us to trust the simple things that, as my generation grew up, we were accustomed to trusting—our democracies. Our voting systems…. The irony is that the blockchain has a great potential to offer that [trust], yet it has become synonymous almost with the opposite…. It’s an asymmetric battle when the attackers only need to find one single point of failure in the whole system and it’s game over. Hence, if we take that single point of failure and distribute it in a way where attackers need to hack everybody simultaneously and get everybody’s consensus, we’re flipping the asymmetry and taking control of the situation.

Of course, retaking control of the situation is no simple task, even with the advent of blockchain technology. Zuckerberg is, for his part, exploring how he might reestablish the foundations of his media empire on the footing of blockchains, cryptography, and private messaging. With all the consumer backlash and heat from regulators, it will no doubt take expert jiu-jitsu to pull off.

May the groundwork commence.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Dial ‘W’ for ‘WhatsApp hack.’ A security hole in Facebook’s WhatsApp messenger allowed hackers to inject spyware onto mobile phones merely by ringing up targets, even if the receiver did not answer the call, the Financial Times reported. The spyware originated with NSO Group, an Israeli hacking tool maker, which vowed to curb misuse of its technology. WhatsApp engineers scrambled to release a patch for the vulnerability on Monday. For the technically curious, here’s a post by Israeli cybersecurity firm Check Point that describes how the hack worked. (Side note: cybersecurity Twitter bashed Bloomberg, rightfully, for tweeting that “WhatsApp’s hack shows end-to-end encryption is largely pointless.”)

Speaking of Facebook and Israel… In addition to the WhatApp fiasco, Facebook gave the boot to an Israeli company, Archimedes Group, that ran disinformation campaigns and influence operations across the site. The offender had 65 accounts, 161 pages, dozens of groups, and four Instagram accounts that attempted to disrupt elections in countries across Africa, Latin America, and Southeast Asia, the Associated Press reported. Meanwhile, Facebook’s chief technology officer, Mike Schroepfer, recently teared up when a New York Times reporter asked him why it took the company an hour to remove a livestream video of the Christchurch massacre from the site.

Knitting the patchwork. This was a big week for vulnerability disclosures. The researchers who last year warned the world about the “meltdown” and “spectre” computer chip vulnerabilities found a new set of hackable vulnerabilities in Intel chips. Microsoft took the unusual step of releasing updates for deprecated operating systems so as to patch “wormable” security holes. Researchers found holes in Cisco enterprise routers that allow for security bypasses. Adobe patched severe security issues in Flash, Reader and Acrobat. Google is replacing hardware security keys that have a Bluetooth hijacking bug. Stack Overflow announced a security breach which exposed some user data. And there’s some uncertainty about whether a few antivirus software vendors—including Symantec, Trend Micro, and McAfee—were breached

A face in the crowd. San Francisco has banned the use of facial recognition technology by the police and other agencies. The city’s board of supervisors passed the action in an 8-to-1 vote. Although the technology helped identify a mass shooter in Annapolis, Md., civil liberty advocates have objected to the spy tech, arguing that its potential for abuse by the government runs too high.

Femme fatales. The latest issue of The Atlantic has a fascinating read about the history of female spies. The piece highlights a number of books on the subject: D-Day Girls, Madame Fourcade’s Secret War, Code Name: Lise, and A Woman of No Importance. (I just spotted someone tearing through that last one on the subway, so it must be good.) By the way, Fortune is adopting a “50-50” gender parity initiative that strives for equal representation between the sexes. You can read more about it in this recent Washington Post story.

The wall we need?

Share today’s Cyber Saturday with a friend:

http://fortune.com/newsletter/cybersaturday/

Looking for previous Data Sheets? Click here

ACCESS GRANTED

Mob rule. Democracy, like any marketplace, is only as good as the information that props it up. Using new technologies, attackers are muddying and manipulating public fora. “[T]he open forms of input and exchange that it relies on can be weaponized to inject falsehood and misinformation that erode democratic debate,” write Henry Farrell, a George Washington University professor of political science, and Bruce Schneier, a cryptographer and cybersecurity professional affiliated with Harvard Law School, for Boston Review. Here’s an excerpt:

The Internet was going to set us all free. At least, that is what U.S. policy makers, pundits, and scholars believed in the 2000s. The Internet would undermine authoritarian rulers by reducing the government’s stranglehold on debate, helping oppressed people realize how much they all hated their government, and simply making it easier and cheaper to organize protests.

Today, we live in darker times. Authoritarians are using these same technologies to bolster their rule. Even worse, the Internet seems to be undermining democracy by allowing targeted disinformation, turning public debate into a petri dish for bots and propagandists, and spreading general despair. A new consensus is emerging that democracy is less a resilient political system than a free-fire zone in a broader information war.

FORTUNE RECON

Exclusive: Scammed Porn Watchers Have Paid Nearly $1 Million in Bitcoin Blackmail by Jeff John Roberts

‘Zombieload’ Flaw Lets Hackers Crack Almost Every Intel Chip Back to 2011. Why’s It Being Downplayed? by Alyssa Newcomb

Facebook, Twitter, and Alphabet Join Global Pledge to Combat Online Hate Speech by Helene Fouquet and Gregory Viscusi

After Being Declared a National Security Risk, Grindr Must Find New Owners by 2020 by Chris Morris

You’ve Got a WhatsApp Notification: You May Have Been Hacked by Natalia Drozdiak

How a Cyber Crime Ring Stole $100 Million From Unsuspecting Companies by Don Reisinger

ONE MORE THING

“Yes, we negotiate with terrorists.” A cottage industry has sprouted up whose vendors purport to help victims of ransomware recover their data. Turns out many of these companies—including New York-based Proven Data Recovery and Florida-based MonsterCloud—mostly just pay the the Bitcoin fee demanded by the hackers, reports ProPublica. Oh, and these firms, dubbed “ransomware payment mills”by one executive, charge a premium on top for their oh-so-helpful services.