When FaceBook opened a common platform “ThreatExchange” for all to share security concerns and find a common solution and benefit mutually in a group-oriented fight back against hackers around the world, it sounded ‘deja vu’ of what economist and philosopher Karl Marx said in the mid-19th century.
In the mist of Industrial Revolution that led to cruel misuse of working labourers, he gave the clarion call to all the workers of the world to unite and fight back the capitalists. Echoing similar call, FaceBook’s Mike Zuckerberg has hit upon the “ThreatExchange” that was kicked off today for all tech giants and professionals alike.
In fact, no big name in the tech world has been spared from the security threats day in and night and all of them had to go down with hackers constantly. Realizing that a solo fight will not help, Facebook has taken the initiative to send Clarion Call to other big tech giants to come and share their experience in creating a security information sharing on a common portal.
ThreatExchange, which went live on Wednesday says, “Let’s work together” and adds: “Tools for sharing security information between organizations don’t work if they are inefficient or too complex. That’s why many teams end up trying to solve the same problems that others have already tackled.”
The website says ThreatExchange is a platform created by Facebook enabling all security professionals anywhere to share threat information and learn from each other’s discoveries. “We included a set of privacy controls so that participants can help protect any sensitive data by specifying who can see the threat information they contribute,” it added.
Pointing out the benefit, it said the beauty of working together on security is great. “When one company gets stronger, so do the rest of us,” it added, acknowledging the fact that benefit is uncertain in the short run but assured in the long run.
No wonder, Zuckerberg’s move comes as a reaction to what cyber hackers are doing — collaborating to hack a website, however great or powerful it may be. As every action gets reaction, so is FaceBook’s ThreatExchange portal to fight the common enemy, a colaborating effort of global hackers online.
Since security threats like malware, spam and phishing typically go after multiple targets, sharing threat intelligence improves “collective defence” against the hackers, argues the Website. However, this is not the first time.
The US Cyber Intelligence Sharing and Protection Act (CISPA) tried to bring private companies to share customer information with the NSA and other agencies to improve the cybersecurity, but failed to get legislative nod often in its efforts and also many tech giants backed off on privacy concerns involved while working with a government agency. Sharing its user information with law-enforcing agency is always risky for them as it keeps users at bay.
To allay the fears of privacy while working with a government agency like NSA, some groups like the Electronic Frontiers Foundation have taken the non-profit model to bring in tech giants and affected parties on a common platform to share their security concerns but this too failed to kick off in a big way in the past.
Now Facebook founder Zuckerberg who has openly admitted that his platform is not entirely secret nor did he give any assurance to Facebookers about keeping their privacy in toto, has floated ThreatExchange to share information. If not advertisers, the problem with ThreatExchange is that it may have to share the information with the government agencies like NSA. This may be one concern that ThreatExchange should answer but not with mere privacy assurance with a set of privacy controls so the participants “can help protect any sensitive data by specifying who can see the threat information they contribute.”
The irony is that the ThreatExchange comes from Facebook, known for its gross violation of privacy concerns in the past unabashedly. Despite its assurances saying, “a company might want to share specific information only with another company they know to be experiencing the same attack,” it remains to be seen how far they can go in fighting the common enemy.
The Register in bootnote said wryly: “An earlier link to the ThreatExchange website included its HTTPS address. This URL, while valid, appeared at the time of editing to be using an invalid HTTPS certificate.” So that’s it!