- Facebook CSO, Alex Stamos, says security does not belongs in the foundation or "fabric" of the internet, as told to a reporter from eSecurity Planet at the Black Hat conference last week.
- As he subscribes to the "end-to-end principal," Stamos went on to say that ISPs are not directly responsible for protecting consumers from cyberthreats. Security does not necessarily fit with net neutrality, which he commends.
- While adamant that ISPs should not be held accountable for internet security, Stamos does insist individual sites or hubs with high numbers of users, like Facebook, must take on the burden of security, according to MIT Technology Review.
In the last year, Facebook, among other sites, has been hit with harsh scrutiny for its lack of "fake news" filters. Stamos views it as the responsibility of companies on the internet, like Facebook, to protect users from those acting as manipulators, fraudsters and hackers because interfering with ISPs and security could threaten ISPs' net neutrality status.
However, the Trump administration brought in new FCC chairman, Ajit Pai who is set to rollback Obama-era net neutrality regulations, despite a "Day of Action" protests and pushbacks. The rollbacks could mean current ISPs might have the ability to restrict access or require payments for certain sites or even purposefully slow internet use.
While the goal of the rollbacks is to free ISPs of government involvement, security may become a side effect.
Stamos acknowledged a natural, human curiosity in cybersecurity. The exploration of finding flaws, or how to "break systems" and those are part of the preemptive actions companies like Facebook need to take. However, he laments that sometimes the root of cybersecurity strategies aren't very marketable as there still remains 300,000 open U.S. jobs in cybersecurity.
It's important to note that improper security structures may not be solely to blame for hacker infiltration, but human error in simplicities like password negligence. In the current cyber climate, internet monitoring and restriction is a tough line to walk. While Facebook and others need to monitor actions to protect users, doing so without impeding on user rights is putting sites in a cybersecurity limbo.