Facebook updates ThreatExchange info, says gov't agencies not welcome
Facebook is looking to expand its ThreatExchange while also keeping government participation at a non-existent level.
The service allows companies to share threat intelligence via Facebook's existing infrastructure. The blog post stated that the most commonly searched information involves malware families and threat indicators, such as attempted attacks and IP addresses.
The company wrote that the more than 90 participating companies come from a variety of industries, including technology, security, insurance, financial services, higher education, defense, and internet service providers. Notably missing from the list are government entities.
In a comment to Passcode, Mark Hammell, manager of Facebook's Threat Infrastructure team, said government agencies are not allowed to participate, at least until “there is legislation that clearly defines how information from sharing platforms can be used by these parties.”
More specifically, the company and others want clarification on liability when it comes to sharing customer data with the government and when it comes to protecting citizens' privacy from government agencies – particularly the National Security Agency (NSA).
Although President Barack Obama has highlighted the need for greater threat sharing, and even signed an Executive Order earlier this year to pave the way, Congress has been slow to move on legislation. Before its summer recess, it failed to pass a cybersecurity bill.
That said, Facebook wrote that it hopes other business verticals will join its platform, including telecom companies, retail and business consulting groups.
“The goal is for organizations everywhere to learn from each other's discoveries and experiences, so you don't have to try to solve problems someone else has already tackled,” the blog post stated.