The huge databases of technology giants are prime targets for intelligence services, ready to put pressure on the employees of these companies.
Two former employees of Twitter and a Saudi Arabian have been charged in the United States for providing Ryad with information about users of the social network critical of the Saudi royal family, announced Wednesday the US justice.
This case "shows that data is not only an asset but also a burden for companies," said Adrian Shahbaz, research director at Freedom House, a human rights NGO. "They collect very important confidential data and protect them from hackers and potential corrupt employees."
Major platforms are an important tool for political activists, but "it is alarming to see how governments are trying to exploit the weaknesses of the internet (...) to attack people who express disagreement," he said. there.
"There is a game of cat and mouse constantly between users and governments with much more means and resources," says Adrian Shahbaz.
Bruce Schneier, a security researcher at Harvard University, is not surprised that governments are targeting social media databases.
"We all assume that this happens very often, but this type of charge rarely occurs," he admits.
- "Not fair" -
The big companies in Silicon Valley employ people from all over the world, and experts have long been concerned that China or Russia, in particular, will put pressure on employees to introduce flaws in software, espionage purposes.
"In the face of the Russian government, Twitter does not carry weight, it is not fair," notes Bruce Schneier. "Hard to blame companies."
The case revealed this week highlights the internal threat to groups, vulnerable because of their large size.
Even if in this case, the suspects were probably caught because they were "very bad at erasing their tracks", according to James Lewis of the Center for Strategic and International Studies in Washington.
Ali Alzabarah, a 35-year-old Saudi and Ahmad Abouammo, a 41-year-old American, are accused of using their Twitter status to obtain email addresses, IP addresses, phone numbers or dates. birth of Twitter accounts and forwarding this data to Ryad.
The former provided data on at least 6,000 accounts in 2015, including an opponent of the Saudi royal family who is a refugee in Canada, according to the indictment. The second would have spied several accounts between late 2014 and early 2015, in exchange for a luxury watch and at least $ 300,000.
The third suspect, Ahmed Almutairi, a 30-year-old Saudi national, is accused of serving as an intermediary between the two men and the government of his country.
- "Summary checks" -
"We are aware of the efforts made by bad actors to try to attack our service," said a spokesman for Twitter. "We limit access to sensitive information to a limited number of employees."
But according to John Dickson, a former US Air Force officer, now employed by the Denim Group security consulting firm, private companies, whether technology leaders or not, are not equipped to lead to a good enough control and to identify potential spies.
"Most employers only do summary checks, such as criminal records or past bankruptcies," he says. "None of them addresses the threats to the nation.
"They still behave like social networking companies, where the purpose of establishing is to establish as many connections as possible to optimize the platform," he adds.
Adrian Shahbaz advocates stricter regulation, which limits the number and variety of data collected and retained: "It is probably up to the (American) government to intervene with a law that would protect private data."
© 2019 AFP