Press "Enter" to skip to content

Facebook: Encryption Ensures Undersea Data Security

But Experts Say Malicious Actors Are Lurking

By Charles McDermid

Last of two parts.

Facebook and Google are building a fiber-optic undersea cable market to carry data across the world. In this report, Facebook says encryption will protect data, though experts raise questions. 

Facebook and Google now are the biggest players in the undersea fiber-optic cable market, investing heavily in multiple subsea networks and raising concerns about private ownership of vital global infrastructure — as well as the potential threats to data privacy.

The internet giants’ emergence in the subsea cable sector comes amid insatiable global demand for content, bandwidth and storage — and as underwater networks increasingly are recognized as essential for the world’s governments and economics, not to mention millions of everyday people.

Silicon Valley’s involvement in cables also comes as the Colonial Pipeline ransomware attack earlier this month highlights the risks of privately owned infrastructure.

“Our approach is to build state-of-the-art, secure subsea cables — where all data moving through them would be encrypted to the highest industry standards,” Monica Wik, a Facebook spokesperson, told Digital Privacy News.

“On subsea cables that we are developing, like Echo and Bifrost, Facebook’s traffic is physically separated from other parties,” she said. “We use advanced encryption to ensure our data remains secure.”

Google did not respond to emailed questions about its undersea cables.

Linking Data Centers

Echo and Bifrost are two of the 13 undersea cables Facebook owns outright or has a financial stake in, according to TeleGeography, an industry research group.

These new cables — Echo is a collaboration with Google — will connect data-hub Singapore and population-dense Indonesia to California by way of Guam.

“We use advanced encryption to ensure our data remains secure.”

Monica Wik, Facebook.

Wik said the application for Echo was filed with the Federal Communications Commission (FCC) at the end of March and other applications were in various stages of approval, including for Bifrost.

Echo, she said, was expected to be completed in late 2023 and Bifrost in late 2024.

Facebook said the cables would increase overall transpacific capacity by 70%.

Tom Uren, a senior analyst at the Cyber Policy Centre of the Australian Strategic Policy Institute, noted to Digital Privacy News: “Spending on cable infrastructure isn’t a decision made in isolation — but is a balancing act on all the other infrastructure required to run a service, especially data centers, with a whole series of different trade-offs involved.

“Data centers for the internet giants can cost billions, whereas cables cost hundreds of millions.

“In the case of an underdeveloped market, it makes sense to pay for cables that would allow you to grow the market when the demand to justify a data center doesn’t yet exist.

“Put another way,” Uren added, “the investors are certainly choosing the cheapest way to get what they want for the future of their business.”

What Are the Risks?

Kyung-Sin Park, director of the American Law Center at Korea University and head of Open Net Korea, said the new, more powerful undersea cable networks would help American companies keep all the personal data of their users in the United States.

“Instead of putting cache servers in local countries, they can service content by storing it in U.S. and distributing directly from the U.S.,” he said.

“The investors are certainly choosing the cheapest way to get what they want for the future of their business.”

Tom Uren, Australian Strategic Policy Institute.

“Keeping it in Asia, depending on where in Asia, may increase susceptibility to surveillance by local governments.”

Navigating geopolitics is just one of many challenges in the complex world of submarine data cables. Physical threats, such as anchors and fishing gear, are nearly as problematic as cyberthreats.

As Dark Reading, a cybersecurity news site, put it last year: “Hackers, rogue governments and others with malicious intent are bound to view these invaluable assets with more than passing interest.”

Even so, Park said the huge leap in capacity might be worth the potential threats.

“Although these cables are probably profit-driven, they will benefit Southeast Asia in terms of internet access and not just access to Google content or Facebook content — but because the capacity on the previous routes can be used to access other content,” he told Digital Privacy News.

“Instead of putting cache servers in local countries, they can service content by storing it in U.S. and distributing directly from the U.S.”

Kyung-Sin Park, Open Net Korea.

“Cloud storage will be infinitely enhanced with these undersea cables.

“Also, these cables will facilitate the building of regional hubs, which will also become storage centers for some of the cached data,” Park said.

‘Mission Impossible-Style’

The job of protecting undersea cables from physical threats falls to the U.K.-based International Cable Protection Committee (ICPC), which was founded in 1958 as the Cable Damage Committee.

The ICPC, which represents 97% of the world’s subsea telecom cables, says it works closely with national governments to “maximize the security of submarine cables and this work is ongoing as new threats emerge.”

Cybersecurity, on the other hand, is an issue for the entire network. It’s unclear what role governments or big companies, such as Google and Facebook, would play in the event of a cyberattack or hacking operation. 

Nicole Starosielski, associate professor at New York University and the author of “The Undersea Network,” said the subsea data pipelines cannot be replaced, pointing out that they continued to transmit almost all transoceanic data traffic.

“It is technically possible to tap into submarine cables, but there are a lot of factors that make that a very slim likelihood.”

Nicole Starosielski, New York University.

“The undersea cable network has always had a set of big players,” she told Digital Privacy News. “And before it was Google and Facebook, it was the nationally affiliated telecom companies, carriers such as AT&T.

“So, even if there are new forms of equity in terms of data control, this is not an entirely new form of organization in the industry.”

Starosielski said the cables themselves were not the most vulnerable part of the undersea network. 

“It is technically possible to tap into submarine cables, but there are a lot of factors that make that a very slim likelihood,” she said. “It is infinitely easier to tap into other points of the network.

“It would be like doing a ‘Mission Impossible’-style entrance through the ductwork of a building when the front door is wide open.”

Charles McDermid is a writer in Asia.

Sources: