Facebook’s Former Head of Security Says it’s ‘Too Late’ to Stop 2018 Election Meddling

Tech giants and U.S. government need to craft a better cyber defense, says Alex Stamos

Activists Call On Facebook To Increase Measures Against Disinformation On The Platform
Zach Gibson/Getty Images

It’s “too late” to stop foreign adversaries from meddling in the 2018 U.S. midterm elections, Alex Stamos, Facebook’s former head of security, said on Wednesday — even after the social network has taken several steps to plug its security holes.

Stamos — who recently left Facebook to become a professor at Stanford — pointed to Facebook’s Tuesday announcement it had banned hundreds of Russian and Iranian trolls as the latest evidence that hackers fear little retribution.

“The revelations are evidence that Russia has not been deterred and that Iran is following in its footsteps,” said Stamos in a blog post for Lawfare. “This underlines a sobering reality: America’s adversaries believe that it is still both safe and effective to attack U.S. democracy using American technologies and the freedoms we cherish.”

Facebook, of course, was a prime target of Russian manipulators in 2016. The Kremlin-tied Internet Research Agency leveraged Facebook to spread misinformation before and after the presidential election — ultimately hitting 126 million users, the company told Congress. CEO Mark Zuckerberg at first scoffed at the notion trolls impacted the election, before saying last fall he’s “dead serious” about preventing it from happening again. Facebook has since hired thousands of moderators and added more steps for advertisers to confirm their identity. Twitter and Google were also hit to a lesser extent.

Stamos said there’s plenty of blame to go around. He said the Obama Administration’s “weak response” to the coordinated cyberattacks in 2016, despite U.S. law enforcement agencies already possessing evidence of manipulation, was “sclerotic.” And the “subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition,” according to Stamos.

Stamos added his “personal responsibility for the failures of 2016 continues to weigh on me, and I hope that I can help elucidate and amplify some hard-learned lessons so that the same mistakes will not be made again and again.” To repair the country’s election security ahead of the 2020 presidential race, Stamos outlined four “straightforward steps”:

  1. Congress needs to set legal standards for how it addresses digital political ads and how it penalizes disinformation
  2. The U.S. should consider launching a new, independent cybersecurity agency with “no intelligence, military or law enforcement responsibility”
  3. All 50 states need to double down on election security, highlighting Colorado’s stringent standards as a model to follow
  4. American citizens must demand future attacks are “rapidly investigated,” disclosed to the public, and that the president punishes the culprits

It’ll be “impossible” to completely eradicate election meddling in the future, Stamos conceded. But a more vigilant response from tech giants like Facebook and Google, coupled with a heightened sense of urgency from the government, will leave the U.S. better off in 2020 than it is now.