Following @carolecadwalla’s latest revelations about the misuse of personal data involving Facebook, she gets a response from Alex Stamos, Facebook’s Chief Security Officer.
Hi, Carole. First off, I work on security, not strategy, and I agree that this is a serious issue. It’s also a nuanced and difficult one, which is lost in headlines like this. pic.twitter.com/FaFUbeuxTs
— Alex Stamos (@alexstamos) March 17, 2018
So let’s take a look at some of his hand-wringing Tweets.
- I work on security not strategy. https://twitter.com/alexstamos/status/975049688847024128
- This is a difficult issue. https://twitter.com/alexstamos/status/975049688847024128
- I should have done a better job weighing in. https://twitter.com/alexstamos/status/975069709140877312
- I’ve been trying to warn folks about this (relating to a different issue). https://twitter.com/alexstamos/status/974315632589025280
- I just wish I was better about talking about these things (presumably in general). https://twitter.com/alexstamos/status/975070166127067136
I’m sure many security professionals would sympathize with this. Nobody listens to me. Strategy and innovation surge ahead, and security is always an afterthought.
According to his Linked-In entry, Stamos joined Facebook in June 2015. Before that he had been Chief Security Officer at Yahoo!, which suffered a major breach under his watch in late 2014, affecting over 500 million user accounts. So perhaps a mere 50 million Facebook users having their data used for nefarious purposes doesn’t really count as much of a breach in his book.
In a series of tweets he later deleted, Stamos argued that the whole problem was caused by the use of an API that everyone should have known about, because it was well-documented. As if his job was only to control the undocumented stuff.
us (dumb, bad): facebook data breach
facebook (smug): it can’t be a breach when its working exactly like it’s supposed to. wait don’t write that dow
— Casey Johnston (@caseyjohnston) March 17, 2018
Or as Andrew Keane Woods glosses the matter, “Don’t worry everyone, Cambridge Analytica didn’t steal the data; we were giving it out”. By Monday night, Stamos had resigned.
In one of her articles, Carole Cadwalladr quotes the Breitbart doctrine
“politics is downstream from culture, so to change politics you need to change culture”
And culture eats strategy. And security is downstream from everything else. So much then for “by design and by default”.
Who should you trust now? Trust your skepticism.
Watch whistleblower tell how Cambridge Analytica played us all. To change politics you have to first change culture; you & me are units of culture. Your mind was hacked. #AltRight #BigData #humanity #trust https://t.co/bM80tRXJcg
— nora bateson (@NoraBateson) March 18, 2018
Facebook (and Google, too!) have great security teams. Some of the best in the business, no doubt. Full of conscientious people. But they can’t mitigate the business model. ¯\_(ツ)_/¯
— zeynep tufekci (@zeynep) March 17, 2018
Carole Cadwalladr ‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower(Observer, 18 Mar 2018) via @BiellaColeman
Carole Cadwalladr and Emma Graham-Harrison, How Cambridge Analytica turned Facebook ‘likes’ into a lucrative political tool (Guardian, 17 Mar 2018)
Jessica Elgot and Alex Hern, No 10 ‘very concerned’ over Facebook data breach by Cambridge Analytica (Guardian, 19 Mar 2018)
Justin Hendrix, Follow-Up Questions For Facebook, Cambridge Analytica and Trump Campaign on Massive Breach (Just Security, 17 March 2018)
Casey Johnston, Cambridge Analytica’s leak shouldn’t surprise you, but it should scare you (The Outline, 19 March 2018)
Nicole Perlroth, Sheera Frenkel and Scott Shanemarch, Facebook Exit Hints at Dissent on Handling of Russian Trolls (New York Times, 19 March 2018)
Mattathias Schwartz, Facebook failed to protect 30 million users from having their data harvested by Trump campaign affiliate (The Intercept, 30 March 2017)
Andrew Keane Woods, The Cambridge Analytica-Facebook Debacle: A Legal Primer (Lawfare, 20 March 2018) via BoingBoing
Wikipedia: Yahoo data breaches
Updated 20 March 2018 with new developments and additional commentary