Former Facebook security chief: Protecting 2018 election is a lost cause

In his most detailed public statement since leaving Facebook Inc., the social network’s former top security official wrote Wednesday that the U.S. cannot possibly secure the 2018 elections from foreign influence.

The former chief security officer for Facebook and Yahoo argues in the blog post that the U.S. response to the hacking of the Democratic National Committee and Russian use of social networks such as Facebook FB, +0.59% and Twitter Inc. TWTR, +0.36% to spread misinformation in the run-up to the 2016 election has failed to live up to the threat. As evidence, he discusses the revelations from Facebook on Tuesday that it had taken down hundreds of pages linked to Russia and also Iran, calling them “evidence that Russia has not been deterred and that Iran is following in its footsteps.”

“If the weak response of the Obama White House indicated to America’s adversaries that the U.S. government would not respond forcefully, then the subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition,” Stamos wrote.

Stamos, who departed Facebook last week for a position at Stanford University, contends that the U.S. must now focus on the 2020 election, and lays out “four straightforward steps the United States can take to prepare for potential attacks” in the next presidential election year:

• “Congress needs to set legal standards that address online disinformation,” he says, mentioning the Honest Ads Act that is working through Congress as “a good start to setting a legal baseline” that “must be amended to provide for technical standardization of advertising archives and to set guidelines for the use of massive voter databases by campaigns and political parties.”

• “The United States must carefully reassess who in government is responsible for cybersecurity defense,” as Stamos notes that while many different government agencies touch on cybersecurity in different ways, there is no one true bureaucracy to deal with the issue. “The United States should consider following its closest allies in creating an independent, defense-only cybersecurity agency with no intelligence, military or law enforcement responsibility.”

• “Each of the 50 states must build capabilities on election protection,” he writes, specifically mentioning the work of Colorado in this regard. “The federal government could support the growth of these statewide functions with funding, intelligence and training, and by finding ways to harness the capabilities of private IT workers.”

• “The fourth step necessary is one that can be driven only by the demands of the American citizenry: Americans must demand that future attacks be rapidly investigated, that the relevant facts be disclosed publicly well before an election, and that the mighty financial and cyber weapons available to the president be utilized immediately to punish those responsible.”

Facebook did not immediately respond Wednesday afternoon when asked if the company disagreed with any of Stamos’s assertions. The company’s shares gained 0.6% to $173.64 in the regular session, and have fallen 1.6% so far this year as the S&P 500 index SPX, -0.04% has gained 7%.

Source: Read Full Article