Facebook is introducing new security tools for political campaign staff, concerned about dirty tricks in the run-up to the mid-term elections.
On his personal Facebook page, CEO Mark Zuckerberg admitted last week that the company fell short when it came to keeping control during the 2016 presidential election. Large numbers of fake accounts and pages, many of which appear to have been run by Russia’s Internet Research Agency (IRA), spread misinformation during the campaign.
“In 2016, our election security efforts prepared us for traditional cyberattacks like phishing, malware, and hacking. We identified those and notified the government and those affected,” he wrote.
“What we didn’t expect were foreign actors launching coordinated information operations with networks of fake accounts spreading division and misinformation.”
Since then, the company has worked to remove fake accounts at a rate of millions per day, and has hired 10,000 people to work on safety and security.
It has taken down more than 170 IRA pages and accounts, several hundred believed to be sponsored by Iran and a further set believed to be focused on influencing the upcoming election in Brazil.
However, this latest move is aimed at protecting those accounts and pages that are actually genuine by providing additional security measures.
Given that political campaigns are usually short-term in nature, says head of cybersecurity policy Nathaniel Gleicher, Facebook can’t by itself know which accounts to protect, meaning that they will need to ask for assistance.
The program will be available to candidates for federal or state-wide office, as well as staff members and representatives from federal and state political party committees. Page admins can apply for the program at politics.fb.com/campaignsecurity and, once enrolled, can add others from their campaign or committee.
“We’ll help officials adopt our strongest account security protections, like two-factor authentication, and monitor for potential hacking threats,” promises the company’s head of cybersecurity policy Nathaniel Gleicher in a blog post.
“If we discover an attack against one campaign official, we can review and protect other accounts that are enrolled in our program and affiliated with that same campaign.”
The company will provide training in the use of these tools and will provide special channels for designated account admins to report any suspicious behavior. The company will also monitor for hacking threats itself, passing on any information about election meddling to the authorities.
If the plan works, says Gleicher, it could be expanded to future elections, and could be offered on a permanent basis to other high-profile users, including government staff.