In his most detailed public statement since leaving Facebook Inc., the social network’s former top security official wrote Wednesday that the U.S. cannot possibly secure the 2018 elections from foreign influence:
‘In some ways, the United States has broadcast to the world that it doesn’t take these issues seriously and that any perpetrators of information warfare against the West will get, at most, a slap on the wrist. While this failure has left the U.S. unprepared to protect the 2018 elections, there is still a chance to defend American democracy in 2020.’
The former chief security officer for Facebook and Yahoo argues in the blog post that the U.S. response to the hacking of the Democratic National Committee and Russian use of social networks such as Facebook
and Twitter Inc.
to spread misinformation in the run-up to the 2016 election has failed to measure up to the threat. As evidence, he discusses the revelations from Facebook on Tuesday that it had taken down hundreds of pages linked to Russia and also Iran, calling them “evidence that Russia has not been deterred and that Iran is following in its footsteps.”
“If the weak response of the Obama White House indicated to America’s adversaries that the U.S. government would not respond forcefully, then the subsequent actions of House Republicans and President Trump have signaled that our adversaries can expect powerful elected officials to help a hostile foreign power cover up attacks against their domestic opposition,” Stamos wrote.
Stamos, who departed Facebook last week for a position at Stanford University, contends that the U.S. must now focus on the 2020 election, and lays out “four straightforward steps the United States can take to prepare for potential attacks” in the next presidential election year:
• “Congress needs to set legal standards that address online disinformation,” he says, mentioning the Honest Ads Act that is working through Congress as “a good start to setting a legal baseline” that “must be amended to provide for technical standardization of advertising archives and to set guidelines for the use of massive voter databases by campaigns and political parties.”
• “The United States must carefully reassess who in government is responsible for cybersecurity defense,” as Stamos notes that while many different government agencies touch on cybersecurity in different ways, there is no one true bureaucracy to deal with the issue. “The United States should consider following its closest allies in creating an independent, defense-only cybersecurity agency with no intelligence, military or law enforcement responsibility.”
• “Each of the 50 states must build capabilities on election protection,” he writes, specifically mentioning the work of Colorado in this regard. “The federal government could support the growth of these statewide functions with funding, intelligence and training, and by finding ways to harness the capabilities of private IT workers.”
• “The fourth step necessary is one that can be driven only by the demands of the American citizenry: Americans must demand that future attacks be rapidly investigated, that the relevant facts be disclosed publicly well before an election, and that the mighty financial and cyber weapons available to the president be utilized immediately to punish those responsible.”
Facebook did not immediately respond when asked whether the company disagreed with any of Stamos’s assertions. The company’s shares have fallen about 1.5% this year as the S&P 500 index
has gained 7%.