Facebook’s recently departed security chief says US government inaction has ensured that the upcoming midterm elections will be vulnerable to hacking and online manipulation campaigns.
Alex Stamos — who left the company earlier this month — argued his case in an essay for Lawfare, saying it was “too late to protect the 2018 elections.” He’s responding to two pieces of news from yesterday: Microsoft seizing six domains apparently intended for Russian political phishing attacks, and Facebook deactivating 652 fake accounts and pages that were allegedly engaged in misinformation campaigns.
Stamos cites this as evidence that hackers from Russia (and now Iran) have not been deterred from election meddling, and he accuses the Obama administration, the Trump administration, and Congress of a “sclerotic response” to manipulation campaigns during the 2016 election. “If the United States continues down this path, it risks allowing its elections to become the World Cup of information warfare,” he writes.
His prescriptions for the 2020 US elections include promoting the Honest Ads Act, a bill that would mandate more transparency around online political ads, but with an amendment that would specify how influence campaigns could use huge voter databases for targeted ads. He also urges the US government to create a dedicated federal cybersecurity agency, as well as state-level security groups for preventing direct election-hacking — theoretically finding and fixing vulnerabilities like a recently revealed voting machine security hole.
The essay presents a counter-narrative to the widespread criticism that Facebook and other social media platforms have received for letting hackers manipulate their platforms. Stamos has been candid about the company’s security problems, and he reportedly upset some Facebook executives by pushing to reveal information about 2016 misinformation campaigns. Here, he writes that “social media platforms, including my former employer, made serious mistakes in 2016.” But he also focuses substantially on the government’s role in failing to prevent or punish attacks, as well as potential problems with other online ad companies that have “flown under the radar.”
Bob Lord, the Democratic National Committee’s chief security officer, made similar comments earlier today, after the DNC reported an attempted phishing attack to the FBI. “These threats are serious and that’s why it’s critical that we all work together, but we can’t do this alone,” Lord said. “We need the [Trump] administration to take more aggressive steps to protect our voting systems. It is their responsibility to protect our democracy from these types of attacks.”