No feed items found.
Less than 24 hours after Donald Trump was elected president of the United States, Alex Stamos, Facebook’s chief security officer, took the stage at a technology conference in Lisbon, Portugal, to give a keynote on software security.
Almost immediately, Stamos started talking about Facebook’s role in providing a safer internet.
“If we’re going to connect the world, it’s also our responsibility to connect the world safely,” Stamos said. “We have a responsibility … to understand the impact we have on people.”
Stamos was not talking about the U.S. presidential election, but his words were unintentionally apt. He had foreshadowed Facebook’s latest headache as the unwitting instrument in Russia’s campaign to disrupt the U.S. presidential election.
Facebook recently admitted that its News Feed — the most essential part of Facebook’s website and apps, which are used by 1.3 billion people every day — had been gamed by foreign actors in an attempt to manipulate the election. And last month, the company disclosed it had also sold more than $100,000 worth of political ads to Russian propagandists with the same goals. The disclosures led Facebook to hand over information about those ads to Special Counsel Robert Mueller, and now Congress is asking Facebook to testify later this fall.
CEO Mark Zuckerberg has publicly defended Facebook, and showed remorse for his dismissive comments made last year about the likelihood that fake news influenced people on the social network.
But behind the scenes, Stamos is doing a lot of the dirty work. The 38-year-old security expert and his team are leading the company’s internal investigation into Russian meddling, according to sources, which includes searching for Facebook posts and political ads tied to Russia or other foreign parties trying to sway the election.
Despite Facebook’s disclosures thus far, that investigation is still ongoing, which puts Stamos in charge of one of the most important jobs inside Facebook.
If the social giant appears in front of Congress later this fall to answer questions about how its network was abused by Russian organizations, it’s possible that Stamos will be asked to represent the company. Facebook could ultimately face stricter ad regulations and government scrutiny. More importantly, perhaps, the reputations of Facebook and Zuckerberg are at stake. Zuckerberg doesn’t want his legacy to include a footnote that claims that Facebook helped President Trump win the White House.
Stamos joined the social giant as chief security officer in June 2015 after a long career in the security industry. A 2001 graduate of the University of California, Berkeley, where he studied electrical engineering and computer science, he co-founded an IT consulting company that was acquired in 2010 for $23 million by a larger British firm, NCC Group.
But it was Stamos’s stint at Yahoo, shortly following that sale, that offers the best window into his approach to security — especially at a time when Silicon Valley firms are often at odds with government forces.
In 2014, Stamos took on the role of chief information security officer at Yahoo, a company with a history of major security blunders. More than one billion Yahoo user accounts were compromised by hackers in 2013, though it took years for Yahoo to publicly report the attack. Stamos’s predecessor, Justin Somaini, left Yahoo in 2013 following a separate email hacking scandal.
But Stamos’s tenure at Yahoo was fraught with disagreements, and he did not stay for long. He was a major proponent internally for user privacy and clashed with his superiors, who tended to push for looser security standards, according to The New York Times.
Some of his biggest fights had to do with disagreements with CEO Marissa Mayer, who refused to provide the funding Stamos needed to create what he considered proper security measures at Yahoo, the Times found.
Stamos and Facebook declined to comment for this article.
One of Stamos’s kernel beliefs around security focuses on what’s known as end-to-end encryption, now a standard for many online communications services, such as Apple’s iMessage and Facebook’s WhatsApp. Stamos is a big supporter of encryption, and even confronted the NSA about it during a press conference back in 2015.
At Yahoo, he pushed for this standard, which would have effectively shielded any communications, including emails, from Yahoo’s eyes. But Yahoo execs balked, according to the Times, as it would prevent the company from analyzing users’ emails to create business opportunities, such as targeted advertising.
But Stamos’ biggest issues with Yahoo likely came down to government snooping. The company had agreed to secretly help the U.S. government surveil the emails of many of its users after it was issued a court order to do so, according to The New York Times. Stamos, unhappy with the company’s willingness to work with the U.S. government, was upset enough about it that he left, according to Reuters.
He joined Facebook immediately after leaving Yahoo. Facebook’s previous CSO, Joe Sullivan, had left for Uber.
A myriad of factors may have led to his Stamos’s departure from Yahoo, but if the U.S. government’s role in compromising security had a significant effect, he could be confronting similar issues at Facebook.
The Justice Department recently sought warrants for user accounts related to inauguration protests. (It’s unknown if Facebook will comply.) And last month the social network cooperated with Special Counsel Mueller’s investigation into Russian election meddling, likely after a warrant was issued.
Stamos considers himself a member of what he calls the “technical security community” — the kind of hackers and hardcore security experts that frequent security conventions like Black Hat and Def Con, conferences that Stamos has been attending for 20 years. (The first vacation he ever took with his then-girlfriend, who is now his wife, was to a Def Con security conference in Vegas in 2002.)
At Yahoo, he created teams of programmers who would try to hack into the company’s own systems in an effort to find the holes. At Facebook, he has been a big proponent of the company’s bug-bounty program, which pays hackers who find and report security vulnerabilities back to the company.
Stamos also takes seriously the responsibility of security professionals to protect the internet’s rank-and-file users, the billions of everyday internet users who don’t know a lick about online security. “I’m not very happy with where we are as an industry,” he said to a group of security experts at an event in San Francisco in 2015. “We’re really focusing on the 1 percent.”
In addition to leading the charge internally, Facebook has made him a pseudo-spokesperson for the effort by attaching his name to the company’s reports. When Facebook wrote a paper explaining how Russia carried out its misinformation campaign, Stamos was a co-author. He also wrote the blog post that Facebook published when the company admitted that it sold ads to Russian propagandists. (He has periodically publishes blog posts about internet security to his personal Facebook Page, too.)
Stamos doesn’t seem concerned with the spotlight. During his Black Hat keynote in June, months after Russia’s misinformation campaign on Facebook was already public, Stamos ended his speech with a plea — a plea for the security industry to better protect the billions online who can’t protect themselves.
“We’ve been asking people to pay attention to us for over 20 years. And they are,” Stamos said. “We have the world’s attention. What are we going to do with it?”