Facebook’s security chief to depart role over company’s handling of misinformation [Updated]

Enlarge / Facebook CSO Alex Stamos speaking at the Web Summit in Dublin in 2015.

Update: Facebook CSO Alex Stamos tweeted the following on Monday evening in the wake of The New York Times report:

Despite the rumors, I’m still fully engaged with my work at Facebook. It’s true that my role did change. I’m currently spending more time exploring emerging security risks and working on election security.

We have updated the story accordingly.

Original story:

Alex Stamos, Facebook’s chief information security officer, will shift roles at the company. His transition will come in the wake of disagreements with other Facebook executives like COO Sheryl Sandberg about how to investigate and disclose Russian activity on the platform, The New York Times reports, citing employees of the social network. Stamos advocated for greater disclosure. Prior to his hiring at Facebook in 2015, Stamos was Chief Information Security Officer at Yahoo.

Personnel on Stamos’ security team—which previously numbered 120 but is now down to three—are being gradually transferred to the product and infrastructure divisions within Facebook, under his supervision. The NYT report suggests that this has been part of his responsibilities since December, when his normal day-to-day responsibilities as CSO were reassigned. He was asked by Facebook to stay through August for optics.

Stamos is currently working in a new role in the company. “I’m currently spending more time exploring emerging security risks and working on election security,” he tweeted. He has not commented on any future plans to depart the organization entirely—a tweet clarifying his role after The New York Times report did not dispute the report’s claim that he is leaving Facebook in August.

This news broke shortly after Facebook came under intense scrutiny over the inappropriate acquisition of its user data by Cambridge Analytica, a data analytics firm involved in elections in both the US and the UK. Stamos took to Twitter to defend the company—in particular, he sought to clarify that this was not a “data breach.” He also said in a tweet that has since been deleted:

It should be noted that several other prominent platforms, like Android and iOS, allow access to friend (contact) data with user permission. Like us, those platforms have policies about the use of data, but misusing contacts gathered knowingly from a phone is also not a “breach”.

Stamos later deleted those tweets, saying he “should have done a better job weighing in.” Echoing some of the concerns that reportedly led to his departure from the role, he later tweeted:

There are a lot of big problems that the big tech companies need to be better at fixing. We have collectively been too optimistic about what we build and our impact on the world. Believe it or not, a lot of the people at these companies, from the interns to the CEOs, agree.

https://arstechnica.com/?p=1278599