So Alex Stamos is headed for the ivory tower. He announced yesterday that he’s leaving Facebook after three years in the CSO hot seat, and joining Stanford University as an adjunct professor.
In normal circumstances, a faint odor of failure might surround the departure of the security executive who presided over so many catastrophes, from being flooded with Russian ads in the run up to the 2016 election, to Cambridge Analytica’s brazen data snatch. But in fact, if anyone knows anything about Stamos’s tenure, it’s that he reputedly clashed with fellow executives back in March about how to handle those problems. According to news reports, he favored more transparency, as well as some restructuring of the platform. In contrast, CEO Mark Zuckerberg seemed to drag his feet on transparency right up to the doors of the Senate, and since then hasn’t always helped his brand by explaining, for example, that he considers Holocaust denial to be free speech rather than hate speech.
Stamos’s departure doesn’t seem to be working out quite as planned. Back in March, the New York Times reported that he “was persuaded to stay through August to oversee the transition of his responsibilities and because executives thought his departure would look bad.” To the extent responsibilities have been transitioned, they seem to have been transitioned “further down the food chain,” as The Register reports, and not to a new CSO.
The Register also cannily points out that it took Facebook three months to anoint Stamos as successor to its previous CSO, Joe Sullivan, who they lost to Uber. If it takes three months to replace Stamos, the new CSO would arrive just two days before the mid-term elections.
Here are six reasons that’s a bad idea:
1. Guys, it doesn’t look good
Let’s all clap our hands and believe in fairies, and accept that pushing hands-on security responsibilities into the product and engineering teams is the best way to go about shoring up the platform’s defences. Let’s regard the CSO position in the same light as the conductor of an orchestra. As long as the violinists and oboists know their parts, and can play, what is he but a glorified time-keeper?
It doesn’t matter. Everything may look great from the inside. But when something goes wrong, and you can bet it will, the gaping chasm at the top of the security chain is a ready-made PR disaster.
2. Stamos was right: the outlook isn’t good
In an update on his Facebook page, Stamos — while encouraging students to sign up for his fall classes — mentioned that he was leaving “one of the most difficult threat environments faced by any technology company [including] new classes of abuse by the world’s most advanced adversaries.”
He’s right. Sure, Twitter has exposure, but the other tech companies at the top of the tree — Google, Microsoft, Apple — are not in this war (and not facing the existential crisis contemplated by Menlo Park). How happy must Google be that Russia doesn’t care about Google+?
3. Yes, I said existential crisis
Because, as everyone knows, Facebook and Zuckerberg just set an impressive benchmark with the worst stock plunge in the history of the market. Zuckerberg himself saw $16 billion wiped overnight from the value of his holdings. Could this happen again? A scandal on the scale of Cambridge Analytica could be just the trigger required — and if it does happen again, they’ll be launching the lifeboats.
4. The next scandal is just around the corner
Who says it won’t happen again? After all, just as Stamos reversed out of the car park, the platform disclosed (ah, transparency at last) that they’d uncovered a new plan to disrupt the mid-terms. Is it Russia? Facebook wouldn’t initially confirm who was responsible, but made it clear that this latest plot followed the blueprint used last go around by the Kremlin-linked Internet Research Agency.
5. The bad guys aren’t going away
Shutting down a few dozen accounts (and being open about it) looks like a firm and effective response to the latest threat. But guess what? The attacks won’t let up. It’s not like the perpetrators are facing legal repercussions; and losing a Facebook page is hardly a deterrent. As analysts have made clear, Facebook engagement is now strong predictor of success in U.S. domestic elections. The prize is too big.
6. Optics aren’t everything, but…
If (and when) things go wrong, Facebook needs to look like it was at least doing all the right things. The public — not to mention brands and investors — are unlikely to tolerate a repeat of Facebook working ineffectually and covertly to deal with threats. Not only does the platform need a new CSO, but it needs a CSO who can not only speak truth to his or her fellow executives, but who can speak confidently to the public about the defense of privacy, democracy, and truth.
And he or she needs to be in place before November 6.