Facebook's Security Chief May Be Out, and That's Bad for All of Us
Facebook's security head may be out as the company faces a huge crisis. Here's why his departure will make things worse for Facebook users.
Facebook Chief Security Officer Alex Stamos is planning to leave the company, The New York Times and The Wall Street Journal reported Monday evening (March 19).
The news couldn't come at a worse time for Facebook, whose stock dropped seven percent Monday in the wake of weekend reports that the company had unwittingly given a political consulting firm data pertaining to 50 million users. The latest development is that the FTC is probing Facebook for its use of personal data, according to Bloomberg.
Stamos is well respected and well liked in the information-security community, and is regarded as a committed advocate of user privacy. His apparently impending departure would rob Facebook of an authoritative and trusted voice just as the company needs it most, and remove a powerful advocate of privacy rights from Facebook's executive team.
MORE: Facebook Privacy Tips - How to Protect Yourself Now
The Times said Stamos' departure was planned long before the news about about the consulting firm, Cambridge Analytica, broke Saturday (March 17).
The story said Stamos decided to leave in December, but that Facebook management persuaded him to delay his departure until August. The annual gathering of information-security professionals at the Black Hat and DEF CON security conferences in Las Vegas takes place in early August this year, and Facebook may have wanted him to speak on behalf of the company.
The Times and The Journal both said Stamos clashed with Facebook Chief Operating Officer Sheryl Sandberg over the extent to which Facebook should investigate and disclose the abuse of Facebook by Russian trolls during the 2016 election campaign. His staff was said to have been cut down to three people from 120.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Times reporter Sheera Frenkel said on Twitter that the Times report was based on interviews with seven different people. The story did not initially contain any comment from Stamos himself, but was updated to include a statement from him that "these are really challenging issues, and I've had some disagreements with all of my colleagues, including other executives."
Stamos took to Twitter later Monday evening to clarify that he had not left the company, but did not say whether he planned to leave.
MORE: Everything You Need to Know About Facebook, Cambridge Analytica and the Trump Campaign
"Despite the rumors, I'm still fully engaged with my work at Facebook," Stamos wrote. "It's true that my role did change. I'm currently spending more time exploring emerging security risks and working on election security."
"To be clear, the security team has never been prevented or discouraged from investigating any Russian activity by any executives," he later added.
Stamos was chief security officer at Yahoo from March 2014 to July 2015. One of his first moves was to enforce HTTPS encryption for Yahoo Mail and other Yahoo online services, greatly strengthening user privacy and security.
Stamos reportedly left Yahoo after he discovered that the company had let a government agency install software monitoring Yahoo Mail accounts for keywords. His departure marked the beginning of the end for Yahoo; the company was rocked by disclosures of massive data breaches, and its online assets were sold off at a discount to Verizon in mid-2017.
Stamos is famous for publicly questioning National Security Agency Director Adm. Mike Rogers at a conference in Washington in 2015. He also quickly organized the TrustyCon security conference in San Francisco in 2014 after many information-security professionals chose to boycott the RSA Conference in San Francisco when it was revealed that the RSA company had let the NSA tamper with one of its encryption protocols.
This year, a single tweet from Stamos spurred the rapid organization of OURSA, a one-day security conference featuring women speakers, after the RSA Conference booked only one woman out of 22 keynote speakers.
MORE: How to Delete Your Facebook Account
When the Cambridge Analytica story broke this past Saturday (March 17), Stamos painstakingly explained Facebook's actions in a series of tweets that were later deleted. Even now, he is engaged on Twitter, although Frenkel asserted that Stamos' tweets were now being cleared by Facebook's communications team.
Meanwhile, Sandberg and Facebook founder and CEO Mark Zuckerberg are nowhere to be found. Neither has said anything in public recently about the Cambridge Analytica issue, even as politicians in the U.S. and U.K. demand answers.
The Times story said Facebook in 2017 commissioned opinion surveys to see what the American public thinks of the two top executives. Sandberg has become a best-selling author and an advocate for women corporate leaders, and rumors persist that Zuckerberg -- who has visited small towns in Iowa for no discernible reason, and whose own Twitter feed looks like a campaign commercial — is planning a political career.
With the two top executives seemingly distracted, it's not clear who's minding the store at Facebook. And with Stamos sidelined and probably on the way out, it's not clear who's minding all the personal data hundreds of millions of people have given Facebook.
Facebook had no problem giving away that data until it changed its data-sharing policies just before Stamos came on board. If he goes, there will be one less prominent person fighting for your privacy in a company that seems designed to violate it.
Best Online Identity Protection
Best Overall
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
Best Data Monitoring
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.
Best Tools
Good, but not the best. Identity Guard isn't bad, but for about the same price, IdentityForce UltraSecure+Credit offers more comprehensive personal-data and credit-file monitoring.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.