So let's take a look at some of his hand-wringing Tweets.Hi, Carole. First off, I work on security, not strategy, and I agree that this is a serious issue. It's also a nuanced and difficult one, which is lost in headlines like this. pic.twitter.com/FaFUbeuxTs— Alex Stamos (@alexstamos) March 17, 2018
- I work on security not strategy. https://twitter.com/alexstamos/status/975049688847024128
- This is a difficult issue. https://twitter.com/alexstamos/status/975049688847024128
- I should have done a better job weighing in. https://twitter.com/alexstamos/status/975069709140877312
- I’ve been trying to warn folks about this (relating to a different issue). https://twitter.com/alexstamos/status/974315632589025280
- I just wish I was better about talking about these things (presumably in general). https://twitter.com/alexstamos/status/975070166127067136
I'm sure many security professionals would sympathize with this. Nobody listens to me. Strategy and innovation surge ahead, and security is always an afterthought.
According to his Linked-In entry, Stamos joined Facebook in June 2015. Before that he had been Chief Security Officer at Yahoo!, which suffered a major breach under his watch in late 2014, affecting over 500 million user accounts. So perhaps a mere 50 million Facebook users having their data used for nefarious purposes doesn't really count as much of a breach in his book.
In a series of tweets he later deleted, Stamos argued that the whole problem was caused by the use of an API that everyone should have known about, because it was well-documented. As if his job was only to control the undocumented stuff.
Or as Andrew Keane Woods glosses the matter, "Don’t worry everyone, Cambridge Analytica didn’t steal the data; we were giving it out". By Monday night, Stamos had resigned.us (dumb, bad): facebook data breach— Casey Johnston (@caseyjohnston) March 17, 2018
facebook (smug): it can’t be a breach when its working exactly like it’s supposed to. wait don’t write that dow
In one of her articles, Carole Cadwalladr quotes the Breitbart doctrine
"politics is downstream from culture, so to change politics you need to change culture"And culture eats strategy. And security is downstream from everything else. So much then for "by design and by default".
Who should you trust now? Trust your skepticism.— nora bateson (@NoraBateson) March 18, 2018
Watch whistleblower tell how Cambridge Analytica played us all. To change politics you have to first change culture; you & me are units of culture. Your mind was hacked. #AltRight #BigData #humanity #trust https://t.co/bM80tRXJcg
Facebook (and Google, too!) have great security teams. Some of the best in the business, no doubt. Full of conscientious people. But they can’t mitigate the business model. ¯\_(ツ)_/¯— zeynep tufekci (@zeynep) March 17, 2018
Carole Cadwalladr ‘I made Steve Bannon’s psychological warfare tool’: meet the data war whistleblower (Observer, 18 Mar 2018) via @BiellaColeman
Carole Cadwalladr and Emma Graham-Harrison, How Cambridge Analytica turned Facebook ‘likes’ into a lucrative political tool (Guardian, 17 Mar 2018)
Jessica Elgot and Alex Hern, No 10 'very concerned' over Facebook data breach by Cambridge Analytica (Guardian, 19 Mar 2018)
Hannes Grassegger and Mikael Krogerus, The Data That Turned the World Upside Down (Motherboard, 28 Jan 2017) via @BiellaColeman
Justin Hendrix, Follow-Up Questions For Facebook, Cambridge Analytica and Trump Campaign on Massive Breach (Just Security, 17 March 2018)
Casey Johnston, Cambridge Analytica's leak shouldn't surprise you, but it should scare you (The Outline, 19 March 2018)
Nicole Perlroth, Sheera Frenkel and Scott Shanemarch, Facebook Exit Hints at Dissent on Handling of Russian Trolls (New York Times, 19 March 2018)
Mattathias Schwartz, Facebook failed to protect 30 million users from having their data harvested by Trump campaign affiliate (The Intercept, 30 March 2017)
Andrew Keane Woods, The Cambridge Analytica-Facebook Debacle: A Legal Primer (Lawfare, 20 March 2018) via BoingBoing
Wikipedia: Yahoo data breaches
Related post: Making the World more Open and Connected (March 2018)
Updated 20 March 2018 with new developments and additional commentary