Originally published at: https://boingboing.net/2018/08/01/facebook-security-chief-alex-s.html
…
Run Sir! RUN!
I wonder if agencies like the FTC will be harsher with a company who elects to not even fill the slot of CSO?
So, he steps out of a position where he could do some good and into an ivory tower?
Security is more about people and processes than it is about technology. Most security standards including Fed. government (NIST) require you have a really clear set of responsibilities and roles, including people who are in charge of security policy, procedures and operations. I suppose, theoretically, you could do that without having a CSO, but in general not having one is a red flag.
Consider it done!
But hmm. Something seems off about that phrasing. It makes it sound like their primary security concern is users’ passwords being stolen. Which, yes, I hope they’re on top of that. But the guy resigned over (and people are currently concerned about) the weaponisation of Facebook as a giant psy-ops war machine. Do they not see that as part of their security function? Does any branch of their org chart own it?
It sounds like he joined a Stanford research group that’s also a serious advisory team working on active countermeasures to Russian-style disinfo and exploitation ops. It also sounds like he joined them once it became clear that FB had decided to “wing it” in those areas and wouldn’t allow him to do some good.
I think that’s now moved to the ad sales department and has been turned into a profit centre.
Call me jaded but, advisors from ivory towers are NOT the ones who have the ears of the current regime in regards to security.
Edit:
Looks like he’s going to be pushing policy mostly.
“…develop policy outreach in briefings to government officials, public seminars and workshops, Congressional testimony, online and traditional media appearances, op-eds and other forms of educating the public on combatting information warfare.” fsi.stanford.edu
Let’s hope the next administration will listen.
Yes, and like any other business unit it’s important to have someone overseeing those people and processes.
Presidential administrations are not the only target audiences for such policy briefings. State secretaries of state are responsible for deploying and running elections, preparing ballots, etc., for example. Private organizations—such as infrastructure developers—may also warrant targeted policy briefs on information security.
Thats not the first time I have heard of someone leaving FB for very similar reasons.
“giant psy-ops war machine” (Besides being a great name for a band) kinda sorta describes late stage capitalism as a whole. So, identifying those aspects of Facebook that are not a toxic stew of abuse, is gonna be harder than scrapping it all and building a public utility to do the same job.
We expect to be judged on what we do to protect people’s security, not whether we have someone with a certain title
We are judging you - You are shitty.
After Facebooks pimps its users by exposing their private data to Russian hackers / Cambridge Analytica and serving as Russian propaganda platform etc. to throw our presidential election… FACEBOOK jettisons its security chief and pitches PR bullshit to fill the vacuum with “sincere heart-sop”
FACEBOOK IS A CORPORATE TOOL OF PUTIN’S PROPAGANDA MACHINE… (READ* FB IS SELLING OUT AMERICA FOR PROFIT.) THE SOONER WE ALL DUMP FACEBOOK THE BETTER!!! FUCK THE ZUCK!!!
Right on Annansi 133
How do you combat the anonymous trolls spewing vitriol and disinfo-propaganda 24 seven?
Like an AI machine, they infect all platforms
That, sir, is tantamount to Communism! I like it!
That’s the best news I’ve heard since hearing the gov’t eradicated dozens of boll weevils from American farmlands!