Facebook's Head Prick Fired?!

Alex Stamos says he's "still fully engaged" with his work at Facebook, though his role has changed. Questions about Stamos come as Facebook deals with a privacy flap linked to Cambridge Analytica.

facebook-logo-hq

Facebook's security chief Alex Stamos is reportedly leaving the company.

Getty

Alex Stamos, Facebook's outspoken chief security officer, is leaving the company, according to a report Monday by The New York Times.

The apparent reasons for the departure are Facebook's disclosures of a company investigation into Russian trolls abusing its services during the 2016 US election and the spread of misinformation on the site. Stamos reportedly clashed with top executives, including COO Sheryl Sandberg, over how the company should handle the situation.

According to The Times report, Stamos initially told the company he wanted to leave in December, after his day-to-day duties were reassigned. He was convinced to stay until August to help see through the transition of his responsibilities.

Stamos responded Monday to the report with a tweet that didn't explicitly address whether he intended to leave Facebook.

"Despite the rumors, I'm still fully engaged with my work at Facebook," he tweeted. "It's true that my role did change. I'm currently spending more time exploring emerging security risks and working on election security." 

A Facebook spokeswoman echoed Stamos' sentiment in a statement. "Alex Stamos continues to be the Chief Security Officer (CSO) at Facebook," the statement said. "He has held this position for nearly three years and leads our security efforts especially around emerging security risks. He is a valued member of the team and we are grateful for all he does each and every day."

The spokeswoman didn't directly address whether Stamos was planning to leave the company. 

The news comes as Facebook deals with a controversy over Cambridge Analytica and its reported misuse of data from 50 million Facebook accounts.

This isn't the first time Stamos has left a C-suite position at a major tech company in the midst of controversy. Stamos left Yahoo in 2015, and Reuters later reported that he left in protest of Yahoo complying with a request from NSA to create scanning technology to comb through users' incoming emails.

Stamos made waves on Twitter this weekend when he criticized The New York Times and the Guardian for their portrayals of the way data analysis firm Cambridge Analytica used Facebook user data. The tweets said the situation, in which the firm accessed information from millions of Facebook accounts, wasn't a data breach or a leak. Then, he deleted those tweets.

Known for bursts of candidness on Twitter, Stamos has tweeted out his thoughts on a range of issues during his tenure at Facebook. In October, he let fly a string of tweets about the news media's coverage of artificial intelligence technology, which he said painted Silicon Valley unfairly as clueless.

"Nobody of substance at the big companies thinks of algorithms as neutral," he wrote. "Nobody is not aware of the risks."

50M Facebook user...AutoplayOff00:0001:34
Next Article: Facebook, Cambridge Analytica and Trump: What you need to know
POLITICS Leer en español

Facebook, Cambridge Analytica and Trump: What you need to know

The world's largest social network is at the center of an international scandal involving voter data, the 2016 US presidential election and Brexit.

Facebook's MPK20 headquarters building, brightly lit at night.

Facebook's MPK20 headquarters building in Menlo Park, California. Your data is somewhere behind that colorful structure.

Facebook

Consultants working for Donald Trump's presidential campaign exploited the personal Facebook data of millions.

That's the key message in Saturday stories by The New York Times and the UK's Guardian and Observer newspapers, as well as in statements from Facebook. The stories and statements indicate the social networking giant was duped by researchers, who reportedly gained access to the data of more than 50 million Facebook users, which was then misused for political ads during the 2016 US presidential election.

Until now, most of what you've heard about Facebook and the 2016 election has been focused on meddling by Russian operatives. Those efforts are being investigated by the FBI and the US Senate. 

Data consultancy Cambridge Analytica represents a different problem. The UK-based company reportedly acquired data about millions of Facebook users in a way that violated the social network's policies. It then tapped that information to build psychographic profiles of users and their friends, which were utilized for targeted political ads in the UK's Brexit referendum campaign, as well as by Trump's team during the 2016 US election. 

Facebook says it told Cambridge Analytica to delete the data, but also that reports suggest the info wasn't destroyed. Cambridge Analytica says it complies with the social network's rules, only receives data "obtained legally and fairly," and did wipe out the data Facebook is worried about.

Here's what you need to know.

Watch this: Did Facebook lose control of your information?
3:28 

What is Cambridge Analytica?

Cambridge Analytica is a UK-based data analytics firm, whose parent company is Strategic Communication Laboratories. Cambridge Analytica helps political campaigns reach potential voters online. The firm combines data from multiple sources, including online information and polling, to build "profiles" of voters. The company then uses computer programs to predict voter behavior, which then could be influenced through specialized advertisements aimed at the voters.

Cambridge Analytica isn't working with a small amount of user data either. The company says it has "5,000 data points on over 230 million American voters" -- or pretty much all of us, considering there are an estimated 250 million people of voting age in the US

What did Cambridge Analytica do?

Facebook said in a statement late Friday that Cambridge Analytica received user data from Aleksandr Kogan, a lecturer at the University of Cambridge. Kogan reportedly created an app called "thisisyourdigitallife" that ostensibly offered personality predictions to users while calling itself a research tool for psychologists.

The app asked users to log in using their Facebook account. As part of the login process, it asked for access to users' Facebook profiles, locations, what they liked on the service, and importantly, their friends' data as well.

Facebook logo on mousepad

Facebook's data appears to have been improperly used for political purposes during the UK's Brexit vote and the 2016 US presidential election.

Getty Images

The problem, Facebook says, is that Kogan then sent this user data to Cambridge Analytica without user permission, something that's against the social network's rules.

"Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules," Paul Grewal, a vice president and general counsel at Facebook, said in a statement.

Kogan didn't respond to requests for comment. The New York Times said he cited nondisclosure agreements and declined to provide details about what happened, saying his personality prediction program was "a very standard vanilla Facebook app."

What does this have to do with Trump?

The Trump campaign hired Cambridge Analytica to run data operations during the 2016 election (Steve Bannon, who eventually became Trump's chief strategist, was also reportedly vice president of Cambridge Analytica's board). The company helped the campaign identify voters to target with ads, and gave advice on how best to focus its approach, such as where to make campaign stops. It also helped with strategic communication, like what to say in speeches.

"The applications of what we do are endless," Cambridge Analytica CEO Alexander Nix said last year in an interview with CNET sister site TechRepublic.

The White House didn't respond to a request for comment.

Cambridge Analytica also worked with other 2016 presidential election campaigns, according to its website and various media reports. Those included the campaigns of Sen. Ted Cruz and presidential candidate Ben Carson, who went on to join Trump's cabinet as secretary of housing and urban development

Why did Facebook ban Cambridge Analytica from its service? 

Facebook said Cambridge Analytica "certified" three years ago it had deleted the information, as did Kogan. But since then, Facebook said, it's received reports that not all the user data was deleted. The New York Times reported Saturday that at least some of it remains.

Cambridge Analytica said in a statement Saturday it deleted all the data and is in contact with Facebook about the issue.

Meanwhile, Christopher Wylie, the whistleblower who detailed how Cambridge Analytica reportedly misappropriated Facebook user data, said on Twitter that his Facebook account has been suspended.

Was Facebook hacked?

The New York Times characterizes this as a data "breach" and says it's "one of the largest data leaks in the social network's history." That's in part because the roughly 270,000 users who gave Kogan access to their information allowed him to collect data on their friends as well. In total, more than 50 million Facebook users are said to have been affected.

The misuse of this data is what The New York Times zeroed in on.

MORE ON THE CAMBRIDGE ANALYTICA SAGA

Facebook, however, says that while Kogan mishandled its data, all the information Kogan got was accessed legally and within its rules. The problem is that Kogan was supposed to hold onto the information himself, not hand it over to Cambridge Analytica or anyone else. So Facebook disputes that the incident was a data breach, because the information was accessed through normal means -- using an app that asked people for access to their information, which they then agreed to.

The social network argued its point even further in an update to its Friday statement, saying that calling this episode a "breach" is "false."

"People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked," the company said.

Of course, critics point out that Kogan was able to do what he allegedly did because Facebook allowed app developers to request and receive access to the data of users' friends. Facebook changed that policy in 2015, prohibiting the practice.

Wait, so Facebook allows apps to access my data?

When you log in to an app using your Facebook account, the developer typically asks for access to information the social network has. Sometimes it's just your name and email address. Other times, it's your location and your friends' data too.

All this is pretty much what any app developer that works with Facebook is allowed to do. That is, until 2015, when Facebook stopped app developers from having access to friends' data. The rest, though, is still fair game.

Facebook says its rules specify that developers can't share the information they receive with other firms. That's where the problem with Kogan and Cambridge Analytica comes up.

But everything else? That's fine by Facebook. The company has an app review process it puts developers through, but once they're cleared, things are A-OK.

You hand your information over to app developers all the time. Don't like it? Think before you click, and read the requests from app developers more carefully.

Could this lead to more regulation?

One thing we do know for sure: The honeymoon between the tech industry and government is over. After decades of tech companies (mostly) being treated as favored children, legislators and government regulators are increasingly taking a tougher stance against them.

Facebook CEO Mark Zuckerberg, in front of signs that say "Focus on Impact" and "Be Bold."

Lawmakers on both sides of the Atlantic are looking for answers from Facebook CEO Mark Zuckerberg.

James Martin/CNET

Already, this scandal has renewed calls for more regulation. 

"This latest fiasco could reignite the debate within the Beltway and EU around a tighter regulatory environment Facebook and its social platform brethren could face going forward," Daniel Ives, an analyst at GBH Insights, wrote in a note to investors Sunday. "This represents another critical period for Facebook to hand hold and assure its users and regulators around tighter content standards and platform security in light of this latest PR nightmare."

In Washington, lawmakers and other officials were quick to demand that Facebook CEO Mark Zuckerberg testify before Congress, something he hasn't personally done in recent hearings over the intersection of social media, elections, trolls and hacking.

"Facebook, Google, and Twitter have amassed unprecedented amounts of personal data and use this data when selling advertising, including political advertisements," Sens. Amy Klobuchar, a Minnesota Democrat, and John Kennedy, a Louisiana Republican, said in a statement Monday. "The lack of oversight on how data is stored and how political advertisements are sold raises concerns about the integrity of American elections as well as privacy rights."

Observers have raised the question of whether Facebook's actions may have violated a 2011 consent decree with the Federal Trade Commission, according to The Washington Post, which interviewed two former federal officials. The consent decree required users to be notified and to agree to Facebook sharing their data, according to the Post. Facebook told the paper that it rejected "any suggestion of violation of the consent decree."

In Europe, where regulators have traditionally taken a tough stance on social media and privacy, the president of the European Parliament, Antonio Tajani, on Monday tweeted that EU lawmakers "will investigate fully, calling digital platforms to account." In the UK, Damian Collins, the chair of Parliament's committee overseeing digital matters, said that Zuckerberg needs to stand up and answer questions directly.

"Someone has to take responsibility for this," Collins said. "It's time for Mark Zuckerberg to stop hiding behind his Facebook page."

What can I do?

There isn't much. You may've been swept up in this without even knowing it. You don't have to have downloaded Kogan's app to have had your information accessed, since the statements and articles say the app slurped up information about users' friends.

Cambridge Analytica also doesn't appear to offer a way for you to request your information be removed from its systems. The company didn't respond to a request for comment.

First published March 17 at 1:52 p.m. PT.