Former Facebook Chief Security Officer On Election Security And Digital Threats
ARI SHAPIRO, HOST:
Former special counsel Robert Mueller gave Congress a clear warning yesterday about Russian interference in U.S. elections.
(SOUNDBITE OF ARCHIVED RECORDING)
ROBERT MUELLER: Over the course of my career, I have seen a number of challenges to our democracy. The Russian government's effort to interfere in our election is among the most serious.
SHAPIRO: Later in the hearings, he said that effort has not stopped. Quote, "they're doing it as we sit here." Hours later, a Republican senator from Mississippi blocked three bills meant to strengthen election security. Cindy Hyde-Smith said Congress has already done what's necessary to protect the 2020 elections from interference.
Alex Stamos was Facebook's chief security officer during the 2016 election, and he is now at Stanford. Welcome to ALL THINGS CONSIDERED.
ALEX STAMOS: Thank you very much for having me.
SHAPIRO: What do you make of the Republican talking point that Congress has done what's necessary to protect the 2020 elections?
STAMOS: Congress has effectively done nothing to protect the 2020 elections. So there have been changes. But those changes have been either done in the private sector by the tech companies, or they've been - decisions have been made by people in the kind of mid-level, well-meaning folks at the FBI and DHS who have been acting without congressional support or authorization. Congress has not clarified the rules for online ads. They haven't done anything to set new standards for voting machines or any of the election infrastructure that could possibly be attacked in 2020.
SHAPIRO: In your view, would the bills that the Democrats are pushing solve some of those problems?
STAMOS: Yes. So my colleagues and I at Stanford have put out a 96-page report. We endorse the idea of some of the election security bills that give money to states to upgrade their infrastructure and set basic standards that can be enforced by the Department of Homeland Security. We also call for regulation of online political ads. And that regulation would broaden the scope of what is considered a political ad to include the kind of issue ads that the Russians pushed in 2016; would set standards for the transparency that would have to be provided by a Facebook or a Google as to who is running these ads; and then would set a floor of how much targeting information could be used to shoot those ads at very, very specific people online.
That latter point is not just about foreign interference, but the other thing that Congress needs to think about is how much do we want to encourage the legitimate actors in American democratic politics - the PACs, the candidates themselves - how much do we want them building massive data sets to hypertarget individual voters? That is a corrosive issue that has grown since especially the 2012 election, whether or not you have foreign interference.
SHAPIRO: As you mentioned, this is not just an issue for government; it is also an issue for tech companies. You were at Facebook in 2016. Do you think that that company has learned from its mistakes and is ready to confront whatever comes in 2020?
STAMOS: So I think that the social media platforms have done a lot to address exactly what happened in 2016. The real question is whether or not that's going to be relevant to what happens in 2020. First off, we've seen elections in places like India and Mexico, where disinformation attacks have mostly been pushed by domestic groups and have relied upon the supporters of those groups to amplify disinformation.
SHAPIRO: I, Ari Shapiro, go out and say so-and-so candidate is a child abuser. And this is not a foreign troll. This is just a person saying something that's not true.
STAMOS: Right. And we have an example of that in the United States. It turns out that the Seth Rich conspiracy theory was partially born out of activity of the Russian intelligence services but then was massively amplified by the conservative media and Americans who didn't know that they were doing the bidding of the Russian SVR.
The other big question is, how quickly can the companies react to a totally different type of attack against the election? The thing that I'm really afraid of is less about the Russians supporting one candidate or another. I'm more worried about them trying to convince half the country that the election was stolen. While it would be difficult to hack an entire national election, it would be almost trivial to cause complete chaos on the day of the election and to create an information environment in which half the country believes that they didn't lose fair and square, that they lost because a foreign adversary hacked voting machines, hacked tabulation systems. I don't see the evidence that tech companies and the government are able to work together in a way to deal with that.
SHAPIRO: Alex Stamos, formerly of Facebook, now director of the Stanford Internet Observatory. Thanks a lot.
STAMOS: Thank you very much.
(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.