Last summer, Facebook’s chief security officer Alex Stamos stood in the middle of a stage in an arena to open the annual hacking conference Black Hat in Las Vegas. Before his entrance, there was loud music and a light show.
In the hacking world, no one doubted Stamos deserved it. In the industry he’s considered the closest thing there is to an information security rock star. The New York Times reported Monday that he's leaving the company.
Stamos, however, tweeted that he's "still fully engaged with my work at Facebook."
"Despite the rumors, I'm still fully engaged with my work at Facebook. It's true that my role did change," Stamos said. "I'm currently spending more time exploring emerging security risks and working on election security."
In 2015, Facebook poached Alex Stamos from Yahoo. At the time, Stamos was already widely respected, both for his acute technical knowledge—former employees would praise him for his knowledge of code and infosec—and for confronting the head of the NSA about data privacy and mass surveillance. When I profiled him three years ago, he told me that his life goal was to make the internet safer for everyone.
"The vast majority of people are not safe using the internet everyday," Stamos told me when he was still at Yahoo. "They're only safe because they don't have anybody attacking them at that moment."
Facebook, believe it or not, gave him a chance to do exactly that. No other place in the world, short of Google, perhaps, gave one single person a chance to improve security for so many people at once.
During Stamos’ tenure, Facebook didn’t suffer any major data breach. But the company’s role in Russia’s influence campaign weighed on Stamos, who was the one who disclosed details of the influence campaign in a blog post. And the company has been mired in an ongoing crisis regarding the use of data obtained using third party apps to target voters in the lead up to the 2016 election. Stamos and Facebook did not immediately respond to request for comment.
We can’t know how Facebook would have been different without Stamos, but those in the security community still think very highly of him. The New York Times reported that he clashed with Facebook executives—Stamos thought the company should investigate and be transparent about the ways Russians used the platform during the 2016 election.
In the minutes after new about his The New York Times story broke, several security researchers and experts said his loss will be bad for Facebook and bad for users.
“It’s going to be quite hard for Facebook to say they're ‘fighting the good fight’ after losing Alex Stamos,” former FTC chief technology officer Ashkan Soltani tweeted. “This doesn't bode well.”
Former Googler Yonathan Zunger wrote: “Stamos is—or rather, was—a crucial voice of reason and good sense at Facebook. His departure is both a red flag with respect to the company's culture and situation, and a bad sign for its future.”
If Stamos really were to leave, his departure would be a loss for both Facebook and the internet in general. Stamos never shied away from explaining what the company was up to, and was one of the few people in a role that important at a big company to continue to be outspoken on Twitter.
Just a couple of days ago, he posted something that now seems ironic.
“There are a lot of big problems that the big tech companies need to be better at fixing. We have collectively been too optimistic about what we build and our impact on the world,” Stamos tweeted. “Believe it or not, a lot of the people at these companies, from the interns to the CEOs, agree.”