Facebook already has around half of its roughly 23,000 employees allocated to “safety and security,” and the company plans to aggressively grow this number — a move that comes amid growing criticism over Russia-linked influence on ads on the social network.
“We already have about 10,000 people working on safety and security, and we’re planning to double that to 20,000 in the next year,” said Mark Zuckerberg, Facebook CEO on the company’s earnings call on Wednesday.
This means by the end of 2018, potentially 60% of Facebook’s workforce will be allocated to “safety and security,” which covers ad review, information and data security, violent video screening, anti-hacking and more, according to a Facebook spokesperson.
Hiring 10,000 people is a significant investment and is a sign that public and political pressure has led Facebook to take the great power of its platform seriously. But is it enough?
To properly answer that question, think about what it means for Facebook to be hacked, and what the stakes are. With Facebook, everything is unique. Instead of normal hacking — think, unlocking a safe with a stethoscope.
“Facebook is trying to solve, or at least mitigate, social engineering. By itself that’s a difficult problem,” said Alex McGeorge, head of threat intelligence at Immunity Inc., a security consulting firm. “Now they’re trying to do it at this grand scale no one has ever done before.”
The biggest investment isn’t 10,000 new employees, it’s putting profit second
McGeorge doesn’t think 10,000 extra hands alone will solve the problem. Instead, it will take a serious effort to put security priorities first. On the earnings call, Zuckerberg said he was willing to do what is necessary, even if it comes at the expense of Facebook’s bottom line.
This shift in priorities is absolutely critical, McGeorge said. “Facebook making this big investment in security is a good headline,” but the company needs to “give teams the ability to possibly make decisions that affect the bottom line.” If the new security personnel are overruled by decisions made by the company’s marketing teams the change is meaningless.
“It’s not just about writing more secure code at this point, it’s about influencing the direction of the ship,” said McGeorge. “You need two steps: You need buying at the executive level. Everyone in the C-Suite needs to be on that plan. All chiefs in charge of bringing revenue in, they need to understand that security trumps all.”
Zuckerberg indicated that he is “dead serious about this.” “The reason I’m talking about this on our earnings call is that I’ve directed our teams to invest so much in security on top of the other investments we’re making that it will significantly impact our profitability going forward,” he said.
In 2018, total expenses will grow between 45% and 60% from 2017. “Protecting our community is more important than maximizing our profits,” Zuckerberg said. Video expenses and investments will accompany security spending, he added.
McGeorge noted that simply hiring more people is not enough, follow through is paramount. Facebook critics will be watching how the company responds to the holes in its current security framework, weaknesses Russia took advantage of to serve millions of Americans fake ads and undermine U.S. politics. But beyond that, the key thing to watch is how Facebook deals with what the hackers learned through their ad campaigns. In addition to any influence, hackers who gamed Facebook’s network came away with critical knowledge, namely how to leverage Facebook’s chief product: Targeting content to people.
Framing a profit-second philosophy as long-term investment
In order to sell this to Wall Street, Zuckerberg framed these expenses as long-term profitability and put these efforts under the umbrella of refining product.
“People do not want false news or hate speech or bullying or any of the bad content that we’re talking about,” he said on the call. “So to the extent that we can eradicate that from the platform, that will create a better product, which will also create a stronger long-term community and better business as well.”
The artificial intelligence Facebook will use in concert with the new workforce will be researched and implemented to accomplish security goals. However, it may also provide a leap forward for AI — another potential for profit.
At least one analyst felt so moved by Zuckerberg’s arguments that he made a comment in addition to asking a question, one of the few to do so during the conference call.
“I think this incremental spend on security is highly unfortunate, but I think it makes eminent sense,” said Mark Mahaney from RBC Capital Markets. “I think most long-term investors realize that community maximization, including security, would lead to long-term profit maximization.”