Below are my questions, followed by Facebook’s responses, where applicable.

1. In an April 2017 white paper, your security team disclosed an incident during the 2016 election in which “malicious actors” were discovered to be using fake Facebook accounts to promote links to stolen information. The paper did not name the actors, but it was later revealed that this referred to a coordinated campaign to promote emails that were stolen from Democratic National Committee officials by Russian hackers and published by WikiLeaks. It has also been reported that Facebook’s legal and policy teams pressured the security team to exclude any mentions of Russia from their report. Why did they want to keep this information from becoming public?

Alex Stamos, chief security officer, Facebook:

In our April white paper, “Information Operations and Facebook,” we described the activity that we detected from a sophisticated threat actor that was spreading stolen information about specific political targets in the run-up to the U.S. election and using it to feed press stories that they could then amplify. We took steps to disrupt this activity and reported details to the relevant authorities.

In this white paper, we noted the challenge of attributing threat activity to foreign actors ourselves, but we specifically referenced the assessment of the U.S. government that this actor was tied to Russia’s intelligence services. This was an accurate statement of what we knew about this particular actor at the time, and it appropriately relied on the U.S. intelligence community’s public analysis.

We have been forthcoming at every opportunity about what we know about these information operations. In addition to our white paper, last month we disclosed advertising activity on our platform that we believe is linked to the Internet Research Agency, a different group from the one we described in April. We undertook this research on our own, and we named the group based on our best assessment because we weren’t aware of a comparable public report from the government.

2. Related to the above question: In July 2016, WikiLeaks complained that Facebook was censoring links to a page on its website that hosted the hacked D.N.C. emails. Your chief security officer, Alex Stamos, replied to WikiLeaks (in a tweet that has since been deleted) saying that the issue had “been fixed.” Links to WikiLeaks were subsequently restored. Did Facebook’s security team manually override a tool that flagged these fake accounts as suspicious? If so, who was responsible for the decision to restore access to WikiLeaks, despite having detected a suspicious campaign to promote its stolen documents? Did you notify law enforcement that your security team had intercepted a coordinated influence campaign?