Alex Stamos, who recently stepped down from his role as Chief Security Officer at Facebook, published an op-ed in The Washington Post today, saying that Facebook could have responded Russian interference on its platform earlier. But he also says that the issue is much larger than Facebook: Congress should update its laws regarding political advertisers, and social media users need to “adjust to a media environment in which several dozen gatekeepers no longer control what is newsworthy.”

Stamos opens with confirmation of one of the details in the recent New York Times report about how the social media company slowly dealt with Russia-linked activity — that she yelled at him after he had told Facebook’s board of directors that his team was still working to uncover the extent of misinformation on the platform, and that she later apologized.

He goes on to say that Facebook and other tech companies did make a number of mistakes in 2016, that they “were so enamored with the utility of our own products” that they had a difficult time seeing how their tools could be misused. He specifically calls out Facebook, saying that the company spent too long trying to minimize the issue, and that it “should have responded to these threats much earlier and handled disclosure in a more transparent manner.”

issues that Facebook faced also stymied the US Intelligence community

But he notes that there’s plenty of blame to go around: the issues that Facebook faced around Russian cyberwarfare were ones that also stymied the US Intelligence community — and that the US government didn’t do much to help afterwards. He also notes that major media outlets played into the goals of online disinformation campaigns with their reporting — amplifying the misinformation, and says that tech companies simply aren’t equipped to understand geopolitical threats.

Ultimately, he notes that there’s a handful of things that US as a whole can do: “Congress needs to codify standards around political advertising,” he writes, saying that existing laws are decades out of date and don’t cover the types of platforms that exist today. New laws are needed to limit “micro-target[ing] tiny segments of the population with divisive political narratives,” and that Facebook, Google, and Twitter should be part of the effort, “instead of quietly opposing it.” Companies need more guidance on how to act alongside government agencies, and while reporters are more aware of misinformation, media outlets need to figure out how to best cover something like leaked data it without aiding the bad actors who perpetrate the leaks in the first place.

‘the last line of defense will always be citizens who are willing to question what they see and hear’

Ultimately, foreign tampering was successful because their targets were unwittingly willing participants. We don’t live in a world where a majority of the US population gets their news from three dominating television networks, and Stamos says that because the media landscape contains a number of outlets, “last line of defense will always be citizens who are willing to question what they see and hear, even when it means questioning our own beliefs.”

How Facebook acts next will be important. Earlier this week, CEO Mark Zuckerberg said that the company will do more to change how it delivers content to users, trying to deemphasize sensational content and misinformation, in the hopes that that will discourage people from posting it in the first place. Stamos is doing his own part. Yesterday, he announced that he was launching the Stanford Internet Observatory — a center to help Silicon Valley and Washington DC address these very issues.