Under the program, campaigns as well as campaign committees that opt in to the program would be designated potential high-priority users and be able to take advantage of expedited troubleshooting if they detect any unusual behavior involving their accounts.
The program is meant to identify patterns of malicious behavior earlier, making Facebook’s reaction quicker.
“As we disrupt these campaigns, we see behaviors that they use again and again,” said Nathaniel Gleicher, Facebook’s head of cybersecurity policy. “And as we see those behaviors, we want to put programs into place that make it much harder for them to be successful.”
Major tech firms including Facebook, Twitter and Google have been under the microscope as government officials and the public have learned more about ways in which foreign actors – primarily Russia – manipulated their platforms in the run-up to the 2016 U.S. presidential elections and other major votes in western democracies.
The announcement Monday by Facebook represents a new, more proactive effort to anticipate potential abuses that are designed to interfere with the midterms and other elections. Facebook CEO Mark Zuckerberg has repeatedly said the company did not do enoughto anticipate how the company’s social network could be used by bad actors.
Facebook has already announced the banning of hundreds of fake accounts and pages, some of which employed similar behaviors that the Russian-backed Internet Research Agency employed in 2016. The new pilot program aims to anticipate ways in which tactics employed on other platforms could be translated to Facebook.
The new program begins with the recognition that most campaigns for political office are essentially start-ups, often with fluid staffing and without standardized operational security procedures, especially in the realm of cybersecurity. An initial step for those campaigns and committees in the program is simple but often overlooked: activating two-factor authentication.
Campaigns that register and are vetted to participate in the program can then use additional Facebook tools, and make them available to the personal and professional accounts of any additional users in the campaign that choose to enroll in enhanced screening.
Accounts designated as belonging to the program would be able to flag to Facebook any unusual behavior associated with their accounts in an expedited fashion. Facebook will also engage in proactive monitoring of the listed accounts through a combination of automated systems designed to identify unusual behavior and specialized security staff.
“The idea is to make it easier for them to report to us when they get targeted, easier for us to identify the possibility that they’ve been targeted, and increase the security around their accounts to make it harder to be targeted in the first place,” Gleicher said.
The hacking of Hillary Clinton campaign chairman John Podesta’s Gmail account early in 2016 proved to be one of the most significant moments of the campaign. Facebook officials want to avoid the same kind of improper acquisition and potential manipulation of their own user’s data, and the new program is in part a response to that.
In addition to the candidate’s public Facebook accounts, giving individuals associated with campaigns the ability to enroll their personal accounts in the program could help the company identify broader influence campaigns as they start. Any unusual behaviors on accounts associated with a campaign, like frequent password changes, can trigger additional scrutiny for other accounts affiliated with it.
“When these information operators are targeting legitimate actors, they don’t just focus on their professional associations,” Gleicher said. “They look for any chink in the armor that they can use to corrupt the public debate.”
Facebook did not have an estimate for how many campaigns it expected to enroll ahead of the Nov. 6 elections. Facebook officials briefed the Department of Homeland Security on the new program Wednesday.