Here is the Letter Mark Zuckerberg Should Have Issued Today

I’d like to begin by expressing my sincerest regret that we at Facebook did not do everything in our power to prevent these recent cyber security challenges. With over two billion active users, we have the grave social responsibility to do everything in our power to provide world-class cyber security protections for our customer data – and we simply failed. There is no excuse. We are better than this – and we hope to regain your confidence. Here is how we will do this:

First, I have asked Alex Stamos to remain at Facebook as Senior Executive for Information Risk. In that capacity, he will report directly to me and will oversee all of Facebook’s near and long-term efforts to enhance our monitoring, sharpen our mitigation, and improve our response. As one of the best in the industry, Alex is the perfect executive to assume this role. I am embarrassed that I did not take his repeat warnings and advice more seriously. You can be certain that I will now.

Second, I have commissioned an external task force of government and industry veterans in security, privacy, and audit. This task force will be led by Dr. Edward Amoroso (ahem), and will be chartered to offer strict and honest recommendations to Facebook for improving its cyber security and privacy. Alex will represent Facebook on the task force, and I have asked the task force leaders to encourage frank, open discussion. I will personally attend the first meeting to kick-off the work.

Finally, we have tasked members of Alex’s new cyber security team to revisit our security policies, privacy initiatives, and cyber architectural plans. Our finance team has been instructed to ensure that no staffing, budgeting, or capital constraints will hold the team back from installing the best available cyber risk protections. With recent advances in artificial intelligence, adaptive security, and risk management, the global Facebook community deserves only the best. And we intend to provide exactly that.

Again, I would offer my sincere, personal regret at my clear management failure. But I can assure you that just as we created our great company in the spirit of bold innovation and team enthusiasm, we will direct similar creative energy into our new cyber security initiative. And you should know that I have created an on-line forum where I will personally respond to as many of your comments and criticisms as possible. You deserve a voice, and I intend to listen. We can and we will do better.

Thank you,

Mark