When a disgruntled YouTube user opened fire with a semiautomatic pistol at the company’s California headquarters in April 2018, injuring three, the gunshots reverberated across Silicon Valley.
At Facebook, just a 30-minute drive away, the company sprang into action and quietly redoubled its defenses. The Menlo Park-based social-networking firm drastically upped the number of off-duty police officers who covertly patrol its halls in civilian clothes with concealed firearms. Few employees even know these officers exist, and the move spooked some of the workers who subsequently noticed them.
And it spent about $1 million to bolster its vehicle fleet with more than 30 new Toyota RAV4 hybrid SUVs for its security organization with which to patrol its Bay Area offices, only to leave them sitting in a garage for months, unused, as the company deliberated about how they should be branded. (It’s unclear whether they’re in action now.)
If it sounds like a small army, that’s because in many ways it is.
Silicon Valley’s founding principles of freedom and nonconformism created a province of open-plan offices and sprawling university-like campuses that have since been emulated throughout the corporate world.
But within Silicon Valley’s tech companies today, there’s a more hardheaded reality hiding just below this idyllic surface. At a time when tech brands and leaders have become objects of public fascination and, in some cases, outright hostility, and in the wake of the YouTube shooting, tech companies like Facebook have no choice but to erect ever-more sophisticated, and expensive, fortifications.
For shareholders it means shouldering ever heavier costs, often tens of millions of dollars, for the protection of top company executives and facilities security. Within Facebook, it means empowering a 6,000-person shadow workforce whose day-to-day experiences provide a revealing window into another side of Silicon Valley, far removed from app marketing plans and machine-learning conferences: a secret world of stalkers, stolen prototypes, car-bomb fears, earthquake-contingency plans, gang violence, and concerns about state-sponsored espionage.
Business Insider spoke with current and former workers in Facebook’s security organization and others familiar with the matter, obtained internal company documents, reviewed court documents, and surveyed publicly available information about how the company handles its security.
These sources described sophisticated logistical challenges in protecting tens of thousands of employees and contract workers every day — and an underlying tension between the techie ideals of openness and engineer freedom and the realities of protecting a high-profile and increasingly controversial multinational firm.
“As a security guy, you can buy Fort Knox tomorrow, but that’s not going to fly in a tech environment,” said a former member of Facebook’s security team. “You create policies and barriers and processes so you’re the friendliest you can be while as safe as you can be.” (Sources were granted anonymity as they weren’t authorized to speak publicly about their experiences.)
Some of what Facebook’s security team deals with are prosaic issues, the kind you’d find at any major company: petty thefts, car accidents, and medical emergencies. But Facebook’s unprecedented influence on civil society and billions of people’s daily lives around the world means it also faces one-of-a-kind security challenges. People swarm to Facebook’s offices by the thousands, whether that’s to try to look around, attempt to give unsolicited pitches to company executives, or air grievances.
And then there’s one of the most important challenges of all: protecting Mark Zuckerberg.
Protecting the principal
When CEO Mark Zuckerberg first got 24/7 executive protection, there was a problem: He kept wandering off.
Sources said that in the early 2010s, the world-famous Facebook cofounder didn’t always keep the team — initially just one person — in the loop on his plans. He might decide on a whim to leave the office, or go for a jog, or to a bar, leaving his security staff scrambling to keep up.
“He was in his mid-20s … he was developing a platform he truly believed was good … at the time he didn’t grasp the concept that there were haters out there,” one source said.
Since then, however, Zuckerberg has grown more accepting of executive protection’s constant presence, according to insiders. His closely monitored patterns of life now far more closely resemble a head of state than a typical 34-year-old engineer, with the stricter security practices mirroring the increase in Facebook’s own fortifications over the years.
Armed executive-protection officers stand on constant guard outside his gated homes in the Bay Area (at least one of which also has a panic room). If he goes to a bar, his team will sweep through ahead of time to make sure it’s safe. They will vet any new doctors or trainers if he wants to take up a new hobby. He is driven everywhere, with the security team monitoring traffic and adjusting his route accordingly. (Back when he still drove, Zuckerberg was, in the words of one source, a “shitty driver.”)
During company all-hands meetings, members of Zuckerberg’s Praetorian Guard sit at the front of the room and are dotted throughout the crowd, just in case an employee tries to rush him. They wear civilian clothes to blend in with nonsecurity employees.
Zuckerberg doesn’t typically work in a cordoned-off office like a traditional corporate executive. Instead, his regular desk is on the floor of Facebook’s open-plan office, just like everyone one — but protection officers sit near his desk while he works, in case of security threats. Facebook’s offices are built above an employee parking lot, but it’s impossible to park directly beneath Zuckerberg’s desk, because of concerns about the risk of car bombs.
He also has access to a large glass-walled conference room in the middle of the space near his desk, which features bullet-resistant windows and a panic button. There’s also a persistent rumor among Facebook employees that he has a secret “panic chute” his team can evacuate him down to get him out of the office in a hurry. The truth of the matter remains murky: One source said they had been briefed about the existence of a secret exit route through the floor of the conference room into the parking garage, but others said they had no knowledge of it. Facebook declined to comment on the rumor.
All told, there are now more than 70 people on the executive-protection team at Facebook, led by former US Secret Service special agent Jill Leavens Jones. Last July, Facebook’s board approved a $10 million security allowance for Zuckerberg and his family for the year.
And with good reason: The billionaire chief exec lives an extraordinarily public life, with 118 million followers on Facebook alone (making him both an icon of Facebook’s ideals and, increasingly, a magnet for public ire following his company’s recent scandals), and the threats he faces are severe.
He receives numerous death threats a week, and the security team actively monitors social media for mentions of him and his chief operating officer, Sheryl Sandberg. The pair also have stalkers, who alternately declare their undying love for the execs or harbor worrying vendettas against them.
Zuckerberg and Sandberg are the only two Facebook execs with 24/7 protection, though others may get it for specific occasions like traveling. The pair have amusing security code names, which Business Insider is not publishing for security reasons.
The CEO has been forced to get restraining orders against people obsessively following and trying to contact him in multiple instances. In one notable incident, in 2015, a local, William Gordon Kinzer, repeatedly turned up outside Zuckerberg’s house over a period of weeks and aggressively harassed the security officers, according to court documents. “On May 30, 2015, at approximately 9:39 a.m., I was seated in my car … Kinzer stopped at the passenger side of my window, looked directly at me and yelled loudly, ‘Stay in your car like a good little monkey and obey the law,'” one security officer testified. “Kinzer then turned and walked away. Kinzer appeared angry and aggressive. I was concerned for my safety.”
Sandberg was once stalked by an employee who sent her a barrage of messages. Even after the employee was fired and blacklisted, she would still show up at campus occasionally, a source said. (Facebook declined to comment on this and many of the other incidents detailed in this story.) Such stalkers are classified as “BOLOs,” short for “Be On the Look Out,” a category of person barred from all Facebook property. If BOLOs use Facebook or the other apps the company owns, the security team may quietly use data drawn from these apps to monitor their location without telling them, as CNBC previously reported.
In one surreal episode, someone turned up outside Zuckerberg’s house with a love letter scrawled across the side of their truck, a source recalled. Security officers initially assumed it was directed at the CEO — but it was actually for the benefit of one of the housekeeping staff.
Pranks and political stunts are another concern: High-profile execs make prime targets, as Microsoft cofounder Bill Gates infamously discovered when he had a pie thrown in his face in Brussels in 1998. Any time Zuckerberg goes out in public, there are concerns he could be mobbed, and his appearances at events are carefully planned and mapped out.
People will also send unsolicited presents to his home — everything from cookies to a gift from a rabbi after the birth of one of his children. (These get sent to the security team for inspection; Zuckerberg doesn’t open them himself.)
In Facebook’s offices, things are less intense, but employees will still rush to get the seats at meetings closest to Zuckerberg. Executive-protection officers are instructed to be alert for employees and guests at the offices trying to take unauthorized photos of Zuckerberg, which is against the rules. Some employees, too, will try to give him gifts.
‘Move fast and break things’ isn’t always the best approach to security
Today, Facebook has 40,000 full-time employees, but its total workforce is far higher.
More than 80,000 personnel around the globe (including contractors and contingent workers who don’t necessarily get the same benefits as full-time employees) fall under the protection of the global security team’s protection, across 160-plus facilities ranging from engineering offices to data centers to content moderation centers, in more than 100 countries.
To handle this, the company has an army of security officers.
There are more than 6,000 people working in global security (500 of those are full-time employees, the rest contractors and contingent workers), with more than 1,000 security officers working at the Bay Area officers alone — patrolling on foot, in vehicles, with sniffer dogs, and on bikes (“Fox Units”). For context, Snapchat parent company Snap has only 3,000 employees total. Twitter has just under 4,000.
Among the third-party contractors it leans heavily on to provide security officers and intelligence analysts for its workforce are Allied Universal, G4S, and Pinkerton. Facebook also funds a Menlo Park Police Department substation near its offices, and works closely with local law enforcement and emergency services.
There are five key strands to Facebook’s security efforts. Most visibly, there are the global security services, Facebook’s legions of security officers (“blue shirts”) and its global security operations centers (more on those later). And there’s global security intelligence and investigations, which handles investigations and streams of intelligence.
Then there are the global security strategic initiatives, which looks at risks as the business grows. (Is this a high-risk area for expansion? Is building here really a good idea?); systems and technology (think keycards, security cameras, and the software that keeps it all humming along); and the executive-protection team.
Like the rest of Facebook, global security is a ravenous consumer of data, slurping up vast streams of intelligence, which range from open source information to third-party data streams, from media reports about breaking news events to dark-web marketplaces that might be selling the company’s intellectual property — and, of course, users’ posts on Facebook itself.
It’s an “intelligence-based organization,” trying to sift through a flood of noise to identify and mitigate issues ahead of time, and it identifies millions of “threats” to the workforce every year, from natural disasters to threats of violence against employees, of varying levels of credibility.
Atop it all sits Nick Lovrien, a former CIA counterintelligence officer who serves as Facebook’s chief global security officer. Lovrien, who worked to tackle foreign-fighter pipelines in the Middle East, credits the early-2010s upheaval in the region as opening his eyes to Facebook’s capabilities.
“I was in Iraq … we were doing missions, three, four a night, trying to cut [the foreign-fighter pipeline] off and during this time … it was the start of the Arab Uprising, and I saw the power of social media,” he told Business Insider in an interview.
(Lovrien in turn reports to John Tenanes, Facebook’s vice president of culinary, facilities, and security, who reports to chief financial officer David Wehner.)
Facebook “is the critical infrastructure for modern-day democracy, and that’s why we’re so focused on the integrity of the platform, the safety and security of that platform. What that does is bring unique risks to Facebook as well,” Lovrien said.
In short, protecting Facebook is a monumental task, and not always one that’s been made easier by the company’s internal philosophy.
Though it has moved away from it in recent years, Facebook was historically famous for its motto of “move fast and break things.” The company emphasized speed and initiative; if something didn’t quite work out, it could always be fixed later. But while this attitude might work effectively for developing apps, it doesn’t fly in the rigid world of physical security, sources said.
When Facebook built its new headquarters, some of its entrance points had to be locked up after the team realized they posed a security risk, allowing people to bypass the checkpoints at the main reception desks, a source said. Security projects could become derailed because an engineer didn’t like some aspect of it. Across the company, different teams took very different approaches to handling investigations, hiring people with varying levels of experience and qualifications (Facebook says it is “intentional about hiring people from non-conventional backgrounds” in addition to hiring traditional security professionals).
“I know Facebook’s culture is ‘we’re all friends and there’s no friction.’ The reality is sometimes security requires a certain amount of friction,” one source said.
Lovrien conceded this was the case but said Facebook has since evolved. “That’s an accurate statement in Facebook six years ago, when I first started,” he said. “Over the last six years we’ve really focused on taking those programs offline and introducing new security systems.”
Since then, Lovrien said, “I’ve been able to hire the strongest leaders that are out there, and the level of expertise that we have is just not found in any other corporation, so very proud of the teams that are here.”
In recent months Facebook has been faced with some allegations of racism in its workplace, stemming from an open letter shared by a former employee, Mark Luckie. Two former security officers also said they saw discrimination.
“I’ll give you a rundown,” one former officer said. “Black guards being given the shit posts. Blacks guards being passed over for promotions. Incidents where white drivers were given leeway in an accident when blacks under similar situations were strictly penalized. Uneven discipline regarding hair color and visible tattoos.”
Facebook says it sets clear guidelines for contracting firms it works with and jointly investigates any such allegations. Allied Universal, which provides security officers for Facebook in the Bay Area, said it “is committed to diversity and fostering an inclusive work environment. Our goal is to represent the many and diverse communities that we take pride in serving because a diverse population of security officers creates safer environments and stronger communities. To this end, we have comprehensive standards of conduct and a zero-tolerance policy for discrimination, retaliation or harassment of any kind. At all organizational levels, we actively promote an inclusive culture to help expand opportunity for all in the communities that we help safeguard.”
Last August, Facebook’s security officers negotiated a union contract. But sources say some officers remain unhappy with the concessions it secured. And hiring new security officers can also be difficult because of ongoing low unemployment rate in the US — though that’s not unique to Facebook.
Facebook has its hands full keeping the masses out
Another key challenge for Facebook: managing guests, and keeping out people who aren’t supposed to be there.
The sheer scale of the number of people coming through Facebook’s doors is staggering. In June 2018, for example, the company had 140,000 invited guests globally, not including employees themselves — from job applicants to business-meeting attendees and friends of employees. (Nearly 54,000 of these visitors were at Menlo Park alone.) It had 1.5 million across the entire year.
But uninvited visitors also swarm to Facebook in astonishing numbers. The company has to turn away about 1,000 people from its offices every week (classified as “visitor turnaways, or VTAs): sightseers, people hoping to pitch the company on business proposals, and so on. And there’s a steady stream of angry users and protesters who come to cause a fuss.
Facebook’s security team sees dozens of “incidents” a day, which range from people angrily demanding to know why their accounts have been banned to internal issues like staff injuries requiring medical attention. If someone uninvited is hostile, they may be made a BOLO. Some are also classified as a person of interest, or POI.
Facebook would not say directly whether a journalist has ever been made a BOLO, or if the company has ever accessed the location data or other personal information of a journalist (whether a BOLO or not) as part of an investigation. “No person would be subject to the above-mentioned procedures without credible cause. A person — whether a journalist or not — would only be added to a list following an assessment that they constitute a credible threat to Facebook or its staff,” spokesperson Anthony Harrison said in an email.
“Our physical security team exists to keep Facebook staff safe. They use industry-standard measures to assess and address credible threats of violence against our staff and our company and refer these threats to law enforcement when necessary. We have strict processes designed to protect people’s privacy and adhere to applicable laws and regulations. Any suggestion our onsite physical security team has overstepped is absolutely false,” Harrison continued.
Business Insider previously obtained 911 call records from Facebook’s campus, which provided insight into the kind of extreme incidents that can occur: a mace attack on a security guard, a user who had been scammed after being told he’d “won the Facebook lottery,” an angry confrontation over a “non-injury accident,” and so on. But only a tiny fraction of incidents are severe enough to reach the point where 911 is called; the overwhelming majority are handled in-house. In April 2018, for example, there were more than 2,000 “incidents” at Facebook’s offices worldwide, 124 of which were medical incidents.
In one notable incident, in London in 2017, YouTubers were able to sneak into Facebook’s offices in the city and helped themselves to the free food and candy, subsequently making a video about their experiences. As a result, “when those individuals traveled to the US, we upstaffed and made sure every officer was aware of what they looked like in case they tried to access our buildings while they were here,” a source said.
At least one person has managed to sneak past security in an effort to pitch Zuckerberg on an idea and was discovered only after being noticed asking other employees for directions to the CEO’s desk. Another time, an outsider was turned away multiple times after lying about a meeting, only to be let in through a side door by an unwitting employee heading for lunch, a source said. The infiltrator picked up a Facebook-branded T-shirt to blend in, and was discovered only when they tried to survey Facebook employees.
Controversy swirling around Chinese tech giant Huawei means concerns about corporate- and state-sponsored espionage have been headline news in recent weeks. Facebook has never detected anyone infiltrating the company to steal intellectual property or for political reasons, Lovrien said, but it is an issue that the security team worries about, and it has put countermeasures in place to try to “mitigate those potential risks.”
And in December, Facebook temporarily evacuated its headquarters after a bomb threat came in targeting the office. No one was hurt and no device was found. Lovrien declined to provide more information about the incident.
There will also occasionally be unauthorized drone flyovers, as pilots try to get a glimpse of what’s taking place inside Facebook’s hallowed walls.
The majority of activity isn’t malicious. Tourists also flock by the busload to the campus of Facebook, and other Silicon Valley firms, to try to get a glimpse of the world-famous companies or just get a photo next to the iconic thumbs-up sign, adding to the deluge of visitors the security team has to keep track of. (Ninety-nine percent of visitor turnaway is primarily tourists, Lovrien said.)
The company employs technological solutions to help them with all this. It uses license-plate scanners to check the vehicles of visitors, and see if they’re on any blacklists or belong to BOLOs — something that has helped identify stalkers prowling the grounds. And the company has explored using facial-recognition cameras to monitor who’s coming and going but says the tech hasn’t been implemented.
There’s also a Red Team, a “penetration testing” unit in the organization that tries to break into the company’s facilities in creative ways to test its defenses and keep security on its toes. Execs will sometimes be enlisted to help with these tests, swapping entry badges and attempting to gain access as someone else. (Facebook’s security officers are provided with photos of the company’s leadership so they can learn their faces, in much the same way lists and images of BOLOs circulate in preparation ahead of events.)
For the worst-case scenarios Facebook also has its off-duty officers armed with firearms, though their very existence remains unknown to many employees.
Facebook’s security nerve center needs to keep tabs on 80,000 people
In November 2015, when terrorists attacked the Bataclan theatre and other sites across Paris, Facebook’s GSOC sprang into action.
The GSOC — the global security operations center — is the nerve center of the social network’s physical-security infrastructure, monitoring threats, managing issues, and analyzing reams of data. A large room with dozens of computer stations and screens on the wall, it keeps tabs on all its employees’ overseas travel, and as the attack unfolded the team quickly worked to assemble data on Facebook employees in the area, to see if they were in harm’s way and asking them to check in with notification software Everbridge.
No Facebook employees were ultimately harmed in the attack, but it highlighted the GSOC’s role as a key node in Facebook’s efforts to keep its employees safe and secure, especially in times of crisis.
Open 24/7, the GSOC also employs its monitoring capabilities closer to home — keeping tabs on everything from video feeds of Zuckerberg’s home to local shootings or incidents that could affect Facebook employees in the area. One of the most significant day-to-day challenges it handles, Lovrien said, are issues caused by the weather — pointing to the recent deadly tornadoes in Alabama and the need to protect employees and facilities from them as a recent extreme example.
GSOC also has three outposts elsewhere in the world to provide round-the-clock coverage: one in London, England to cover EMEA; an Asia-Pacific base in Singapore; and a third in São Paulo, Brazil, for Latin America. And it produces the “Daily Brief,” a regular intelligence document that collates recent security issues, emerging issues, employees in high-risk locations, and other data points for company leadership. (Some investigations and research are also conducted by GSII, or global security intelligence and investigations.)
It also handles some Facebook user-focused features. It helps run Safety Check, Facebook’s feature that lets users mark themselves as safe to their friends after terror attacks, natural disasters, and other crises, including the Paris attacks in 2015, as well as the Amber alerts that go out on Facebook to help locate missing children, and Facebook’s blood-donation tool. There were more than 690 Safety Check activations throughout 2018, with more than 37 million users marking themselves safe as a result.
Global security has extensive plans and best practices for security incidents. Executive kidnapped? Notify law enforcement, get proof of life, contact the kidnap-and-ransom-insurance company, and go from there. Active shooter? Gather critical information about the location and description of the shooter, call law enforcement, send out emergency notifications, lock down or evacuate the buildings as necessary, and so on.
Unexpected package sent to an exec’s house? Get information about who dropped it off, make an incident alert, and send the package to the GSII without opening it. Media turned up outside Zuckerberg’s residence? Figure out who they are, why they’re there, send a mobile unit to meet them, and notify police if requested by management or the executive protection team.
Protocols like these are by no means unique to Facebook; they provide a clear agreed-upon framework to follow in times of crises. But they’re indicative of the disparate challenges Facebook now faces in protecting its global workforce, from civil disturbances to safely handling the firing of “high-risk employees.”
Facebook has to similarly prepare whenever it constructs a new facility: When it built its new Frank Gehry-designed headquarters in Menlo Park, the security threats it was forced to consider involved everything from the risk of earthquakes to the possibility of a plane from San Francisco International Airport falling out of the sky onto the campus, causing carnage.
Thefts, fights, after-hours trysts, and the challenges of managing Facebook’s workforce
And in an organization as large as Facebook, whose tens of thousands of employees rival the population of a small city, maintaining order means both protecting the perimeter from outside dangers and staying on top of inside threats.
When numerous employees’ headphones were disappearing a couple of years ago, the company installed a covert mobile camera to monitor desks, a source said. The sting operation caught an employee stealing them to sell online. A Facebook spokesperson said items are sometimes misplaced during office moves, and then misreported as thefts.
But Silicon Valley’s tradition of openness can complicate things, such as the time when an old prototype of an Oculus virtual-reality headset was stolen from a conference room. Facebook — like many companies — doesn’t have surveillance cameras inside its offices, and the enormous open-plan design of the office meant that the pool of suspects would likely be hundreds of people, with no way to narrow it down. There was nothing security could do; the prototype was never recovered.
“The business has identified that we really need that open office environment that promotes our collaboration, and so that’s the risk we’re willing to accept inside an office is that open office environment,” Lovrien said about Facebook’s approach to openness. “So what we then look at is how we mitigate that risk,” from proactively sifting through intelligence to putting physical checkpoints in place and manning the perimeter of the offices.
Facebook also provides employees with access to free vending machines that provide spare charging cables, headphones, computer mice, and other items — which can be another source of thefts. (Lovrien said these thefts are rare.)
Employees sometimes try to use video-chat apps to give their friends virtual tours of the office, which is against the rules. And at least one employee was caught letting in tourists who wanted to take unauthorized tours of the facilities.
The fact that the office is open 24/7 also means there can be NSFW incidents. Employees are caught having sex in the offices about once every three months, on average. (HR may be alerted, but the couple aren’t typically fired.) On the other end of the spectrum, domestic disputes can have workplace consequences. At least one couple working at Facebook had a restraining order between them, forcing the two to work at different locations.
There’s one persistent problem that plagues security teams at companies around the world that is almost completely absent at Facebook: lunch thefts. That’s because Facebook provides an extensive selection of free lunches and snacks for all its workers.
Still, even cafeterias with free meals can have problems.
In August 2013, after Facebook’s beloved head chef died in a motorcycle crash, the company threw a blow-out party with free booze on a weekend to commemorate him. The memorial descended into chaos, with multiple fights breaking out among kitchen staff, which security staff believed were gang-related. The event culminated in one kitchen worker being beaten so badly on Facebook grounds they were hospitalised.
The assailant was subsequently blacklisted, but he continued to sneak onto campus to visit his mother who still worked there.
Do you work at Facebook? Contact this reporter via Signal or WhatsApp at +1 (650) 636-6268 using a non-work phone, email at [email protected], Telegram or WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only please.) You can also contact Business Insider securely via SecureDrop.