USAWorld News

Key takeaways from the whistleblower audience on Twitter


Twitter’s former security chief told US lawmakers on Tuesday that the influential social media platform’s alleged cybersecurity lapses “make it vulnerable to exploitation, causing real harm to real people.”

“When an influential media platform can be compromised by teenagers, thieves and spies and the company itself repeatedly creates security issues, it’s a big problem for all of us,” said- he declared.

Peiter “Mudge” Zatko, who filed a whistleblower complaint against Twitter in July, appeared before the Senate Judiciary Committee for more than two hours. The hearing highlighted how lawmakers are responding to concerns about how Twitter protects the data of its 238 million daily users.

Zatko reportedly uncovered various privacy and security issues on Twitter before the company fired him in January. He filed an 84-page whistleblower complaint with the U.S. Securities and Exchange Commission, Department of Justice and Federal Trade Commission. In the complaint, he alleges his former employer prioritized user growth over privacy and security.

Zatko accuses Twitter executives of hiding bad news instead of trying to fix the problems. Twitter appeared to have a high rate of security incidents, some employees had disabled security and software updates on their devices, and staff had too much access to user data, Zatko claims in the complaint. A Twitter spokesperson pushed back against the accusations, saying the hearing shows Zatko’s allegations “are riddled with inconsistencies and inaccuracies.”

US lawmakers, however, are trying to get to the bottom of the allegations as they seek ways to hold tech companies accountable.

Senator Dick Durbin, an Illinois Democrat who chairs the Senate Judiciary Committee, kicked off the hearing by outlining his concerns about the wealth of data Twitter collects about its users.

“When this data is not secure, we become vulnerable to bad actors, scammers, stalkers and even foreign agents,” Durbin said.

Here are four key takeaways from Tuesday’s hearing:

Social media companies are ‘grading their own homework’

Zatko alleges Twitter violated an 11-year settlement with the FTC by falsely claiming it had a comprehensive security program. The company had never complied with the FTC order and was not on track to do so, the complaint said.

According to Zatko, much of the information that regulators and Congress rely on comes from the companies themselves. The FTC, he says, is a little “over their heads.”

“They let companies grade their own homework, and I think that’s one of the big challenges,” he said.

Some US lawmakers have offered possible solutions such as creating a new government agency, passing privacy legislation, or improving the regulatory system so it has more teeth.

In his testimony, Zatko said Twitter has a culture where employees react to crises rather than proactively working to prevent them.

“They can only focus on one crisis at a time, and that crisis isn’t over. It’s just being replaced by another crisis,” he said. “I think they would like to wave a magic wand and get all these things fixed, but they don’t want to bite the bullet.”

Zatko said “setting quantitative goals and standards that can be independently measured and audited” will help drive change in these companies. If the FTC and regulators had laws or rules that would create whistleblower protection programs for people while they were still in those organizations, that would also help, he said.

Lawmakers worry about foreign agents

Senator Chuck Grassley, a Republican from Iowa and a prominent member of the committee, alleged in his opening remarks that India was able to place two agents on Twitter’s staff and that the FBI informed Twitter of at least one. Chinese agent within the company.

“In the hands of a foreign agent embedded in Twitter, a foreign adversary could use the same technology to hunt down pro-democracy dissidents in their country but also to spy on Americans,” Grassley said.

Zatko said that about a week before he was fired, he learned from the security team that Twitter had a Chinese agent working for the country’s Ministry of State Security on its payroll.

He also added that he had a conversation with a Twitter executive about his concerns about the presence of a foreign agent within the company. Zatko said the exec told him “Well, since we already have one, what does it matter if we have more?”

China and India aren’t the only foreign influences lawmakers worry about. In August, a former Twitter employee was convicted of spying for the Saudi government.

A Twitter spokesperson said the company’s hiring process is independent of outside influence and the company manages data access through various measures.

Twitter CEO rejected lawmakers’ invitation to testify

Grassley said lawmakers had invited Twitter CEO Parag Agrawal to appear before lawmakers, but he declined to do so for fear of jeopardizing the company’s legal battle with billionaire Elon Musk.

“If these allegations are true, I don’t see how Mr. Agrawal can maintain his position on Twitter in the future,” Grassley said.

Musk, who is trying to walk away from buying the company for $44 billion, is using the whistleblower complaint as part of his case. Meanwhile, Twitter shareholders appeared to vote in favor of the deal on Tuesday.

Zatko’s whistleblower complaint also alleges that Twitter lied to Musk about the number of bots on its platform. Lawmakers, however, did not ask about this claim.

Senator Lindsey Graham, a Republican from South Carolina, asked Zatko if he “would buy Twitter given what you know.”

“Well, I guess it depends on the price,” Zatko said.

Lawmakers interrogate whistleblower on adult entertainment

At several points during the hearing, Republican lawmakers also asked Zatko about the company’s plans to create an Only Fans competitor. Twitter reportedly scrapped the idea because employees concluded the platform was not effectively monitoring child sexual exploitation and non-consensual nudity.

“Why didn’t they go into porn?” Senator John Neely Kennedy, a Republican from Louisiana, asked.

“I don’t know,” Zatko replied, but noted that he had heard there were concerns about age-related content.

Senator Marsha Blackburn, a Republican from Tennessee, also touched on the same topic later in the hearing. Twitter “had to scrap plans because an internal team discovered they already had too much non-consensual child porn on their site,” she said.

“Are you aware of that?” she asked Zatko.

“No, ma’am. Unfortunately, that doesn’t surprise me,” he replied.

CNET

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.
Back to top button