Twitter’s former security chief told Congress on Tuesday that Twitter had “at least one agent” from China’s intelligence service on its payroll and that the company intentionally allowed India to add agents to the company roster, potentially in those countries. granted access to sensitive data about users.
These were some of the disturbing revelations from Peter “Muj” Zatko, a respected cybersecurity expert and Twitter whistleblower, who appeared before the Senate Judiciary Committee to level his allegations against the company.
Jatco told the MPs that the social media platform suffers from weak cyber security which makes it vulnerable to exploitation. teenthieves and spies” and endanger the privacy of its users.
“I am here today because the Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Jatko said as he began his sworn testimony.
“They don’t know what data they have, where it lives and where it came from and so, unsurprisingly, they can’t protect it,” Zatko said. “It doesn’t matter who has the keys if there are no locks.”
“Twitter leadership neglects its engineers,” he said, partly because “their executive incentives led them to prioritize profit over safety.”
In a statement, Twitter said its recruitment process is “independent of any foreign influence” and that access to data is managed through a range of measures, including background checks, access control and monitoring and identification systems and procedures. Huh.
One issue that didn’t come up for hearing was whether Twitter was correctly counting its active users, an important metric for its advertisers. Tesla CEO Elon Musk, who is trying to exit the $44 billion deal To buy Twitter, it has argued without evidence that Twitter’s approximately 238 million daily users have fake or malicious accounts, aka “spam bots”.
Still, “that doesn’t mean Musk won’t use Zatko’s allegation that Twitter showed no interest in removing the bots to try to bolster his argument for walking away from the deal,” said an insider intelligence analyst. Jasmine Annberg said.
The Delaware judge overseeing the case ruled last week that Musk can add new evidence related to Zatko’s allegations to the high-stakes trial, which is set to begin October 17. During the hearing, Musk tweeted a popcorn emoji, often suggesting one is sitting in the back in anticipation of the open play.
Separately on Tuesday, Twitter shareholders voted overwhelmingly to approve the deal, according to multiple media reports. Shareholders have been voting on the issue remotely for weeks. The vote was largely a formality, especially given Musk’s efforts to scuttle the deal, although it did clear a legal hurdle to close the sale.
Jatko’s message was brought against another social media giant in the Congress last year. But unlike Facebook whistleblowers, Francis Haugen, Zatco has not brought a consignment of internal documents to support its claims.
Zatko was the security chief for the influential platform until he was fired earlier this year. He filed a whistleblower complaint in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. One of his most serious allegations is that Twitter violated the terms of a 2011 FTC agreement by falsely claiming that it took strong measures to protect the safety and privacy of its users.
Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko has detailed flaws “that could pose a direct threat to the millions of Twitter users as well as American democracy.”
“Twitter is an extremely powerful platform and it cannot tolerate shortcomings,” he said.
Unknown to Twitter users, far more personal information has been disclosed than they — or sometimes even Twitter itself — realize, Zatko testified. He said Twitter did not address the “basic systemic failures” brought forth by the company’s engineers.
Zatko said the FTC has been “a little over its head”, and far behind its European counterparts, over the privacy breaches like the one that happened on Twitter.
Zatko’s allegation that Twitter was more concerned about foreign regulators than the FTC, Enberg said, “could be a wakeup call for US lawmakers,” who have been unable to pass meaningful regulation on social media companies.
Lindsey Graham, a Republican from South Carolina, said a positive outcome that could result from Jatco’s findings would be bipartisan legislation to establish a stricter system of regulation of tech platforms.
“We need to improve our game in this country,” he said.
Many of Zatko’s claims are unconfirmed and seem to have little documentary support. Twitter called Zatko’s description of the events “a false narrative … full of inconsistencies and inaccuracies” and a lack of critical context.
Still, Zatko came across as a trusted whistleblower who “has a lot of credibility in this space,” said Ari Lightman, professor of digital media and marketing at Carnegie Mellon University. But he added that many of the problems he raised can be found on many other digital technology platforms.
“They eschew security protocols in the sense of innovating and running really fast,” Lightman said. “We gave so much autonomy in the beginning to grow and develop the digital platform. Now we’re at the point where we’re like, ‘Wait a minute… it’s gotten out of hand.’
Among Zatko’s claims that caught the attention of lawmakers was Twitter’s apparent negligence in dealing with governments that sought to employ spies inside the company. Zatko said Twitter’s inability to log how employees accessed user accounts made it difficult for the company to track when employees were abusing their access.
Jatko said he spoke with “high confidence” about a foreign agent that the Indian government put on Twitter to “understand the conversations” between India’s ruling party and Twitter about new social media restrictions and How well those talks were going.
Zatko also revealed on Tuesday that about a week before his firing he was told that “at least one agent” from the Chinese intelligence service MSS, or the Ministry of State Security, was “on the payroll” on Twitter.
He said he was similarly “surprised and shocked” by an exchange with current Twitter CEO Parag Agarwal about Russia – in which Twitter’s current CEO, then chief technology officer, asked whether content moderation should be allowed. It would be possible to “punt” and monitor the Russian government, because Twitter doesn’t really have the “capacity and tools to do things right.”
“And since they have elections, doesn’t that make them a democracy?” The Jatko remembered Aggarwal and said.
Republican Sen. Charles Grassley, ranking the committee, said Tuesday that Agarwal refused to testify at the hearing, citing ongoing legal proceedings with Musk. But the hearing is “more important than Twitter’s civil litigation in Delaware,” Grassley said. Twitter declined to comment on Grassley’s remarks.
In its complaint, Jatco accused Agarwal as well as other senior executives and board members of multiple violations, including “making false and misleading statements to users and the FTC regarding the security, privacy and integrity of the Twitter Platform. “
Zatko, 51, first rose to prominence in the 1990s as a pioneer in the ethical hacking movement and later held senior positions at an elite Defense Department research unit and at Google. He joined Twitter in late 2020 at the request of then-CEO Jack Dorsey.