A former safety chief at Twitter, who launched a whistleblower report concerning the firm, informed lawmakers on Tuesday that the platform has severe safety and privateness failures that management has refused to repair.
Peiter “Mudge” Zatko, a cybersecurity professional who served as a Twitter govt from November 2020 till he was fired in January 2022, testified before the Senate Judiciary Committee concerning the whistleblower criticism he filed with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission
“[I] am here today because I believe that Twitter’s unsafe handling of the data of its users and its inability or unwillingness to truthfully represent issues to its board of directors and regulators have created real risk to tens of millions of Americans, the American democratic process and America’s national security,” Zatko stated in his opening assertion.
“Further, I believe that Twitter’s willingness to purposely mislead regulatory agencies violates Twitter’s legal obligations and cannot be ethically condoned.”
The cybersecurity professional stated that he discovered that Twitter can not shield its knowledge as a result of the corporate doesn’t know “what data it has, where it lives and where it came from.” Employees – notably engineers, who make up half the full-time workforce – have an excessive amount of entry to knowledge. This means any worker can entry a great deal of delicate details about a Twitter person, together with their geolocation and knowledge wanted to straight entry their gadget.
“It doesn’t matter who has the keys if you don’t have any locks on the doors,” he stated.
Twitter founder Jack Dorsey recruited Zatko to the corporate after the platform was infamously hacked by teenagers who took over a number of high-profile accounts as a part of an effort to rip-off Twitter customers out of Bitcoin. After becoming a member of, Zatko stated he found that Twitter had a decade of overdue safety points and because of this disclosed the failures repeatedly “to the highest levels of” the corporate. When his warnings had been ignored, he then submitted the disclosures to authorities businesses and regulators.
“Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko stated, including that leaders ignored the corporate’s engineers as a result of “their executive incentives led them to prioritize profits over security.”
The cybersecurity professional’s testimony was much like that of Facebook whistleblower Frances Haugen, who spoke to lawmakers final yr about considerations concerning the platform selecting revenue over security. While Haugen backed up her claims with inner paperwork, Zatko has not but supplied documentary assist.
Twitter has referred to as the previous govt’s allegations “a false narrative” that’s “riddled with inconsistencies and inaccuracies and lacks important context.” Sen. Chuck Grassley (R-Iowa), the committee’s rating member, stated Tuesday that Twitter CEO Parag Agrawal declined to testify on the listening to, citing ongoing authorized proceedings with Tesla billionaire Elon Musk.
Twitter sued Musk after he tried to again out of his $44 billion deal to accumulate the platform – claiming the corporate has underreported pretend accounts, one thing Zatko has additionally accused Twitter of. Grassley stated the Senate listening to is “more important than Twitter’s civil litigation in Delaware.”