Twitter has major security problems that pose a threat to its users’ personal information, the company’s shareholders, national security and democracy, according to an explosive whistleblower disclosure.
US lawmakers tweeted more than a dozen questions about its security practices on Monday, ahead of a company whistleblower’s testimony before Congress in which he is expected to outline damning allegations of security and privacy vulnerabilities. at the embattled social media company.
In a letter to CEO Parag Agrawal, key members of the Senate Judiciary Committee asked Twitter about the steps the company takes to secure personal data on its platform; how it protects against domestic threats and foreign intelligence operatives; and allegations that it intentionally misled regulators about Twitter’s privacy protections for users, allegations that could lead to billions of dollars in fines for Twitter if proven.
The committee also invited Agrawal to testify along with the whistleblower, Peiter “Mudge” Zatko, according to a copy of the letter obtained by CNN. But a committee aide told CNN Monday night that the official witness list for Tuesday’s hearing remains unchanged and that Zatko remains the only witness, an indication that Twitter has declined the invitation.
Twitter declined to comment.
The letter seeks a response from Twitter by September 26.
“If they are correct, Mr. Zatko demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter users,” writes Sens. Dick Durbin and Chuck Grassley, the panel’s top Democrat and Republican, on paper.
Zatko, who was Twitter’s head of security from November 2020 until he was fired in January, filed a whistleblower disclosure with multiple government agencies and US lawmakers in July. The discovery was first reported by CNN and The Washington Post in August. He claims that Twitter lacks many basic internal security measures and gives roughly half of its employees, including all of its engineers, privileged access to the company’s live, active service, including actual data. of the user. It alleges that the company does not reliably delete the data of users who cancel their accounts, and that the company may even now have foreign spies on its payroll, despite a US government advisory to that effect.
Twitter has denied Zatko’s allegations, accusing him of painting a “false narrative” of the company. It has said that while members of its product and engineering teams have the kind of access Zatko describes, only those with a specific business justification are allowed to access Twitter’s live product. She also said Twitter has internal processes to deactivate and begin deleting the data of users who cancel their accounts, but the company has not said whether it typically completes that process. And the company has not publicly addressed Zatko’s allegations of possible foreign intelligence compromise.
The disclosure of the whistleblower, along with Tuesday’s congressional hearing, sets the stage for deeper investigations into Twitter’s business operations, just as it is poised to go on trial in an attempt to compel billionaire Elon Musk to go ahead with a $44 billion buyout he previously agreed to. year. Musk has alleged, among other things, that Twitter’s failure to disclose the vulnerabilities described in Zatko’s whistleblower report is a breach of the purchase contract signed by Musk and Twitter.
Twitter has disputed this claim and insisted that it was Musk who breached the contract. The two sides will face off in court in October.
The-CNN-Wire
™ & © 2022 Cable News Network, Inc., a Discovery Warner Bros. company. All rights reserved.
