Whistleblower and former Twitter CEO Peiter Zatko criticized Twitter’s security policy during a public hearing before a US Senate committee. The platform is said to mislead ‘the public, legislators, regulators and government’.
Zatko during an earlier session in the US Congress
Zatko spent a short time as chief of security at Twitter, where he said he saw a variety of security issues that were not addressed by the company, such as according to his statement. “I found that Twitter was managed by risks and crises, rather than managing the risks and crises.” In doing so, many cybersecurity risks would not be taken seriously by senior employees, if this information reached the board at all. “There was a corporate culture where only good news was passed on to management.”
Most of the security risks that Zatko refers to have already been disclosed by him to the SEC. For example, roughly half of all Twitter employees would have access to all kinds of user data, including phone numbers, email addresses, IP addresses and user locations. “It’s not a stretch to say that an employee within the company could take over the account of all the senators in this room. (…) It doesn’t matter who has the key if there’s no lock on the door; everyone inside Twitter could sift through user information for its own use,” he told the US Senate.
In addition, Zatko claims that Twitter employed several foreign agents without doing anything about it. At least one spy from the Chinese Ministry of State Security is said to be working at the company. An Indian government employee is also said to have infiltrated the company.
Zatko criticizes not only Twitter, but also government agencies that should control the social medium. For example, the US Federal Trade Commission is said to have failed to adequately investigate whether Twitter is indeed complying with a previous settlement regarding the use of email addresses. “To be honest I don’t think the FTC has a chance against… [Twitter] given the size of tech giants. (…) It is now as if these companies are allowed to mark their own test.”
Twitter reacted after the hearing opposite NPR obviously disapproving of Zatko’s claims, which in many cases would be unsubstantiated. “Today’s hearing only confirms that Zatko’s allegations are fraught with inconsistencies and inaccuracies.”
The CEO of the company in question, Parag Agrawal, was not present at the hearing despite an invitation, which is very bad, according to Senator Chuck Grassley. “This committee’s case on protecting the American people from foreign influences is more important than Twitter’s civil lawsuit in Delaware.” Grassley is referring to the lawsuit between Twitter and Elon Musk about the canceled takeover due to the alleged large amount of spam and bot accounts on the platform. Incidentally, Zatko must also testify in that case.