US lawmakers question Twitter’s security practices on the eve of whistleblower testimony

CNN Business

US lawmakers tweeted more than a dozen questions about their security practices on Monday, the eve of the testimony of a company whistleblower before Congress in which he is expected to outline damning allegations of security and privacy vulnerabilities at the embattled social media company.

In a letter to CEO Parag Agrawal, top members of the Senate Judiciary Committee questioned Twitter about the steps the company takes to protect personal data on its platform; how it protects against insider threats and foreign intelligence agents; and accusations that he intentionally misled regulators about Twitter’s privacy protections for users — claims that could lead to billions of dollars in fines for Twitter if proven.

The committee also invited Agrawal to testify along with the whistleblower, Peter “Mudge” Zatko, according to a copy of the letter obtained by CNN. But a committee aide told CNN late Monday that the official list of witnesses for Tuesday’s hearing remains unchanged and that Zatko remains the sole witness, an indication that Twitter has declined the invitation.


he declined to comment.

The letter requests responses from Twitter by September 26.

“If accurate, Mr. Zatko’s allegations demonstrate an unacceptable disregard for data security that threatens the national security and privacy of Twitter users,” Senators Dick Durbin and Chuck Grassley, the chief executive, wrote in the letter. Democrat and Republican on the panel.

Zatko, who was Twitter’s chief of security from November 2020 until his dismissal in January, filed a complaint of irregularities to multiple US government agencies and legislators in July. The revelation was first reported by CNN and The Washington Post in August. It alleges that Twitter lacks many basic internal security measures and grants about half of its employees, including all of its engineers, privileged access to the company’s active, live service, including actual user data. He claims that the company does not reliably delete the data of users who cancel their accounts, and that the company even now you can have foreign spies on your payroll despite advice from the US government to that effect.

Twitter has rejected Zatko’s accusations, accusing him of painting a “false narrative” of the company. He has said that while members of his product and engineering teams have the kind of access Zatko describes, only those with a specific business justification can access the Twitter Live product. He has also said that Twitter has internal processes to disable and begin deleting data from users who cancel their accounts, but the company has not said whether it normally completes that process. And the company has not publicly addressed Zatko’s accusations of possible foreign intelligence compromise.

The whistleblower disclosure, along with Tuesday’s congressional hearing, sets the stage for deeper investigations into Twitter’s business operations just as it is about to go on trial in an effort to force billionaire Elon Musk to go ahead with a $44 billion acquisition it agreed to earlier this year. musk has allegedamong other things, that Twitter’s failure to disclose the vulnerabilities described in the Zatko whistleblower report is a breach of the acquisition contract Musk and Twitter signed.

twitter has disputed that claim and has insisted that it is Musk who has breached the contract. The two parties will face each other in a trial in October.

Leave a Comment