The Democratic and Republican leaders of the US Senate Judiciary Committee blasted Twitter for alleged safety failures in a letter final evening on the eve of at this time’s listening to that includes testimony from whistleblower Peiter “Mudge” Zatko.
“We write relating to current allegations that Twitter has turned a blind eye to overseas intelligence infiltration, doesn’t adequately shield consumer information, and has offered deceptive or inaccurate details about its safety practices to authorities companies,” Judiciary Committee Chair Richard Durbin (D-Ailing.) and rating member Charles Grassley (R-Iowa) wrote to Twitter CEO Parag Agrawal.
Zatko, who was Twitter’s head of safety from November 2020 till being fired in January 2022, alleged in his criticism that he “uncovered excessive, egregious deficiencies by Twitter in each space of his mandate together with… consumer privateness, digital and bodily safety, and platform integrity/content material moderation.” Zatko additionally claimed Twitter is responsible of “mendacity about bots to Elon Musk,” although his criticism would not appear to disprove Twitter’s public disclosure that lower than 5 p.c of its monetizable each day energetic customers (mDAU) are spam or faux.
Durbin and Grassley’s letter centered on Twitter’s alleged safety failures, together with “information safety practices [that] could allow overseas governments and intelligence companies to entry delicate information figuring out Twitter customers.” The overseas intelligence company difficulty “is just not a theoretical concern,” the senators wrote. “Final month, a federal jury convicted a former Twitter worker of performing as an unregistered overseas agent for the Kingdom of Saudi Arabia. Whereas employed by Twitter, the defendant accepted funds in change for accessing and conveying the personal info of Twitter customers to the Saudi Royal household and different Saudi officers.”
Zatko alleges “ticking bomb” of safety flaws
The Judiciary Committee invited Twitter to have somebody seem at at this time’s listening to, however the firm apparently declined. Zatko’s opening assertion on the listening to stated, “Upon becoming a member of Twitter, I found that the corporate had 10 years of overdue essential safety points, and it was not making significant progress on them. This was a ticking bomb of safety vulnerabilities. Staying true to my moral disclosure philosophy, I repeatedly disclosed these safety failures to the very best ranges of the corporate. It was solely after my experiences went unheeded that I submitted my disclosures to authorities companies and regulators.”
Durbin and Grassley’s letter requested Agrawal to reply an inventory of questions by September 26. “How, if in any respect, does Twitter safe its reside manufacturing methods and/or consumer information from potential entry by overseas authorities operatives?” they requested. “To what diploma are Twitter’s safety groups able to figuring out whether or not overseas authorities operatives or different nefarious actors have tried to entry delicate methods or consumer information?”
They additional requested how Twitter “guarantee[s] that staff positioned in overseas international locations are protected against affect by overseas governments” and that “staff aren’t actively engaged on behalf of overseas governments.” Zatko’s criticism additionally “raises questions on Twitter’s capability to adequately handle misinformation and disinformation, significantly in non-English talking international locations,” they wrote.
At at this time’s listening to, Zatko testified that he was “informed that there was at the least one agent of the MSS, which is certainly one of China’s intelligence companies, on the payroll inside Twitter,” Vice reported.
Senators probe worker entry to information
Durbin and Grassley’s letter described claims that Twitter would not have ample management over how staff entry delicate information. Zatko’s “disclosure means that greater than half of the corporate’s full-time staff have privileged entry to Twitter’s manufacturing methods, enabling a number of thousand staff to entry delicate consumer information—whereas, on the similar time, Twitter reportedly lacks ample capability to reliably know who has accessed particular methods and information and what they did with it,” they wrote.
The senators requested Agrawal what number of engineers and different Twitter staff have “entry to reside manufacturing methods and/or consumer information” and requested a number of different questions on worker entry and safety. “To what diploma do engineers at Twitter use reside manufacturing information and take a look at new software program instantly on the corporate’s industrial service, versus segregated take a look at methods?… If new software program is just not examined in a segregated take a look at system, utilizing take a look at information, please clarify why Twitter doesn’t comply with this observe, which lots of its peer corporations do,” they wrote.
Senators requested Agrawal to answer claims that when the Federal Commerce Fee “requested Twitter whether or not it totally deleted the information of customers who left the service, Twitter intentionally misled the FTC by stating these accounts have been ‘deactivated,’ even when the information was not totally deleted.”
Additionally they requested Agrawal to substantiate or refute allegations that “over 50 p.c of Twitter’s 500,000 information heart servers [use] noncompliant kernels or working methods,” that many of those servers are “unable to help encryption at relaxation,” that over 30 p.c of worker gadgets have software program and safety updates disabled, and that Twitter has “no cell gadget administration” for worker telephones.
We contacted Twitter concerning the letter and can replace this text if we get a response.