Kevin Dietsch/Getty Images
Twitter executives have put profit before security, opening the platform to infiltration by foreign agents and hackers, the company’s former security chief told Congress on Tuesday.
“Twitter’s leadership is misleading the public, lawmakers, regulators, and even its own board of directors,” Peiter “Mudge” Zatko told the Senate Judiciary Committee. “The company’s cybersecurity failures leave it vulnerable to exploitation, causing real harm to real people.”
in a federal whistleblower complaint released last month, Zatko accused the company of lax security practices, neglecting user privacy, misleading regulators in violation of a 2011 agreement with the Federal Trade Commission and knowingly employ agents of foreign governments who had access to internal systems and data.
The complaint raised alarm bells in Washington, given the platform’s role as a place where government leaders, dissidents and corporations turn to get their message across.
Zatko’s revelations also threw a new twist on Twitter legal battle with Tesla CEO Elon Musk trying to pull out of a $44 billion deal to buy the company. The billionaire seized on Zatko’s claims as further justification for waiving the purchase without penalty.
Sen. Charles Grassley, R-Iowa, revealed during Tuesday’s hearing that the FBI tipped Twitter that a Chinese agent was on his payroll, an undisclosed detail from Zatko’s complaint.
Zatko said Twitter struggled to identify potential infiltrations by foreign agents and was generally only able to do so when notified by outside agencies. The company was “unwilling to put in the effort” to hunt down bad actors, he said.
In his testimony, Zatko painted a portrait of a company plagued by widespread security issues and unable to understand the scope and implications of the data it collects.
“Twitter was a company that was risk and crisis driven, instead of a risk and crisis driven company. It would react to issues too late,” Zatko said.
Twitter executives were unwilling or unable to deal with the scale of the problem and ignored warnings from him and other employees, Zatko said, accusing them of prioritizing business over security.
He quoted writer Upton Sinclair, saying, “It’s hard to get someone to understand something when their paycheck depends on them not understanding something.”
The committee convened the hearing shortly after Zatko filed his whistleblower complaint.
“Twitter is an extremely powerful platform that cannot afford gaping security holes,” Sen. Dick Durbin (D-IL), the committee’s chairman, said Tuesday. He compared Twitter to a bank, saying users reasonably expect the company to protect the information they use when opening accounts.
Grassley, a ranking member of the committee, criticized Twitter CEO Parag Agrawal for refusing an invitation to testify alongside Zatko. He said the CEO declined due to the legal battle between Twitter and Musk.
“The business of this committee and protecting Americans from foreign influence is more important than Twitter’s civil litigation in Delaware,” Grassley said. “If these allegations are true, I don’t see how Mr. Agrawal can maintain his position on Twitter.”
Twitter did not respond to a request for comment on Zatko’s testimony on Tuesday. The company previously said that Zatko was fired for poor performance and that his complaint was “tricked with inaccuracies” and “opportunistically seeks to inflict damage.”