US lawmakers question Twitter over security practices ahead of whistleblower testimony

CNN Business

US lawmakers sent Twitter more than a dozen questions about its security practices on Monday, on the eve of corporate whistleblower testimony before Congress in which he is expected to expose damning allegations of security and privacy vulnerabilities within the struggling social media company.

In a letter to CEO Parag Agrawal, senior members of the Senate Judiciary Committee asked Twitter about the company’s steps to secure personal data on its platform; how it protects against insider threats and foreign intelligence agents; and allegations that he intentionally misled regulators about Twitter’s privacy protections for users, allegations that could result in billions of dollars in fines for Twitter if proven.

The committee also invited Agrawal to testify alongside whistleblower, Peter “Mudge” Zatko, according to a copy of the letter obtained by CNN. But a committee aide told CNN Monday night that the official list of witnesses for Tuesday’s hearing remains unchanged and Zatko continues to be the only witness, an indication that Twitter declined the invitation.


declined to comment.

The letter requests responses from Twitter by September 26.

“If accurate, Mr. Zatko’s allegations demonstrate an unacceptable disregard for data security that threatens the national security and privacy of Twitter users,” the senses wrote. Dick Durbin and Chuck Grassley, the top Democrat and Republican on the panel, in the letter.

Zatko, who was Twitter’s chief security officer from November 2020 until his firing in January, filed a whistleblower disclosure to several US government agencies and lawmakers in July. The disclosure was first reported by CNN and the Washington Post in August. He alleges that Twitter lacks many basic internal security measures and grants about half of its employees, including all of its engineers, privileged access to the company’s active, live service, including real user data. . He claims that the company does not reliably delete the data of users who cancel their accounts and that the company may even now have foreign spies on its payroll despite advice from the US government to that effect.

Twitter pushed back against Zatko’s allegations, accusing him of painting a “false narrative” of the company. He said that while members of his product and engineering teams have the type of access described by Zatko, only those with a specific business rationale are allowed access to the Twitter Live product. He also said Twitter has internal processes to deactivate and begin deleting data from users who cancel their accounts, but the company did not say whether it generally completes this process. And the company has not publicly responded to Zatko’s allegations of possible foreign intelligence compromise.

The whistleblower’s disclosure, along with Tuesday’s congressional hearing, sets the stage for further investigations into Twitter’s business operations, just as he is set to stand trial in an attempt to force billionaire Elon Musk to follow through on a $44 billion acquisition he agreed to earlier this year. The musk has allegedamong other things, that Twitter’s failure to disclose the vulnerabilities described in Zatko’s whistleblower report is a violation of the acquisition agreement signed by Musk and Twitter.

Twitter has challenged this claim and insisted that it was Musk who broke the contract. The two sides are due to face each other in a trial in October.

Leave a Comment