Whistleblower: China and India had agents working for Twitter | News, Sports, Jobs
WASHINGTON — Twitter’s former security chief told Congress on Tuesday that there was “at least one agent” intelligence service on Twitter’s payroll and that the company knowingly allowed India to add agents to the company’s list as well, potentially giving those countries access to sensitive user data.
These are some of Peiter’s disturbing revelations “Mugs” Zatko, a respected cybersecurity expert and Twitter whistleblower who appeared before the Senate Judiciary Committee to lay out his allegations against the company.
Zatko told lawmakers that the social media platform is plagued by weak cyber defenses that make it vulnerable to exploitation by “teenagers, thieves and spies” and endanger the privacy of its users.
“I’m here today because Twitter’s management is misleading the public, lawmakers, regulators, and even its own board of directors,” Zatko said as he began his sworn testimony.
“They don’t know what data they have, where it is and where it comes from and so, unsurprisingly, they can’t protect it,” Zatko said. “It doesn’t matter who has the keys if there are no locks.”
“Twitter management ignored its engineers” he says, partly because “Their management incentives have caused them to prioritize profit over safety.”
In a statement, Twitter said its hiring process was “independent of any foreign influence” and data access is managed through a multitude of measures, including background checks, access controls, and monitoring and detection systems and processes.
One issue that was not raised during the hearing was whether Twitter accurately counts its active users, an important metric for its advertisers. Tesla CEO Elon Musk, who is trying to get out of a $44 billion deal to buy Twitter, has argued without evidence that many of Twitter’s estimated 238 million daily users are fake or malicious accounts, a.k.a spam bots.
The Delaware judge overseeing the case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial, which is set to begin Oct. 17. During the hearing, Musk tweeted a popcorn emoji, often used to suggest sitting down in anticipation of the drama unfolding.
Separately on Tuesday, Twitter shareholders voted overwhelmingly to approve the deal, according to multiple news outlets. Shareholders have been voting remotely on the issue for weeks. The vote was largely a formality, especially given Musk’s efforts to nullify the deal, although it removes a legal hurdle to complete the sale.
Zatko’s message echoes one presented to Congress against another social media giant last year. But unlike that Facebook whistleblower, Frances Haugen, Zatko didn’t bring a treasure trove of internal documents to back up his claims.
Zatko was the influential platform’s chief security officer until he was fired earlier this year. He filed a whistleblower complaint in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among its most serious charges, Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had stricter measures in place to protect the security and privacy of its users.
Senator Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko had detailed flaws “This could pose a direct threat to the hundreds of millions of Twitter users as well as to American democracy.”
“Twitter is an extremely powerful platform and cannot afford gaping vulnerabilities,” he said.
Unbeknownst to Twitter users, a lot more of their personal information is being leaked than they — or sometimes even Twitter itself — realize, Zatko said. He said Twitter didn’t address “basic system failures” proposed by the company’s engineers.
The FTC has been “a bit over his head”and far behind its European counterparts in monitoring the type of privacy breaches that have occurred on Twitter, Zatko said.
Sen. Lindsey Graham, a Republican from South Carolina, said a positive outcome that could come from Zatko’s findings would be bipartisan legislation to put in place a tougher regulatory system for tech platforms.
“We have to improve our game in this country” he said.
Many of Zatko’s claims are unsubstantiated and appear to have little documentary evidence. Twitter called Zatko’s description of the events “a false narrative… riddled with inconsistencies and inaccuracies” and without significant context.
Yet Zatko presented himself as a compelling whistleblower who has “a lot of credibility in this space,” said Ari Lightman, professor of digital media and marketing at Carnegie Mellon University. But he said many of the issues he raised can likely be found across many other digital technology platforms.
“They eschew security protocols in the sense of innovating and operating very quickly,” said Lightman. “We gave digital platforms so much autonomy in the beginning to grow and develop. Now, we’re at a point where we’re, ‘Wait a minute… It’s gotten out of hand.’
Among Zatko’s claims that caught lawmakers’ attention on Tuesday was that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll, where they had access to highly sensitive data. sensitive to users. Twitter’s lack of ability to log how employees accessed user accounts made it difficult for the company to detect when employees were abusing their access, Zatko said.
Zatko said he spoke with “great confidence” about a foreign agent that the Indian government put on Twitter to “understanding negotiations” between the ruling party in India and Twitter about the new social media restrictions and the smooth running of these negotiations.
Zatko also revealed on Tuesday that he was told about a week before he was fired that “at least one agent” of the Chinese intelligence service MSS, or the Ministry of State Security, was “on sale” on Twitter.
He said he was the same “surprised and shocked” through an exchange with current Twitter CEO Parag Agrawal about Russia – in which the current Twitter CEO, who was CTO at the time, asked if it would be possible to “punt” moderation and monitoring of content to the Russian government, since Twitter is not really “having the ability and the tools to do things right.”