Technology

Lawmakers investigate Twitter security chief’s whistleblower allegations

Top Democrats and Republicans say the allegations raise national security and privacy concerns and underscore the need for federal privacy protections

(Chloe Meister/Washington Post illustration; Matt McClain/The Washington Post; Joe Raedle/Getty; Jim Watson/AFP/Getty; iStock)

Comment

Top Democrats and Republicans in Congress are investigating a former Twitter security chief’s explosive new whistleblower complaint, instigating new political scrutiny of the social network’s data security practices and defenses against foreign influence.

Leaders of three influential congressional committees say they are reviewing disclosures, in which famed hacker Peiter Zatko alleges the company has “extreme, egregious deficiencies” in its cybersecurity defenses, as well as weak efforts to fight spam. The allegations are prompting a new round of Washington head winds for the company adding to the controversies it has faced on Capitol Hill over its influential role in democracy and elections, especially since the company’s decision to permanently ban former president Donald Trump. Meanwhile, the company is embroiled in litigation with Elon Musk over its future.

Lawmakers from both parties appeared united in response to the allegations, saying they raise national security and privacy concerns that need closer examination.

Reps. Frank Pallone Jr., (D-N.J.) and Cathy McMorris Rodgers, the chair and top Republican on the House Energy and Commerce Committee, said if the whistleblower’s allegations are true, they “reaffirm” the need for Congress to pass consumer privacy legislation to safeguard Americans’ data. The committee is “assessing next steps,” they said in a joint statement.

Former security chief claims Twitter buried ‘egregious deficiencies’

The offices of the top lawmakers on the Senate Judiciary Committee, Sen. Richard J. Durbin (D-Ill.) and Sen. Charles E. Grassley (R-Ia.) said they have had early discussions with the whistleblower.

“If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” Durbin said in a statement.

The Senate Intelligence Committee also received the complaint and is working to set up a meeting with Zatko, spokeswoman Rachel Cohen said.

Twitter has pushed back on Zatko’s allegations. Spokeswoman Anna Hughes said in a statement the complaint appeared to be “inconsistencies and inaccuracies and lacks important context,” and that the company security and privacy are “company-wide priorities” at the company.

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” she said.

New whistleblower allegations could factor into Twitter vs. Musk trial

The documents that Zatko provided could inject new urgency into efforts to create new federal privacy safeguards and other accountability measures, despite years of attempts and failures in Congress to regulate the tech industry. It’s also the second time in less than a year that a former employee at a major tech company publicly provided disclosures to members of Congress Congress, signaling tech whistleblowers could play a larger role in efforts to craft new tech policies.

The political fallout could be exacerbated by Twitter’s long-running tensions with lawmakers over content moderation, especially Republicans who claim that the company has unfairly suppressed their political speech.

“Twitter has a long track record of making really bad decisions on everything from censorship to security practices,” said Sen. Marco Rubio, the top Republican on the Intelligence Committee. “That’s a huge concern given the company’s ability to influence the national discourse and global events.”

Sinking FTC workplace rankings threaten Chair Lina Khan’s agenda

Twitter has had run-ins with Washington regulators over its security practices for more than a decade, dating back to a pair of 2009 incidents when hackers gained unauthorized access to the platform. Following those hacks, the company entered into a settlement with the Federal Trade Commission that required it to stand up a comprehensive security program that was subject to external audits. The company more recently faced political blowback for a 2020 hack, during which hackers gained access to the accounts of influential people including then-presidential candidate Joe Biden and Musk.

Zatko alleges that Twitter violated the terms of that 2011 FTC order by falsely claiming it had a security plan. A former FTC official who worked on the Twitter case said the agency was understaffed at the time of its initial settlement with Twitter, and that the enforcement division had failed to keep a close eye on multiple companies after reaching privacy settlements, including the one with Twitter.

Sen. Richard Blumenthal (D-Conn.), head of the Senate Commerce panel focused on consumer protection, said the disclosures “appear to demonstrate Twitter’s disregard for FTC’s consumer data requirements.”

“Big Tech has been allowed to ignore the terms of the FTC’s orders for too long — despite significant breaches, spying scandals, and hijacking of high-profile accounts,” he said in a statement. “The FTC must vigorously oversee and enforce its orders or those requirements become dead letter law while our national security and consumer privacy are undermined.”

Twitter participated in biannual audits of its security practices, in compliance with the order, according to the company.

Rep. Jan Schakowsky ((D-Ill.) said that the allegations show that the FTC “absolutely needs more resources.” Democrats last year proposed boosting the FTC’s budget by $1 billion to create a new digital-focused division focused on policing privacy violations and cybersecurity incidents, but it was ultimately not included in Democrats’ recent spending package.

“The status quo has once again failed American consumers, from coast to coast and here in the heartland,” she said.

File source

Tags
Show More

Related Articles

Back to top button
Close