Photo Credit: Jens Gyarmaty | Redux
Twitter is experiencing significant hurdles at the same time. This follows the announcement by the company’s former head of security that he will testify against Twitter before a Senate committee next month. The date coincides with the company’s final decision on whether or not to grant business mogul Elon Musk’s takeover offer.
The whistleblower, Peter “Mudge” Zatko, will testify before the Senate Judiciary Committee about security problems and Twitter’s irresponsibility regarding user privacy. According to the Senate committee, the hearing will take place on September 13.
Zatko forwarded 200 pages of documents, including supporting exhibits, to several government agencies last month. The whistleblower provided the document to the US Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission.
The hearing was pushed through because many officials were concerned about the content of the whistleblower’s disclosure. Senators Dick Durbin and Chuck Grassley claim that “Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
The Senate Intelligence Committee expressed its concern about Zatko’s disclosure. The lawmakers’ meeting is an opportunity to discuss the allegations, according to Rachel Cohen, the committee spokesperson. Meanwhile, the Senate Subcommittee on Consumer Protection has requested that the FTC investigate the matter and levy appropriate fines or sanctions if Twitter is found guilty of the charges.
Twitter denies the allegations made
While lawmakers agreed to hold the hearing for apparent probable cause, Twitter reacted quickly and criticized Zatko’s actions.
In an official statement issued by a Twitter spokesperson, the company said, “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
The whistleblower calling the shots
Zatko is not new to publicizing cybersecurity issues. In fact, he appeared on national television during a congressional hearing on cybersecurity in 1998.
During an interview, Zatko said, “All my life, I’ve been about finding places where I can go and make a difference. I’ve done that through the security field. That’s my main lever.”
Prior to joining Twitter, Zatko held senior positions at companies such as Stripe and Google. He also worked for the US Department of Defense. So, when Twitter was hacked in 2022, endangering the accounts of several key people, including former President Barack Obama and Elon Musk, Zatko decided to become a whistleblower.
He was hired by Twitter, where he allegedly discovered flaws in the company’s security measures. According to the whistleblower, Twitter had a poor security policy that allowed more than half of the company’s employees to access the application’s controls. Zatko found “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy” in the company’s system.
“It was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did…. Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment,” stated Zatko in his disclosure.
Jon Leibowitz, Former FTC chairperson, said, “And if there’s a violation here — and that’s a big if — then I think the FTC should very seriously consider not just fining the corporation but also putting the executives responsible under order.”
Opinions expressed by US Insider contributors are their own.