–Part of a CarrZee series on whistleblowing; Twitter is an important information platform for communicating the need for climate action
—Bullet point formatted stort
Sept. 13, 2022 (London) — Twitter whistleblower Peiter ‘Mudge’ Zatko alleges at US Senate Judiciary Committee hearing that Twitter does not know what data it has, where it lives, where it came from, so it can’t protect the data.
Title of hearing: data security at risk
Zatko alleges too many Twitter employees had too much access to too much information.
Security issues/problems occurred at similar levels year after year, he said; there was not improvement as Twitter focussed on other areas, including revenue growth
Regulator the Federal Trade Commission “is a little over their own head:” Zatko
FTC essentially left companies to “grade their own homework”: Zatko
French regulator terrified Twitter more than FTC; one-time fines did not concern Twitter: Zatko
Chuck Grassley, ranking member on the committee, had earlier said that the Twitter CEO Agrawal may struggle to hold onto his job after refusing to attend the hearing. The hearing was “more important” than litigation between Twitter and Elon Musk over Twitter’s ownership. See below.
Twitter had an inability to delete data.
Twitter didnt prioritize registering data properly so it can be tracked: Zatko
Foreign agents may have had access to a lot of data; tracking employees’ activities was very difficult: Zatko
Zatko alleges the Twitter India office had a foreign agent and an executive said that since the company had one agent, it didnt matter if it had more.
Hearing heard that Twitter had employed (or may have employed) an agent from the Government of China’s Ministry of State Security, known as MSS.
Saudi Arabia had internal access at Twitter: hearing
Cultural problem at Twitter, according to Zatko: it is only able to focus on one crisis at a time.
There was not enough translators employed at Twitter: Zatko
Twitter knew people’s latest IP address, type of device, email address, browser type, etc; half of Twitter employees are engineers — they could’ve have access to Grassley’s Twitter account, for instance; difficult to know which engineers had logged into what systems: Zatko
Engineers could potentially sell access to accounts; third parties could delete accounts: Zatko
Management misled board of directors, Twitter misled FTC: Zatko
“The (regulatory) tools out of the toolbelt are not working”: Zatko
Twitter published sexual content involving children: hearing
There was a reluctance to put decisions / rationales for decisions in writing at Twitter: Zatko
Twitter “a goldmine” for intelligence agencies that plant agents
Governments could put pressure on Twitter users in “real life” if they know the data from Twitter; eg physical address / IP address; eg Indian farmers protesting could be targeted: Zatko
Could create family group / network around an individual: Zatko
Regulators need to do their job better: Zatko
Republican Senator Lindsey Graham: US will create a regulatory system for social media that is “more like Europe”; Graham said he was working with Democratic Senator Elizabeth Warren on the task, even though the two of them disagreed a lot; social media companies are virtually unregulated
(Updates with further answers to questions, additional comments; I could not listen until the end)