–Part of a CarrZee series on whistleblowing; Twitter is an important information platform for communicating the need for climate action

—Bullet point formatted stort

Sept. 13, 2022 (London) — Twitter whistleblower Peiter ‘Mudge’ Zatko alleges at US Senate Judiciary Committee hearing that Twitter does not know what data it has, where it lives, where it came from, so it can’t protect the data.

Title of hearing: data security at risk

Zatko alleges too many Twitter employees had too much access to too much information.

Security issues/problems occurred at similar levels year after year, he said; there was not improvement as Twitter focussed on other areas, including revenue growth

Regulator the Federal Trade Commission “is a little over their own head:” Zatko

FTC essentially left companies to “grade their own homework”: Zatko

French regulator terrified Twitter more than FTC; one-time fines did not concern Twitter: Zatko

Chuck Grassley, ranking member on the committee, had earlier said that the Twitter CEO Agrawal may struggle to hold onto his job after refusing to attend the hearing. The hearing was “more important” than litigation between Twitter and Elon Musk over Twitter’s ownership. See below.

Twitter had an inability to delete data.

Twitter didnt prioritize registering data properly so it can be tracked: Zatko

Foreign agents may have had access to a lot of data; tracking employees’ activities was very difficult: Zatko

Zatko alleges the Twitter India office had a foreign agent and an executive said that since the company had one agent, it didnt matter if it had more.

Hearing heard that Twitter had employed (or may have employed) an agent from the Government of China’s Ministry of State Security, known as MSS.

Saudi Arabia had internal access at Twitter: hearing

Cultural problem at Twitter, according to Zatko: it is only able to focus on one crisis at a time.

There was not enough translators employed at Twitter: Zatko

Twitter knew people’s latest IP address, type of device, email address, browser type, etc; half of Twitter employees are engineers — they could’ve have access to Grassley’s Twitter account, for instance; difficult to know which engineers had logged into what systems: Zatko

Engineers could potentially sell access to accounts; third parties could delete accounts: Zatko

Management misled board of directors, Twitter misled FTC: Zatko

“The (regulatory) tools out of the toolbelt are not working”: Zatko

Twitter published sexual content involving children: hearing

There was a reluctance to put decisions / rationales for decisions in writing at Twitter: Zatko

Twitter “a goldmine” for intelligence agencies that plant agents

Governments could put pressure on Twitter users in “real life” if they know the data from Twitter; eg physical address / IP address; eg Indian farmers protesting could be targeted: Zatko

Could create family group / network around an individual: Zatko

Regulators need to do their job better: Zatko

Republican Senator Lindsey Graham: US will create a regulatory system for social media that is “more like Europe”; Graham said he was working with Democratic Senator Elizabeth Warren on the task, even though the two of them disagreed a lot; social media companies are virtually unregulated

(Updates with further answers to questions, additional comments; I could not listen until the end)

Meanwhile (Bloomberg):