Twitter misleading the public, whistleblower says
Twitter’s former head of security, Peiter Zatko, has told US lawmakers the firm is “misleading the public” about how secure the platform really is.
He claimed Twitter was “a decade behind” security standards, that users’ data is not sufficiently protected and that too many staff have access to it.
Mr Zatko was giving evidence following an 84-page long whistleblowing complaint he made about security practices inside the social network.
He was fired by the firm in January.
He also said “one-time fines” imposed by regulators over breaches of rules on data protection “didn’t bother Twitter at all”.
In his damning testimony, Mr Zatko described an organisation prioritising revenue generation above everything else.
At the start of the hearing he grew tearful about his role as a whistleblower, saying it was not a decision he had taken lightly.
During his questioning, he said that employees had expressed concerns to him that Twitter was carrying advertising from “organisations which may or may not be associated with the Chinese government”, a potential national security risk.
When he raised concerns with Twitter executives he was told it would be “problematic” to lose that revenue stream, he said.
He also said he was troubled by Twitter’s attitude to other national security issues he had raised. He said “half the company” were engineers and they all had access to users’ personal data. Twitter did not log their activity, he added.
He has previously supported Elon Musk’s claim that the platform has more spam and fake accounts than it has admitted.
The hearing is not connected with Mr Musk’s attempt to pull out of his deal to buy Twitter for $44bn – that case is due to begin in October
Mr Zatko was personally hired by Twitter’s co-founder and former CEO Jack Dorsey, after a high-profile attack of the platform’s celebrity accounts.
The whistleblower said that peoples’ personal information was put at risk. Information held about users includes:
- Phone number
- IP address – from which a physical address could potentially be found.
- Email address
- Type of device
- Type of browser
- Location a user connected from
This data could enable an individual to be targeted in the real world, he said.
Mr Zatco has previously worked for the US government and Google, and is well-regarded in the information security community.
His lawyer John Tye described him as “a pretty remarkable guy”.
Senator Chuck Grassley from the US Judiciary Committee said in his opening remarks that Twitter CEO Parag Agrawal had declined to attend the hearing.
Twitter has said that Mr Zatko lost his job because of ineffective leadership and poor performance, and that his allegations are both inaccurate and inconsistent.
More to follow
