US lawmakers are questioning Twitter about its security practices on the eve of the whistleblower’s testimony

In a letter addressed to CEO Parag Agrawal, senior members of the Senate Judiciary Committee asked Twitter about the steps the company is taking to secure personal data on its platform; how it protects against insider threats and foreign intelligence operatives; and allegations that it intentionally misled regulators about Twitter’s user privacy, allegations that could result in billions of dollars in fines for Twitter if proven.

The committee also invited Agrawal to testify along with the whistleblower, Peiter “Mudge” Zatko, according to a copy of the letter obtained by CNN. But a committee aide told CNN Monday night that the official witness list for Tuesday̵[ads1]7;s hearing remains unchanged and that Zatko remains the only witness, an indication that Twitter has declined the invitation.

The letter requests a response from Twitter by September 26.

“If accurate, Zatko’s allegations demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter’s users,” wrote Sens. Dick Durbin and Chuck Grassley, the panel’s top Democrat and Republican, in the letter.

Zatko, who was Twitter’s chief security officer from November 2020 until he was fired in January, submitted a whistleblower disclosure to several US authorities and lawmakers in July. The revelation was first reported by CNN and The Washington Post in August. It claims that Twitter lacks many basic internal security measures and gives about half of its employees, including all of its engineers, privileged access to the company’s live, active service, including actual user data. It claims that the company does not reliably delete the data of users who cancel their accounts, and that the company may even now have foreign spies on its payroll despite a US government tip to the effect.

Twitter has pushed back on Zatko’s claims, accusing him of painting a “false narrative” about the company. It has said that while members of the product and engineering teams have the kind of access Zatko describes, only those with a specific business rationale have access to the live Twitter product. It has also said that Twitter has internal processes to deactivate and begin deleting the data of users who cancel their accounts, but the company has not said whether it typically completes that process. And the company has not publicly addressed Zatko’s allegations of possible foreign intelligence compromise.

The disclosure of the whistleblower, along with Tuesday’s congressional hearing, sets the stage for deeper investigations into Twitter’s business practices, just as it prepares to go to court in an attempt to force billionaire Elon Musk to follow through on a $44 billion acquisition he went through on earlier this. year. Among other things, Musk has alleged that Twitter’s failure to disclose the vulnerabilities outlined in Zatko’s whistleblowing report is a breach of the acquisition contract Musk and Twitter both signed.
Twitter has disputed that claim and has insisted that it is Musk who has breached the contract. The two sides are due to appear in court in October.

Source link

Back to top button