Photo Credit: Jens Gyarmaty | Redux
Major developments are currently affecting Twitter. This follows the former company security chief’s announcement that he would testify against Twitter in front of a Senate committee the following month. The timing coincides with the company’s final decision-making day regarding whether or not to approve businessman Elon Musk’s takeover proposal.
Peter “Mudge” Zatko, a whistleblower, will testify before the Senate Judiciary Committee and castigate Twitter for its cybersecurity problems and negligence when it comes to user privacy. The hearing will happen on September 13.
Zatko sent 200 pages of documents, along with supplementary exhibits, to several government agencies last month. The US Securities and Exchange Commission, the Department of Justice, and the Federal Trade Commission were also given copies of the document by the whistleblower.
Because many officials were worried about the information in the disclosure sent by the whistleblower, the hearing was pushed through. Senators Dick Durbin and Chuck Grassley claim that “Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
The Senate’s Intelligence Committee acknowledged the gravity of Zatko’s disclosure. According to Rachel Cohen, a spokesperson for the committee, the lawmakers’ call for the meeting is an effort to discuss the allegations. According to the senate subcommittee on consumer protection, the FTC has been urged to look into the situation and impose appropriate fines or sanctions should Twitter be found guilty of the charges.
Twitter answers the allegations
Even though the hearing was scheduled because there seemed probable cause, Twitter reacted quickly to condemn Zatko’s actions.
In a statement by Twitter spokesperson, the company stated, “Mr. Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that are riddled with inconsistencies and inaccuracies and lack important context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”
The identity of the whistleblower
Zatko has a history of making the public aware of cybersecurity issues. He even appeared on national television during a congressional hearing on cybersecurity in 1998.
“All my life, I’ve been about finding places where I can go and make a difference. I’ve done that through the security field. That’s my main lever,” Zatko said during an interview.
Prior to joining Twitter, Zatko held positions at a number of tech firms, including Strip and Google. He worked for the US Department of Defense as well. Zatko decided to play the whistleblower when Twitter was breached back in 2022, compromising the accounts of several important individuals, including former President Barack Obama and Elon Musk, among others.
He was subsequently hired by Twitter, where he allegedly started to notice some flaws in the company’s security protocols. The whistleblower claimed that Twitter had very lax security procedures that allowed more than 50% of the staff to access the application’s controls. The system of the company has “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy,” according to Zatko’s findings.
“It was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did…. Nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment,” added Zatko in his disclosure.
“And if there’s a violation here — and that’s a big if — then I think the FTC should very seriously consider not just fining the corporation but also putting the executives responsible under order,” said Jon Leibowitz, the Former FTC chairperson.