The Senate Judiciary Committee is preparing to hear from Twitter whistleblower Peiter “Mudge” Zatko, who has made stunning accusations about the company’s mishandling of private user data and its failure to maintain basic security standards, leaving it open to foreign influence and intrusion. Zatko claims that Twitter employees regularly ignore or even disable security applications on their own personal devices and corporate systems and exploit some users’ personal data. But the committee wants to hear both sides of the story so they sent out a letter to Twitter CEO Parag Agrawal yesterday. In it, they demand that the company prepare to answer Zatko’s allegations as well as other media reports of dodgy dealings inside the company. And they will likely be bringing in Agrawal for some in-person grilling as well. But as you’ll see further below, they will also be delving into the question of who has been talking to Twitter and asking to have content taken down under the banner of “disinformation.” (CNET)
US lawmakers sent a list of questions to Twitter about its security policies and procedures on Monday evening, hours before the company’s former head of security is scheduled to testify before a Senate panel about security and privacy problems he says he uncovered while working at the company.
In a letter addressed to Twitter CEO Parag Agrawal, the leaders of the Senate Judiciary Committee wrote that, if true, allegations lodged by whistleblower Peiter “Mudge” Zatko “demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter’s users.”
In their letter, Judiciary Committee Chair Dick Durbin of Illinois and the panel’s top Republican, Chuck Grassley of Iowa, questioned Twitter about how it limits employee access to sensitive user data; the company’s procedures for protecting user data from being exposed to foreign intelligence; and claims that Twitter misled regulatory agencies on multiple occasions.
The full letter is available to read here and it’s not a short memo. It’s four pages long and breaks down dozens of questions for Agrawal to address into four main categories, none of which will likely make the CEO feel very comfortable. You can also read a summary of Zatko’s 84-page complaint here.
The first three categories of questions encompass the ones that are grabbing all of the headlines. The first drills down to find out what, if anything, Twitter does to protect user data and corporate systems from foreign intelligence intrusion and disruption. They ask about the hiring process and what sort of screening is in place to ensure that they’re not hiring foreign agents or people who may have been compromised.
The second section deals with how Twitter protects user data from misuse by its own employees, assuming they do that at all. The third category is the particularly damning one, asking about whether or not Twitter has intentionally misled federal regulatory agencies as the whistleblower suggests. The committee wants documentation to back all of that up.
But the really interesting set of questions (at least to me) is the fourth one. I’m assuming that was inserted by Grassley or one of the other Republicans on the committee. They deal with censorship and the processing of “misinformation.” There are only two questions, but they are bombshells. The first demands a “complete, unredacted copy of the independent report prepared at Mr. Zatko’s request regarding Twitter’s approach to countering misinformation and disinformation.” The second one is even better. It requires a ” full and complete list of all government agencies, foreign and domestic, who have approached Twitter to flag content for removal.”
Note the part about the list of all government agencies, “foreign and domestic” who have been ringing up Twitter to have “disinformation” taken down. Who do you suppose the “domestic” agencies in question might include? You know we’re talking about the FBI here, right? I have a feeling that things are about to get a lot more interesting.
Join the conversation as a VIP Member