By MARCY GORDON
WASHINGTON (AP) — The former safety chief at Twitter advised Congress that the social media platform is suffering from weak cyber defenses that make it susceptible to exploitation by “teenagers, thieves and spies” and put the privateness of its customers in danger. Peiter “Mudge” Zatko, a revered cybersecurity skilled, appeared earlier than the Senate Judiciary Committee to put out his allegations Tuesday.
“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko stated as he started his sworn testimony.
He advised senators he was “risking my career and my reputation” to warn of poor safety practices wherein too many Twitter staff had unsupervised entry to delicate data, and a company tradition of solely reporting excellent news up the chain.
Zatko stated “Twitter leadership ignored its engineers,” partly as a result of “their executive incentives led them to prioritize profit over security.”
His message echoed one dropped at Congress in opposition to one other social media big final yr, however in contrast to that Facebook whistleblower, Frances Haugen, Zatko hasn’t introduced troves of inner paperwork to again up his claims.
Zatko was the pinnacle of safety for the influential platform till he was fired early this yr. He filed a whistleblower criticism in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most critical accusations is that Twitter violated the phrases of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to guard the safety and privateness of its customers.
Sen. Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, stated Zatko has detailed flaws “that may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy.”
“Twitter is an immensely powerful platform and can’t afford gaping vulnerabilities,” he stated.
Unknown to Twitter customers, there’s much more private data disclosed than they —or typically even Twitter itself — notice, Zatko testified. He stated “basic systemic failures” that have been introduced ahead by firm engineers weren’t addressed.
The FTC has been “a little over its head”, and much behind European counterparts, in policing the form of privateness violations which have occurred at Twitter, Zatko stated.
Many of Zatko’s claims are uncorroborated and seem to have little documentary help. Twitter has known as Zatko’s description of occasions “a false narrative … riddled with inconsistencies and inaccuracies” and missing necessary context.
Among the assertions from Zatko that drew consideration from lawmakers Tuesday was that Twitter knowingly allowed the federal government of India to position its brokers on the corporate payroll, the place they’d entry to extremely delicate knowledge on customers. Twitter’s lack of potential to log how staff accessed consumer accounts made it exhausting for the corporate to detect when staff have been abusing their entry, Zatko stated.
The senators appeared much less excited about Zatko’s claims about how Twitter counted “spam bots” on the platform and introduced that data to advertisers and regulators.
An allegation that Twitter underreports its spam rely is on the core of billionaire tycoon Elon Musk’s try to again out of his $44 billion deal to purchase Twitter. Musk and Twitter are locked in a bitter authorized battle, with Twitter having sued Musk to pressure him to finish the deal. The Delaware choose overseeing the case dominated final week that Musk can embrace new proof associated to Zatko’s allegations within the high-stakes trial, which is ready to begin Oct. 17.
Sen. Charles Grassley, the committee’s rating Republican, stated Tuesday that Twitter CEO Parag Agrawal declined to testify on the listening to, citing the continuing authorized proceedings with Musk. But the listening to is “more important that Twitter’s civil litigation in Delaware,” Grassley stated. Twitter declined to touch upon Grassley’s remarks.
In his criticism, Zatko accused Agrawal in addition to different senior executives and board members of quite a few violations, together with making “false and misleading statements to users and the FTC about the Twitter platform’s security, privacy and integrity.”
Zatko, 51, first gained prominence within the Nineties as a pioneer within the moral hacking motion and later labored in senior positions at an elite Defense Department analysis unit and at Google. He joined Twitter in late 2020 on the urging of then-CEO Jack Dorsey.
___
Follow Marcy Gordon at https://twitter.com/mgordonap
Source: www.bostonherald.com”