Twitter’s no-good, very bad year continued today, with the platform’s former security chief Peiter Zatko appearing before a Senate Judiciary Committee to discuss his recent accusations that Twitter is not fulfilling its security requirements, and has repeatedly misled the market, and its own board, about the state of its performance, on various fronts.
As a quick recap, last month, Peiter ‘Mudge’ Zatko, a well-known and highly respected name in cybersecurity, released a statement via Whistleblower Aid that leveled a range of criticisms over Twitter’s security and reporting processes.
In essence, Zatko alleged that Twitter was far more concerned about public and market perception than it was about seriously addressing key problems, which had led to significant lapses in its processes and systems.
Zatko reiterated these claims to US senators today, describing, throughout his two-hour testimony, how:
- Twitter has repeatedly lied to the FTC about its data safety and removal processes, and has violated the terms of its 2011 settlement with the organization
- The FBI informed Twitter during his time at the company that there was at least one Chinese foreign agent on the company’s payroll. Zatko says that this was dismissed out of hand by one Twitter executive, who quipped that ‘we already have one, what does it matter if we have more.’
- Twitter’s executives appeared far less concerned about possible security flaws if taking action on them could endanger the company’s bottom line
- Twitter failed to effectively log and track attempts to infiltrate its systems, leaving it vulnerable to further attacks
If those accusations are correct, then Twitter could be in a world of regulatory pain, and could face significant fines for putting user data at risk.
Though actual enforcement may be difficult. As Zatko notes, Twitter may already be in violation of its established agreements with the FTC, and has not faced penalties for such, because Zatko says that the FTC has been ‘ineffective’ at policing such elements. In Zatko’s view, the regulatory body has been ‘letting companies grade their own homework’ via its lax enforcement processes.
The FTC itself has also been in the spotlight this week, with former staff describing how underfunding has left it unable to pursue many potential breaches and concerns, including, potentially, Twitter’s various issues.
That aligns with Zatko’s statements, and in response, senators have vowed to pursue new regulatory approaches for social platforms.
Though we have also heard that before, in previous hearings over Meta, Amazon, Google and Apple. Not much has of major significance has come of those investigations – but maybe, this will be the trigger that sees more funding allocated to the FTC for future action.
Twitter, meanwhile, has once again denied Zatko’s claims, issuing effectively a carbon copy of its original statement on Zatko’s earlier statements:
‘Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.”
Of course, we don’t know for sure what exactly is and isn’t correct, we can only go on Zatko’s expertise and experience, and Twitter’s counter explanations, where provided, to get some measure of the actual situation internally.
But either way, it doesn’t sound like there’s a great level of internal harmony and coordination there.
You can see why Elon Musk might be hesitant to take it on – and if Musk does take over, and become Tweeter-in-chief, it seems likely that there’ll be major internal changes taking place, which could alter the app in a big way.
What, exactly, comes next, though, we’ll have to wait and see. But for Twitter, it doesn’t seem like it’s going to be good.