Last week, Twitter whistleblower Peiter Zatko testified before the Senate Judiciary Committee that the social media platform has major security deficiencies. Zatko, Twitter’s former head of security, said the company puts profits ahead of safety and security, and he has serious concerns that user data and access to the platform could be jeopardized, reports CNBC.
“It’s not far-fetched to say that an employee inside the company could take over the accounts of all of the senators in this room,” said Zatko when testifying before the Senate Judiciary Committee.
Among Zatko’s allegations is that Twitter can’t ensure that user data is deleted when a user decides to close their account. Zatko said this is because Twitter doesn’t know where all the data is stored.
“They don’t know what data they have, where it lives or where it came from, and so, unsurprisingly, they can’t protect it,” Zatko said.
CNBC reports that a spokesperson for Twitter disputed Zatko’s testimony and said the company has sufficient controls in place, including background checks and monitoring, and detection systems that control who can access data.
“Today’s hearing only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies,” the spokesperson said in a statement.
Last month, Zatko outlined major cybersecurity vulnerabilities at Twitter in a 200-page whistleblower disclosure to Congress, the Securities and Exchange Commission, the Federal Trade Commission, Department of Justice and other federal agencies. In that disclosure, Zatko, who reported to Twitter’s CEO, said the company has misled their board and government regulators about potential dangers, including the possibility of “foreign spying or manipulation, hacking and disinformation campaigns.”
Zatko also said that some of the company’s leadership has tried to cover up the vulnerabilities, and one or more current Twitter employees may be working with a foreign intelligence agency. In addition, Zatko alleges that too many Twitter staff have access to central controls and sensitive information without appropriate oversight.
“It doesn’t matter who has keys if you don’t have any locks on the doors,” Zatko said in his testimony last week.
He also said that Twitter doesn’t adequately delete user data when users close their accounts. Another key problem, Zatko said, is that Twitter doesn’t really know how many spam bots exist on the platform, a major bone of contention by Elon Musk who is trying to get out of his deal to buy Twitter for $44 billion.
Twitter vs. Musk
The whistleblower disclosure in August further fanned the flames in the controversy between Twitter and Elon Musk. Twitter is trying to legally enforce the $44 billion merger agreement, while Musk is trying desperately to extract himself from it. In fact, last week, Twitter’s shareholders approved the deal. Just days before the shareholder vote, Musk’s legal counsel sent a third termination letter to Twitter, stating that the whistleblower’s disclosure and his severance payment of $7.75 million changes everything.
Musk has requested a continuance to have more time to prepare for an October 17 trial. While Chancellor Kathaleen McCormick ruled against a continuance, she did rule that she’d allow testimony arising from the whistleblower complaint in Musk’s countersuit.
“I previously rejected Defendants’ arguments in response to Twitter’s motion to expedite, making clear that the longer the delay until trial, the greater the risk of irreparable harm to Twitter,” McCormick wrote. “I am convinced that even four weeks’ delay would risk further harm to Twitter too great to justify.”
It isn’t yet clear what the Senate Judiciary Committee has the power to do about the whistleblower complaint or when their investigation will be complete. However, it stands to reason that Twitter will continue to dispute Zatko’s claims and hope that the whistleblower disclosure will die down, so they can focus their efforts on enforcing the merger agreement. The Twitter vs. Elon Musk saga will continue for the next several months at least. There does not appear to be an easy solution that will satisfy everyone. Meanwhile, Twitter is in danger of losing public trust, though not likely enough that they’ll lose users en masse.