Opinion: Whistleblower testimony suggests Twitter has left the country


Now it’s up to the senators who heard his shocking testimony to take action to regulate Twitter and other social media.

Zatko testified that, according to an informal investigation carried out by Twitter engineers, when the company has collected data about users, it only knows “why it was obtained, how it should be used (and) when it should be deleted”. about 20% of the time. So even if the other 80% want to delete the data that goes down, the company may not know how to find it. What’s more, Zatko says this data — which includes a lot of sensitive personal information, such as where the company thinks users live — is accessible to all engineers in the company. Zatko also said that, unlike many other companies, Twitter doesn’t have a separate testing platform for the apps it builds, so engineers test with real user data, a situation he described as “weird.”
And, Zatko added, Twitter did not have an adequate system in place to log employees accessing or attempting to access user data, and the company was unable to identify potential misuse.
It is therefore not surprising that serious security breaches occur within the company. The social media company’s former head of security testified that he had seen with “high confidence” a foreign agent placed inside the company by the Indian government to monitor Twitter’s negotiations with the government.
In its testimony, the FBI also stated that it had been told by Twitter that it suspected an employee was a foreign asset for the Chinese government. (In August, a former Twitter manager was convicted of espionage in Saudi Arabia.)
But Zatko said the company doesn’t make much of an effort to root out spies, and when he discussed a possible foreign agent with a company executive, the person replied, “Well, since we already have one, what’s the problem if we have more.” ?”
In fact, Zatko said Twitter’s security protocols are so lax and its personal information about users so valuable that a foreign intelligence agency that doesn’t hire its spies as Twitter engineers “probably isn’t doing (its) job.”
Twitter loudly disputes Zatko’s allegations. He has been accused of painting a “false narrative” and said he was fired in January for “ineffective leadership and poor performance” after serving in office since November 2020. A Twitter spokesperson told CNN that his testimony “only confirms that Mr. Zatko’s allegations are riddled with inconsistencies and inaccuracies.”
But Zatko’s testimony suggests the company isn’t making rudimentary efforts to protect user data. This should be scary for users. Imagine, for example, the possibility that a Twitter employee could figure out from an IP address that a user was tweeting from an illegal abortion clinic and use that information to blackmail the user. Or consider the possibility of an employee sending unauthorized tweets from a user account.
“It’s not a stretch to say that one Twitter employee could hold every senator in this room accountable,” Zatko testified.
This possibility should scare all Americans, whether they use the platform or not. As we saw with last year’s attack on the Capitol, a single tweet from a high-profile account can incite mass violence in this country, or change the outcome of a race on Election Day.

In addition, foreign governments can use user data to track the activities and movements of American spies and government officials, obtaining valuable intelligence that could threaten our country’s security.

Based on Zatko’s testimony, it is surprising that Twitter has not made greater security efforts in the face of these serious risks. And what his testimony tells us is that we simply cannot trust that the people who run Twitter will not be reckless in the future. We need to look to the government to establish regulations so that social networks do not have carte blanche to decide what data to collect about users and how to use and store it.

After hearing Zatko’s testimony, senators should race to introduce a bill to limit the storage of social media data, including how long they can keep it and with whom it can be shared. The senators also require companies to limit employee access to user data, identify improper tracking of who is accessing user data, and set up strict internal systems to root out snooping and other malicious uses of user data.

Zatko’s testimony says Twitter has let its users and the country down by failing to implement basic security measures. Now, the ball is in the court of the senators who heard his disturbing testimony. If they fail to act, they will be held as accountable as Twitter for choosing not to take action to protect the safety of Twitter users and the nation.