US lawmakers sent Twitter more than a dozen questions Monday about its security practices, ahead of a corporate whistleblower’s testimony before Congress, in which he is expected to outline damning allegations of security and privacy vulnerabilities at the embattled social media company.
In a letter to CEO Parag Agrawal, senior members of the Senate Judiciary Committee asked Twitter about the steps the company is taking to secure personal data on its platform; how it protects against threats from within and foreign intelligence; and allegations that it has deliberately misled regulators about Twitter’s privacy protections for users, claims that could lead to billions of dollars in fines for Twitter if proved.
The commission also invited Agrawal to testify with whistleblower Peiter “Mudge” Zatko, according to a copy of the letter obtained by CNN. But a committee official told CNN Monday night that the official witness list for Tuesday’s hearing remains unchanged and that Zatko is still the sole witness, an indication that Twitter has declined the invitation.
Twitter (TWTR) declined to comment.
The letter asks for responses from Twitter before September 26.
“If true, Mr. Zatko’s allegations show an unacceptable disregard for data security that threatens the national security and privacy of Twitter users,” Sens wrote. Dick Durbin and Chuck Grassley, the panel’s top Democrat and Republican, in the letter.
Zatko, who served as Twitter’s head of security from November 2020 until his resignation in January, filed a whistleblower disclosure to multiple U.S. government agencies and lawmakers in July. The disclosure was first reported by CNN and The Washington Post in August. It claims that Twitter lacks many fundamental internal security measures and gives about half of its employees, including all of its engineers, privileged access to the company’s live, active service, including actual user data. It claims that the company does not reliably delete the data of users who cancel their accounts, and that the company even now has foreign spies on its payroll, despite a tip from the US government to that effect.
Twitter has reversed Zatko’s allegations, accusing him of painting a “false story” of the company. It has said that while members of its product and engineering teams have the type of access Zatko describes, only those with a specific business justification can access the live Twitter product. It has also said that Twitter has internal processes to deactivate the data and begin deleting the data from users who cancel their accounts, but the company has not said whether it typically completes that process. And the company has not publicly raised Zatko’s allegations about a possible compromise with foreign intelligence agencies.
The whistleblower’s disclosure, along with Tuesday’s congressional hearing, sets the stage for deeper investigations into Twitter’s business, just as it is poised to appear in court in an attempt to force billionaire Elon Musk to continue. with a $44 billion acquisition he agreed to earlier this year. Among other things, Musk has argued that Twitter’s failure to disclose the vulnerabilities described in Zatko’s whistleblower report is a violation of the acquisition contract that Musk and Twitter have both signed.
Twitter has disputed that claim and has maintained that it was Musk who breached the contract. In October, the two sides will face each other in a trial.
#lawmakers #question #Twitter #security #practices #ahead #whistleblower #testimony #CNN #Business