The Twitter whistle-blower testified Spurs called the tech regulator

Senators across the ideological spectrum vowed to tighten controls on social media in response to testimony Tuesday that he called a “mine of security vulnerabilities.” Twitter Inc.

Former head of Twitter security Peter ZatokoThe hacker, nicknamed “Mudge,” spent more than 2 1/2 hours describing the company’s reactive security policy with outdated software, extensive employee access to private user data, and “fire-to-fire” engineers. In addition, the ineffectiveness of what he said Federal Trade Commission This was to “allow companies to rate their own homework”.

Even Republicans like South Carolina had their visions Lindsey Graham The call for a “regulatory environment with teeth” — often anathema to conservatives who prefer a smaller federal government. But widespread disillusionment with social media platforms and concerns about user privacy and national security, Zatko said, are creating new alliances like Graham’s plans to introduce legislation. Elizabeth Warrena Democrat from Massachusetts and one of the most progressive members of the Senate.

“Now is the time to look at social media platforms in a new way,” Graham Zatko promised at the hearing. “What you have done today will not be in vain.”

The two senators are working on a bill to create a new federal regulator to oversee big tech, Graham told reporters after the hearing. For companies like Twitter, he suggested that while they don’t mind paying a $150 million fine, they “might be worried about losing their license.” Graham and Warren did not agree on the list, a congressional aide said.

Currently, the FTC and the Justice Department share oversight of the technology industry, and some advocates have argued that a regulator focused on the Internet economy is better suited to take on the world’s richest industries.

Graham said such an agency should force companies to fortify their platforms against outside interference, be more responsible with user data and provide an appeals process for content moderation decisions. New laws “must create consequences for these organizations and give them incentives to do better,” he said.

‘Real threat’

Zatko says Twitter is a decade away from essential security updates, and cited several examples of Twitter prioritizing profits over addressing risks on its influential platform.

“Twitter’s insecure handling of user data and its inability or unwillingness to truthfully represent issues to its board of directors and regulators have threatened tens of millions of Americans, the American democratic process, and America’s national security,” Zatko said. In the trial.

In addition, the company’s management “repeatedly covered up its security weaknesses by defrauding regulators and lying to users and investors.”

Zatko, 51, was fired in January 2022 after the company cited performance deficiencies.

Twitter said in a statement after the hearing that “Mr. Zatko’s allegations are riddled with contradictions and inaccuracies.” The company said it protects the hiring process by using data access control systems and background checks.

Reaction to Zatko’s testimony has been mixed from current and former Twitter employees, people familiar with the matter, and tweets from employees. Some have suggested that Zatco’s big-picture complaint — that tech companies like Twitter need better control over data and security issues — has gone awry. Others have questioned why he himself hasn’t done more to fix Twitter’s problems, given his senior position within.

Earlier: Twitter shareholders approved Elon Musk’s $44 billion buyout

He is sitting alone at the table in front of him Senate Judiciary CommitteeZatco paints a picture of a company that collected vast amounts of user data but only understood how 20% of it was being used, leaving many employees with dangerous levels of access to that data. Although Twitter is under a 2011 consent decree from the FTC to address security flaws, Zatko said U.S. regulators — and those who use one-time payments as a defense — are less effective than their foreign counterparts, such as France’s data protection agency.

The FTC fined Twitter in May for violating a 2011 agreement to strengthen security controls and respect user privacy. But as a Hawaii Democrat Maze Hirono “A $150 million fine for a multi-billion dollar company is not going to give them any incentive to change what they’re doing,” he said.

WATCH: Peter Zatko, Twitter’s former chief security officer, talks about his role as a whistleblower and why he decided to come forward. Also known as “Mudge”, Zatco executives were focused on profits over security.

Zatko’s accusations come as Twitter prepares to go to court to force it. Tesla Inc. General manager Elon Musk To complete the 44 billion dollar deal to buy the company. Zatco’s whistle-blowing complaint supported Musk’s concerns about the proliferation of automated identifiers known as bots, which could be highlighted in a Delaware court hearing on Oct. 17, but Tuesday’s hearing focused on security flaws.

Lawmakers, in particular, have raised concerns about Mudge’s allegations that Twitter allowed foreign agents to work on its payroll and acceded to requests from adversaries such as China. Chairman of the Judiciary Dick DurbinThe Illinois Democrat compared it to users who trust Twitter to protecting their data because they trust a bank — but “the safe is open on Twitter.”

“Twitter is an extremely powerful platform that cannot afford security vulnerabilities,” Durbin said.

Zatko said he wasn’t surprised to find out a week before he was fired. FBI He warned Twitter about an employee from China’s intelligence service who was suspected of working with MSS.

“If you don’t put outside agents in Twitter — because it’s so hard to find them, it’s very important to have an outside agent in there,” Zatoko said of intelligence agencies, “you’re probably not doing your job.” job”

Iowa Senator Chuck GrassleyThe committee’s top Republican said Mudge’s statements “paint a disturbing picture of an organization focused solely on profit at any cost.”

Twitter CEO Grassley said. Parag Agrawal He was invited to a hearing on Tuesday to respond to the lawsuit, but declined, saying it could interfere with ongoing litigation with Field.

WATCH: Elon Musk and Twitter to battle in court Here’s what happened so far and the different ways the saga could end.

Source: Bloomberg

Zatko has pleaded with lawmakers to provide protections for whistleblowers who want to come forward while at the companies. He also said that any privacy law should include audits and results that cannot be played with technology platforms.

There is bipartisan support for new Internet regulations to protect user privacy and security, but current proposals have failed to gain much traction as Congress focuses on other priorities. Even with Graham’s support, other Senate Judiciary Republicans questioned the need to give more powers to regulators.

“I don’t think we need any more bureaucrats,” said the Texas Republican. John CornynMember of the Senate Judiciary Committee. “We need some laws to enforce them, we don’t have them now.”

Connecticut Democrat Richard Blumenthal He said he’s open to launching a new technology-focused regulator that could help shift the balance of power between ultra-profitable companies and agencies tasked with protecting consumers. He also said that instead of creating a new agency, he “could be persuaded” to give the FTC new powers.

“To effectively address this problem, we must not only restructure the company, but also restructure, improve and strengthen our regulatory tools,” Bumenthal said. “Obviously what we’re doing right now isn’t working.”

–With help from Kurt Wagner, Sarah Freer And Steven T. Dennis.

To contact reporters on this story:
Emily Birnbaum in Washington at ebirnbaum3@bloomberg.net;
Anna Edgerton in Washington at aedgerton@bloomberg.net

To contact the editors responsible for this story:
Sarah Ford at sforden@bloomberg.net

John Morgan

© 2022 Bloomberg LP All rights reserved. Used with permission.