The Senate Judiciary Committee holds a hearing on data security at the Capitol and hear testimony from a Twitter whistleblower on security risks (Fox News stream). YouTube Tips ⓘ
Key quotes from Peiter “Mudge” Zatko as prepared:
“[I] am here today because I believe that Twitter’s unsafe handling of the data of its users and its inability or unwillingness to truthfully represent issues to its board of directors and regulators have created real risk to tens of millions of Americans, the American democratic process, and America’s national security. Further, I believe that Twitter’s willingness to purposely mislead regulatory agencies violates Twitter’s legal obligations and cannot be ethically condoned.”
“Given the potential harm to the public of Twitter’s unwillingness to address problems I reported and Twitter’s continued efforts to cover up those problems, I determined lawful disclosure was necessary despite the personal and professional risk to me and my family of becoming a whistleblower.”
“Upon joining Twitter, I discovered that the Company had 10 years of overdue critical security issues, and it was not making meaningful progress on them… Staying true to my ethical disclosure philosophy, I repeatedly disclosed those security failures to the highest levels of the Company. It was only after my reports went unheeded that I submitted my disclosures to government agencies and regulators.”
“Twitter’s security failures threaten national security, compromise the privacy and security of users, and at times threaten the very continued existence of the Company… despite these grave threats, Twitter leadership has refused to make the tough but necessary changes to create a secure platform. Instead, Twitter leadership has repeatedly covered up its security failures by duping regulators and lying to users and investors.”
Zatko was hired by Jack Dorsey – then Twitter CEO – in November 2020 to lead the company’s information security approach. Dorseyy’s hiring followed a July 2020 hack that compromised multiple high-profile profile accounts. Zatko was terminated by Twitter in January 2022.
The contents of a whistleblower complaint made by Zatko to the United States Congress were published on August 23 2022. The complaint alleges Twitter was 10 years behind state of the art online security, and committed multiple violations of United States securities regulations, the Federal Trade Commission Act of 1914, and a 2011 enforceable consent decree reached with the Federal Trade Commission after several issues between 2007 and 2010. He also accused Twitter of “extreme, egregious deficiencies” in its handling of user information and spam bots. Zatko accused several Twitter executives, including CEO Parag Agrawal and certain board members, of making false or misleading statements about privacy, security, and content moderation on the platform in violation of the Federal Trade Commission Act of 1914 and SEC disclosure rules. These included misrepresentations to Elon Musk made during the course of his acquisition bid, with the complaint specifically calling Agrawal’s May 16 thread deceptive. The Wall Street Journal reported that Twitter reached a confidential $7 million settlement with Zatko in June 2022, as a result of his termination. The settlement prohibits Zatko from speaking publicly about his time at Twitter, prevents him from disparaging the company, with the exception of Congressional hearings and governmental whistleblower complaints.