Twitter whistleblower summoned to Senate Judiciary Committee

Get the popcorn out for September 13

Updated Former head of security at Twitter and whistleblower Peiter "Mudge" Zatko is scheduled to appear before the US Senate Judiciary Committee on September 13 to discuss allegations that his former employer made serious failures in protecting user data.

Twitter has denied the allegations.

The Senate Judiciary Committee naturally took to the microblogging website to announce his subpoena.

Staffers with Senator Richard Blumenthal reportedly met with Zatko this week. The complaints were also discussed with non-specified staff and ranking members of the Senate Judiciary Committee, the House Energy and Commerce Committee, and the Senate Intelligence Committee, a spokesperson for Zatko told Reuters.

Zatko's 84 pages of disclosures [full PDF here, obtained by the Washington Post] include a treasure trove of alleged fraud, violations of financial rules, and security gross negligence.

Within the pages is an assertion that the microblogging site failed to comply with its 2011 FTC Consent Order, that more than half of the company's 500,000 datacenters are running non-compliant kernels or operating systems, and that roughly a third of employees have unsecured devices.

Some staff allegedly have access to personal user data, and others have purposefully installed foreign spyware. Furthermore, growth was allegedly encouraged over reducing spam to keep Monetizable Daily Active User numbers up.

Interest has been piqued outside the US too, particularly as the disclosures allege European regulators were purposefully misled. Zatko expressed the belief that Twitter misled the Ireland Data Protection Commission (DPC) and France's similar org, CNIL, regarding datasets for training machine learning algorithms.

The well-known whistleblower also alleged Twitter misled CNIL regarding how it was deploying and using cookies, while using them for both ad tracking and security, in violation of international data requirements in some jurisdictions. Furthermore, Zatko also accused Twitter of delaying a fix for the entanglement of cookies, despite having a ready solution, in order to extract as much profit as possible.

In response, data protection authorities in Ireland and France have reportedly said they will investigate or take action on the allegations – the DPC by "meeting" with Twitter and CNIL by "investigating the complaint."

Twitter claimed the complaint presented a "false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context," and told The Register Zatko was fired from his role at Twitter in January 2022 for "ineffective leadership and poor performance."

Zatko's assertion comes at a convenient time for Elon Musk, who faces legal battles with the company after he backed out of a deal to purchase it. Musk responded to the information predictably, by vague-tweeting about it. ®

Updated to add

In a statement emailed to The Register after this story was filed, Zatko's legal team challenged Twitter's statements about his performance as false.

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2022