The former head of security for Twitter, Peiter Zatko, has told US lawmakers the firm is “misleading the public” about how secure the platform really is.
He claimed Twitter was “a decade behind” security standards, that users’ data is not sufficiently protected and that too many staff have access to it.
Mr Zatko was giving evidence following an 84-page long whistleblowing complaint he made about security practices inside the social network.
He was fired by the firm in January.
He also said “one-time fines” imposed by regulators over breaches of rules on data protection “didn’t bother Twitter at all”.
In his damning testimony, Mr Zatko described an organisation prioritising revenue generation above everything else.
Read Also: Brazil bans sales of iPhones without USB power adapters
At the start of the hearing he grew tearful about his role as a whistleblower, saying it was not a decision he had taken lightly.
“I’m risking my career and reputation… if something good comes out of it five or ten years down the line, it will be worth it,” he said later on.
He also said he still thought Twitter offered a good service but laughed when asked whether he would buy it – a wry nod to the saga of Elon Musk’s deal.
“Depends on the price,” he said.
National security
During his questioning, Mr Zatko said that employees had expressed concerns to him that Twitter was carrying advertising from “organisations which may or may not be associated with the Chinese government”, a potential national security risk.
When he raised concerns with Twitter executives he was told it would be “problematic” to lose that revenue stream, he said.
He also said he was troubled by Twitter’s attitude to other national security issues he had raised. He said “half the company” were engineers and they all had access to users’ personal data. Twitter did not log their activity, he added.
Musk and spam
He has previously supported Elon Musk’s claim that the platform has more spam and fake accounts than it has admitted.
The hearing is not connected with Mr Musk’s attempt to pull out of his deal to buy Twitter for $44bn – that case is due to begin in October
Mr Zatko was personally hired by Twitter’s co-founder and former CEO Jack Dorsey, after a high-profile attack of the platform’s celebrity accounts.
The whistleblower said that peoples’ personal information was put at risk. Information held about users includes:
- Phone number
- IP address – from which a physical address could potentially be found.
- Email address
- Type of device
- Type of browser
- Location a user connected from
This data could enable an individual to be targeted in the real world, he said.
Mr Zatco has previously worked for the US government and Google, and is well-regarded in the information security community.
His lawyer John Tye described him as “a pretty remarkable guy”.
Senator Chuck Grassley from the US Judiciary Committee said in his opening remarks that Twitter CEO Parag Agrawal had declined to attend the hearing.
Mr Agrawal’s last activity on his own Twitter account was a re-tweet of the firm’s chairman Bret Taylor in response to Elon Musk on 4 August.
Twitter has said that Peiter Zatko lost his job because of ineffective leadership and poor performance, and that his allegations are both inaccurate and inconsistent.
SOURCE: BBCNEWS
