Peiter Zatko, Twitter, and New Alleged Privacy Violations
September 16, 2022 | 4 minutes read
Twitter’s former security chief, cybersecurity expert, and current data protection whistleblower Peiter “Mudge” Zatko recently provided testimony to the Senate Judiciary Committee regarding accusations of data privacy violations that he has alleged took place during his time with the social media platform. Zatko’s testimony is in relation to a whistleblower complaint that he filed with the U.S. Congress in July of this year, in addition to various other major government agencies, including the U.S. Justice Department, the Securities and Exchange Commission (SEC), and the Federal Trade Commission (FTC). In his complaint, Zatko makes several scathing allegations and damaging claims against his former employer, ranging from the company’s lackluster data protection practices to a general lack of oversight and responsibility that he claims was exhibited by the company’s top executives.
For reference, Zatko, who has years of cybersecurity experience and was previously employed by the Defense Advanced Research Projects Agency (DARPA) before his time at Twitter, was ousted by the social media company in January of this year for his supposed bad leadership, was quoted in his testimony as saying “[Twitter executives] don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it. And this leads to the second problem, which is the employees then have to have too much access to too much data and too many systems.” Due to the weight of these claims, Zatko’s testimony has sparked a larger conversation about the enactment of a federal data protection law that can be used to regulate big tech companies such as Twitter in a more effective and efficient manner.
Big tech companies and privacy
While the numerous claims that Zatko has made about Twitter over the course of the past several months have still yet to be conclusively proven, big tech companies have been accused of violating the personal privacy and data protection rights of their respective users at numerous points during the past decade. Meta’s now infamous Cambridge Analytica scandal is perhaps the most well-known example of such invasions of personal privacy, as even after years of investigations conducted by government agencies such as the FTC, as well as record monetary fines that have totaled billions of dollars, the circumstances that allowed for Facebook users to have their personal data harvested for nefarious purposes have still not been expressed to the general public, if such information has even been determined at all.
Likewise, Zatko has echoed similar sentiments concerning Twitter’s operations, claiming that “Twitter leadership ignored its engineers because their executive incentives led them to prioritize profit over security.” Furthermore, Zatko has also alleged that Twitter’s cybersecurity measures leave a lot to be desired, as he claims that the company’s perceived inability to safeguard the personal information of users has made the platform vulnerable to attacks that may be launched by “teenagers, thieves, and spies”, and was also quoted in his testimony saying that “I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors.”
Twitter and international influence
On top of the claims that Zatko has made about Twitter as it relates to personal privacy, he has also made a point to claim that “there is at least one agent” from China that is currently on Twitter’s payroll. Furthermore, he has also claimed that India also has agents working for Twitter, and has posited that these international agents have been permitted to access the personal information of American citizens. This being the case, Zatko’s accusations have transcended the common privacy criticisms that are often levied against major tech companies such as Twitter and have suggested that the social media platform’s failure to ensure that the personal information of their users is being protected has essentially grown into a national security issue.
Conversely, Twitter released a statement that denounced all of the claims that Zatko has made regarding the company during the last few months. More specifically, the statement dismissed Zatko’s claims as “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context”, and goes on to assert that the hiring process they use to identify potential employees is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.” Nevertheless, Zatko’s testimony has undoubtedly cast doubt on the ability of Twitter to safely manage the trove of personal data that the social media platform retains on a daily basis.
While the specific claims that Peiter “Mudge” Zatko has made against Twitter are still being investigated by U.S. government agencies and officials, it is hard to argue against the general idea that major tech companies have historically struggled to put the privacy of their users ahead of their own profits. Subsequently, if the claims that Zatko has made are determined to be true, it will simply be the latest instance of Twitter violating the personal privacy of the online users that take advantage of the social media platform, as consumers around the world must now contend with the fact that their personal data may very well be exposed whenever they log onto their favorite social media network.