Peiter Zatko, Twitter, and New Alleged Privacy Violations

September 16, 2022 | 4 minutes read
Peiter Zatko, Twitter, and New Alleged Privacy Violations

Twitter’s former security chief, cybersecurity expert, and current data protection whistleblower Peiter “Mudge” Zatko recently provided testimony to the Senate Judiciary Committee regarding accusations of data privacy violations that he has alleged took place during his time with the social media platform. Zatko’s testimony is in relation to a whistleblower complaint that he filed with the U.S. Congress in July of this year, in addition to various other major government agencies, including the U.S. Justice Department, the Securities and Exchange Commission (SEC), and the Federal Trade Commission (FTC). In his complaint, Zatko makes several scathing allegations and damaging claims against his former employer, ranging from the company’s lackluster data protection practices to a general lack of oversight and responsibility that he claims was exhibited by the company’s top executives.

For reference, Zatko, who has years of cybersecurity experience and was previously employed by the Defense Advanced Research Projects Agency (DARPA) before his time at Twitter, was ousted by the social media company in January of this year for his supposed bad leadership, was quoted in his testimony as saying “[Twitter executives] don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it. And this leads to the second problem, which is the employees then have to have too much access to too much data and too many systems.” Due to the weight of these claims, Zatko’s testimony has sparked a larger conversation about the enactment of a federal data protection law that can be used to regulate big tech companies such as Twitter in a more effective and efficient manner.

Big tech companies and privacy

While the numerous claims that Zatko has made about Twitter over the course of the past several months have still yet to be conclusively proven, big tech companies have been accused of violating the personal privacy and data protection rights of their respective users at numerous points during the past decade. Meta’s now infamous Cambridge Analytica scandal is perhaps the most well-known example of such invasions of personal privacy, as even after years of investigations conducted by government agencies such as the FTC, as well as record monetary fines that have totaled billions of dollars, the circumstances that allowed for Facebook users to have their personal data harvested for nefarious purposes have still not been expressed to the general public, if such information has even been determined at all.

Likewise, Zatko has echoed similar sentiments concerning Twitter’s operations, claiming that “Twitter leadership ignored its engineers because their executive incentives led them to prioritize profit over security.” Furthermore, Zatko has also alleged that Twitter’s cybersecurity measures leave a lot to be desired, as he claims that the company’s perceived inability to safeguard the personal information of users has made the platform vulnerable to attacks that may be launched by “teenagers, thieves, and spies”, and was also quoted in his testimony saying that “I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors.”

Twitter and international influence

On top of the claims that Zatko has made about Twitter as it relates to personal privacy, he has also made a point to claim that “there is at least one agent” from China that is currently on Twitter’s payroll. Furthermore, he has also claimed that India also has agents working for Twitter, and has posited that these international agents have been permitted to access the personal information of American citizens. This being the case, Zatko’s accusations have transcended the common privacy criticisms that are often levied against major tech companies such as Twitter and have suggested that the social media platform’s failure to ensure that the personal information of their users is being protected has essentially grown into a national security issue.

Conversely, Twitter released a statement that denounced all of the claims that Zatko has made regarding the company during the last few months. More specifically, the statement dismissed Zatko’s claims as “a false narrative … riddled with inconsistencies and inaccuracies” and lacking important context”, and goes on to assert that the hiring process they use to identify potential employees is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.” Nevertheless, Zatko’s testimony has undoubtedly cast doubt on the ability of Twitter to safely manage the trove of personal data that the social media platform retains on a daily basis.

While the specific claims that Peiter “Mudge” Zatko has made against Twitter are still being investigated by U.S. government agencies and officials, it is hard to argue against the general idea that major tech companies have historically struggled to put the privacy of their users ahead of their own profits. Subsequently, if the claims that Zatko has made are determined to be true, it will simply be the latest instance of Twitter violating the personal privacy of the online users that take advantage of the social media platform, as consumers around the world must now contend with the fact that their personal data may very well be exposed whenever they log onto their favorite social media network.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »