Twitter executives put profit ahead of security, opening the platform to infiltration by foreign agents and hackers, the company's former head of security told Congress on Tuesday.
"Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors," Peiter "Mudge" Zatko told the Senate Judiciary Committee. "The company's cybersecurity failures make it vulnerable to exploitation, causing real harm to real people."
In a federal whistleblower complaint made public last month, Zatko accused the company of lax security practices, neglecting user privacy, misleading regulators in violation of a 2011 settlement with the Federal Trade Commission, and knowingly employing foreign government agents who had access to internal systems and data.
The complaint has raised alarm bells in Washington, given the platform's role as a place where government leaders, dissidents and businesses turn to get their message out.
Zatko's disclosures have also thrown a new twist into Twitter's legal battle with Tesla CEO Elon Musk, who is trying to back out of a $44 billion deal to buy the company. The billionaire has seized on Zatko's claims as further justification for walking away from the purchase without penalty.
Sen. Charles Grassley, R-Iowa, revealed at Tuesday's hearing that the FBI had warned Twitter that a Chinese agent was on its payroll, a previously undisclosed detail from Zatko's complaint.
Zatko said Twitter struggled to identify potential infiltration by foreign agents and typically was only able to do so when notified by outside agencies. The company was "unwilling to put the effort in" to hunt down bad actors, he said.
In his testimony, Zatko painted a portrait of a company beset by widespread security issues and unable to understand the extent and implications of the data it collects.
"Twitter was a company that was managed by risk and by crises, instead of one that manages risk and crises. It would react to problems too late," Zatko testified.
Twitter's leaders were unwilling or unable to grapple with the scale of the problem and ignored warnings from him and other employees, Zatko said, accusing them of prioritizing business over security.
He quoted writer Upton Sinclair, saying: "It is difficult to get someone to understand something when his salary depends on him not understanding something."
The committee called the hearing soon after Zatko filed his whistleblower complaint.
"Twitter is an immensely powerful platform that cannot afford gaping security vulnerabilities," Sen. Dick Durbin (D-IL), the committee chairman, said on Tuesday. He compared Twitter to a bank, saying users reasonably expect the company to protect the information they use when they sign up for accounts.
Grassley, the committee's ranking member, slammed Twitter CEO Parag Agrawal for turning down an invitation to testify alongside Zatko. He said the CEO had declined due to Twitter's court battle with Musk.
"The business of this committee and protecting Americans from foreign influence is more important than Twitter's civil litigation in Delaware," Grassley said. "If these allegations are true, I don't see how Mr. Agrawal can maintain his position at Twitter."
Twitter did not respond to a request for comment on Zatko's testimony on Tuesday. The company has previously said Zatko was fired for poor performance and that his complaint is "riddled with inaccuracies," and "opportunistically seeking to inflict harm."
Copyright 2022 NPR. To see more, visit https://www.npr.org.
