As per a whistleblower complaint submitted to U.S. officials, Twitter's former head of security claimed that the firm deceived regulators about its inadequate cybersecurity defenses and its recklessness in seeking to filter out fake accounts that promote misinformation.
Peiter Zatko, who managed security at Twitter before his dismissal at the beginning of the year, filed the allegations with the Department of Justice, the Federal Trade Commission, and the Securities and Exchange Commission last month. A revised version of the complaint published online by the Washington Post was authenticated by the legal group Whistleblower Aid, which is collaborating with Zatko.
While alarming for anyone using Twitter, the revelation could be especially problematic for individuals who use it to engage with constituents, disseminate information in times of crisis, and political dissidents and activists targeted by hackers or their own governments.
Prateek Waghre, policy director at the Internet Freedom Foundation, a digital rights NGO in India, said, "We tend to look at these businesses as enormous, well-resourced institutions who know how to operate — but you realize that a lot of their actions are ad hoc and reactionary, driven by crises." In essence, chewing gum or cello tape are frequently used to hold them together.
One of Zatko's most severe allegations is that Twitter broke the terms of a 2011 FTC settlement by misrepresenting the extent of its security and privacy protections for its users.
The claims in the case about India, stating that Twitter intentionally permitted the Indian government to hire its agents, giving them direct unsupervised access to the company's servers and user data, are very concerning. It also mentioned a recent incident in which a former Twitter employee was found guilty of providing private user information to Saudi Arabian royal family members in exchange for bribery.
Allegations by whistelblower
Setback and disgrace may be the results of privacy and security breaches, as was the case earlier this year when the Indiana State Police account was hacked.
A Saudi humanitarian relief worker was given a 20-year prison sentence in October 2021 as a result of what the kingdom claims were the operation of an anonymous, satirical Twitter account. The men accused of spying for the kingdom while employed at Twitter may be related to this case.
Bethany Al-Haidari has been worried about Twitter's user privacy safeguards for years as an advocate for dissidents and others held in Saudi Arabia.
"According to what we learn about how social media is utilized globally," said Al-Haidari, "a representative of the American human rights organization The Freedom Initiative. It is quite disturbing to me, because hackers or governments may leverage the alleged cybersecurity flaws at Twitter to obtain users' identities, private conversations, or other sensitive information."
The Chinese-Australian artist and activist Badiucao expressed concern about the whistleblower's claims, adding that many users give their phone numbers and email addresses to Twitter. Badiucao frequently publishes artwork that opposes the Chinese Communist Party. He warned that once your personal information is exposed, it might be exploited to track you down. Badiucao claimed that he frequently gets propaganda and death threats from what appears to be a botnet or spam.
Twitter claims that the whistleblower alleges a lack of context and offers a false narrative about the business and its privacy and data security protocols. Twitter stated in response that "security and privacy have always been, and will continue to be company-wide priorities."
Despite the disturbing nature of the whistleblower's allegations, security experts say there is no justification for individual users to deactivate their accounts.
Professor of communications at Syracuse University Jennifer Grygiel, who closely monitors Twitter, was alarmed by yet another security breach. On their last day of work in 2017, a Twitter customer service representative briefly canceled then-President Donald Trump's account. Grygiel claimed that although the account was swiftly restored, the incident demonstrated Twitter's vulnerability of being used by governments, heads of state, and military branches.
However, the administration must balance that risk against how crucial Twitter has become for informing the public about emergencies. Real-time information on fires, the resulting road closures, injuries, and retweets from other agencies alerting the public to threats like flash floods are all available on the department's Twitter feed.
