The TL;DR Version of the Twitter Whistleblower Complaint

Twitter’s former head of security, Peiter Zatko, filed an 84-page whistleblower report last month with the US government, alleging Twitter’s poor security practices and being out of compliance with an FTC order to protect user data. Zatko, a white-hat hacker who served as Twitter’s head of security for almost 15 months between 2020 and 2022, accused the company of various security and privacy lapses that constitute a national security risk. Twitter refuted the claims, calling Zatko a “disgruntled employee” who was terminated for poor performance and leadership.

H3: Allegations by Zatko

Zatko’s allegations include several security and privacy violations by Twitter that are a threat to national security. These allegations are as follows:
– Twitter’s mismanagement and unsupervised access to sensitive security and privacy controls by staff
– Working for undisclosed foreign intelligence services
– Lack of proper security features on half of Twitter’s servers
– Prioritizing growth over security by Twitter executives
– Non-compliance with a 2010 FTC order to protect users’ personal information
– Inaccurate user personal data deletion by Twitter due to technical limitations
– Attempt to hide the whistleblower report by Twitter management
– Infiltration, control, exploitation, surveillance, and/or censorship by certain foreign governments on Twitter’s platform, staff, and operations
– Twitter’s inability to precisely determine the correct number of fake or bot accounts on its platform

H3: Twitter’s Response

Twitter’s response to the accusations levied by Zatko centres around dismissing him as a disgruntled employee. Twitter argues that it has made significant strides to address the IT security issues raised by Zatko. The company pointed out the allegedly disingenuous nature of the whistleblower report, claiming that some of the issues were taken out of context or were already being resolved. However, some members of Congress responded to Zatko’s claims by promising to investigate the allegations.

H3: Congressional Investigation

Several top lawmakers from both parties promised to examine the allegations raised by Zatko. Senator Dick Durbin (D-IL), chair of the Senate Judiciary Committee, confirmed that he would investigate the whistleblower disclosure. The concerns raised by the whistleblower’s allegations of systematic security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence service members raise serious concerns.

H2: Recommendations

Twitter faces a significant security and privacy challenge as a result of the complaints raised by its former head of security. Twitter must guarantee that user data is appropriately protected: data encryption, accurate user personal data deletion, and compliance with legal orders are some of the most critical procedures the company must prioritize. Twitter should also increase its resources and improve its capacity to determine the number of fake or bot accounts on its platform. Additional oversight, governance, and risk management of Twitter’s internal security controls are required to ensure compliance with best practices in the industry. Twitter must ensure that none of its staff is working for any foreign intelligence services and hire a qualified Chief Information Security Officer (CISO) to manage its security and privacy processes. By doing so, Twitter will improve its security and privacy posture, protect user data, and regain customer trust.