Saturday, October 1, 2022
Home Tech News Twitter can’t protect users’ data, former CISO alleges

Twitter can’t protect users’ data, former CISO alleges

Twitter’s former chief information security officer (CISO) leveled a series of serious accusations against his former employer in testimony before U.S. Congress, including allegations that foreign agents from India and China worked for the company, and that Twitter executives mislead the public and regulators on data security.

“First, they don’t know what data they have, where it lives, or where it came from, and so, unsurprisingly, they can’t protect it,” Peiter Zatko told the Senate judiciary committee on Tuesday. “That leads to the second problem: employees need to have too much access to too much data on too many systems.”

He joined the company in November 2020. Twitter says he was fired in January for “ineffective leadership and poor performance.”

Zatko was quoted by SC Media as saying Twitter’s data infrastructure is so decentralized that not even leadership knows all the data the company collects or where it’s stored. When he brought those concerns to Twitter’s leadership, he claimed their incentive structure led them to prioritize “profits over security.”

The news site The Record quoted him saying roughly half of Twitter employees are engineers who have vast practical access to the company’s systems. However, those systems often lack logging capabilities, so it can be hard to track if someone — such as an agent of a foreign government — inappropriately accesses information.

Several news agencies noted that Twitter has been under a consent decree with the U.S. Federal Trade Commission since 2011 because of several data security incidents. As recently as May, Twitter settled a civil complaint from the agency accusing the company of violating that order by collecting phone numbers of users for account security purposes, then using them to target advertising. The company agreed to pay a US$150 million fine.

In response to the allegations, Agence France Press and others noted that in a statement, Twitter said its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.

The Reuters news agency noted many of the allegations are uncorroborated and have little documentary support.

Zatko was emphatic. “It’s not far-fetched to say that an employee at the company could take over the accounts of all of the senators in this room,” he was quoted as saying. “Given the real harm to users and national security, I determined it was necessary to take on the professional and personal risk to myself and my family of becoming a whistleblower.”

The testimony comes as the U.S. House of Representatives is dealing with a bipartisan federal privacy bill.

- Advertisment -

Most Popular

Former Calgary Dino now a rookie with NFL’s Los Angeles Chargers

Canadian Deane Leonard has certainly taken the path less travelled to the NFL’s Los Angeles Chargers. The 22-year-old cornerback is in his rookie season with...

‘Impact success!’ Nasa spacecraft smashes asteroid in first ever ‘planetary defence test’

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video Nasa has successfully crashed a spacecraft into a small asteroid...

TikTok could face £27m fine for failing to protect children’s privacy

TikTok could face £27m fine for failing to protect children’s privacyInvestigation finds video-sharing app may have breached UK data protection law between 2018 and...

Eight states sue crypto lender Nexo over security sales and misleading marketing

/ New York’s attorney general alleges that the company’s Earn Interest Product was a security, one that the company wasn’t registered to sell,...