Note: This was originally published as the daily newsletter for the Columbia Journalism Review, where I am the chief digital writer
On August 23rd, the Washington Post and CNN published stories about alleged security failures at Twitter, based on documents provided by Peiter Zatko, the company’s former head of security. Among Zatko’s more serious allegations were that Twitter executives, including Parag Agrawal, its CEO, deliberately misled both the company’s board of directors and federal regulators about Twitter’s security procedures, and that the company gave agents of foreign governments access to “sensitive user data.” The document that Zatko gave to the Post and CNN was also shared with several members of Congress as well as the Federal Trade Commission, the Securities and Exchange Commission, the Justice Department, and the Senate Intelligence Committee. On Tuesday, Zatko appeared before a hearing of the Senate Justice Committee to discuss the document, and spent more than two-and-a half hours providing more detail on his accusations.
Some of the most serious allegations came during Zatko’s testimony about foreign agents he said were on Twitter’s payroll. Zatko told the committee that just a week before he was fired by Twitter, the FBI notified the company that “there was at least one agent” of China’s Ministry of State Security “on the payroll inside Twitter.” Zatko also alleged that Twitter was incapable of tracking when and where its own employees accessed its systems, and this made it impossible for Twitter to find foreign agents who might be gaining access to internal data. According to Zatko, the company was only able to find these agents when informed of their presence by external entities such as the FBI. In one case, Zatko said he told a Twitter executive he was “confident” there was a foreign agent inside the company. “Their response was: ‘Well, since we already have one, what does it matter if we have more. Let’s keep growing the office,’” Zatko told the committee.
In 2019, the New York Times reported that two former Twitter employees were charged with acting as agents of the government of Saudi Arabia and using their positions to get access to information about users who were critical of the Saudi government (one of the individuals was convicted last month by a court in California, and the other left the country before he could be arrested). Zatko also told the committee that , the Chinese government could easily have gotten information about Twitter users who clicked on ads, including the locations of those users. “Twitter’s unsafe handling of the data of its users and its inability or unwillingness to truthfully represent issues to its board of directors and regulators have created real risk to tens of millions of Americans, the American democratic process, and America’s national security,” Zatko told the committee.
Continue reading “Twitter whistleblower, Congress, and social media”














