The allegation of rampant security failures on Twitter’s platform prompted lawmakers to double down on data handling practices.
Lawmakers are planning to investigate Twitter’s security measures following an explosive whistleblower complaint from a former senior employee made public earlier this week.
Cybersecurity buffs on Capitol Hill, including Sen. Ron Wyden, D-Ore., have issued statements promoting the need for stronger security measures like data encryption to prevent users’ private messages from exposure.
The whistleblower complaint was filed by the company’s former security lead, Peiter “Mudge” Zatko, which was first reported by CNN and The Washington Post.
“I personally urged [Twitter Founder] Jack Dorsey to secure users' private conversations with strong, end-to-end encryption years ago, to ensure Americans couldn't be targeted by criminals, predators and spies. And I renewed that call over, and over again,” Wyden said. “Unfortunately I and other advocates were right to be concerned.”
Wyden’s colleagues on the Senate Judiciary Committee were also quick to address the complaints, summoning Zatko to testify before an upcoming Congressional hearing about the alleged security failures at the social media titan.
“Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns. If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” Sens. Dick Durbin, D-Ill., and Chuck Grassley, R-Iowa., announced on Wednesday. “The Senate Judiciary Committee will investigate this issue further with a full Committee hearing this work period, and take further steps as needed to get to the bottom of these alarming allegations.”
Zatko is slated to appear before the Senate Judiciary Committee on Tuesday, September 13.
Counterparts in the House of Representatives echoed senators’ concerns, with House Committee on Homeland Security Chair Reps. Bennie G. Thompson, D-Miss., and Rep. Yvette D. Clarke, D-N.Y., sending a letter to Twitter CEO Parag Argawal asking for company leadership to address Zatko’s allegations and answer questions from the Committee by September 8.
“Twitter plays a unique role in our information and political ecosystems. Security flaws that put users’ sensitive personal data within easy reach of a hacker looking to take control of a high-profile account or a foreign dictator looking for information on dissidents are nothing short of a threat to national security,” Thompson and Clarke wrote. “If substantiated, the whistleblower allegations demonstrate a pattern of willful disregard for the personal data of Twitter users and the integrity of the platform.”
Twitter has previously been in trouble with federal regulators over privacy concerns, having recently paid a fine of $150 million after the Federal Trade Commission found that the company allowed personal user data to be accessed by external third parties.
The FTC and other federal agencies have increased their investigations of data privacy in both private and public sector networks. The FTC is currently accepting comments on its proposed rule focusing on surveillance and data security practices employed by U.S. companies, which aims to address how online companies secure and protect user information and inform consumers about their individual data policies.