Dive Brief:
- An accusation by Twitter’s former head of security that top company executives tolerated weaknesses in privacy and security coincides with efforts by the Federal Trade Commission (FTC) and both Republican and Democrat lawmakers to avert abuse of consumers’ online data.
- A whistleblower complaint by Peiter “Mudge” Zatko, a former executive terminated by Twitter in January, said leaders at the social media platform for years deceived users, investors and government officials about privacy and security flaws that led to several serious breaches. Zatko in July sent the complaints — first reported by CNN and The Washington Post — to the FTC, Justice Department and Securities and Exchange Commission.
- “What we’ve seen so far is a false narrative about Twitter and our privacy and data security that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said in a statement. “Security and privacy have long been companywide priorities at Twitter and will continue to be.”
Dive Insight:
Federal regulators and lawmakers from both parties have in recent months stepped up efforts to strengthen online privacy protections, focusing in part on flawed data security by technology companies.
The House Energy and Commerce Committee last month approved by 53-2 the American Data Privacy and Protection Act tightening restrictions on how businesses can gather and use consumers’ information.
The legislation, while needing approval by the full House and Senate, has gained widespread support in both chambers and may pick up momentum after reports of the whistleblower claims against Twitter.
“The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies and penetration of the company by foreign intelligence raise serious concerns,” Sen. Richard Durbin, D-Ill., chair of the Senate Judiciary Committee, said Tuesday in a statement.
“If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” Durbin said. “I will continue investigating this issue and take further steps as needed.”
The FTC this month announced it is considering rules to crack down on lax data security and commercial surveillance, or the business of collecting, analyzing and profiting from consumer information.
“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” FTC Chair Lina Khan said in an Aug. 11 statement while seeking public comment on tougher regulations.
“The growing digitization of our economy — coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used — means that potentially unlawful practices may be prevalent,” she said.
Companies that fail to protect the data that they collect put consumers’ information at risk to hackers and data thieves, the FTC said.
“Rules that establish clear privacy and data security requirements across the board and provide the commission the authority to seek financial penalties for first-time violations could incentivize all companies to invest more consistently in compliant practices,” according to the FTC.
The allegations by Zatko come just weeks before Twitter goes to trial in an attempt to compel Elon Musk to follow through on a $44 billion agreement to buy the social media company.
Musk has said that Twitter has not been forthcoming in disclosing the number of fake users on the platform. His attorneys want to hear more about Zatko’s allegations.
“We have already issued a subpoena for Mr. Zatko and we found his exit and that of other key employees curious in light of what we have been finding,” Alex Spiro, an attorney for Musk, said in an email.
