Former Twitter security chief Peiter “Mudge” Zatko will testify in Congress next month after going public with damning allegations about the social media company’s security practices and its attempts to mislead regulators , the Washington Post reports. Zatko is scheduled to speak at a September 13 hearing and is expected to address privacy and national security concerns raised in his complaint.
“Mr. Zatko’s allegations of widespread security breaches and interference by foreign state actors on Twitter raise serious concerns,” said Senate Judiciary Committee Chairman Sen. Richard J. Durbin (D- Ill) and Republican Sen. Charles E. Grassley (R-Iowa) in a joint statement. “If these claims are true, they may show dangerous privacy and data security risks for Twitter users around the world.
Zatko has previously met privately with Judiciary Committee staff and had three meetings on Capitol Hill, according to the Washington Post reports.
Zatko’s complaint also caught the attention of European data protection regulators, Tech Crunch reports. The complaint claims that if EU regulators had investigated Twitter’s security practices, the company would have tried to mislead them in the same way it misled the FTC. The Irish Data Protection Commission, which leads the EU’s General Data Protection Regulation (GDPR) enforcement for Twitter due to the location of the tech company’s European headquarters, said it had “engaged with Twitter” over the issues raised in the whistleblower’s complaint.
Meanwhile, the French data gendarmerie, the CNIL, said Tech Crunch that it is “currently investigating” the allegations made in Zatko’s complaint, and that its investigation could result in “an order to comply or a penalty” if Twitter is found to have broken the law. Tech Crunch notes that it is unclear what sanctions Twitter could face in the EU, but the GDPR allows fines of up to 4% of a company’s annual global turnover depending on severity of the breach.
Twitter declined to comment. The Washington Post on news of the hearing, and a company representative did not immediately respond to The edgerequest for comment. But in an internal memo sent after the revelations became public, Twitter CEO Parag Agrawal said the claims are “a false narrative riddled with inconsistencies and inaccuracies, and presented without significant context.”
“Mr. Zatko was terminated from his senior position at Twitter for poor performance and ineffective leadership more than six months ago,” a company spokesperson said. CNN when the allegations became public. “Mr. Zatko’s allegations and opportunistic timing appear designed to garner attention and harm Twitter, its customers, and its shareholders.
Zatko, who was fired by Twitter in January shortly after Agrawal became CEO, makes numerous damning allegations about the company’s security flaws in the complaint filed with the Securities and Exchange Commission (SEC) on last month. In particular, he says the company violated the agreement it made with the Federal Trade Commission (FTC) to maintain various security measures after a pair of security incidents in 2009.
The former security chief also alleges that Twitter’s approach to measuring the number of bots on its platform is misleading, which, if true, would negate its claims that less than 5% of its monthly users are bots, fake accounts or spam. That figure has proven pivotal in Twitter’s ongoing legal battle with Elon Musk, after the Tesla CEO tried to renege on his deal to buy the social media network following a dispute over the number of bots on its platform.