Congress is investigating new whistleblower claims made by Twitter’s former head of security following two bombshell reports published on Tuesday — and some are calling on top federal law enforcement officials to follow suit.
This morning, The Washington Post and CNN published dual reports into alarming new safety and security allegations raised against Twitter by Peiter “Mudge” Zatko, who was fired as the company’s head of security earlier this year. Zatko alleges that Twitter makes little effort to fight spam accounts and has shockingly insufficient cybersecurity defenses.
Responding to the new reports, several top lawmakers said that their committees and staff were currently investigating Zatko’s accusations. Sen. Richard Durbin (D-IL), chair of the powerful Senate Judiciary Committee, confirmed that he was investigating Zatko’s whistleblower disclosure and would “take further steps as needed to get to the bottom of these alarming allegations,” in a Tuesday tweet thread.
Rep. Frank Pallone (D-NJ), chair of the House Energy and Commerce Committee, echoed Durbin’s statement, writing that he was “carefully reviewing” the whistleblower allegations and was “assessing next steps” in a Tuesday tweet.
Democratic tech hawks like Sens. Edward Markey (D-MA) and Richard Blumenthal (D-CT) sent letters to law enforcement agencies like the Federal Trade Commission on Tuesday, calling on them to open their own investigations into Zatko’s claims. Markey wrote to both FTC chair Lina Khan and Attorney General Merrick Garland, raising into question whether Twitter has once again run amok of a 2011 consent decree with the FTC over prior privacy and security violations.
“Unsurprisingly, then, Twitter has continued to suffer embarrassing security incidents and face ongoing scrutiny for misleading users and regulators,” Markey wrote in his Tuesday letter. “This blithe disregard for user data and FTC settlements cannot stand.”
In May, Twitter agreed to pay $150 million to settle a lawsuit with the Justice Department and FTC. The agencies accused Twitter of deceptively using account emails and phone numbers for targeted advertising. That suit claimed that, in doing so, the platform was violating the FTC’s 2011 order in which agency officials “alleged that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter.”
The FTC’s order banned Twitter from misleading users over the privacy and security of their data for 20 years. In his whistleblower disclosure, Zatko accuses Twitter of violating the terms of the 2011 agreement, according to The Washington Post. Federal law enforcement investigations could take years to finish — even longer if officials choose to press charges or sue Twitter over Zatko’s allegations.
Still, the letters show that at least some in Congress see the claims as too important to ignore. In his letter to Khan on Tuesday, Blumenthal said, “These troubling disclosures paint the picture of a company that has consistently and repeatedly prioritized profits over the safety of its users and its responsibility to the public, as Twitter executives appeared to ignore or hinder efforts to address threats to user security and privacy.”