Congress is looking into Twitter whistleblower’s claims of lax security

Senate committees are holding talks with the company's former security chief.

Dado Ruvic / reuters

Senate and Congressional committee leaders from both sides of the aisle are looking into claims from Twitter's former security chief that the platform has “extreme, egregious deficiencies” in terms of protections against attackers. Famed hacker Peiter "Mudge" Zatko, who took over Twitter's security division in 2020 and left the post in January, accused the company in a whistleblower complaint of having questionable cybersecurity defenses and weak measures to fend off spam. Zatko also claimed the company violated the terms it agreed with the Federal Trade Commission to settle a privacy dispute.

Democratic Rep. Frank Pallone Jr. and Republican Cathy McMorris Rodgers, the chair and ranking member of the House Energy and Commerce Committee respectively, say they are "assessing next steps" following the allegations, according to The Washington Post. They said the complaint underscores how important it is for Congress to protect people's data by passing consumer privacy legislation.

"The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies and penetration of the company by foreign intelligence raise serious concerns," Senate Judiciary Committee chair Dick Durbin wrote on Twitter. "If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world."

The offices of Durbin and the committee's ranking member Chuck Grassley said they've held early talks with Zatko. The Senate Intelligence Committee is also looking to set up a meeting with the whistleblower.

"Security and privacy have long been top company-wide priorities at Twitter," spokesperson Rebecca Hahn said, while claiming that Zatko's assertions are "riddled with inaccuracies." The company fired Zatko "for poor performance and leadership," Hahn said, adding that he "appears to be opportunistically seeking to inflict harm on Twitter, its customers and its shareholders."

Zatko has said he "felt ethically bound" to file the complaint as a member of the cybersecurity community. Given the bipartisan interest in Zatko's claims, the allegations could prompt Congress and the Senate to beef up cybersecurity legislation after several failed efforts to more strictly regulate the technology industry.

Additionally, Zatko's disclosure could play a role in Twitter's case against Elon Musk, who is trying to back out of a deal to buy the company. The two sides are set to go to trial in October.