US Lawmakers Question Twitter on Its Security Practices

US legislators sent Twitter over a dozen questions about its security practices just before the company whistleblower’s testimony before Congress, which is expected to outline incriminating allegations of security and privacy vulnerabilities on Twitter.

The embattled social media company, which has 192 million daily active users, was questioned in a letter addressed to CEO Parag Agrawal. The leading members of the Senate Judiciary Committee wanted to know the steps Twitter takes to secure personal data.

In addition, they were curious about how the company safeguards against foreign intelligence operatives or insider threats. There were also claims that Twitter intentionally misled regulators about its privacy protections for users.

If these allegations are proven, it could result in billions of dollars in fines for Twitter. The company has been asked to respond to the letter by the 26th of September.

Twitter’s CEO was also invited to testify along with the whistleblower Peiter Zatko. But the official witness list for the hearing only lists Zatko as a witness. Twitter declined the invitation, and it also declined to comment.

Zatko, who served as Twitter’s head of security from November 2020 until his dismissal in January, filed a whistleblower disclosure in July to several American government agencies and legislators. 

It claims that the social media company lacks numerous basic internal security measures and grants privileged access to Twitter’s live, active service, including user data, to nearly half of the employees, including all the engineers. 

It also states that Twitter doesn’t erase the users’ data who cancel their accounts and that it may even be paying foreign spies.

Twitter has responded that Zatko’s allegations are false. The company says that while some employees have the type of access described by Zatko, only those with a business justification can access the live Twitter product.

They claim that Twitter has processes in place to deactivate and start erasing the data of users who cancel their accounts. However, they didn’t confirm whether that process is typically completed. 

Furthermore, Twitter hasn’t responded to the allegations of possible foreign intelligence compromise