Skip to Content

Senate Judiciary Committee to hear testimony on Twitter security failings

Senate Judiciary Committee to hear testimony on Twitter security failings

Senate Judiciary Committee to hear testimony on Twitter security failings

WASHINGTON – On Tuesday, Sept. 13, the Senate Judiciary Committee held a hearing discussing a whistleblower's claims that were made against Twitter earlier this year.

Senate Majority Whip Dick Durbin (D-IL) and Senator Chuck Grassley (R-IA) announced in late August that they would be holding a full committee hearing to examine allegations made in July by Twitter ex-security chief Peiter “Mudge” Zatko of that company’s alleged security failures.

 “Mr. Zatko’s allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns.  If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world,” Durbin and Grassley said in a state issued by the committee.  “The Senate Judiciary Committee will investigate this issue further with a full Committee hearing this work period, and take further steps as needed to get to the bottom of these alarming allegations.”

The disclosure which sent to congress and federal agencies in July before being obtained by the media detail a haphazard work security environment lacking oversight and controls with regards to sensitive data both corporate and user related. Some of the allegations included in the disclosure accuse company leadership of trying to cover up these security flaws and alleges that some current employees may be foreign agents. According to claims by Zatko, Twitter fails to adequately erase user data when they cancel their accounts.

Twitter fired Zatko from his position with the company in January this year roughly two years after he had been tapped for the roll by former CEO Jack Dorsey. The prominent white hat hacker called “Mudge” is well known in the cybersecurity world for his work as a security researcher, such as on the buffer overflow security vulnerability. Tuesday will not be Zatko’s first time in front of the Senate Judiciary Committee. As one of several members of L0pht Heavy Industries, a hacker collective, he testified before the senate in 1998 on internet security vulnerabilities.

Twitter for its part continues to deny the claims outlined in the disclosure. “We are reviewing the redacted claims that have been published, but what we’ve seen so far is a false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context,” Twitter CEO Parag Agrawal wrote in a letter to employees last month. “I know this is frustrating and confusing to read, given Mudge was accountable for many aspects of this work that he is now inaccurately portraying more than six months after his termination. But none of this takes away from the important work you have done and continue to do to safeguard the privacy and security of our customers and their data.”

Liver coverage of the hearing can be found at www.judiciary.senate.gov starting at 10:00am EDT.

Comments

To comment on this post, please log in to your account or set up an account now.