Lawmakers Press Twitter on Security Ahead of Whistleblower Testimony on Tuesday

Their letter questions Twitter's CEO about how the company protects users' sensitive information.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Silhouettes of people at Twitter headquarters in front of a paneled white screen with the blue Twitter logo in the center
James Martin/CNET

US lawmakers sent a list of questions to Twitter about its security policies and procedures on Monday evening, hours before the company's former head of security testified before a Senate panel about security and privacy problems he says he uncovered while working at the company.

In a letter addressed to Twitter CEO Parag Agrawal, the leaders of the Senate Judiciary Committee wrote that, if true, allegations lodged by whistleblower Peiter "Mudge" Zatko "demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter's users."

Tuesday has been a notable day for Twitter. In addition to Zatko testifying in Washington, in a preliminary vote count Twitter shareholders appear to have approved Elon Musk's bid to acquire the social media company for $44 billion, a deal that Musk is now trying to back out of.

See also: 4 Big Takeaways from Twitter Whistleblower Peiter Zatko

During his testimony on Tuesday, Zatko said he thinks Twitter's leadership would like to "wave a magic wand"  and have all of its issues fixed, "but they're unwilling to bite the bullet."

In July, Zatko filed an 84-page whistleblower complaint with the US Securities and Exchange Commission, Department of Justice and the Federal Trade Commission, alleging alleges his former employer prioritized user growth over privacy and security.

Zatko accused Twitter executives of hiding bad news instead of trying to fix problems he brought to their attention. Twitter appeared to have a high rate of security incidents, some employees had disabled security and software updates on their devices and staff had too much access to user data, Zatko alleged in the complaint. Twitter pushed back against the allegations and said the whistleblower complaint has inconsistencies, inaccuracies and lacks important context.

In their letter ahead of the hearing, Judiciary Committee Chair Dick Durbin of Illinois and the panel's top Republican, Chuck Grassley of Iowa, questioned Twitter about how it limits employee access to sensitive user data; the company's procedures for protecting user data from being exposed to foreign intelligence; and claims that Twitter misled regulatory agencies on multiple occasions.

"The disclosure paints a disturbing picture of a company that has fallen short of basic security standards in the technology industry, failed to adequately mitigate attempts by foreign governments to gain access to sensitive user information, and willfully misled government regulators," the pair wrote.

Twitter didn't respond to a request for comment Monday, but a spokesperson said Tuesday that access to its data is controlled through processes such as background checks and monitoring and detection system.

"Today's hearing only confirms that Mr. Zatko's allegations are riddled with inconsistencies and inaccuracies," a Twitter spokesperson said Tuesday afternoon.