Everything Amazon Announced Amazon Kindle Scribe Amazon Halo Rise Amazon Fire TV Omni QLED Prime Day 2: Oct. 11-12 Asteroid Crash Site Inside Hurricane Ian's Eye Refurb Roombas for $130
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept

Lawmakers Press Twitter on Security Ahead of Whistleblower Testimony on Tuesday

Their letter questions Twitter's CEO about how the company protects users' sensitive information.

Silhouettes of people at Twitter headquarters in front of a paneled white screen with the blue Twitter logo in the center
James Martin/CNET

US lawmakers sent a list of questions to Twitter about its security policies and procedures on Monday evening, hours before the company's former head of security testified before a Senate panel about security and privacy problems he says he uncovered while working at the company.

In a letter addressed to Twitter CEO Parag Agrawal, the leaders of the Senate Judiciary Committee wrote that, if true, allegations lodged by whistleblower Peiter "Mudge" Zatko "demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter's users."

Tuesday has been a notable day for Twitter. In addition to Zatko testifying in Washington, in a preliminary vote count Twitter shareholders appear to have approved Elon Musk's bid to acquire the social media company for $44 billion, a deal that Musk is now trying to back out of.

See also: 4 Big Takeaways from Twitter Whistleblower Peiter Zatko

During his testimony on Tuesday, Zatko said he thinks Twitter's leadership would like to "wave a magic wand"  and have all of its issues fixed, "but they're unwilling to bite the bullet."

In July, Zatko filed an 84-page whistleblower complaint with the US Securities and Exchange Commission, Department of Justice and the Federal Trade Commission, alleging alleges his former employer prioritized user growth over privacy and security.

Zatko accused Twitter executives of hiding bad news instead of trying to fix problems he brought to their attention. Twitter appeared to have a high rate of security incidents, some employees had disabled security and software updates on their devices and staff had too much access to user data, Zatko alleged in the complaint. Twitter pushed back against the allegations and said the whistleblower complaint has inconsistencies, inaccuracies and lacks important context.

In their letter ahead of the hearing, Judiciary Committee Chair Dick Durbin of Illinois and the panel's top Republican, Chuck Grassley of Iowa, questioned Twitter about how it limits employee access to sensitive user data; the company's procedures for protecting user data from being exposed to foreign intelligence; and claims that Twitter misled regulatory agencies on multiple occasions.

"The disclosure paints a disturbing picture of a company that has fallen short of basic security standards in the technology industry, failed to adequately mitigate attempts by foreign governments to gain access to sensitive user information, and willfully misled government regulators," the pair wrote.

Twitter didn't respond to a request for comment Monday, but a spokesperson said Tuesday that access to its data is controlled through processes such as background checks and monitoring and detection system.

"Today's hearing only confirms that Mr. Zatko's allegations are riddled with inconsistencies and inaccuracies," a Twitter spokesperson said Tuesday afternoon.