Whistleblower Reveals What Information Twitter Collects From Users

Whistleblower Reveals What Information Twitter Collects From Users

Twitter whistleblower and former head of security Peiter Zatko revealed to lawmakers on Tuesday that engineers have access to the plethora of data the social media company collects from users.

Last month, Zatko alleged in a whistleblower account that Twitter lacks sufficient cybersecurity safeguards and claimed that executives misled board members about potential vulnerabilities that left the platform open to hacking, foreign manipulation, and spying. During his Tuesday testimony to the Senate Judiciary Committee, Zatko said that Twitter collects user phone numbers, current and past email addresses, current and past IP addresses, and the web browser from which the user connects, among other data.

He added that every engineer at the firm could potentially gain access to the data through their access to internal production systems. “If they wanted to root around in the data and find it, they could, and some have,” Zatko told lawmakers, according to a report from CNN.

Zatko also claimed in his whistleblower report that one or more current Twitter employees is working for a foreign intelligence agency. He explained during his testimony that executives were “unwilling to put the effort in” to root out the individual.

According to Zatko, one executive allegedly told him: “Well, since we already have one, what is the problem if we have more? Let’s keep growing the office.”

Lawmakers are currently debating a piece of legislation called the American Data Privacy and Protection Act, which would adopt a “data minimization” approach toward collection of user information such that only the data “reasonably necessary and proportionate” to specific applications — including user authentication and fraud prevention — are procured. The bill, however, has a carveout for entities gathering user data for government purposes.

Zatko’s testimony also comes as Tesla and SpaceX CEO Elon Musk attempts to cancel a deal that would require him to purchase Twitter at a valuation of $44 billion. The world’s richest man recently asserted that the true number of fake accounts on the platform could be as high as 33% rather than the company’s reported 5%, with a lower number of monetizable daily active users potentially justifying a lower valuation.

In his whistleblower report, Zatko claimed that Twitter executives lacked the resources or motivation necessary to determine the true number of fake accounts on the platform. Last week, Delaware Chancery Court Chancellor Kathaleen McCormick granted attorneys representing Musk permission to use Zatko’s testimony in their case. A trial to determine the status of the acquisition deal is scheduled for October 17.

While Zatko’s testimony was broadcasted live on Tuesday morning, Musk tweeted an emoji of movie theater popcorn, apparently indicating that he was enjoying the direction of the proceedings.

Nevertheless, Zatko testified that he only took the “personal and professional risk” of issuing a whistleblower report because he deemed the action “necessary” in light of dangers posed to individual users and national security.

“I did not make my whistleblower disclosures out of spite or to harm Twitter; far from that,” he explained. “I continue to believe in the mission of the company and root for its success. But that success can only happen if the privacy and security of Twitter’s users and the public are protected.”

America