Peiter Zatko, Twitter’s former head of security, revealed on August 23 in an 84-page document, security vulnerabilities in social networks. Interrogated for two and a half hours by the US Senate on Tuesday, the complainant did not beat around the bush, flooding the social network a little more. In particular, he criticized the platform for hiding flaws in its security system and lying about its fight against fake accounts.
He claimed that Twitter was a decade behind in its internal security, leaving the door open to Twitter’s 4,000 engineers who have access to user data at all times.
The Cnil on alert
Peiter Zatko also said he wanted better protection for whistleblowers so they can report vulnerabilities without leaving the company. In the U.S, the Federal Trade Commission (FTC), the American antitrust, has no means to act against the Californian company, in the worst case through a simple economic sanction.
Peiter Zatko has fun with this. “The French Cnil terrorized Twitter more than the FTC,” he said during his hearing. And for good reason, the IT National Commission (Cnil) could more aggressively attack Twitter activity in France. The whistleblower argued for a strengthening of regulators, including the FTC.
Twitter in the eye also of Europe
In his complaint filed at the end of August, Peiter Zatko accuses Twitter of several frauds in the management of personal data. The National Computer Commission has taken up the issue. “The elements concerning the Cnil must be analyzed in depth, so at this stage we are not in a position to confirm or deny the veracity of the breaches invoked. If the accusations turn out to be true, the Cnil could carry out checks that could lead to a formal warning or sanction if non-compliances are observed.“, explained the Commission to Figaro.
The social network would also have practices contrary to the European personal data protection regulation (RGPD): it would have lied about managing your account. Instead of deleting an account at the request of a user, they were simply disabled.
The FTC, defenseless?
Back in 2010, the FTC issued a complaint against Twitter for your mismanagement of personal data users, and for the too easy access of engineers to the main controls of the social network. Peiter Zatko says the company “has never complied” with FTC requests. Thus, Twitter could be fined billions of dollars.
During the hearing, several elected officials used the opportunity to defend their own legislative projects, including Amy Klobuchar. One of those intended to offer more funds to the FTC has stalled.
While Twitter shareholders voted in favor of Elon Musk’s takeover of the network, the whistleblower provides valuable support to the Tesla and SpaceX boss ahead of his scheduled trial on October 17.
Source: BFM TV
