September 12, 2022

Durbin, Grassley Press Twitter CEO on Reports of Security Failures and Foreign Infiltration at Twitter

Today’s letter follows recent allegations by Twitter whistleblower Peiter “Mudge” Zatko, who will testify before the Senate Judiciary Committee tomorrow

WASHINGTON – U.S. Senate Majority Whip Dick Durbin (D-IL), Chair of the Senate Judiciary Committee, and U.S. Senator Chuck Grassley (R-IA), Ranking Member of the Senate Judiciary Committee, today sent a letter to Twitter Chief Executive Officer (CEO) Parag Agrawal seeking information regarding a recent whistleblower report concerning the social media platform. On August 23, 2022, multiple news outlets released a lengthy disclosure containing allegations made by Peiter “Mudge” Zatko, the former head of security at Twitter, alleging serious security failures and foreign infiltration at Twitter.

“We write regarding recent allegations that Twitter has turned a blind eye to foreign intelligence infiltration, does not adequately protect user data, and has provided misleading or inaccurate information about its security practices to government agencies,” the Senators wrote. “These allegations raise serious concerns given Twitter’s significant role in the U.S. communications landscape and its global reach… [Mr. Zatko’s] disclosure paints a disturbing picture of a company that has fallen short of basic security standards in the technology industry, failed to adequately mitigate attempts by foreign governments to gain access to sensitive user information, and willfully misled government regulators.”

In their letter, Durbin and Grassley outline some of the more serious concerns raised by the whistleblower, including the prospect that more than half of the company’s full-time employees have privileged access to Twitter’s production systems, enabling several thousand employees to access sensitive user data—while, at the same time, Twitter reportedly lacks sufficient capacity to reliably know who has accessed specific systems and data and what they did with it.

The Senators continued, “With tens of millions of users in the U.S. and hundreds of millions of users worldwide, your company collects and is responsible for vast troves of sensitive data. This data can reveal not just a user’s activity on Twitter, but also their personally identifiable information—and even their geolocation. If accurate, Mr. Zatko’s allegations demonstrate an unacceptable disregard for data security that threatens national security and the privacy of Twitter’s users.”

In addition to today’s letter, the Senate Judiciary Committee will hold a hearing tomorrow, September 13, 2022. Mr. Agrawal declined the Committee’s invitation to testify. 

Full text of the letter to Mr. Agrawal is available here