Skip to content

VIDEO: Hirono Investigates Twitter’s Alleged Mishandling of Data and Information

WASHINGTON, D.C. – Today, Senator Mazie K. Hirono (D-HI), member of the Senate Judiciary Committee, highlighted the serious privacy and national security threats posed by Twitter’s alleged mishandling of data and information at a full Committee hearing. In the hearing, Senator Hirono questioned Mr. Peiter “Mudge” Zatko, a data security expert and Twitter’s former head of security who recently alleged serious privacy and security failures by the company, about the dire consequences of the company’s unwillingness to address the concerns raised in his whistleblower disclosure.

“Your testimony and all of your responses to the various questions we’ve asked you says to me that the situation regarding data security and national security issues with regard to Twitter is massive and that Twitter is not doing very much to be helpful at all,” Senator Hirono said to Mr. Zatko during the hearing. “In fact, there are major disincentives to Twitter doing anything—to spending the time or the resources to address the concerns that you raise.”

In the hearing, Senator Hirono also expressed concern that, based on Mr. Zatko’s testimony, Twitter is allegedly unable to adequately address efforts made by foreign governments and identify foreign agents who infiltrate the company, which poses significant risks to national security.

“From what you’re telling me, [Twitter] cannot even identify foreign agents in their midst,” Senator Hirono asked Mr. Zatko.

Mr. Zatko confirmed this claim during his testimony, saying that, to his awareness, Twitter was not making any effort to identify foreign agents that may have infiltrated the company. He then explained what changes should be implemented in order to address these shortcomings.

“I think holding people accountable is a good start,” said Zatko. “But you can only hold people accountable if you can measure and quantify what their targets are, and what changes need to happen. And if you say, such as what I saw, Twitter needs to have a mature software security program, that’s a very ambiguous and qualitative term. So, holding accountability and setting quantitative goals and standards that can be measured and audited independently, I believe, is what’s going to be required to change management structures and drive change in companies when it’s needed, such as this.”

During the exchange, Senator Hirono also emphasized that effective standards do not currently exist in the U.S. to hold companies like Twitter accountable and deter them from compromising user data and information. Specifically, she inquired about what Twitter currently does with its user information after the user has closed their account.

“You discovered that Twitter compromises its user data long after its users close their accounts,” Senator Hirono continued. “In fact you stated the accounts are simply deactivated while the data is not fully deleted. At the time of your departure from Twitter, was that the company’s continuing general practice?”

Mr. Zatko confirmed this process, saying the Chief Privacy Officer informed him that the Federal Trade Commission (FTC) and other regulators had inquired about whether Twitter deleted user information when users leave the platform, and the response that the company had been previously provided would no longer be sufficient.

“Instead of answering whether we delete user data, we intentionally have replied, ‘We deactivate users,’ and try to side step the program because we know we do not delete user data and cannot comply with that if they demand us to,” said Zatko.

However, in order to properly delete this data, Mr. Zatko stated that Twitter would need to manage and organize the data and information they collect on its users.

“[Twitter] would need to know what data they have, where it is, and why they got it, and who it’s attached to in order to [delete the data],” said Zatko. “If they did that, which should be a fundamental expectation that I would have as a user, yes—at that point they could absolutely delete the information.”

A link to download video of the Senator’s full question line is available here.

###