“These continuing whistleblower claims suggest that additional violations and vulnerabilities may yet be uncovered.”
[WASHINGTON, D.C.] – Following new Twitter whistleblower allegations, U.S. Senator Richard Blumenthal (D-CT) called on the Federal Trade Commission (FTC) to investigate the company’s handling of user privacy and security and its compliance with the Commission’s consent decree.
“According to recent whistleblower disclosures, Twitter has failed to address serious deficiencies in its own privacy and security controls despite its legal obligations to do so under an FTC consent decree,” wrote Blumenthal to FTC Chair Lina Khan.
Blumenthal pointed to these new whistleblower allegations supporting concerns about the company’s handling of security vulnerabilities and mishandling of personal data raised last year by Twitter’s former Security Lead Peiter “Mudge” Zatko writing: “I am particularly concerned about the implications of Twitter’s failures for U.S. national security. Both complaints demonstrate vulnerabilities in Twitter’s internal controls that would allow any of its thousands of employees to take over user accounts, raising acute concern about insider threats from foreign governments, especially in light of Mr. Zatko’s disclosure noting examples of apparent espionage from China and India.”
Blumenthal raised alarm about Twitter’s apparent failure to address previously reported consumer data concerns, writing “Twitter may be continuing to mishandle and misrepresent its use and retention of private data, including failing to delete information and misusing data collected from consumers.” Blumenthal also raised concerns that these alleged deficiencies continued past Twitter’s agreement to put in place stricter security controls in compliance with the May 2022 consent decree and following Elon Musk’s acquisition of the company.
“Despite assurances to the public and Congress from Twitter about cleaning up its act, the platform has apparently continued to ignore not only threats to user safety and national security, but also its legal obligations under the consent decree,” Blumenthal emphasized. “The FTC has a responsibility to bring enforcement actions—whether for any breach of Twitter’s consent decree or for other violations of our consumer protection laws—including seeking liability for individual Twitter executives, where appropriate.”
Following Zatko’s whistleblower disclosures in August 2022, Blumenthal wrote to the FTC urging an investigation of potential breaches of its 2011 consent decree. In May 2022, Blumenthal questioned Zatko about Twitter’s data security practices, its potential misleading of federal regulators, and necessary remedies at a hearing in the Senate Judiciary Committee. In November 2022, Blumenthal led a group of Senate Democrats in urging the FTC to investigate Twitter and its compliance with the consent decree following Elon Musk’s takeover of the company.
The full text of today’s letter can be found here.
-30-