Twitter’s former security chief testified to Congress on Tuesday that the social media platform has foreign agents embedded within its ranks and that the company’s security around its user data is particularly vulnerable to exploitation.
Peiter “Mudge” Zatko, a 51-year-old cybersecurity expert, became a whistleblower in July after the social media platform fired him and, on Tuesday, appeared before the Senate Judiciary Committee with concerns that foreign countries had infiltrated the company’s employee ranks. He alleged these foreign agents were then gaining unabated access to the personal information of the platform’s 238 million daily users.
During his testimony, Zatko claimed his former employer has weak cybersecurity which could potentially be exposing users to international intelligence operations, including those of China, India, and possibly Russia.
“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko said in his opening remarks, after being sworn in by the committee.
He added, “They don’t know what data they have, where it lives and where it came from and so, unsurprisingly, they can’t protect it. It doesn’t matter who has keys if there are no locks.”
The former security chief then spoke with “high confidence” that the government of India placed an agent at Twitter and that he was made aware of “at least one agent” from the Chinese government’s intelligence service who was “on the payroll.”
Zatko also recalled a conversation with current Twitter CEO Parag Agrawal, who was then the chief technology officer, that left him “surprised and shocked.”
In the alleged conversation, Agrawal asked Zatko if it was possible to “punt” content moderation to the Russian government.
“Since they have elections, doesn’t that make them a democracy?” Zatko recalled his former employer asking.
Zatko also testified that Twitter collects and stores more information about its users than they — or the company — is often fully aware. The Federal Trade Commission, he said, is also particularly lacking in regulating these privacy violations or the subsequent security concerns.
Judiciary Committee Chairman Dick Durbin, D-Ill., gave weight to the allegations, saying such security vulnerabilities “may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy.”
“Twitter is an immensely powerful platform and can’t afford gaping vulnerabilities,” he added.
Sen. Lindsey Graham, R-S.C., who sits on the committee, urged bipartisanship to better regulate these social media tech companies.
“We need to up our game in this country,” Graham said.
Judiciary Committee Ranking Member Charles Grassley, R-Iowa, said Agrawal declined to comment on the allegations.
In a separate statement, Twitter defended its hiring process.
The company claimed it is “independent of any foreign influence” and use background checks, access controls, and monitoring and detection systems and processes limit employee access to user data.
The allegations come as Tesla founder and SpaceX CEO Elon Musk is trying to get out of purchasing Twitter, as the parties have reached different conclusions over its number of bot users.
Musk has maintained his right to withdraw from his agreement to purchase Twitter and tweeted several times about Tuesday’s committee hearing.
Zatko previously filed a whistleblower complaint with Congress, the Justice Department, the FTC and the Securities and Exchange Commission.
The Associated Press contributed to this report.