“Duct tape or chewing gum:” Twitter failings reverberate around the world
From fire departments to governments, school districts to businesses, local utilities to local organizers around the world, Twitter at its best is a tool for getting a message across quickly, efficiently, and directly.
It is also a constant calculation of risk and reward.
A recent explosive whistleblower report Twitter’s former security chief says the social media company has been recklessly lax when it comes to cybersecurity and protecting the privacy of its users for years. While worrying for anyone on Twitter, the revelations could be of particular concern for those who use it to reach constituencies, get information about emergencies, and for political dissidents and activists in the crosshairs of hackers or their own governments. .
“We tend to think of these companies as large, well-resourced entities that know what they’re doing – but you realize that a lot of their actions are ad hoc and reactive, driven by crises,” said Prateek Waghre, policy director at the Internet Freedom Foundation, a non-profit digital rights organization in India. “Essentially, they’re often held together by tape or chewing gum.”
Peiter “Mudge” Zatko, who was Twitter’s chief security officer until he was fired earlier this year, filed the complaints last month with US federal authorities, alleging the company misled regulators in the process. about its weak cybersecurity defenses and its negligence in its attempt to root out fake accounts that spread misinformation. One of Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had stricter measures in place to protect the security and privacy of its users.
Waghre said allegations in the complaint against India – that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct and unsupervised access to systems and to company user data” – were particularly worrisome. He also pointed to an incident earlier this month where a former Twitter employee was convicted of passing sensitive user data to royals in Saudi Arabia in exchange for bribes.
The consequences of privacy and security breaches can range from inconvenience and embarrassment, such as when an Indiana State Police account has been hacked and tweeted “poo-poo head” earlier this year – much worse. In October 2021, a Saudi aid worker was sentenced to 20 years in prison because of an anonymous, satirical Twitter account the kingdom says it runs. It’s possible the case is linked to the men accused of spying on behalf of the kingdom while working at Twitter.
As an advocate for dissidents and others detained in Saudi Arabia, Bethany Al-Haidari has for years worried about privacy guarantees for Twitter users. The new whistleblower allegations make her all the more worried.
“Given what we know about how social media is used around the world, this is extremely problematic,” said Al-Haidari, who works for The Freedom Initiative, a United States-based human rights group. United States. The possibility of hackers or governments exploiting Twitter’s alleged cybersecurity flaws to obtain user identities, private messages or other personal information “is quite concerning to me,” she said.
Chinese-Australian artist and activist Badiucao, who regularly posts works critical of the Chinese Communist Party, expressed concern over the whistleblower’s allegations, noting that many users provide their phone numbers and emails to Twitter.
“Once this personal information has been leaked, it could be used to trace your identity,” he said. Badiucao said he regularly receives death threats and propaganda from what appear to be bot or spam accounts.
But the artist plans to continue using Twitter, saying it’s probably the best option for Chinese-speaking activists and artists as a “free speech shelter.”
Twitter says the whistleblower’s allegations present a “false narrative” about the company and its privacy and data security practices, and that the allegations lack context. “Security and privacy have long been company-wide priorities at Twitter and will continue to be,” the company said in a statement.
Despite heightened concerns over Zatko’s claims, none of the groups The Associated Press reported on this week plans to stop using Twitter. Security experts say that while the whistleblower’s claims are alarming, there is no reason for individual users to delete their accounts.
High-level Twitter users and global governments may be more at risk than average users, experts say. In 2020, for example, Twitter suffered an embarrassing crisis hacking by a teenager who accessed the accounts of then-President Barack Obama, Joe Biden, Mike Bloomberg and a number of tech billionaires, including Tesla CEO Elon Musk and Amazon founder, Jeff Bezos. Musk is currently embroiled in a battle with Twitter as he tries to pull out of a $44 billion deal to buy the company.
Another security incident has raised alarm bells for Jennifer Grygiel, a communications professor at Syracuse University who follows Twitter closely. In 2017, a Twitter customer service employee disabled then President Donald Trump counts a few minutes on their last day of work. While the account was restored quickly, Grygiel said, the incident showed just how vulnerable Twitter is when it comes to governments, heads of state and military branches that use the platform.
“Am I surprised and shocked by the whistleblower’s allegations? I’m not,” said Trav Robertson, chairman of the South Carolina Democratic Party, who uses Twitter to communicate with about 18,700 followers. But he argues that it’s especially important for people not to assume that “constant attacks on our emails, our databases, our Twitter accounts, our Facebook” are the new normal. “When we become numb to it, we fail to be proactive,” he said.
At the City of Denver Fire Department, public information officer JD Chism acknowledges his concern about safety issues. But the department must weigh that risk against the way Twitter has become essential for communicating emergencies to the public. The department’s Twitter feed hosts real-time updates on fires and road closures and resulting injuries, as well as retweets from other agencies warning of hazards such as flash flooding.
For now, the department will continue to use Twitter as it always has, Chism said, “It’s good for taking care of people, and that’s what we’re here for.”
Associated Press Writers Krutika Pathi in New Delhi; Jesse Bedayn in Denver; Jennifer Peltz in New York; James Pollard in South Carolina; Zen Soo in Hong Kong; Margaret Stafford in Kansas City; Russ Bynum in Savannah, Georgia; Jay Reeves in Birmingham, Alabama; Amy Taxin in Orange County, California; Rebecca Santana in New Orleans; Jonathan Mattise in Nashville, Tennessee; and Michael Goldberg in Jackson, Mississippi, contributed to this story.
Barbara Ortutay, Associated Press