Peiter Zatko, Twitterâs former security chief-turned-whistleblower. | Photo by Matt McClain/The Washington Post via Getty Images
Twitterâs former security chief Peiter âMudgeâ Zatko will testify in Congress next month after he went public with damning allegations about the social media companyâs security practices and attempts to mislead regulators, the Washington Post reports. Zatko is scheduled to speak at a hearing on September 13th and is expected to address the privacy and national security concerns raised in his complaint.
âMr. Zatkoâs allegations of widespread security failures and foreign state actor interference at Twitter raise serious concerns,â said the chair of the Senate Judiciary Committee Senator Richard J. Durbin (D-Ill) and the committee top Republican Senator Charles E. Grassley (R-Iowa) in a joint statement. âIf these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.â
Zatko has already met privately with Judiciary Committee staff, and has had three meetings on Capitol Hill, according to the Washington Post reports.
Zatkoâs complaint has also drawn scrutiny from European data protection regulators, TechCrunch reports. The complaint claims that, if EU regulators had made enquiries about Twitterâs security practices, the company would have attempted to mislead them the same way it misled the FTC. Irelandâs Data Protection Commission, which leads enforcement of the EUâs General Data Protection Regulation (GDPR) for Twitter because of the location of the tech companyâs EU headquarters, said it had âengaged with Twitterâ over the issues raised in the whistleblower complaint.
Meanwhile Franceâs data watchdog, CNIL, told TechCrunch that it is âcurrently investigatingâ claims made in Zatkoâs complaint, and that its investigation could result in âan order to comply or a sanctionâ if Twitter is found to have broken the law. TechCrunch notes that itâs unclear what sanctions Twitter could face in the EU, but GDPR allows fines of up to 4 percent of a companyâs global annual turnover depending on the severity of the violation.
Twitter declined to comment to The Washington Post on news of the hearing, and a representative from the company did not immediately respond to The Vergeâs request for comment. But in an internal memo sent after the revelations became public, Twitter CEO Parag Agrawal said the claims are âa false narrative that is riddled with inconsistencies and inaccuracies, and presented without important contextâ
âMr. Zatko was fired from his senior executive role at Twitter for poor performance and ineffective leadership over six months ago,â a spokesperson for the company told CNN when the allegations became public. âMr. Zatkoâs allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.â
Zatko, who was fired by Twitter in January shortly after Agrawal became CEO, makes numerous damning claims about security lapses at the company in the complaint filed with the Securities and Exchange Commission (SEC) last month. In particular, he says the company has violated the agreement it made with the Federal Trade Commission (FTC) to uphold various security safeguards after a pair of security incidents in 2009.
The former security chief also alleges that Twitterâs approach to measuring the number of bots on its platform is misleading, which if true would cast down on its claims that less than 5 percent of its monthly users are bots, fake accounts, or spam. This figure has proven key in Twitterâs ongoing legal battle with Elon Musk, after the Tesla CEO attempted to back out of his agreement to buy the social media network over a dispute about the number of bots on its platform.