USFeatured TopicsBig Tech, Censorship, and Socialism

Elon Musk Must ‘Immediately Address and Fix’ Twitter’s Security Failures: Senate Republican

Save
Elon Musk Must ‘Immediately Address and Fix’ Twitter’s Security Failures: Senate Republican
Illustration of a cellphone displaying a photo of Elon Musk placed on a computer monitor filled with Twitter logos in Washington on Aug. 5, 2022. (Samuel Corum/AFP via Getty Images)
Frank Fang
11/24/2022
Updated:
11/24/2022
0:00

Sen. Chuck Grassley (R-Iowa), the top Republican on the Judiciary Committee, is calling on Elon Musk to answer questions about Twitter’s security and privacy issues that his predecessor has failed to provide.

In a letter (pdf) to Musk released on Nov. 23, Grassley expressed concerns about how the information collected by Twitter could fall into the hands of foreign powers, including China. He pointed to records and testimony provided by Peiter “Mudge” Zatko, a whistleblower who served as Twitter’s head of security before being fired in January.

“His testimony made clear that a compromised Twitter employee working on behalf of a foreign power could use this access to collect data on Americans and even hack other parts of a user’s phone to access files, photos, or conversations that could then be used to extort, blackmail, or collect intelligence,” Grassley wrote.

He added, “These are significant security failures that Twitter must immediately address and fix.”

Sen. Chuck Grassley (R-Iowa) speaks during a congressional hearing in Washington on Feb. 24, 2021. (Greg Nash/Pool/AFP via Getty Images)
Sen. Chuck Grassley (R-Iowa) speaks during a congressional hearing in Washington on Feb. 24, 2021. (Greg Nash/Pool/AFP via Getty Images)

At least one Chinese agent has infiltrated Twitter, Grassley wrote, citing Zatko’s testimony.

Grassley’s letter comes at a time when Musk aims to bring sweeping changes to Twitter. After completing his purchase of the company in late October, the Twitter CEO has focused on matters relating to freedom of speech, including reinstating former President Donald Trump and Rep. Majorie Taylor Greene (R-Ga.) to the platform.
Currently, Musk is polling Twitter users on whether the company should offer a “general amnesty” to suspended accounts as long as they “have not broken the law or engaged in egregious spam.”

Testimony

Speaking before a Senate Judiciary Committee hearing in September, Zatko revealed that at least one agent of China’s top intelligence agency, the Ministry of State Security, was on Twitter’s payroll.

Zatko also said that Twitter would be a “goldmine” for any foreign intelligence agency that could embed agents within the company.

“If you place somebody on Twitter … as we know has happened, it would be very difficult for Twitter to find them,” Zatko said. “They will probably be able to stay there for a long period of time and gain significant information to provide back on either targeting people or on information as to Twitter’s decisions and discussions and … the direction of the company.”

Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill in Washington, on Sep. 13, 2022. (Kevin Dietsch/Getty Images)
Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill in Washington, on Sep. 13, 2022. (Kevin Dietsch/Getty Images)
Two months before his congressional testimony, Zatko filed a complaint (pdf) to federal regulators, alleging that Twitter had “engaged in acts and practices operating as deceit upon its users and shareholders, regarding security, privacy, and integrity.”

The complaint claims that Chinese entities gave money to Twitter, raising concerns that these entities could learn sensitive information about Twitter users around the world.

“Twitter executives knew that accepting Chinese money risked endangering users in China,” the complaint says.

Former Twitter CEO Parag Agrawal has called Zatko’s claims a “false narrative.” Agrawal was invited to testify before the Senate Judicial Committee in September but declined to do so.

“Twitter collects vast amounts of data on American citizens,” Grassley wrote. “In the hands of a foreign agent embedded at Twitter, a foreign adversary could use their access to personal data to track down pro-democracy dissidents within their country or spy on Americans.

“Twitter has a responsibility to ensure that the data is protected and doesn’t fall into the hands of foreign powers.”

Risk Assessment

Grassley told Musk that he is now “uniquely positioned to provide answers to Congress” where Agrawal has failed.

The Iowa senator asks Musk to carry out a “threat assessment of Twitter’s current security posture and systems” and answer questions on a Sept. 12 letter he and Sen. Dick Durbin (D-Ill.) sent to Agrawal. Grassley wants Musk to respond to his requests before Dec. 15.

According to Grassley, Agrawal did not respond to the letter citing litigation with Musk “as an excuse.”

Parag Agrawal, then-CEO of Twitter, walks to a morning session during the Allen & Company Sun Valley Conference in Sun Valley, Idaho, on July 7, 2022. (Kevin Dietsch/Getty Images)
Parag Agrawal, then-CEO of Twitter, walks to a morning session during the Allen & Company Sun Valley Conference in Sun Valley, Idaho, on July 7, 2022. (Kevin Dietsch/Getty Images)

“What are your policies and procedures for protecting user data from insider threats posed by foreign intelligence?” says one of the questions in the Sept. 12 letter. “What steps does Twitter take during the hiring process to screen candidates for potential linkages to foreign intelligence services?”

Another question asked: “What percentage and number of Twitter employees have at least some level of access to live production systems and/or user data?”

“Please provide a full and complete list of all government agencies, foreign and domestic, who have approached Twitter to flag content for removal,” the final question in the letter says.

Grassley is not the only lawmaker seeking answers from the Twitter and SpaceX CEO.

In October, Rep. James Comer (R-Ky.), the top Republican on the House Oversight Committee, sent a letter to Musk asking for records related to Twitter’s suppression of Hunter Biden’s laptop story.