Duct tape or gum: Twitter lapses echo around the world
SAN FRANCISCO (AP) — From fire departments to governments, from school districts to corporations, from local utility companies to grassroots organizers around the world, the best thing about Twitter is a tool for broadcasting a message quickly, efficiently and directly.
It is also a constant calculation of risk and reward.
A recent whistleblower report from Twitter’s former chief of security alleges that the social media company has been recklessly lax on cybersecurity and privacy protections for its users for years. While troubling for anyone on Twitter, the revelations could be especially worrying for those who use it to reach constituents, spread news about emergencies, and for political dissidents and activists targeted by hackers or their own governments.
“We tend to see these companies as large, well-resourced entities that know what they’re doing, but you realize a lot of their actions are ad hoc and reactive, driven by crises,” said Prateek Waghre, chief policy officer. of the Internet Freedom Foundation, a non-profit organization dedicated to digital rights in India. “Essentially, they are often held together with cellophane tape or chewing gum.”
Peiter “Mudge” Zatko, who served as Twitter’s chief security officer until he was fired earlier this year, filed the complaints last month with US federal authorities.
Among Zatko’s most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had implemented more stringent measures to protect the security and privacy of its users.
Waghre said the allegations in the India complaint — that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct, unsupervised access to company systems and user data” — were particularly worrying. She also pointed to an incident earlier this month in which a former Twitter employee was found guilty of passing sensitive user data to members of the royal family in Saudi Arabia in exchange for bribes.
The consequences of privacy and security lapses can range from inconvenience and embarrassment, like when an Indiana State Police account was hacked and tweeted “poop head” earlier this year, to much worse. In October 2021, a Saudi aid worker was sentenced to 20 years in prison over an anonymous, satirical Twitter account the kingdom says he ran. The case may be related to the men accused of spying on behalf of the kingdom while working on Twitter.
As an advocate for dissidents and others detained in Saudi Arabia, Bethany Al-Haidari has been concerned for years about privacy guarantees for Twitter users. New complaints from whistleblowers worry her even more.
“Given what we know about how social media is used around the world, that’s incredibly problematic,” said Al-Haidari, who works for The Freedom Initiative, a US-based human rights group. Hackers or governments exploiting alleged cybersecurity flaws in Twitter to obtain users’ identities, private messages or other personal information “is quite concerning to me,” he said.
Chinese-Australian artist and activist Badiucao, who regularly posts art critical of the Chinese Communist Party, expressed concern about the whistleblower’s allegations, noting that many users provide their phone numbers and emails to Twitter.
“Once that personal information is leaked, it could be used to track your identity,” he said. Badiucao said he regularly receives death threats and propaganda from what appear to be spam or bot accounts.
But the artist plans to continue using Twitter, saying it is probably the best option Chinese-speaking activists and artists have as a “haven for freedom of expression.”
Twitter says the whistleblowers’ claims present a “false narrative” about the company and its privacy and data security practices, and that the claims lack context. “Security and privacy have long been company-wide priorities at Twitter and will continue to be so,” the company said in a statement.
‘; var i = Math.floor(r_text.length * Math.random()); document.write(r_text[i]);