Twitter Whistleblower Reveals No Other Choice: Congress Must Act to Protect Data Privacy

COMMENTARY Technology

Twitter Whistleblower Reveals No Other Choice: Congress Must Act to Protect Data Privacy

Sep 14, 2022 3 min read
COMMENTARY BY
Will Thibeau

Policy Analyst, Tech Policy Center

Will is a policy analyst in The Heritage Foundation’s Tech Policy Center.
Peiter “Mudge” Zatko, former head of security at Twitter, is sworn-in as he testifies before the Senate Judiciary Committee on September 13, 2022 in Washington, D.C. Kevin Dietsch / Getty Images

Key Takeaways

Zatko detailed a systemic lack of institutional concern for users’ data privacy or platform security throughout his tenure as Twitter's security chief.

Because of Mudge’s testimony, we know of at least one Chinese spy who worked at Twitter.

Congress should pursue all-encompassing tech legislation that includes anti-trust measures, speech protections, data privacy, and child protection.

Hacker and network security specialist Peiter “Mudge” Zatko testified Tuesday before the Senate Judiciary Committee about allegations in his whistleblower report last month.

The Senate hearing arose from intense concerns that Twitter executives have failed in their responsibility to protect user data. In his whistleblower report, Zatko detailed a systemic lack of institutional concern for users’ data privacy or platform security throughout his tenure as the social media company’s security chief.

Persisting throughout the Senate hearing was a bipartisan strand of disappointment, as if Twitter were a long-treasured American manufacturer just recently succumbed to poor leadership.

But Americans should examine whether there ever was a perch from which Twitter fell to cause this disappointment in the company’s utter lack of concern for any outcome besides profit.

Senators may rightly express shock at the absence of internal security policies at Twitter, but much of that shock should be directed at the lawmakers who allowed an oligarchy to grow in Silicon Valley.

If the testimony of Zatko, better known as Mudge, is not enough to compel lawmakers in Congress to turn over the tables inside the temple of Silicon Valley, then America needs new lawmakers.

The World Economic Forum’s maxim “You’ll own nothing and be happy” is already true on Twitter. Mudge’s responses to Sen. Josh Hawley, R-Mo., revealed that over 4,000 Twitter employees enjoy unrestricted access to the application.

This means that 4,000 unvetted employees could observe private messages, “hijack” accounts, and observe every scroll or click on Twitter’s platform.

Your Twitter account is not your own, and every action you take on it is subject to the whims of a Silicon Valley engineer. Or a Twitter account, because of unchecked platform controls, could belong to an agent of the Chinese Communist Party with this access.

Because of Mudge’s testimony, we know of at least one Chinese spy who worked at Twitter. Whether the foreign agent was Chinese, Indian, or a Saudi is immaterial to the question of how unaccountable a critical public utility is to the interests and well-being of the American people.

Mudge made clear to senators that Twitter wasn’t compelled to scrutinize the threat of foreign interference, because its profit interest was found in lax regulatory control. Congress should change this dynamic for Twitter and the rest of Silicon Valley.

Herein lies the fundamental flaw of the expectation that the “free market” is the best way to confront the oligarchy of Big Tech. Security measures for corporate data are difficult to implement and require a heavy financial and personnel investment.

In response to a line of questioning by Sen. Dick Durbin, D-Ill., Mudge expressed “hope” that Twitter’s executives would adhere to more responsible security practices.

But hope, unfortunately, isn’t enough to counter the demands for unrestricted access to data in the name of efficient, profitable commercial surveillance.

Twitter and its California tech partners see Americans as users in the same way that the drug cartels see American teenagers as users. Twitter can take advantage of and manipulate us for profit and ideology.

As a result of Mudge’s whistleblower report, we no longer can claim to be surprised. Tech giants will act to subjugate an entire class of Americans unless compelled not to do so by the fullest extent of the law.

Tech policy-by-hope has failed us, and we also should stop hoping for entrepreneur Elon Musk, or any other billionaire white knight, to salvage a critical tech common carrier for the rest of us. It’s clear that Musk is doing everything he can not to buy Twitter, despite shareholders’ voting to approve the company’s sale at the price he offered.

While Musk owning Twitter might make for a platform more friendly to free speech, he would face significant institutional opposition to meaningful reform, while still allowing the people’s representatives to avoid real accountability.  

The rot Musk would have to expose is so deep that Twitter doesn’t even have a testing environment for the platform. This means that every software update is tested on real Twitter users, as opposed to a practice environment where engineers could verify functionality before widespread deployment.

Quite literally, Americans are a science experiment for the bizarre worldviews of engineers who have no legal duty to the common good.

Many might miss the significance of this, but any person with experience developing software knows that the absence of a testing environment for new features is an irresponsible, childish exposure of Twitter’s business and operations.

Congress should pursue all-encompassing tech legislation that includes anti-trust measures, speech protections, data privacy, and child protection. Later, we will get to the details of what this bill should include.

Regardless, corporate officeholders should be personally liable for breaking the laws that elected representatives write. As Peiter “Mudge” Zatko outlined to the Senate committee, corporate fines are meaningless.

It is past time we hold decision-makers in these Silicon Valley conglomerates personally accountable for dereliction of duty as leaders of common carriers that are so central to the American way of life. 

This piece originally appeared in The Daily Signal