SAN FRANCISCO– From fire departments to governments, from school districts to corporations, from local public services to grassroots organizers around the world, Twitter at its best is a tool for getting a message across quickly, efficiently, and directly. .
It is also a constant calculation of risk and reward.
A recent whistleblower report from Twitter’s former chief of security alleges that the social media company has been recklessly lax on cybersecurity and privacy protections for its users for years. While troubling for anyone on Twitter, the revelations could be especially worrying for those who use it to reach constituents, spread news about emergencies, and for political dissidents and activists targeted by hackers or their own governments.
“We tend to see these companies as large, well-resourced entities that know what they’re doing, but you realize a lot of their actions are ad hoc and reactive, driven by crises,” said Prateek Waghre, chief policy officer. of the Internet Freedom Foundation, a non-profit organization dedicated to digital rights in India. “Essentially, they are often held together with cellophane tape or chewing gum.”
Peiter “Mudge” Zatko, who served as Twitter’s chief security officer until he was fired earlier this year, filed the complaints last month with US federal authorities. Among Zatko’s most serious allegations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had implemented more stringent measures to protect the security and privacy of its users.
Waghre said the allegations in the India complaint — that Twitter knowingly allowed the Indian government to place its agents on the company’s payroll where they had “direct, unsupervised access to company systems and user data” — were particularly worrying. She also pointed to an incident earlier this month in which a former Twitter employee was found guilty of passing sensitive user data to members of the royal family in Saudi Arabia in exchange for bribes.
The consequences of privacy and security lapses can range from inconvenience and embarrassment, like when an Indiana State Police account was hacked and tweeted “head poo” earlier this year, to much worse. In October 2021, a Saudi aid worker was sentenced to 20 years in prison for an anonymous, satirical Twitter account the kingdom says he ran. The case may be related to the men accused of spying on behalf of Saudi Arabia. of the kingdom while working on Twitter.
As an advocate for dissidents and others detained in Saudi Arabia, Bethany Al-Haidari has been concerned for years about privacy guarantees for Twitter users. New complaints from whistleblowers worry her even more.
“Given what we know about how social media is used around the world, that’s incredibly problematic,” said Al-Haidari, who works for The Freedom Initiative, a US-based human rights group. The possibility of hackers or governments exploiting alleged cybersecurity flaws in Twitter to obtain users’ identities, private messages or other personal information “is quite concerning to me,” he said.
Chinese-Australian artist and activist Badiucao, who regularly posts art critical of the Chinese Communist Party, expressed concern about the whistleblower’s allegations, noting that many users provide their phone numbers and emails to Twitter.
“Once that personal information is leaked, it could be used to trace your identity,” he said. Badiucao said he regularly receives death threats and propaganda from what appear to be spam or bot accounts.
But the artist plans to continue using Twitter, saying it is probably the best option Chinese-speaking activists and artists have as a “haven for freedom of expression.”
Twitter says the whistleblowers’ claims present a “false narrative” about the company and its privacy and data security practices, and that the claims lack context. “Security and privacy have long been company-wide priorities at Twitter and will continue to be so,” the company said in a statement.
Despite heightened concerns over Zatko’s claims, none of the groups The Associated Press spoke with this week plan to stop using Twitter. Security experts say that while the whistleblower’s claims are alarming, there is no reason for individual users to delete their accounts.
High-profile Twitter users and world governments may be at greater risk than average users, experts say. In 2020, for example, Twitter suffered an embarrassing hack by a teenager who accessed the accounts of former President Barack Obama, Joe Biden, Mike Bloomberg and several tech billionaires, including Tesla CEO Elon Musk and the founder of Amazon, Jeff Bezos. Musk is currently embroiled in a battle with Twitter as he tries to back out of a $44 billion deal to buy the company.
Another security incident raised alarms for Jennifer Grygiel, a communications professor at Syracuse University who follows Twitter closely. In 2017, a Twitter customer service worker disabled then-President Donald Trump’s account for a few minutes during his last day on the job. While the account was quickly restored, Grygiel said, the incident showed how vulnerable Twitter was when it comes to governments, heads of state and military branches using the platform.
“Am I surprised and shocked by the whistleblower’s allegations? I’m not,” said Trav Robertson, chairman of the South Carolina Democratic Party, which uses Twitter to communicate with some 18,700 followers. But he argues that it’s especially important that people don’t assume that “the constant attacks on our emails, our databases, our Twitter accounts, our Facebooks” are the new normal. “When we become insensitive, we are not proactive,” he said.
At the City of Denver Fire Department, Public Information Officer JD Chism acknowledges your concern about safety issues. But the department has to weigh that risk against the way Twitter has become an integral part of communicating emergencies to the public. The department’s Twitter feed hosts real-time updates on fires and resulting road closures and injuries, along with retweets from other agencies warning of dangers like flash flooding.
For now, the department will continue to use Twitter as it always has, Chism said, “it’s good for taking care of people, and that’s what we’re here for.”
Associated Press reporters Krutika Pathi in New Delhi; Jesse Bedayn in Denver; Jennifer Peltz in New York; James Pollard in South Carolina; Zen Soo in Hong Kong; Margaret Stafford in Kansas City; Russ Bynum of Savannah, Ga.; Jay Reeves in Birmingham, Alabama; Amy Taxin in Orange County, California; Rebecca Santana in New Orleans; Jonathan Mattise in Nashville, Tenn.; and Michael Goldberg in Jackson, Mississippi, contributed to this story.
This story has been updated to clarify that Barack Obama was a former president in 2020.