ADVERTISEMENT

Twitter whistleblower case prompts experts to call for tougher auditing of data-sensitive firms

In the wake of Peiter “Mudge” Zatko’s accusations against his former employer, a cybersecurity expert is calling for regulatory bodies to be given powers to inspect social media and other data-sensitive companies without prior notice.

Peiter Zatko and Twitter logo

Zatko. By DoD and Shutterstock

Damien Black
Damien Black Senior Journalist
Aug 31, 2022 Updated: 31 August 2022 9 min read
  • Twitter has been accused of violating the Federal Trade Commission Act by making false and misleading statements to users;
  • breaching Securities and Exchange Commission regulations regarding public companies;
  • making fraudulent and material misrepresentations to directors and shareholders; and
  • turning a blind eye to efforts by foreign governments to censor, surveil, and infiltrate the platform and its employees.

Twitter under fire

"The privacy elements that are required from Twitter actually go against their business model."
Reuven Aronashvili, CEO of cybersecurity firm CYE

More transparency needed

"Threatening to fine organizations [...] it seems likes it's not good enough - because you need some kind of mechanism to understand the situation and how to react accordingly."
Aronashvili
ADVERTISEMENT

Already found wanting

"Not enforcing encryption is a pretty big deal these days - some stuff that's associated with Twitter doesn't seem to be running it, or at least we're not detecting it."
Ryan Slaney, cybersecurity analyst at SecurityScorecard

Access privileges too liberal

"Engineers that have no need to get into sensitive data should not just have unfettered access."
Slaney

Some room for optimism

ADVERTISEMENT