Twitter whistleblower claims company’s practices pose national security risk

In a whistleblower complaint, Twitter’s former security chief has raised serious questions not just about the company’s security practices, but the potential for foreign governments and entities to influence the company. According to Peiter “Mudge” Zatko, Twitter’s dealings with other countries could be putting the United States’ national security at risk. As reported by CNN, the complaint details specific concerns relating to Russia, China and India.

“A few months before CTO Parag Agrawal was promoted to CEO, Agrawal suggested to Mudge that Twitter should consider ceding to the Russian Federation’s censorship and surveillance demands as a way to grow users in Russia,” the complaint, published by The Washington Post, states.

The document doesn’t specify what steps Agrawal proposed. As CNN points out, Russia tried to force large tech companies, including Twitter, to open local offices in the country before its invasion of Ukraine. The complaint states that the “suggestion was never pursued or implemented,” but it notes that the mere suggestion is “cause for concern about Twitter’s effects on U.S. national security,” and that it was at odds with Jack Dorsey’s wishes.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.

Not nowTurned onTurn on

Zatko also raises questions about Twitter’s financial relationship with unnamed “Chinese entities.” The complaint states that Twitter is “dependent upon revenue coming from Chinese entities even though the Twitter service is blocked in China.” The money led to “concerns within Twitter that the information the Chinese entities could receive would allow them to identify and learn sensitive information about Chinese users who successfully circumvented the block, and other users around the world.” It goes on to say that “Mr. Zatko was told that Twitter was too dependent on the revenue stream to do anything other than attempt to increase it.”

Regarding Twitter’s operations in India, the complaint alleges that the Indian government “forced” the company to hire at least one government agent who “would have access to vast amounts of Twitter’s sensitive data.” It later says that a U.S. government source warned the company that “one or more particular company employees were working on behalf of another particular foreign intelligence agency.” The document doesn’t specify what country the source was referring to.

Notably, it’s not the first time Twitter has dealt with an employee accused of spying for another country. A former Twitter worker was recently convicted of acting as an agent for Saudi Arabia. Prosecutors alleged the man was paid to turn over sensitive information about dissidents.

Elsewhere in the complaint, Zatko states that Twitter repeatedly caught employees “intentionally installing spyware on their work computers at the request of external organizations” even though it was against the company’s policy to do so. There are no further details provided about what organizations might be making such requests or why employees would comply, but the complaint notes that as a result some “external people or organizations had more awareness of activity on some Twitter employee computers than Twitter itself had.”

Twitter didn’t immediately respond to a request for comment on the claims. The company previously told The Washington Post and CNN the complaint was “riddled with inaccuracies.” Members of Congress, including the Senate Intelligence Committee, have already said they are looking into Zatko’s allegations.