304 North Cardinal St.
Dorchester Center, MA 02124
‘Foreign agents’ went undetected until reported by an outsider: ZatkoTwitter’s lack of internal security controls meant the social media company couldn’t track employees who may have acted as government agents due to inappropriate logging activity, Twitter’s former security chief turned whistleblower Peiter told Zaťko .
He had previously claimed that he believed “with a high degree of confidence” that the Indian government had placed its agents in the company. During a hearing of the US Senate Judiciary Committee on Tuesday night, Zaťko also said that Twitter has a Chinese agent on its payroll working for the country’s Department of State Security.
“Except for a person who I believe with great confidence is a foreign agent posted from India, it’s only been from an outside agency or someone who’s tipped off on Twitter that someone already exists, that they’re going to find that person,” Zaťko said in response to a question from Senator Dianne Feinstein.
He said that when Twitter learned of an insider acting on behalf of a foreign interest as a government agent, it “made it extremely difficult to track people.” “There is a lack of logging and the ability to see what they are doing, what information is being accessed, let alone set steps to correct and possibly restore any damage,” Zaťko told the committee.
His resignation comes less than a month after Zaťko filed a whistleblower complaint with the US Securities and Exchange Commission (SEC) alleging that the Indian government “forced” the social media company to hire one or more individuals who were “government agents ” and had, among other things, unsupervised access to massive amounts of user data on the platform.
In August, a former Twitter employee was also found guilty of spying for the Saudi government and passing on the user data of suspected dissidents.
During Tuesday’s hearing, which lasted more than two hours, another senator asked Zaťek how having an agent would help the government. In a potential reference to India, Zaťko said an agent could gain access to people’s phone numbers and email addresses and potentially know about people and their networks who may have been involved in the farmers’ protest, for example.
The data that Twitter collects includes, among other things: a user’s phone number, current and past IP addresses from which the user connects, current and past email addresses, and a person’s approximate location based on IP addresses. In addition to collecting this vast trove of data, Zaťko claimed that Twitter had access to the data of users who left the platform because it did not delete their accounts, but only deactivated them.
Twitter did not respond to an immediate request for comment.
After Zatka’s revelations, Twitter officials in India were summoned by the Shashi Tharoor-led Parliamentary Standing Committee on Information Technology last month.