Lawmaker pounds Twitter CEO's absence as whistleblower testifies on Hill

Twitter whistleblower Peiter “Mudge” Zatko made his debut in Congress on Tuesday to air his accusations that the platform has security flaws so “egregious” they could have national security implications.

But some on the Senate Judiciary Committee are more focused on the Twitter CEO who won’t be there.

Parag Agrawal declined an invitation from Judiciary Chair Dick Durbin (D-Ill.) and ranking member Chuck Grassley (R-Iowa) to testify alongside Zatko, citing possible complications for the company’s ongoing lawsuit against Elon Musk.

Committee members are expected to question Zatko, Twitter’s former chief security officer, about his allegations that Twitter violated a 2011 federal settlement when it mishandled users’ data and the company’s leaders misled their board about the security flaws.

“Simply put, the whistleblower disclosures paint a disturbing picture of a company that’s solely focused on profits at any expense, including at the expense of the safety and security of its users,” Grassley said in his opening remarks. He added: “If these allegations are true, I don’t see how Mr. Agrawal can maintain his position at Twitter.”

"The bottom line is this: Twitter is an immensely powerful platform that cannot afford gaping security vulnerabilities," Durbin said in his own opening statement.

Twitter declined to comment about the committee’s outreach to Agrawal. It has denied Zatko’s claims, saying they’re “riddled with inconsistencies and inaccuracies.”

Tuesday’s hearing marks a step up in Congress’ pressure on tech companies to take more responsibility for security flaws. The issue is especially urgent as the midterm elections approach and social media platforms are put to the test again to combat the kind of misinformation that spread widely during the 2020 presidential contest.

But lawmakers' concerns about Twitter and other social media platforms extend well beyond the security flaws Zatko is alleging, said Durbin, who noted a sharp partisan split that has cropped up in Congress' tech debates.

"I for one believe that Twitter should be doing far more to combat the proliferation of hate speech and conspiracy theories," Durbin said. "Republicans, on the other hand, claim that Twitter censors their conservative speakers. I urge my colleagues to set some of these partisan differences aside to try to find the common ground that we would need to establish security standards that would be raised today by our whistleblower."

Zatko’s complaints have also been admitted as evidence in Twitter’s legal battle with Musk, the one-time suitor who has disavowed his earlier deal to buy the company for $44 billion. Twitter shareholders are widely expected to vote in favor of the Musk sale on Tuesday, even though Musk is trying to get out of the deal.

Grassley said Agrawal rejected the invitation to testify “claiming that it could jeopardize Twitter’s ongoing litigation with Elon Musk. Many of the allegations directly implicate Mr. Agrawal, and he should be here to address them.”

Grassley added, “So let me be clear, the business of this Committee, and protecting Americans from foreign influence, is more important than Twitter’s civil litigation in Delaware.”

The committee has the authority to subpoena witnesses but has not yet decided its next steps on pursuing Agrawal’s testimony, an aide said Monday.

Zatko alleged in a whistleblower complaint first reported by The Washington Post and CNN that Twitter executives lied about cyber vulnerabilities and data security. Those included charges that Twitter does not always delete data from deactivated accounts, and that it has failed to scrub the platform of automated bot accounts that have been known to spread propaganda and harm users’ experience on the site.

He also said too much of the staff — nearly half of Twitter’s 10,000 employees — had access to users’ data. Among his more alarming accusations was that the India’s government had pressured Twitter to hire at least one of the country’s government agents.

The hearing comes a day before both current and former Twitter officials are expected to appear before the Senate Homeland Security and Governmental Affairs Committee as part of a separate hearing on “social media’s impact on homeland security.” Twitter’s head of consumer product, Jay Sullivan, will appear alongside chief product officiers from Meta, YouTube and TikTok.

Tuesday’s hearing also comes after Twitter’s Sacramento data center crashed due to extreme heat last week, putting the social media platform in a “non-redundant state,” according to an internal memo reported by CNN. The shortage of redundant or additional backup data centers was another concern Zatko raised in whistleblower complaint.

Agrawal fired Zatko in January, after which Zatko filed whistleblower documents in July to the Judiciary Committee – along with several other committees – as well as the Justice Department, Federal Trade Commission and Securities and Exchange Commission.

Twitter has said it fired Zatko because of “ineffective leadership and poor performance.” The company later paid him $7 million as part of a settlement in June that included a nondisclosure agreement, The Wall Street Journal reported last week.

Zatko’s complaint also raised concerns that Twitter executives do not receive incentives to accurately “detect” or report spam bots. That overlaps with accusations from Musk, who used claims that Twitter is underreporting its spam bot problem as a reason to back out of his offer to buy the company.

Musk is fighting an ongoing lawsuit from Twitter in a court in Delaware, where the judge has allowed the billionaire’s legal team to use Zatko’s complaint as evidence in the case.

Former Twitter CEO Jack Dorsey hired Zatko in late 2020 to take over the company’s security operations after it faced a massive cyberattack earlier that year, affecting accounts of politicians such as former Presidents Barack Obama and Donald Trump as well as then-presidential candidate Joe Biden.

Zatko is well respected within both the hacker, security researcher and U.S. intelligence communities, having previously worked at the Defense Department along with other tech companies prior to Twitter, said John Tye, his lawyer at the nonprofit legal group Whistleblower Aid.

“He wants to see this platform and other platforms being everything they can be in terms of actually playing a positive role in public conversation in this country and in other countries around the world and playing a positive influence on elections and human rights,” Tye said in an interview.

Eric Geller and Maggie Miller contributed to this report.