The former head of security for Twitter, Peiter Zatko, has alleged that the Indian government forced Twitter to hire agents who would have access to vast amounts of sensitive Twitter data at a time of intense protests in the country.
Zatko’s allegations regarding the state of Twitter’s operations in India were a part of a wider whistleblower report against the microblogging site’s negligence of cybersecurity of its users. Whistleblower Aid, a law firm representing Zatko, filed the allegations last month with the US government. The Federal Trade Commission, a US federal agency overseeing consumer protection, is reviewing the allegation.
Zatko’s whistleblower disclosure alleges that Twitter was forced by the Indian government to hire agents on Twitter’s payroll who had unfettered access to sensitive user data (because of Twitter’s architectural flaws).
“Twitter’s transparency reports purported to quantify the number of government data requests from the Indian government, but the company did not in fact disclose to its users that it was believed by the executive team that the Indian government had succeeded in placing agents on the company’s payroll. By knowingly permitting an Indian government agent direct, unsupervised access to the company’s systems and user data, Twitter executives violated the company’s articulated commitments to its users,” Zatko said in his whistleblower report.
Compulsion in hiring
Zatko also alleges that the governments of India, Nigeria, and Russia also sought, with varying success, to compel Twitter to hire more local full-time employees. Higher local employee presence by these governments would be used as leverage for Twitter to comply with government demands, according to Zatko.
These allegations come in the backdrop of Twitter’s moving to the Karnataka High Court over the government’s content blocking orders in July. The long-ranging battle between Twitter and the government over the removal/blocking of content on the platform has intensified over the past year. Last year, Twitter expressed concerns over the use of “intimidation tactics” and “potential threats to freedom of expression” in India, while the government hit back, terming such statements an attempt to defame India.
Civil liberty organisations have also noted that the government has been anti-free speech and anti-privacy when it comes to their attempts to regulate and deal with social media platforms such as Twitter.
Internet researcher Srinivas Kodali told BusinessLine, “As this information regarding the role of an Indian agent at Twitter has been informed to the US Senate Intelligence Committee, we may see severe actions to follow from a national security point of view. The complaint is more about the security of Twitter users and other nation-states than executive practices inside Twitter.”
When BusinessLine reached out to Twitter for a comment, their spokesperson said, “Zatko was fired from his senior executive role at Twitter in January 2022 for ineffective leadership and poor performance. What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context. Zatko’s allegations and opportunistic timing appear designed to attract attention and inflict harm on Twitter, its customers, and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”