In a whistleblower disclosure to US regulators, a former Twitter executive alleges that the Indian government forced Twitter to hire “government agents” who had access to a lot of user data. The accusations have surfaced as Twitter and the Ministry of Electronics and IT (MeitY) are engaged in a legal dispute on the latter’s content blocking orders.
The US Securities and Exchange Commission (SEC), Department of Justice (DOJ), and Federal Trade Commission (FTC), according to a report by The Washington Post, received a complaint from Zatko last month.
What claims has the Twitter whistleblower made?
Pieter ‘Mudge’ Zatko, a former head of safety at Twitter, filed a lawsuit with the US Securities and Exchange Commission alleging that the firm failed to disclose to users that the executive team felt the Indian government had been successful in hiring agents.
According to a redacted version of the lawsuit posted by the Washington Post and confirmed by Zatko’s attorney at Whistleblower Aid, he claimed that Twitter’s lax security measures would have allowed the government agent access to sensitive user data.
According to Zatko’s complaint, “the threat of harm to Twitter employees was sufficient to cause Twitter to seriously consider complying with foreign government requests that Twitter would otherwise fundamentally oppose” in nations where Twitter needed to have a physical presence and full-time employees.
Moreover, he stated that the governments of Russia, Nigeria, and India “tried, with varied degrees of success, to compel Twitter to hire local FTEs (full-time employees) that might be used as leverage.”
Mudge had prominent positions before joining Twitter at Google, Stripe, and the US Defense Advanced Research Projects Agency (DARPA), where he won the highest honor given to non-career civilian personnel.
Concerns regarding additional security vulnerabilities at Twitter were brought up in Zatko’s whistleblower charges to the US Securities and Exchange Commission.
Zatko, a well-known hacker also known as “Mudge,” said in an 84-page lawsuit that Twitter misrepresented its security measures and that he had informed colleagues that half of the company’s servers were running outdated and vulnerable software.
Who might these purported “government agents” be?
Without going into further detail, a corporate source told Reuters that the claims against the Indian government have already appeared on Twitter.
Requests for comment from the Indian IT ministry’s representatives were not immediately fulfilled.
In response to Zatko’s claims, a Twitter representative said: “What we’ve seen so far is a misleading narrative about Twitter and our privacy and data security standards that is plagued with inconsistencies and falsehoods and lacks crucial context.”
MeitY announced the Information Technology Rules, 2021, in February of last year. These regulations required social media corporations to hire important employees, or “nodal officers,” whose primary responsibility it was to serve as a point of contact for law enforcement agencies in their investigations. Additionally, the businesses had to employ a grievance officer to handle user complaints and a compliance officer to make sure the requirements were followed.
It is unclear if there is any connection between Zatko’s allegations that the firm employed a “government agent” and the workers that Twitter was required to hire in accordance with the IT Rules, 2021. According to Zatko, US intelligence had been provided with proof to back up this assertion.
Twitter’s response to this
Apparently due to “ineffective leadership and poor performance,” Zatko was let go from his position with Twitter in January2022, according to a statement from a Twitter representative.
After asking a local court to reverse several government orders to remove content from the social media site and alleging official abuse of authority, Twitter filed a lawsuit against the Indian government in July.
According to Zatko’s lawsuit, “the company did not actually disclose to users that it was thought by the management team that the Indian government had successfully placed agents on the company payroll.”
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security standards, which is full of contradictions and falsehoods and lacks crucial context. Mr. Zatko’s accusations and opportunistic timing appear to be done with the intention of garnering attention and hurting Twitter, its users, and its stockholders. At Twitter, security and privacy have always been and will remain top objectives, according to a company spokeswoman.
How might the new information affect Twitter’s ongoing legal proceedings?
The findings come as Twitter is involved in two prominent court disputes: one with the government of India over some of its content filtering orders, and another with Tesla CEO Elon Musk over his attempt to withdraw from his earlier $44 billion offer to purchase the social media business. Also, Elon Musk challenges Twitter CEO Parag Agrawal to ‘a public debate’ on the company’s bot data
Twitter filed a petition with the Karnataka High Court last month asking for the government’s decision to block 39 links to be overturned. The blocking orders, according to Twitter, were outside the reach of the law.
Twitter has also filed a lawsuit against Musk for seeking to back out of the purchase agreement. Notably, Musk has claimed in this court action that the business’ choice to contest MeitY’s blocking orders was a “departure from the customary practice” and put its Indian operations “at jeopardy.”
In response, Twitter said that its actions in India are consistent with its “global practice” of contesting government orders or laws if it thinks that they are either “inadequately scoped under local law, are procedurally deficient, or as necessary to defend its users’ rights, including freedom of expression.”
Twitter had threatened to shut down its operations in India if it agreed with requests from the Indian government to remove content that officials had judged to be unlawful through its attorney at the Karnataka High Court. According to ANI, the HC had sent notifications to the Center and postponed the hearing until August 25.
For more such updates read here.