Twitter ex-security chief tells US Congress of security concerns
Twitter whistleblower Peiter Zatko told the US Congress on Tuesday that the platform ignored his security concerns, as its shareholders decide whether to approve a $44 billion takeover deal that Elon Musk is trying to exit.
“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko, a hacker widely known as “Mudge” who was Twitter’s former security chief, told the hearing.
He said that, during his time as head of security for the platform from late 2020 until his dismissal in January this year, he tried to alert management to grave vulnerabilities to hacking or data theft, to no avail.
“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,” Zatko said during his opening remarks to the Judiciary Committee.
“Employees then have to have too much access (…) it doesn’t matter who has the keys if you don’t have any locks on the doors.”
Zatko testified that he brought concrete evidence of problems to the executive team and “repeatedly sounded the alarm”.
“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem,” he said.
“But more importantly, their executive incentives led them to prioritize profits over security.”
Twitter has dismissed 51-year-old Zatko’s complaint as being without merit.
But revelations of his whistleblower report in the US press in August were perfectly timed for Tesla chief Elon Musk, who has used it as part of his justification for abandoning his unsolicited $44 billion bid to buy Twitter.
In his report, Zatko directly refers to questions asked by Musk about bot accounts on Twitter, saying the company’s tools and teams for finding such accounts are insufficient.
Musk has listed bot accounts as among the reasons to justify his walking away from the deal. Twitter is suing to force him to complete the buyout, with a trial set to go ahead on October 17.
If the court focuses on the fact that the world’s richest man declined to do fact gathering typically associated with big-money mergers, Zatko’s allegations could wind up being moot.
“Once both parties step into court it’s a high risk/high reward scenario for both parties with the major X variable now being the Zatko whistleblower claims,” Wedbush analyst Dan Ives said in a note to investors.
“We continue to view the Zatko situation as a Pandora’s Box scenario for Twitter.”
If Twitter prevails at trial, the judge could order the Tesla chief to pay billions of dollars to the company, or even complete the purchase.
Twitter shareholders are expected to endorse the buyout deal in a special vote Tuesday.
Twitter CEO Parag Agrawal declined to testify at Tuesday’s hearing, citing the Musk litigation, Senator Chuck Grassley said.
Zatko insisted he had not made his revelations “out of spite or to harm Twitter.”
“Far from that, I continue to believe in the mission of the company,” he told Tuesday’s hearing.
Threat of US ban surges after TikTok lambasted in Congress
A US ban of Chinese-owned TikTok, the country’s most popular social media for young people, seems increasingly inevitable a day after the brutal grilling of its CEO by Washington lawmakers from across the political divide.
But the Biden administration will have to move carefully in denying 150 million young Americans their favorite platform over its links to China, especially after a previous effort by then president Donald Trump was struck down by a US court.
TikTok CEO Shou Zi Chew endured a barrage of questions — and was often harshly cut off — by US lawmakers who made their belief quite clear that the app best known for sharing jokes and dance routines was a threat to US national security as well as being a danger to mental health.
In a tweet, TikTok executive Vanessa Pappas deplored a hearing “rooted in xenophobia”.
With both Republicans and Democrats against him at Congress, Chew must now confront a White House ultimatum that TikTok either sever ties with ByteDance, its China-based owners, or get banned in America.
A ban will depend on passage of legislation called the RESTRICT ACT, a bipartisan bill introduced in the Senate this month that gives the US Commerce Department powers to ban foreign technology that threatens national security.
When asked about Chew’s tumultuous hearing, spokeswoman Karine Jean-Pierre repeated the White House’s support of the legislation, which is just one of several proposals by Congress to ban or squeeze TikTok.
– ‘Prove a negative’ –
The sell-or-get banned order tears up 2.5 years of negotiations between the White House and Tiktok to find a way for the company to keep running under its current ownership while satisfying national security concerns.
Those talks resulted in a proposal by TikTok called Project Texas in which the personal data of US users stays in the United States and would be inaccessible to Chinese law or oversight.
But the White House turned sour on the idea after officials from the FBI and the Justice Department said that the vulnerabilities to China would remain.
“It’s hard for TikTok to prove a negative ‘No, we’re not turning over any data to the Chinese government.’ Look at how skeptical our European partners are about US companies where we have a strong legal system,” said Michael Daniel, executive director of the Cyber Threat Alliance, a non-governmental organization dedicated to cybersecurity.
Presently, the White House’s preferred solution is that TikTok sever ties with ByteDance either through a sale or a spin-off.
“My understanding is that what has been… insisted on is the divestment of Tiktok by the parent company,” US Secretary of State Antony Blinken said on Thursday.
But that option is riddled with difficulties, with many experts saying that Tiktok cannot function without ByteDance, which develops the app’s industry-leading technology.
“ByteDance’s ownership of TikTok and the golden jewel algorithm at the center of this security debate is a hot button issue that will not necessarily be solved just by a spin-off or sale of the assets,” said Dan Ives of Wedbush Securities.
Proving the point, China has ruled out giving the go-ahead for a TikTok sale, citing its own laws to protect sensitive technology from foreign buyers.
That leaves a ban which would see the full might of the US government crush TikTok to the undeniable benefit of domestic rivals Instagram, Snapchat and YouTube.
They currently trail TikTok, which is the most popular social media in the United States.
– Snapchat wins –
TikTok’s demise “will clearly benefit Meta and Snapchat front and center in the eyes of Wall Street,” said Ives, who believes the saga will play out for the rest of the year.
One unknown is whether a death sentence for TikTok will cost Washington politically among young voters.
Through a ban, “a democracy will be taking steps that impede the ability of young Americans to express themselves and earn a livelihood,” said Sarah Kreps, professor of government at Cornell University.
The lawmakers putting the Tiktok CEO over the coals minimized the danger of political blowback.
“I want to say this to all the teenagers… who think we’re just old and out of touch,” said representative Dan Crenshaw, a Republican.
“You may not care that your data is being accessed now, but there will be one day when you do care about it,” he said.
US state to require parental consent for social media
Utah on Thursday became the first US state to require social media sites to get parental consent for accounts used by under-18s, placing the burden on platforms like Instagram and TikTok to verify the age of their users.
The law, which takes effect March 2024, was brought in response to fears over growing youth addiction to social media, and to security risks such as online bullying, exploitation, and collection of children’s personal data.
But it has prompted warnings from tech firms and civil liberties groups that it could curtail access to online resources for marginalized teens, and have far-reaching implications for free speech.
“We’re no longer willing to let social media companies continue to harm the mental health of our youth,” tweeted Spencer Cox, governor of the western US state, who signed two related bills at a ceremony Thursday.
The bills also require social media firms to grant parents full access to their children’s accounts, and to create a default “curfew” blocking overnight access to children’s accounts.
They set out fines for social media companies if they target users under 18 with “addictive algorithms,” and make it easier for parents to sue social media companies for financial, physical or emotional harm.
“We hope that this is just the first step in many bills that we’ll see across the nation, and hopefully taken on by the federal government,” said state representative Jordan Teuscher, who co-sponsored the bill.
Michael McKell, a Republican member of Utah’s Senate who also sponsored the bill, said it was a “bipartisan” effort, and praised President Joe Biden’s recent State of the Union address, in which he raised the issue.
Biden last month called on US lawmakers to restrict how social media companies advertise to children and collect their data, as he accused Big Tech of conducting a “for profit” experiment on the nation’s youth.
California has already introduced online safety laws including strict default privacy settings for minors, but the Utah law goes further.
Lawmakers in states such as Ohio and Connecticut are working on similar bills.
Platforms including Instagram and TikTok have introduced more controls for parents, such as messaging limits and time caps.
At Thursday’s ceremony in Utah, McKell pointed to data from the federal Centers for Disease Control and Prevention which he said highlighted the toll social media apps can have on young minds.
“The impact on our daughters — and I have two daughters — it was incredibly troubling,” he said.
“Thirty percent of our daughters from ninth grade to 12th grade had seriously contemplated suicide. That’s startling.”
Google opens chatbot Bard for testing in US and UK
Google on Tuesday invited people in the United States and Britain to test its AI chatbot, known as Bard, as it scrambles to catch up with Microsoft-backed ChatGPT.
Bard, ChatGPT and other similar apps churn out essays, poems or computing code on command, though they come with warnings that the information they create can be incorrect or inappropriate.
People wishing to play with Bard can sign up on a waiting list at bard.google.com website, distinctly separate from the tech giant’s search engine.
Google CEO Sundar Pichai said in a tweet that the move is an “early experiment” allowing people to collaborate with generative artificial intelligence (AI).
“We’ve learned a lot so far by testing Bard, and the next critical step in improving it is to get feedback from more people,” Google vice presidents Sissie Hsiao and Eli Collins said in a blog post.
“We continue to see that the more people use them, the better LLMs (large language models) get at predicting what responses might be helpful.”
As exciting as chatbots are, they have their faults, Hsiao and Collins cautioned.
They can incorporate real-world biases, stereotypes or inaccuracies in responses, according to the vice presidents.
Google has adopted a more cautious rollout of generative AI in contrast to Microsoft that has chosen to swiftly make the products available to consumers despite reports of problems.
ChatGPT’s OpenAI is backed by Microsoft, which earlier this year said it would finance the research company to the tune of billions of dollars.
OpenAI recently released a long-awaited update of its AI technology that it said would be safer and more accurate than its predecessor.
Much of the new model’s firepower is now available to the general public via ChatGPT Plus, OpenAI’s paid subscription plan and on an AI-powered version of Microsoft’s Bing search engine.
News desk6 months ago
U.S. proposes redefining when gig workers are employees
Business5 months ago
WeaveSphere technology conference announces first human-AI keynote
Business5 months ago
Sun Life’s Chief Architect on culture and upskilling, and their role in DX
Business5 months ago
WeaveSphere technology conference announces keynote speakers
Business5 months ago
WeaveSphere’s goal? Make STEM education more accessible and inclusive