Opinion: Social media firms like Twitter cannot be trusted to control themselves

Editor’s Word: Kara Alaimo, an affiliate professor within the Lawrence Herbert College of Communication at Hofstra College, writes about points affecting ladies and social media. She was spokeswoman for worldwide affairs within the Treasury Division in the course of the Obama administration. The opinions expressed on this commentary are her personal.

The newest bombshell about Twitter’s alleged lack of safety and potential vulnerabilities is yet one more signal that social media networks shouldn’t be trusted to control themselves.

Final month, Twitter’s former head of safety, Peiter “Mudge” Zatko, advised Congress and federal companies that the corporate’s safety practices pose grave threats to nationwide safety. As a part of his disclosures, which have been revealed by CNN final week, Zatko claims that the corporate permits about half of its employees — which quantities to hundreds of staff — entry to important controls, and a number of of them could also be working for a international intelligence company. He additionally alleges that the corporate doesn’t adequately defend the safety of consumer knowledge, utilizing servers with outdated software program which might be lacking important safety features like encryption. What’s extra, he claims that he was discouraged from sharing the complete extent of the corporate’s safety issues with its board.

Twitter, after all, disputes the concept it has massive safety issues. It advised CNN that engineering and product groups can solely entry the manufacturing atmosphere if they’ve “a selected enterprise justification,” that staff use units that IT and safety groups oversee, and that if a tool is operating on outdated software program, they’ll forestall it from connecting to delicate inner techniques. Nevertheless, Twitter didn’t reply to questions on its alleged international intelligence vulnerabilities.

A spokesperson advised CNN that “Mr. Zatko was fired from his senior govt position at Twitter in January 2022 for ineffective management and poor efficiency.” The spokesperson additionally stated, “What we’ve seen up to now is a false narrative about Twitter and our privateness and knowledge safety practices that’s riddled with inconsistencies and inaccuracies and lacks necessary context.”

(Zatko contends that he was fired in retaliation for elevating safety considerations on the firm.)

Peiter Zatko, known as Mudge in the computer hacking community, poses for a portrait on August 22, 2022. Photo by Sarah Silbiger for CNN

This newest whistleblower report makes clear that social media platforms not solely pose potential privateness dangers to customers, but in addition nationwide safety dangers. Congress must urgently move a legislation regulating what knowledge social networks can acquire, how they’ll share it, how they’ll retailer it, who can entry it and beneath what circumstances. Lawmakers additionally want to provide the Federal Commerce Fee (FTC) a selected mandate to intently oversee social media firms’ safety and privateness practices. That will be certain that these firms observe any new laws put in place. We merely can’t belief them to take care of their very own knowledge assortment and sharing and safety requirements.

Contemplate the ramifications of a social media firm’s insufficient safety protocols. If an organization lacks correct safeguards to guard consumer passwords or staff’ accounts, the accounts of professional sources corresponding to high-profile individuals might be taken over and used to concern harmful, even lethal, claims or directives.

Recall that, in 2020, hackers took management of the Twitter accounts of individuals like Elon Musk, Invoice Gates and Barack Obama to advertise Bitcoin, and Twitter customers have been tricked into forking over greater than $100,000. The hackers achieved this by concentrating on staff who had entry to inner instruments and have been capable of put up the tweets.

Additional, if an organization lacks protections in opposition to what number of staff have entry to consumer info and safeguards to make sure that staff and customers aren’t hacked, then hackers — and even staff — might collect delicate details about customers from their social media knowledge and share it with international intelligence companies. Having access to their passwords or non-public messages can reveal proof of issues like affairs or abortions that unhealthy actors can use to attempt to blackmail them into spying.

Does it sound loopy to assume {that a} Twitter worker would promote consumer knowledge to a international authorities? Simply this month, a former Twitter worker was discovered responsible of giving non-public details about Twitter customers to the federal government of Saudi Arabia in trade for cash.

That’s why it’s important for social networks to restrict entry to delicate consumer info, retailer and share as little consumer knowledge as attainable, and take each attainable measure to stop hacks. Zatko’s allegations recommend, at the very least at Twitter, this merely isn’t occurring.

Such threats are too severe to depart to social media firms to handle on their very own. We’d like laws that strictly limits the variety of staff who can have entry to consumer knowledge, prohibits the sharing of that knowledge with third events, and requires firms to take stronger measures to protect in opposition to hackings.

Congress must step in urgently to assist defend social media customers — and the nation — from the potential for these sorts of breaches.

Supply hyperlink