Twitter Security Failings Spotlight Bills Stuck in ‘Purgatory’

A Twitter Inc. whistleblower’s appearance at a hearing Tuesday put a focus on lack of action in Congress to rein in big tech.

Peiter “Mudge” Zatko, Twitter’s former head of security, told the Senate Judiciary Committee the company is more than a decade behind industry standards on securing the data of hundreds of millions of users, is incapable of dealing with foreign actors that infiltrate the platform, and that US regulators are ill-equipped to handle the risks.

Lawmakers and Zatko discussed the Federal Trade Commission’s enforcement shortcomings but also pointed to long-stalled bills to address them.

“We have not passed one bill out of the US Senate when it comes to competition, when it comes to privacy, when it comes to better funding the agencies, when it comes to the protection of kids,” Sen. Amy Klobuchar (D-Minn.) said. “At some point when we talk about the agencies, I think we better be putting the mirror on ourselves.”

Read more: Twitter Whistle-Blower Testimony Spurs Calls for Tech Regulator

Photo: Kevin Dietsch/Getty Images

Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on Sept. 13, 2022.

Lawmakers stressed the need for a new regulatory regime during the hearing. The FTC has been ineffective in enforcing a 2011 consent decree it imposed on Twitter for security lapses, according to Zatko.

Sen. Richard Blumenthal (D-Conn.) pondered whether a new regulatory agency should be established. “Clearly what we’re doing right now is not working,” he said.

Sen. Lindsey Graham (R-S.C.) said he and Sen. Elizabeth Warren (D-Mass.) are working on a bill to create a new federal regulator that would provide social media companies licenses and have the power to revoke them.

Several major tech bills have already proposed new regulatory bodies.

Privacy bills approved by the House Energy and Commerce Committee (H.R. 8152) and introduced by Senate Commerce, Science, and Transportation Chair Maria Cantwell (D-Wash.) (S. 3195) would require the FTC to establish a new privacy bureau to enforce prohibitions on companies that misuse data. The House bill has stalled on opposition from Majority Leader Nancy Pelosi (D-Calif.), while the Senate measure hasn’t advanced.

Judiciary ranking member Chuck Grassley (R-Iowa) protested the idea of creating a new agency, telling reporters “it would accomplish the same thing if we made sure the FTC does the job they’re supposed to do.”

Other Efforts

Zatko during the hearing said it’s important to have a federal privacy law that includes programs to protect whistleblowers, which is a feature of Cantwell’s bill, cosponsored by Klobuchar.

The Senate has already passed Klobuchar and Grassley’s Merger Filing Fee Modernization Act (S. 228) that would give antitrust enforcers at the FTC more resources. That bill is sitting “in purgatory” in the House, Klobuchar said during the hearing.

Another bill sponsored by Sen. Chris Coons (D-Del.) and Klobuchar, the Platform Accountability and Transparency Act, would require social media companies to provide independent researchers and the public with access to certain data.

Coons during the hearing lamented that lawmakers and regulators have to rely on untrustworthy data provided by companies. The bill has the support of Sen. Rob Portman (R-Ohio) but Coons said he is looking for more bipartisan support.

After the hearing, Sen. Gary Peters (D-Mich.) pointed to an additional avenue for protecting consumer data: the Department of Homeland Security is determining which companies will be subject to cyber breach reporting requirements enacted (Public Law 117-103) earlier this year. Social media companies could be included, Peters said, meaning they would have to report when their systems are breached within 72 hours.

To contact the reporter on this story: Maria Curi in Washington at mcuri@bloombergindustry.com

To contact the editors responsible for this story: Sarah Babbage at sbabbage@bgov.com; Anna Yukhananov at ayukhananov@bloombergindustry.com