Overnight Cybersecurity

Hillicon Valley — Washington reacts to Twitter whistleblower

The logo for Twitter appears above a trading post on the floor of the New York Stock Exchange, Nov. 29, 2021.

Twitter’s former security chief alleged major security deficiencies at the social media company, according to copies of the whistleblower complaint reported Tuesday. The accusations stirred up immediate calls for action from senators on both sides of the aisle.  

Meanwhile, the company that formed to merge with former President Trump’s tech company expressed concern that a decline in Trump’s popularity could negatively impact the business. 

This is Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Send tips to The Hill’s Rebecca Klar and Ines Kagubare. Someone forward you this newsletter? Subscribe here.

A tough day for Twitter 

Former Twitter security chief Peiter Zatko is alleging that the social media company has major security deficiencies that threaten privacy on the platform and national security more broadly, according to a whistleblower complaint obtained by CNN and The Washington Post.  

Zatko’s complaint reportedly alleges that Twitter made false claims about its security setup, violating a settlement with the Federal Trade Commission (FTC), and that the company’s leadership misled the government and its own board about the security issues.  

Zatko reportedly filed the complaint with the Securities and Exchange Commission, Department of Justice and the FTC last month, after warning Twitter colleagues about his security concerns.

A key part of Zatko’s complaint alleges that Twitter was not complying with a
2011 consent order from the Federal Trade Commission (FTC) for the past decade. Up until the time of Zatko’s termination, Twitter “remained out of compliance in multiple respects” with the 2011 order, the complaint alleges.  

Twitter’s response: “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” a Twitter spokesperson said. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.” 

Read more about the complaint.  

Senate weighs in 

Two Senate Democrats sent letters to the Federal Trade Commission (FTC) chairwoman on Tuesday to request that the agency investigate the allegations from a former top Twitter official that the company has significant security issues that could threaten privacy and U.S. national security.  

Sen. Richard Blumenthal (D-Conn.), chairman of the Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety and Data Security, sent his letter to FTC Chairwoman Lina Khan. Sen. Ed Markey (D-Mass.), also a member of the Senate Commerce Committee, sent his letter to Khan and Attorney General Merrick Garland. 

Top senators on the Judiciary Committee also vowed to take action, and a spokesperson for the Senate Intelligence Committee said the committee is setting up a meeting to discuss the allegations in further detail. 

Read more here.  

A POPULARITY WARNING  

Digital World Acquisition Corp. (DWAC), which formed to merge with the parent company of former President Trump’s social media platform Truth Social, expressed concern in a Monday security filing that a decline in Trump’s popularity could negatively impact the business. 

In the Securities and Exchange Commission filing, DWAC said the success of Truth Social hinges on the “reputation and popularity” of Trump, the chairman of Trump Media and Technology Group (TMTG), which owns and operates the social media platform. 

“In order to be successful, TMTG will need millions of those people to register and regularly use TMTG’s platform,” the filing reads. “If President Trump becomes less popular or there are further controversies that damage his credibility or the desire of people to use a platform associated with him … [the merger] could be adversely affected.” 

Read more here

CYBER STANDARDS TO BE ESTABLISHED FOR SELF-DRIVING CARS  

Two tech entities are teaming up to develop an industry-wide cybersecurity framework for autonomous vehicles in an effort to address cyber-related risks as companies look to take self-driving vehicles into the mainstream. 

The Association for Uncrewed Vehicle Systems International (AUVSI), a nonprofit organization that promotes the advancement of autonomous systems and robotics, said the framework will be based on cyber standards Fortress Information Security helped develop for the utilities industry. Fortress is a security service firm that protects critical industries from cybersecurity threats. 

“Uncrewed vehicles – air, ground, and maritime – are relied upon for national defense, public safety, commercial delivery, critical infrastructure inspection and more,” said Michael Robbins, the executive vice president of government & public affairs at AUVSI, in a statement on Tuesday.  

“A cyber-secure foundation built on universal industry standards among industry stakeholders and suppliers will help to ensure the economic and operational potential of uncrewed vehicles is reached,” Robbins added. 

Read more here.

BITS & PIECES

An op-ed to chew on: Let’s talk about the next CHIPS Act 

Notable links from around the web: 

To Fight Election Falsehoods, Social Media Companies Ready a Familiar Playbook (The New York Times /Stuart Thompson) 

Twitter whistleblower complaint could help Elon Musk (Axios / Dan Primack) 

An inside look into states’ efforts to ban gov’t ransomware payments (The Record / Jonathan Greig) 

🦖 Lighter click: New dino prints just dropped

One more thing: Fox exec sues Australian website 

Lachlan Murdoch, the top executive at Fox Corp., is suing an Australian news website for publishing an opinion article linking his family and Fox News to the Jan. 6 attack on the U.S. Capitol. 

Murdoch, the son of Fox News owner Rupert Murdoch, filed a state of claim in Australian federal court on Tuesday against Crikey, an online news and opinion website, after the site’s leaders had challenged Murdoch to sue them in an open letter earlier this week. 

The article in question mostly focused on former President Trump’s actions as it relates to the Jan. 6, 2021, Capitol riot, but argued in its last paragraph that if Trump “ends up in the dock” for any crimes committed as president, “not all his co-conspirators will be there with him.” 

Read more here.  

That’s it for today, thanks for reading. Check out The Hill’s Technology and Cybersecurity pages for the latest news and coverage. We’ll see you tomorrow.

VIEW FULL VERSION HERE