SFLC.in has urged the Standing Committee on Information Technology, to investigate the impact of Twitter whistleblower Mudge’s revelations on Indian users and their rights. Twitter’s former security chief, Peiter “Mudge” Zatko, recently alleged that the platform misled regulators, and violated security and privacy standards. He stated that Twitter’s cybersecurity and data security systems, which were subjected to a Federal Trade Commission investigation in 2011, suffer from gross inadequacy. The complaint states that Twitter employees have access to personal user data which they do not need for the purposes of their operations, and that Twitter mined the data for targeted advertisements and marketing campaigns. The complainant also refers to the weakness of the platform’s internal data systems, the insufficiency of which could trigger the collapse of the platform to a point from which its recovery was uncertain. Specifically naming India, the complaint alleges that the Indian Government required “Twitter to hire specific individuals alleged to be spies, who would have had significant access to sensitive data thanks to Twitter’s own lax security controls.”
Allegations of the weakness of Twitter’s infrastructure, such that it may lead to a collapse beyond the point of return, warrants immediate measures to be put in place to avoid this occurrence, in light of the damage it may cause to public discourse, and access. We have urged the Standing Committee to look into the matter in depth on an urgent basis.
A copy of the letter can be found below.
To,
Dr. Shashi Tharoor,
Chairperson,
Standing Committee on Information Technology,
Parliament of India
Respected Dr. Tharoor,
Subject: Request to investigate whistleblower Mudge’s revelations
Greetings for SFLC.IN
SFLC.IN is the first Indian legal services organisation that works exclusively on technology, law, and policy. As a not-for-profit organisation engaged in the empowerment of Indian citizens about their digital freedom and rights, it operates as a collective, bringing together different stakeholders to common platforms to further the cause of digital rights. SFLC.IN promotes innovative and open access to knowledge by helping policy makers make informed and just decisions regarding the use and adoption of technology. As of 2022, SFLC.IN is the only Indian organisation to be inducted as a member of the IFEX, a global network to defend the right to freedom of expression and information.
We are writing to you in light of the recent revelations by Twitter’s former security chief, Peiter “Mudge” Zatko, alleging that the platform misled regulators, and violated security and privacy standards.
In a complaint filed with the United States Securities and Exchange Commission, the Federal Trade Commission, and the Department of Justice, Mr. Zatko alleges that Twitter’s cybersecurity and data security systems, which were subjected to a Federal Trade Commission investigation in 2011, suffer from gross inadequacy. The complaint, a redacted version of which is available on The Washingto Post, states that Twitter employees have access to personal user data which they do not need for the purposes of their operations, and that Twitter mined the data for targeted advertisements and marketing campaigns. The complainant also refers to the weakness of the platform’s internal data systems, the insufficiency of which could trigger the collapse of the platform to a point from which its recovery was uncertain. The platform is also charged by Mr. Zatko of “deliberate ignorance” ofthe issue of spam bots, out of the company’s leadership concerns regarding the impact of introducing adequate measures on the company’s “image and valuation”. Specifically naming India,the complaint alleges that the Indian Government required “Twitter to hire specific individuals alleged to be spies, who would have had significant access to sensitive data thanks to Twitter’s own lax security controls.” Allegations have also been made about the company having taken money from “unidentified Chinese entities” for access to data about Chinese users of Twitter, which might have endangered them.
Twitter has about 23.6 million users in India, as per Satista, as of January, 2022. The incredibly important role which the platform plays in realising the constitutionally protected freedom of expression in India, including dissent, is well established. Invariably, therefore, the impact of the allegations, if proven true, on Indian users will be significant. The lack of a proper legal framework on data protection combined with the allegations mentioned above, raise an alarming concern about the physical and digital security of users of Twitter. Twitter plays an incredibly important role in the current social context as a platform for public discourse. Harassment by spam bots, and their possible role in the spread of misinformation on social media platforms require immediate actions from platforms to take active steps to protect users.
The prevalence of Twitter as a platform for both communication, and community, is undisputed in the digital Space. Allegations of the weakness of Twitter’s infrastructure, such that it may lead to a collapse beyond the point of return, warrants immediate measures to be put in place to avoid this occurrence, in light of the damage it may cause to public discourse, and access.
In light of the above, we urge the Standing Committee on Information Technology, to investigate the impact of these revelations on Indian users and their rights. A revision of the current policies of Twitter to deal with each of the aspects laid out in the original complaint, the steps taken by it to tackle with the problems in the Indian context, and the veracity of the allegations against it for allowing Government intervention and risking the security of Indian users is crucial to prevent further damage, and will go a long way in securing the citizen’s fundamental rights.
Through this letter, we would like to urge you to look into the matter in depth on an urgent basis. We would also be honoured to assist the Committee in any manner deemed fit.
Yours Sincerely,
Prasanth Sugathan
prasanth@sflc.in
Legal Director
SFLC.in