Peiter ‘Mudge’ Zatko, a former security lead at Twitter approached the legislative and regulatory authorities in the United States in July with a whistleblower disclosure. According to Mudge, there have been a number of security vulnerabilities at Twitter which raises questions about the privacy and safety of Twitter users. This column examines a key claim made in the disclosure — namely, that Twitter was forced to hire a government agent who was tasked with conceding to the Indian government’s censorship requests.
Ex Twitter Security Head Flags Security Breaches
Among several other allegations, Mudge’s disclosure and testimony alleges several shortcomings at Twitter. There are several examples of these including inadequate encryption on Twitter’s servers, a failure to remove accounts that users have closed, and inadequate security standards that failed to stop previous security breaches on the social media network.
The Mudge disclosure raises important questions for India, since it notes that the “Indian government forced Twitter to hire specific individual(s) who were government agents, who because of Twitter’s basic architectural flaws would have access to vast amounts of Twitter-sensitive data.” It further added that the Twitter violated the commitments it made to its users by “knowingly permitting an Indian government agent direct unsupervised access to the company’s systems and user data.”
Grievance Officers or Government Agents?
It is crucial to keep in mind that the information in Mudge’s disclosure is still insufficient to prove conclusively that Twitter was forced to recruit “government agents”. Even though it’s possible that the “government agents” Mudge alludes to in the disclosure are likely to really be Grievance Officers, it remains a serious allegation which must be investigated further.
The Grievance Officers mentioned here are company employees that Twitter and other major social media platforms are required to hire in order to comply with the controversial intermediary liability rules (“the intermediary rules”).
These employees have the responsibility of receiving complaints and orders issued under the intermediary rules, and in some cases, they risk personal liability for criminal prosecution if they don’t follow those orders. This impending prospect of criminal prosecution of company employees has already been observed to be a pressure tool to get social media platforms to comply with the government’s orders to remove or disable online content.
Returning to the topic at hand, the allegations made in the Mudge disclosure raise a number of claims that Twitter must promptly address and that require independent investigation. This past month, lawmakers on the Parliamentary Standing Committee on Information Technology in India summoned Twitter’s representatives to appear before it.
According to press reports citing unnamed sources, Twitter denied and gave evasive answers to the Standing Committee’s inquiries over the claims made in the whistleblower disclosure.
Will Twitter India Get a Clean Chit in Surveillance Allegations?
The Standing Committee, which Shashi Tharoor chairs, has a duty to ensure that platforms are held accountable when serious concerns of this nature are raised. In terms of responding to whether it was actually forced to hire “government agents” and whether these agents had “direct unsupervised access” to the data of Twitter users in India, Twitter has to do better and be more transparent with its response. The latter question is crucial, especially in light of the fact that under Indian law, the kind of access that the disclosure details would entail would be illegal.
It is crucial to note that social media platforms like Twitter can only be forced to help an authorised government agency after receiving a formal written order issued under the intermediary rules. There are no legal provisions in the intermediate rules that would permit a government agency to have “direct unsupervised access” to data which Twitter has.
As is evident from the issues raised in this column, Twitter and Indian lawmakers must also consider the ramifications of Mudge’s whistleblower disclosure. The concerns raised by the disclosure pose a danger to the notion that citizens have a right to use social media without worrying about government surveillance, and these concerns must be appropriately addressed.
(Jade Lyngdoh is a Constitutional Law (honours) candidate at National Law University, Jodhpur, where he has been a Meta India Tech Scholar (2021-22). This is an opinion article and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)
Courtesy The Quint