Whistleblower: China, India had agents working for Twitter

Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill, September 13, 2022 in Washington, DC. (AFP)
Peiter “Mudge” Zatko, former head of security at Twitter, testifies before the Senate Judiciary Committee on data security at Twitter, on Capitol Hill, September 13, 2022 in Washington, DC. (AFP)
Short Url
Updated 14 September 2022

Whistleblower: China, India had agents working for Twitter

Whistleblower: China, India had agents working for Twitter
  • Zatko said he spoke with “high confidence” about a foreign agent that the government of India placed at Twitter to “understand the negotiations” between India’s ruling party and Twitter about new social media restrictions

WASHINGTON: Twitter’s former security chief told Congress Tuesday there was “at least one agent” from China’s intelligence service on Twitter’s payroll and that the company knowingly allowed India to add agents to the company roster as well, potentially giving those nations access to sensitive data about users.
These were some of the troubling revelations from Peiter “Mudge” Zatko, a respected cybersecurity expert and Twitter whistleblower who appeared before the Senate Judiciary Committee to lay out his allegations against the company.
Zatko told lawmakers that the social media platform is plagued by weak cyber defenses that make it vulnerable to exploitation by ” teenagers, thieves and spies” and put the privacy of its users at risk.
“I am here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko said as he began his sworn testimony.
“They don’t know what data they have, where it lives and where it came from and so, unsurprisingly, they can’t protect it,” Zatko said. “It doesn’t matter who has keys if there are no locks.”
“Twitter leadership ignored its engineers,” he said, in part because “their executive incentives led them to prioritize profit over security.”
In a statement, Twitter said its hiring process is “independent of any foreign influence” and access to data is managed through a host of measures, including background checks, access controls, and monitoring and detection systems and processes.
One issue that didn’t come up in the hearing was the question of whether Twitter is accurately counting its active users, an important metric for its advertisers. Tesla CEO Elon Musk, who is trying to get out of a $44 billion deal to buy Twitter, has argued without evidence that many of Twitter’s roughly 238 million daily users are fake or malicious accounts, aka “spam bots.”
Even so, “that doesn’t mean that Musk won’t use Zatko’s allegation that Twitter was disinterested in removing bots to try to bolster his argument for walking away from the deal,” said Insider Intelligence analyst Jasmine Enberg.
The Delaware judge overseeing the case ruled last week that Musk can include new evidence related to Zatko’s allegations in the high-stakes trial, which is set to start Oct. 17. During the hearing, Musk tweeted a popcorn emoji, often used to suggest that one is sitting back in anticipation of unfolding drama.
Separately on Tuesday, Twitter’s shareholders voted overwhelmingly to approve the deal, according to multiple media reports. Shareholders have been voting remotely on the issue for weeks. The vote was largely a formality, particularly given Musk’s efforts to nullify the deal, although it does clear a legal hurdle to closing the sale.
Zatko’s message echoed one brought to Congress against another social media giant last year. But unlike that Facebook whistleblower, Frances Haugen, Zatko hasn’t brought troves of internal documents to back up his claims.
Zatko was the head of security for the influential platform until he was fired early this year. He filed a whistleblower complaint in July with Congress, the Justice Department, the Federal Trade Commission and the Securities and Exchange Commission. Among his most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.
Sen. Dick Durbin, an Illinois Democrat who heads the Judiciary Committee, said Zatko has detailed flaws “that may pose a direct threat to Twitter’s hundreds of millions of users as well as to American democracy.”
“Twitter is an immensely powerful platform and can’t afford gaping vulnerabilities,” he said.
Unknown to Twitter users, there’s far more of their personal information disclosed than they — or sometimes even Twitter itself — realize, Zatko testified. He said Twitter did not address “basic systemic failures” brought forward by company engineers.
The FTC has been “a little over its head”, and far behind European counterparts, in policing the sort of privacy violations that have occurred at Twitter, Zatko said.
Zatko’s allegation that Twitter was more concerned about foreign regulators than the FTC, Enberg said, “could be a wakeup call for US lawmakers,” who have been unable to pass meaningful regulation on social media companies.
Sen. Lindsey Graham, a Republican from South Carolina, said one positive result that could come out of Zatko’s findings would be bipartisan legislation to set up a tighter system of regulation of tech platforms.
“We need to up our game in this country,” he said.
Many of Zatko’s claims are uncorroborated and appear to have little documentary support. Twitter has called Zatko’s description of events “a false narrative ... riddled with inconsistencies and inaccuracies” and lacking important context.
Still, Zatko came off as a convincing whistleblower who has “a lot of credibility in this space,” said Ari Lightman, professor of digital media and marketing at Carnegie Mellon University. But he said many of the problems he raised can likely be found at many other digital technology platforms
“They avoid security protocols in a sense of innovating and running really fast,” Lightman said. “We gave digital platforms so much autonomy at the beginning to grow and develop. Now we’re at a point where we’re, ‘Wait a minute ... This has gotten out of hand.’
Among the assertions from Zatko that drew lawmaker attention was Twitter’s apparent negligence in dealing with governments that sought to get spies a job inside the company. Twitter’s inability to log how employees accessed user accounts made it hard for the company to detect when employees were abusing their access, Zatko said.
Zatko said he spoke with “high confidence” about a foreign agent that the government of India placed at Twitter to “understand the negotiations” between India’s ruling party and Twitter about new social media restrictions and how well those negotiations were going.
Zatko also revealed Tuesday that he was told about a week before his firing that “at least one agent” from the Chinese intelligence service MSS, or the Ministry of State Security, was “on the payroll” at Twitter.
He said he was similarly “surprised and shocked” by an exchange with current Twitter CEO Parag Agrawal about Russia — in which Twitter’s current CEO, who was chief technology officer at the time, asked if it would be possible to “punt” content moderation and surveillance to the Russian government, since Twitter doesn’t really “have the ability and tools to do things correctly.”
“And since they have elections, doesn’t that make them a democracy?” Zatko recalled Agrawal saying.
Sen. Charles Grassley, the committee’s ranking Republican, said Tuesday that Agrawal declined to testify at the hearing, citing the ongoing legal proceedings with Musk. But the hearing is “more important than Twitter’s civil litigation in Delaware,” Grassley said. Twitter declined to comment on Grassley’s remarks.
In his complaint, Zatko accused Agrawal as well as other senior executives and board members of numerous violations, including making “false and misleading statements to users and the FTC about the Twitter platform’s security, privacy and integrity.”
Zatko, 51, first gained prominence in the 1990s as a pioneer in the ethical hacking movement and later worked in senior positions at an elite Defense Department research unit and at Google. He joined Twitter in late 2020 at the urging of then-CEO Jack Dorsey.
 

 


Irish watchdog fines Meta 265M euros in latest privacy case

Meta's logo can be seen on a sign at the company's headquarters in Menlo Park, Calif., on Nov. 9, 2022. (AP)
Meta's logo can be seen on a sign at the company's headquarters in Menlo Park, Calif., on Nov. 9, 2022. (AP)
Updated 16 sec ago

Irish watchdog fines Meta 265M euros in latest privacy case

Meta's logo can be seen on a sign at the company's headquarters in Menlo Park, Calif., on Nov. 9, 2022. (AP)
  • Meta said the data had been “scraped” from Facebook using tools designed to help people find their friends through phone numbers using search and contact import features

LONDON: Irish regulators slapped Facebook parent Meta with a 265 million-euro ($277 million) fine Monday, the company’s latest punishment for breaching strict European Union data privacy rules.
The Data Protection Commission said Meta Platforms infringed sections of the EU rules, known as the General Data Protection Regulation, that require technical and organizational measures aimed at protecting user data.
The watchdog opened an investigation last year into news reports that data on more 533 million users was found dumped online. The data was found on a website for hackers and included names, Facebook IDs, phone numbers, locations, birthdates and email addresses for people from more than 100 countries, according to the reports.
Meta said the data had been “scraped” from Facebook using tools designed to help people find their friends through phone numbers using search and contact import features. The watchdog said it investigated the automated scraping carried out between May 2018 and September 2019.
The company said it had “cooperated fully” with the Irish watchdog.
“We made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers,” Meta said in a statement. “Unauthorized data scraping is unacceptable and against our rules.”
Along with the fine, the commission said it also imposed on Meta a “range of corrective measures,” which weren’t specified.
When asked if Meta would appeal, a spokesman said, “We are still reviewing this decision carefully.”
It’s the latest in a series of punishments that the Irish watchdog has levied against Meta over the past two years.
The company, based in Menlo Park, California, has its European headquarters in Dublin, which makes the Irish authority its lead privacy regulator under the EU’s General Data Protection Regulation, in a system known as “one-stop shop.”
The Irish watchdog fined Meta-owned Instagram 405 million euros in September after it found that the platform mishandled teenagers’ personal information. Meta was fined 17 million euro fines in March for its handling of a dozen data breach notifications.
Last year, the watchdog fined Meta’s chat service WhatsApp 225 million euros for violating rules on sharing people’s data with other Meta companies.

 


Former Shahid exec launches regional production company The Yard Films

Former Shahid exec launches regional production company The Yard Films
Updated 28 min 59 sec ago

Former Shahid exec launches regional production company The Yard Films

Former Shahid exec launches regional production company The Yard Films
  • Jakob Mejlhede Andersen co-founded the business, which will be based in Dubai and Abu Dhabi, with former Shine International CEO Camilla Hammer
  • The executive team also includes Phil Rostom, a 15-year veteran of the industry in the Middle East and North Africa

DUBAI: Jakob Mejlhede Andersen, former chief content officer of MBC’s streaming platform Shahid, has teamed up with former Shine International CEO Camilla Hammer to launch The Yard Films, a regional production and development company.

The executive team behind the business, which will be based in Dubai and Abu Dhabi, also includes Phil Rostom, an industry veteran who has worked across the Middle East and North Africa for more than 15 years.

The founders said the new company will develop and produce original scripted and non-scripted content for local and international markets, targeted in particular at millennial and Gen Z audiences.

Andersen, who was involved in the production of more than 200 Nordic and Arabic scripted and non-scripted projects during his tenures at Shahid and Stockholm-based streaming service Viaplay, said: “It’s our ambition to produce and deliver groundbreaking content for the buoyant Arabic streaming market.”

“We aim to work in partnerships with the excellent local creative scene across the entire MENA region.”

Hammer said that the company’s team believes “in partnerships within the region and internationally.”

She added: “There is a wealth of stories across the Middle East that have a strong interest not only from local but also international platforms.”


Iranian filmmaker Reza Dormishian barred from travel, passport confiscated

Iranian filmmaker Reza Dormishian barred from travel, passport confiscated
Updated 28 November 2022

Iranian filmmaker Reza Dormishian barred from travel, passport confiscated

Iranian filmmaker Reza Dormishian barred from travel, passport confiscated
  • Dormishian is only the latest in a long line of filmmakers to face Iran’s arbitrary detention policies

DUBAI: Iran has barred filmmaker Reza Dormishian from leaving the country. 

Dormishian was due to travel to the International Film Festival of India in Goa, where his film “A Minor” was scheduled to play.

On his arrival at the airport, his passport was confiscated. It is unclear if he was arrested and, if so, what the charges will be.

However, it is understood that the authorities’ action is the result of his recent social media posts about the Iranian government.

“Throughout the nationwide protests in Iran, Dormishian shared various posts on his Instagram account to show support for the significant developments,” sources close to him said, according to media reports.

In his most recent post, Dormishian had said: “I would die for a hair strand of Iranian people.

“I would die for the youth who are gone with the wind, from Balochistan to Kurdistan.

“What is my curfew worth?”

 

 

Dormishian is only the latest in a long line of filmmakers to face Iran’s arbitrary detention policies.

In July, acclaimed director Jafar Panahi was ordered to serve a six-year jail sentence, handed down a decade ago, after he attempted to find information about fellow filmmakers Mohammad Rasoulof and Mostafa Aleahmad, who had been detained earlier.

Last month, Iranian filmmaker Mani Haghighi was prevented from leaving Iran to attend the BFI London Film Festival, where his latest film “Subtraction” was being screened.

And earlier this month, co-directors Farnaz and Mohammadreza Jurabchian were barred from traveling to the Netherlands for the International Documentary Film Festival where their film “Silent House” had its world premiere.

Directed by Dariush Mehrjui and produced by Dormishian, “A Minor” played in India on Thursday and Friday last week.


BBC Radio 4’s ‘Today’ program appoints Nazanin Zaghari-Ratcliffe as guest editor

BBC Radio 4’s ‘Today’ program appoints Nazanin Zaghari-Ratcliffe as guest editor
Updated 28 November 2022

BBC Radio 4’s ‘Today’ program appoints Nazanin Zaghari-Ratcliffe as guest editor

BBC Radio 4’s ‘Today’ program appoints Nazanin Zaghari-Ratcliffe as guest editor
  • Her show will feature reports on Iran, examine government efforts to free British prisoners

DUBAI: British-Iranian citizen Nazanin Zaghari-Ratcliffe, who spent six years jailed in Iran, has been chosen as one of seven guest editors of BBC Radio 4’s “Today” program, as part of BBC Radio and BBC Sounds Christmas plans.

In an annual tradition, for the last 19 years, the program has invited high-profile guests to take over the show in the week between Christmas and new year.

Owenna Griffiths, editor of the “Today” program, said: “For nearly 20 years the guest editors have transformed Christmas on ‘Today,’ creating some of the most memorable moments in the program’s rich history along the way.

“This year is no different and I’m enormously grateful these guest editors have given up their time to bring new stories, unexpected perspectives, and a little festive cheer to the ‘Today’ audience.”

Each guest will edit Radio 4’s “Today” program between Dec. 26 and Jan. 2 and each show will include an interview with the guest editor.

Zaghari-Ratcliffe was held in an Iranian prison after being accused of spying in 2016.

Following a long-running campaign and negotiations between the British and Iranian governments, she returned home to the UK in March.

In September, she posted a video showing her support for the ongoing protests in Iran following the death in custody of 22-year-old Mahsa Amini.

In the clip, Zaghari-Ratcliffe is seen cutting her hair and it ends with her saying, “for my mother, for my daughter, for the fear of solitary confinement, for the women of my country, for freedom.”

Her show on Dec. 28 will explore how people can hold onto their freedom in difficult times and feature reports about Iran and the UK government’s efforts to free British prisoners.

Other guest editors include ABBA member Bjorn Ulvaeus; chef Jamie Oliver; Jeremy Fleming, director of the UK’s intelligence, cyber, and security agency Government Communications Headquarters; Sharon White, chairman of John Lewis Partnership; former cricketer Ian Botham, now a member of the British House of Lords and UK trade envoy to Australia; and Anne-Marie Imafidon, technologist, author, and chief executive officer of Stemettes, a social enterprise promoting women in science, technology, engineering, and mathematics careers.


BBC reporter ‘beaten and kicked by police’ in China protest

BBC reporter ‘beaten and kicked by police’ in China protest
Updated 28 November 2022

BBC reporter ‘beaten and kicked by police’ in China protest

BBC reporter ‘beaten and kicked by police’ in China protest
  • BBC spokesperson: ‘The BBC is extremely concerned about the treatment of our journalist Ed Lawrence, who was arrested and handcuffed while covering the protests in Shanghai’
  • Chinese authorities justified the arrest as being for Lawrence’s ‘own good,’ so as to prevent him from catching COVID-19 from the crowd

DUBAI: BBC journalist Edward Lawrence was “beaten and kicked by police” prior to being arrested while covering the protests over COVID-19 measures in China.  

Lawrence, a journalist and cameraman of the China bureau, was attacked on Sunday in Shanghai, confirmed a broadcaster.  

Footage posted on social media showed him being dragged to the ground in handcuffs. In another clip, he is seen saying “Call the consulate now.” 

A BBC spokesperson said: “The BBC is extremely concerned about the treatment of our journalist, Ed Lawrence, who was arrested and handcuffed while covering the protests in Shanghai.” 

The spokesperson confirmed Lawrence was held for several hours before being released and was beaten by the police. “This happened while he was working as an accredited journalist. It is very worrying that one of our journalists was attacked in this way whilst carrying out his duties.”  

The BBC said it received no official explanation or apology from Chinese authorities, who instead justified the arrest as a move for Lawrence’s “own good” to not catch COVID-19 from the crowd. 

The BBC said it does not consider this a “credible explanation.” 

The Chinese foreign ministry contested the news corporation’s statement, claiming Lawrence did not identify himself as a journalist.  

Zhao Lijian, the ministry’s spokesperson, said the BBC’s account does not reflect what happened.  

Lawrence addressed his arrest in a tweet: “I understand at least one local national was arrested after trying to stop the police from beating me. Thanks very much for the kind words and messages of concern.”   

British Secretary of State for Business Grant Shapps said on Monday that the incident was of “considerable concern,” telling Sky News: “There can be absolutely no excuse whatsoever for journalists who are simply covering the process going on, for being beaten by the police.”  

Shapps added that it was unacceptable for journalists to be “caught up and involved and indeed arrested” when they should be “fully entitled to cover things freely.” 

According to a story by RTS, Switzerland’s national broadcasting channel, Swiss journalist Michael Peuker was briefly detained on Sunday evening after a live broadcast from the scene of a protest. Peuker and his cameraman were surrounded by the police while on air but were able to go free after explaining they were journalists. Their equipment was seized but returned in full.  

Peuker tweeted that what happened is “revealing of the treatment of foreign journalists in China. Hindrances, intimidation, harassment on the ground have become commonplace.”  

China has been witnessing a wave of protests across the country over what citizens deem draconian measures on COVID-19 containment.