Mudge Twitter whistleblower testimony [video]

In response to Sen Grassley wrapping up questions about how Twitter executives wanted to address employee concerns about accepting ad money from Chinese companies, possibly with Chinese govt links (even while Twitter is banned in China):<p>28:25 [Mudge] &quot;We&#x27;re already in bed, it would be problematic if we lost that revenue stream, so figure out a way to make people comfortable with it.&quot;<p>That isn&#x27;t really surprising, but it&#x27;s still bad.<p>It&#x27;s also worrying that some Americans complain about &quot;big [US] government&quot; to justify the very limited size and power of the FTC to regulate US big tech, while somehow overlooking the threat from the <i>big</i> Chinese government, its awful human rights record, and its track record of working to gain access into US companies.<p>It&#x27;s really easy to criticize these senators for not being tech ignorant, but this is the only govt we have, and it&#x27;s the only one that can empower the FTC to do more.

If twitter implemented the following, it would take much of the steam out of this case: 1. Restricted&#x2F;conditional&#x2F;temporary access to production systems with extensive centralised audit logging.<p>2. Handled phone# and geo-location data as sensitive personally identifiable information (SPII) – kept this data in one centralized place (a micro service with well-defined access controlled apis) and prevented its proliferation into other systems. And promptly deleted it when users deleted their accounts.<p>To implement these two things, it wouldn&#x27;t cost anywhere near $150M. And likely it wouldn&#x27;t impact the velocity of their revenue features too much either (impact would be something like slow-down for quarter).<p>Sad thing is senators are picking on only some companies and not others. Instead, they should be making a comprehensive data privacy act that applies to all companies – like credit card companies, shopping&#x2F;loyalty-card companies, all the data brokers etc.

Midge&#x27;s point seems to be, &quot;Twitter refused to spend the money, or change their processes, necessary to guarantee data authority, access and visibility.&quot;<p>What till these Senators learn about basically every other business in America.

On another thread that didn&#x27;t receive the same attention as this one we learn the Twitter has Chinese and Indian government agents amongst their employees.<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32825670" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=32825670</a>

mudge just testified in response to a Senator&#x27;s question that Twitter does not have a test env

From the video, funny bit at about 01:01:00:<p><i>I&#x27;m reminded of one conversation with an executive, when I said I am confident we have a foreign agent, and their response was &quot;well, since we already have one, what does it matter if we have more, let&#x27;s keep growing the office&quot;</i>

i forgot what side of this issue i&#x27;m on.

It&#x27;s just jaw dropping how they thought nothing of externalizing the costs of every possible problem or technical debt in order to keep chasing the next bonus.

This is the part that I think leaves Twitter severely exposed, at least in the EU with GDPR (from my limited, basic understanding of GDPR). Twitter does not delete data when requested by users to delete their account.<p><a href="https:&#x2F;&#x2F;youtu.be&#x2F;A0A-uOhMU1Y?t=7219" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;A0A-uOhMU1Y?t=7219</a>

After an hour of this hearing, the smell reminds me of Enron.

Why shouldn&#x27;t each politician set up her own Mastodon server moderated by her staffers? Then they would have complete control of data that they don&#x27;t publish to the world. They also can&#x27;t be cancelled, shadow banned, or censored by any company or government.

Testimony actually starts at roughly 13:00 with an opening statement by Durbin.

sounds like security issues of a startup that quickly scaled and never dealt with the technical debt rather than anything malicious.

Feeling like Twitter is just about to ruin the low-regulation party for everybody. Could be wrong though. Not much happened after the Experian breach after all.

Society is becoming a parody if itself. I understand that there are consequences of Mudge&#x27;s information but, from a purely naive standpoint, having congress get involved over bots on a social network where people share 280 character messages is fucking <i>bizarre.</i>

Two big things about this that really grate me:<p>1) After Snowden, after Experian, after Pegasus, after decades of screaming about these issues and getting shushed and laughed at - that lefties might take over your twitter account is the straw that’ll break the camel’s back? Are you freaking kidding me?<p>2) Elon is going to get away with it. And he really shouldn’t - he already waived his right to back out based on any of this. Just because you like someone shouldn’t make them above the law, and basically the takeaway here will be that like Trump he’s above the law because a large enough section of the public likes him.<p>Setting all of this aside, maybe it’s worth actually trying to do something about the real problem - that too many members of society (including the leaders) are dangerously under-informed for living in it, let alone governing. None of this should be news to anyone here.

Please be on the lookout for grandstanding and do your own diligence in actually understanding the issues

This entire thing is so bizarre to me. There is a room full of non-technical senators effectively testifying the unproven and one-sided statements of a single person (Zatko), who was let go from Twitter, with no ability for Twitter (or anyone at the company) to defend themselves or refute these statements.