Skip to main content
Press Release Published: Sep 2, 2020

Top Oversight Republican: Twitter’s Lax Security Puts Lives at Risk

Share via Email

WASHINGTON – Today, House Oversight and Reform Committee Ranking Member James Comer (R-Ky.) once again called on Twitter CEO Jack Dorsey to provide the Committee with information about what measures and employee training the company has put in place to prevent cyberattacks. Ranking Member Comer also demanded Twitter provide a briefing regarding recent lawsuits made public alleging that two Twitter employees with access to more than 6,000 user accounts worked as spies for the government of Saudi Arabia. The information they gathered and passed on to the Saudi government was then used to torture and abduct dissidents.

“Twitter continues to stonewall congressional oversight on its lax security of user accounts, putting lives at risk,” said Ranking Member James Comer. “Over the past several years we’ve witnessed multiple cyberattacks of high-profile Twitter accounts, including world and business leaders. We’ve now learned that two Twitter employees who had access to user accounts may have been spies for the Saudis, passing along information that led to the torture and possible killing of dissidents. Twitter must respond to the Committee’s requests to ensure adequate security measures are in place to protect lives and national security.”

The day after the July 15, 2020 security breach, Ranking Member Comer sent a letter to Twitter demanding answers about the cyberscam that commandeered several high-profile accounts. In response, Twitter provided a briefing to the Committee but was unable to answer basic questions, including what security measures have been considered or implemented after the breach as well as basic details about employee access to user accounts and Twitter’s arrangement with its contractors. Ranking Member Comer again called on Twitter to provide information about what measures and employee training the company has put in place to prevent cyberattacks, but Twitter only responded with corporate talking points.

Below is the full text of the letter.

Dear Mr. Dorsey:

I write to follow-up on the Committee’s previous inquiries of July 16, 2020 and August 11, 2020.  After multiple responses and a briefing by Twitter, it has become increasingly clear that Twitter does not take security and oversight of its security practices seriously. Such a cynical stance has led to people being scammed out of money by teenagers who breached Twitter’s platform and may have led to people being murdered. Twitter has also showed a complete lack of transparency by failing to provide any documents requested by the Committee in its August 11, 2020 letter.

Recent reporting summarizes Twitter’s alleged role in unintentionally aiding the Saudi Arabian government’s campaign to spy on, intimidate, and arrest people critical of it. According to lawsuits recently made public, in 2015 two Twitter employees worked as spies for the government of Saudi Arabia to access more than 6,000 Twitter accounts. The information they gathered on critics of the regime was then passed to the Saudi government which used it to torture, harass and, in the case of Abdulrahman al-Sadhan, abduct dissidents for years. Some are thought to have been killed.

This most recent revelation is unfortunately consistent with a trend involving what appears to be Twitter’s lack of prioritization of security and responsible use.  Last month, Twitter was used to orchestrate “one of the most visible cyberscams in the internet’s history.”  According to the Federal Bureau of Investigation, various high-profile Twitter accounts were commandeered and used to commit fraud on the American people through the use of a cryptocurrency scam.

Twitter’s July 30 briefing to the Committee raised many more questions than it answered.  As we raised during the July briefing for Committee staff, Twitter appears to place far too much trust in too many people, granting them extraordinary access to people’s data and personal information.  Twitter has refused to address these concerns.  Now, it would seem from the reports involving Saudi Arabian spies, Twitter’s mismanagement may have led to the deaths of dissidents.

In response to the July briefing in which little information was provided and even less responsibility was taken by Twitter, the Committee sent you a letter on August 11 requesting further information and documentation. Twitter responded with corporate talking points and refused to provide the requested documents. Twitter’s lack of transparency about any actions it has taken to provide more robust oversight and security gives the appearance the company believes it bears no responsibility for any of the crimes committed using its platform.

The Committee on Oversight and Reform reiterates its requests made in its previous letter to you, which is attached.  Additionally, the Committee requests an additional briefing, no later than September 11, 2020, on the recent Bloomberg report regarding Twitter’s security failures.

The Committee on Oversight and Reform is the principal oversight committee of the U.S. House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.  I remain hopeful you will cooperate with this inquiry, but if Twitter continues to refuse, I will consider all possible options, including legislation, to ensure Twitter’s security no longer puts people’s lives at risk.

Sincerely,

James Comer
Ranking Member
Committee on Oversight and Reform

###