Twitter ex-security chief tells US Congress of security concerns
Twitter whistleblower Peiter Zatko told the US Congress on Tuesday that the platform ignored his security concerns, as its shareholders decide whether to approve a $44 billion takeover deal that Elon Musk is trying to exit.
“I’m here today because Twitter leadership is misleading the public, lawmakers, regulators and even its own board of directors,” Zatko, a hacker widely known as “Mudge” who was Twitter’s former security chief, told the hearing.
He said that, during his time as head of security for the platform from late 2020 until his dismissal in January this year, he tried to alert management to grave vulnerabilities to hacking or data theft, to no avail.
“They don’t know what data they have, where it lives, or where it came from. And so, unsurprisingly, they can’t protect it,” Zatko said during his opening remarks to the Judiciary Committee.
“Employees then have to have too much access (…) it doesn’t matter who has the keys if you don’t have any locks on the doors.”
Zatko testified that he brought concrete evidence of problems to the executive team and “repeatedly sounded the alarm”.
“To put it bluntly, Twitter leadership ignored its engineers because key parts of leadership lacked competency to understand the scope of the problem,” he said.
“But more importantly, their executive incentives led them to prioritize profits over security.”
Twitter has dismissed 51-year-old Zatko’s complaint as being without merit.
But revelations of his whistleblower report in the US press in August were perfectly timed for Tesla chief Elon Musk, who has used it as part of his justification for abandoning his unsolicited $44 billion bid to buy Twitter.
In his report, Zatko directly refers to questions asked by Musk about bot accounts on Twitter, saying the company’s tools and teams for finding such accounts are insufficient.
Musk has listed bot accounts as among the reasons to justify his walking away from the deal. Twitter is suing to force him to complete the buyout, with a trial set to go ahead on October 17.
If the court focuses on the fact that the world’s richest man declined to do fact gathering typically associated with big-money mergers, Zatko’s allegations could wind up being moot.
“Once both parties step into court it’s a high risk/high reward scenario for both parties with the major X variable now being the Zatko whistleblower claims,” Wedbush analyst Dan Ives said in a note to investors.
“We continue to view the Zatko situation as a Pandora’s Box scenario for Twitter.”
If Twitter prevails at trial, the judge could order the Tesla chief to pay billions of dollars to the company, or even complete the purchase.
Twitter shareholders are expected to endorse the buyout deal in a special vote Tuesday.
Twitter CEO Parag Agrawal declined to testify at Tuesday’s hearing, citing the Musk litigation, Senator Chuck Grassley said.
Zatko insisted he had not made his revelations “out of spite or to harm Twitter.”
“Far from that, I continue to believe in the mission of the company,” he told Tuesday’s hearing.
Biden bans US govt use of malicious commercial spyware
US President Joe Biden signed a ban Monday on government use of commercial spyware technology like the controversial Pegasus program, citing its use for political oppression in countries around the world.
The White House said commercial spyware poses a distinct intelligence threat to the United States and has been found on the phones of 50 US officials overseas.
In addition, a number of foreign governments have used it “to facilitate repression and enable human rights abuses.”
“Misuse of these powerful surveillance tools has not been limited to authoritarian regimes,” the White House said in a statement.
“Democratic governments also have confronted revelations that actors within their systems have used commercial spyware to target their citizens without proper legal authorization, safeguards, and oversight.”
Biden’s order was not a full ban on commercial spyware, but would apply to any program deemed a US security risk, or that is used for political abuse by other governments.
It also did not restrict spyware developed by US government agencies themselves, like the CIA or National Security Agency, the leading electronic intelligence body.
The most threatening software can scrape up all data from targeted devices with remote direction and control, according to a senior Biden administration official.
Last year the administration warned that it was planning tight restrictions on privately developed surveillance software after numerous cases surfaced of its use for political purposes in numerous countries around the world.
No specific names were cited in Monday’s announcement, but the US government has already taken action to prevent the use of several programs and companies seen as threatening.
In November the Commerce Department placed four spyware developers on its blacklist: Israeli firms NRO Group and Candiru, Positive Technologies of Russia, and Singapore’s Computer Security Initiative Consultancy.
Pegasus, created by NRO Group, was used by governments and other entities in Mexico, Poland, Spain, Hungary, Bahrain, India and elsewhere.
“There was an effort by commercial spyware vendors, like in other countries, to try to make inroads across the US federal government, and to market and to sell their tools across the federal government,” the senior official told reporters.
“So we purposely announced publicly that we would be pursuing this sort of ban.”
The ban was announced one day before Biden hosts his second Summit for Democracy, with leaders from 121 countries invited to join the three-day event.
The White House called the commercial spyware ban a “cornerstone” initiative for the summit.
The order “demonstrates the United States’ leadership in, and commitment to, advancing technology for democracy,” it said.
Artist Karla Ortiz sees AI ‘identity theft’, not promise
For artist Karla Ortiz, the explosion in artificial intelligence that can stand in for flesh-and-blood artists is nothing more than identity theft.
A native of Puerto Rico, Ortiz is a California-based designer, a concept artist and painter who has worked for videogaming giant Ubisoft, Marvel Studios, the Wizards of the Coast fantasy game publisher and has exhibited her work in galleries.
But now her profession could be completely disrupted by generative AI, the technology behind apps such as Dall-E and ChatGPT, which in seconds can crank out original content — illustrations, poems, computer code — with only a simple prompt.
About a year ago, Ortiz discovered Disco Diffusion, an open source AI-based image generating tool, but it is not easy to use for those less tech savvy.
At first, she thought it was an interesting experiment, but quickly she realized that the program was using the work of many of her friends without them knowing it.
They asked to have their work removed, but to no avail, and they backed down. She told herself art theft is nothing new in their line of work.
“It’s weird that this is happening, but whatever,” she told herself at the time.
But months later, with the introduction of even more powerful programs such as Midjourney and Stable Diffusion, which can generate images “in the style of” a chosen artist, she was brought face to face with the magnitude of the phenomenon.
Ortiz said she was shocked when she looked at how the programs were trained.
“All the training data, all the training material, it’s our work.”
In her studio, standing between her easel and her computer, Ortiz puts the final touches of oil paint on her latest work, “Musa Victoriosa,” a woman surrounded by eagles, brandishing a laurel wreath.
This muse, which will be used to illustrate a copyright protection app, embodies artists defiant against technology.
To those who argue that human artists also draw inspiration from others’ work, Ortiz says they are missing the point.
“Just because I look at a painting that I love, it doesn’t mean that I archive that influence and that it automatically becomes a part of how I paint,” she said.
“Influences can only get you so far in art,” she added.
“The rest is your training, your life, your experiences, your thoughts of the day; that extra bit of humanity that filters inspirations and experiences together and creates your own voice and work,” she said.
She worries about young artists who need the time and experience to find their style but will be squeezed out by AI.
– ‘Canary in the coalmine’ –
“How does a person break in now? And if you break in and you do develop a style, that’s wonderful, but what stops anybody from training a model on your work?”
Along with other artists, Ortiz filed a lawsuit in a California court against three generative AI companies, hoping one day to get the industry regulated.
This fight has strengthened bonds between creators, and not only designers, she said.
“I’m seeing more writers and also voice actors being very concerned because of the technology that can take your voice and mimic it perfectly,” Ortiz said.
Silicon Valley investors “want to expand to pretty much every creative endeavor,” she warned.
“Our profession was automated first so we kind of became the canary in the coal mine.”
Threat of US ban surges after TikTok lambasted in Congress
A US ban of Chinese-owned TikTok, the country’s most popular social media for young people, seems increasingly inevitable a day after the brutal grilling of its CEO by Washington lawmakers from across the political divide.
But the Biden administration will have to move carefully in denying 150 million young Americans their favorite platform over its links to China, especially after a previous effort by then president Donald Trump was struck down by a US court.
TikTok CEO Shou Zi Chew endured a barrage of questions — and was often harshly cut off — by US lawmakers who made their belief quite clear that the app best known for sharing jokes and dance routines was a threat to US national security as well as being a danger to mental health.
In a tweet, TikTok executive Vanessa Pappas deplored a hearing “rooted in xenophobia”.
With both Republicans and Democrats against him at Congress, Chew must now confront a White House ultimatum that TikTok either sever ties with ByteDance, its China-based owners, or get banned in America.
A ban will depend on passage of legislation called the RESTRICT ACT, a bipartisan bill introduced in the Senate this month that gives the US Commerce Department powers to ban foreign technology that threatens national security.
When asked about Chew’s tumultuous hearing, spokeswoman Karine Jean-Pierre repeated the White House’s support of the legislation, which is just one of several proposals by Congress to ban or squeeze TikTok.
– ‘Prove a negative’ –
The sell-or-get banned order tears up 2.5 years of negotiations between the White House and Tiktok to find a way for the company to keep running under its current ownership while satisfying national security concerns.
Those talks resulted in a proposal by TikTok called Project Texas in which the personal data of US users stays in the United States and would be inaccessible to Chinese law or oversight.
But the White House turned sour on the idea after officials from the FBI and the Justice Department said that the vulnerabilities to China would remain.
“It’s hard for TikTok to prove a negative ‘No, we’re not turning over any data to the Chinese government.’ Look at how skeptical our European partners are about US companies where we have a strong legal system,” said Michael Daniel, executive director of the Cyber Threat Alliance, a non-governmental organization dedicated to cybersecurity.
Presently, the White House’s preferred solution is that TikTok sever ties with ByteDance either through a sale or a spin-off.
“My understanding is that what has been… insisted on is the divestment of Tiktok by the parent company,” US Secretary of State Antony Blinken said on Thursday.
But that option is riddled with difficulties, with many experts saying that Tiktok cannot function without ByteDance, which develops the app’s industry-leading technology.
“ByteDance’s ownership of TikTok and the golden jewel algorithm at the center of this security debate is a hot button issue that will not necessarily be solved just by a spin-off or sale of the assets,” said Dan Ives of Wedbush Securities.
Proving the point, China has ruled out giving the go-ahead for a TikTok sale, citing its own laws to protect sensitive technology from foreign buyers.
That leaves a ban which would see the full might of the US government crush TikTok to the undeniable benefit of domestic rivals Instagram, Snapchat and YouTube.
They currently trail TikTok, which is the most popular social media in the United States.
– Snapchat wins –
TikTok’s demise “will clearly benefit Meta and Snapchat front and center in the eyes of Wall Street,” said Ives, who believes the saga will play out for the rest of the year.
One unknown is whether a death sentence for TikTok will cost Washington politically among young voters.
Through a ban, “a democracy will be taking steps that impede the ability of young Americans to express themselves and earn a livelihood,” said Sarah Kreps, professor of government at Cornell University.
The lawmakers putting the Tiktok CEO over the coals minimized the danger of political blowback.
“I want to say this to all the teenagers… who think we’re just old and out of touch,” said representative Dan Crenshaw, a Republican.
“You may not care that your data is being accessed now, but there will be one day when you do care about it,” he said.
News desk6 months ago
U.S. proposes redefining when gig workers are employees
Business5 months ago
WeaveSphere technology conference announces first human-AI keynote
Business5 months ago
Sun Life’s Chief Architect on culture and upskilling, and their role in DX
Business5 months ago
WeaveSphere’s goal? Make STEM education more accessible and inclusive
Business5 months ago
WeaveSphere technology conference announces keynote speakers