A former Twitter employee revealed continued privacy and data security violations by the company, according to documents obtained by The Washington Post on Tuesday. The whistleblower, a former Twitter engineer, filed a complaint with the Department of Justice (DOJ) and the Federal Trade Commission (FTC) in October 2022 under advice of Whistleblower Aid. The complaint contains allegations that Twitter maintains the ability to tweet from any user’s account without the user’s permission. The complaint echoes September 2022 congressional testimony from former Twitter head of security Peiter Zatko.
The new whistleblower cited Zatko’s testimony as one of the reasons they chose to come forward–albeit under the condition of anonymity over fears of harassment. The whistleblower’s complaint points to an internal program at Twitter referred to as “GodMode.” Under GodMode, Twitter engineers remain able to tweet from any account without the user’s permission. It was originally intended to allow Twitter to tweet on behalf of advertisers unable to do so for themselves.
GodMode was first discovered during an internal breach of Twitter security in 2020. Twitter claimed to have fixed the problem, but according to the whistleblower, the code still exists. All it takes to reactivate the code, from any Twitter engineer’s computer, is changing one line of code from “FALSE” to “TRUE.” The whistleblower complaint read that Twitter has no way of tracking if any of the engineers “use or abuse GodMode.”
The complaint echoes concerns raised by Twitter’s former head of security Zatko. In September 2022, Zatko testified to the Senate Judiciary Committee on Data Security about “Twitter’s unsafe handling of the data of its users and its inability or unwillingness to truthfully represent issues to its board of directors and regulators.” Zatko described how Twitter has hired and allowed access to foreign agents from countries such as China. Zatko highlighted Twitter’s lack of privacy and security protocols, which is a problem the new whistleblower said still exists.
The October 2022 complaint was not the first time the whistleblower submitted a complaint to authorities. The whistleblower also filed a complaint with the DOJ and the FTC in September 2022. This time appears to have gained some traction as the Washington Post reported that the whistleblower met last week with both the Senate Judiciary Committee and the House Energy and Commerce Committee to discuss the allegations.
Twitter faces a fine as high as $1 billion if the FTC determines it violated a previous decree. Twitter has faced intense pressure from the public and federal authorities since Elon Musk acquired the company in October 2022.