Peiter Zatko’s allegations raise questions about big tech’s responsibility towards users in authoritarian countries.
Twitter whistleblower Peiter Zatko’s claims that the social media giant has endangered users in China have raised questions about big tech’s responsibility to protect dissidents from state persecution.
Zatko, Twitter’s former head of security, has alleged that the social media platform became “dependent” on revenue from Chinese entities, making them potentially privy to information that could allow them to identify and glean sensitive information on users in China.
Twitter, like Facebook and Google, is banned in mainland China, where open dissent against the ruling Communist Party carries the risk of severe punishment. Chinese users can only access the platform through an encrypted connection known as a virtual private network (VPN), the use of which is also prohibited.
“Twitter executives knew that accepting Chinese money risked endangering users in China (where employing VPNs or other circumvention technologies to access the platform is prohibited) and elsewhere,” Zatko said in his disclosure, which was filed last month with several US government agencies, including the Department of Justice, and made public this week by The Washington Post and CNN.
“Twitter executives understood this constituted a major ethical ‘compromise.’ Mr. Zatko was told that Twitter was too dependent upon the revenue stream at this point to do anything other than attempt to increase it.”
Zatko’s allegations have reverberated among Chinese dissidents and human rights activists, raising calls for Twitter to clarify whether it has put China-based users at risk.
On Wednesday, Renee Xia, director of Washington, DC-based Chinese Human Rights Defenders, asked if the tech giant bore responsibility for the prosecution of a number of Chinese Twitter users, including Beijing activist Quan Shixin, who was indicted in 2020 for “picking quarrels and provoking trouble”, a catch-all charge commonly used to punish dissent.
“Is Congress looking into this?” Xia said in a tweet.
Yaqiu Wang, a senior researcher on China at Human Rights Watch, said the allegations were especially concerning given the history of Chinese authorities cracking down on anonymous users of the platform.
“In recent years, the Chinese authorities have cracked down on Chinese Twitter users; many of them used anonymous accounts,” Wang told Al Jazeera.
“It is unclear how authorities were able to identify the persons behind these accounts. Twitter has been a refuge of sorts for those who can’t bear the censorship on China’s social media. It has played an essential role in sustaining the ever-increasingly repressed community of government critics.”
Florian Schneider, a senior lecturer on the politics of modern China at Leiden University Institute for Area Studies in the Netherlands, said the possibility that Twitter may not be secure for Chinese users would have a chilling effect on public discussion, whether or not the allegations turn out to be true.
“Dissidents and their families would be particularly at risk, but casual Twitter users could also be affected,” Schneider told Al Jazeera.
“This includes PRC citizens who work or study abroad, but also users within China who anonymously participate in Twitter discussions through virtual private networks that allow them to ‘jump’ the Great Firewall. Any such users are at risk. The Chinese authorities frequently hold citizens accountable for their social media behaviour, and this has included making examples of casual internet users who post on sensitive subjects.”
‘Inconsistencies and inaccuracies’
Zatko’s disclosure, which also raised concerns about undue foreign influence from Russia, India and Nigeria as well as lax security and noncompliance with regulatory directives, did not specify how Twitter’s practices allegedly risk exposing users’ identities and personal information.
Radim Dragomaca, a spokesperson for Whistle Blower Aid, which is representing Zatko, declined to elaborate on the allegations, citing “legal restrictions that only allow him to make lawful disclosures to the relevant authorities, so anything not already written in the disclosure cannot be added to or even analysed by him for the media”.
“The only way to do that would be if he were called to do so by those legal authorities, and it would be directly to them,” Dragomaca told Al Jazeera.
Twitter did not respond to Al Jazeera’s request for comment.
In statements to other media, the tech giant has described Zatko’s claims as “riddled with inconsistencies and inaccuracies and lacks important context,” and accused the ex-cybersecurity chief of “opportunistically seeking to inflict harm on Twitter, its customers, and its shareholders”. Twitter has also said that Zatko was fired for poor performance and leadership.
China’s embassy in Washington, DC, did not respond to a request for comment.
Some analysts have suggested the allegations could relate to Twitter’s advertising model.
Zach Edwards, a US-based independent cybersecurity researcher, speculated that users could be at risk through Custom Audiences, a tool that allows advertisers on the platform to review information about their target audiences.
In a series of tweets on Wednesday, Edwards suggested Chinese entities could potentially use the service to identify users if they had access to their email addresses or Android IDs.
When contacted by Al Jazeera, Edwards said he did not have time to comment on short notice, but he stood behind his comments online.
Other cybersecurity experts expressed scepticism that China would want or need to rely on Twitter to target its critics.
Lokman Tsui, a research fellow with the Citizen Lab at the University of Toronto, said Twitter had limited data on its users in China due to the use of VPNs and few commercial incentives to gather data as it is unable to sell ads in the country due to being banned.
“Third, and this is more of a pragmatic reason, the Chinese authorities don’t need to go to Twitter,” Tsui, who previously worked at Twitter but stressed he was speaking in a personal capacity, told Al Jazeera.
“There are other ways, much easier ways for them to find out who is accessing illegal content or whatever. Think of telcos, internet service providers, etc.”
“That’s not to say there’s no risk to doing business with China,” Tsui added. “Of course there is, but this specific claim seems overblown to me.”
Clearer details about Twitter’s operations in China could emerge in due course.
Multiple US agencies, including the Securities and Exchange Commission, the Federal Trade Commission and the Justice Department, are expected to investigate Zatko’s claims.
On Thursday, the chairs of the US House Committee on Homeland Security called on Twitter Chief Executive Parag Agrawal to address the “disturbing” allegations surrounding the social media platform, including the possibility the service has been used to target critics of authoritarian governments.
“If substantiated, the whistleblower allegations demonstrate a pattern of willful disregard for the personal data of Twitter users and the integrity of the platform,” Democratic members Bennie Thompson and Yvette Clarke said in a letter to the company.
Wang, the Human Rights Watch researcher, said Twitter should be more transparent about its operations in China.
“Twitter should make public any Chinese government inquiries or requests concerning user information,” she said.
“Twitter has taken actions against disinformation campaigns that were linked to the Chinese government, but often did so only after it was contacted by disinformation research bodies or victims of the disinformation campaigns. It should be more transparent about such campaigns and take proactive actions to protect China-based users and Chinese-language users.”
