Senators are poised to push for new legislation on social media security and data protections following a high-profile hearing exposing various alleged security flaws at Twitter Inc.

Following up on his whistleblower report detailing previously undisclosed national security and privacy vulnerabilities at Twitter, former Twitter security lead Peiter "Mudge" Zatko testified to the Senate Judiciary Committee on Sept. 13. Zatko said Twitter leadership is misleading the public, and the company is more than a decade behind on security standards.

Sen. Chuck Grassley, R-Iowa, the committee's ranking member, applauded Zatko's willingness to come forward to regulators and Congress. The disclosures paint a "very disturbing picture" of a company focused on profit at any expense, including the safety and security of its users, Grassley said in opening remarks.

Democrats shared Grassley's concerns, with Sen. Dick Durbin, D-Ill., calling Twitter an "immensely powerful platform." Durbin chairs the Senate Judiciary committee.

Twitter did not immediately respond to a request for comment. The company previously said the whistleblower's claims were "riddled with inconsistencies and inaccuracies."

Lack of logging

Zatko said Twitter is managed by risks and crises, alleging a hypothetical case where at least half the employees at the company could access the data of lawmakers present in the hearing room.

Specifically, the lack of logging activity from Twitter's engineers poses a major issue for tracking security breaches, Zatko said. Logging is the practice of creating a record of application changes to platform features, often used to note performance updates or issues.

The failure to log security breach attempts poses a major concern when it comes to foreign interference, Zatko said.

Questions were raised about whether Twitter knowingly employed foreign agents. Zatko's whistleblower report detailed agents based in Saudi Arabia and India that were being paid by Twitter. Grassley, at the hearing, said Twitter had at least one Chinese agent on the payroll.

"I learned that there were thousands of failed attempts to access internal systems" on a weekly basis and that no one was noticing, Zatko said, adding that the data Twitter has on people ranges from device type, email address, web browser, the computer used, language and other affiliations.

Legislation, oversight to come

Zatko encouraged senators to pass legislation to strengthen the Federal Trade Commission. Specifically, Zatko called for a standardized whistleblower protection program to be installed in the agency and related federal regulators.

"They're not able to see which tools in their toolbelt are working," Zatko said of consumer protection regulators.

Many policymakers and stakeholders have long called for additional funding to be directed to the FTC. The agency is principally responsible for various proposals that would spur competition and protect consumers in the digital landscape, but decisions on whether to direct additional funding to the agency have been overshadowed by opponents of FTC's antitrust agenda.

In regards to Congress, Sen. Amy Klobuchar, D-Minn., said the testimony underlines the need for federal privacy legislation and tech competition legislation. The American Privacy and Data Protection Act would create protections that block discriminatory use of Americans' data and require platforms to minimize the amount of user data collected for their products and services to function. The American Innovation and Choice Online Act aims to stop big tech firms from engaging in anticompetitive practices online. Neither bill has yet to reach President Joe Biden's desk.

Sen. Marsha Blackburn, R-Tenn., agreed that the testimony heightens the need for strong privacy protections for American consumers.

Sen. Richard Blumenthal, D-Conn., suggested the creation of a digital protection agency to address concerns unearthed in Zatko's testimony. The idea has also been floated by various tech executives.

Even without new legislation, Zatko said Twitter's executive team must acknowledge the company's flaws. Zatko believes that a total management restructuring will be necessary to enact changes at the company.

The Musk connection

Tesla Inc. CEO Elon Musk is fighting in court to exit his planned purchase of Twitter for $44 billion.

Lawyers representing Musk have already subpoenaed Zatko's representatives and are expected to use the alleged Twitter security vulnerabilities as evidence that Twitter management misrepresented the health of the company as part of the sale to Musk.

Musk filed to terminate his agreement to purchase Twitter with the U.S. Securities and Exchange Commission on July 8. Twitter, in a counter filing with the SEC on July 11, said Musk's termination was "invalid and wrongful," as the company did not breach any of its obligations.

Twitter shareholders approved Musk's deal to purchase Twitter at the original $44 billion price tag shortly after the hearing concluded.