On July 21, Twitter finally took action to secure its platform from abuse: it banned 7,000 partisans of the right-wing conspiracy group QAnon and limited the accounts of 150,000 others for “behavior that has the potential to lead to offline harm.”
While certainly welcome, Twitter’s actions are a classic case of too little, too late. QAnon is but the most public example of online abuse. There are unfortunately scores of others that pose a very real threat to the lives and livelihoods of its users.
A blatant example is that of Guardian reporter Owen Jones, who was physically assaulted after a Twitter attack orchestrated against him by Countdown’s Rachel Riley. Despite Twitter’s belated moves to prevent “offline harm,” there is absolutely no reason to believe that these outrages will end
The real scandal is that Twitter has yet to address the fundamental failures that allow Individuals, private groups and even sovereign states to exploit its systems and attack its users.
Lax oversight of Twitter employees and faulty internal security protocols resulted in the July 15 hack of the accounts of such high-profile users as Jeff Bezos, Joe Biden and Elon Musk. According to press reports, a Twitter insider was paid to provide the hackers with access to the targeted accounts. In another case, a Twitter employee simply deactivated the account of President Trump in 2017.
Sources working at Twitter have said that there are over 1,500 employees who have the access required to hand control of account holder information to other people. They add that Twitter’s oversight of these workers has been an issue “recurring concern.”
Of greater concern is the systematic exploitation of Twitter by state actors for the purpose of silencing dissent. In 2019, the Department of Justice charged three individuals — including two former Twitter employees — with acting as illegal agents of Saudi Arabia.
According to the indictment: “These individuals are charged with targeting and obtaining private data from dissidents and known critics, under the direction and control of the government of Saudi Arabia. By using their employee credentials, they gained unauthorized access to the phone numbers and addresses of account holders and shared that information with representatives of the government of Saudi Arabia.”
One of these account holders is Ali Al-Ahmed, a Saudi human rights activist who had been granted political asylum in the United States. Before Twitter closed his Arabic-language account, Al-Ahmed had 36,000 followers in Saudi Arabia, who relied on his posts for news and information on issues such as false imprisonment, torture, gender violence, religious intolerance and state-sponsored Islamic extremism by the government of Saudi Arabia.
After Twitter provided the Saudi regime with the names and private messages of his followers, many of them have either disappeared or been arrested. Al-Ahmed is now suing Twitter for breach of contract and invasion of privacy.
Whether wittingly or unwittingly, Twitter has become a tool of choice for repression by autocratic regimes. Saudi security agencies and troll farms have been using Twitter for years to harass critics and perceived enemies of the state. In London, two other prominent Saudi dissidents have been the victims of violent physical attacks following state-sponsored Twitter campaigns against them.
Whether these attacks are politically or financially motivated, the fact is that they are wrong and illegal. More to the point, they have real-life consequences that Twitter seems either unwilling or unable to prevent.
Based on my experience with complex government communications networks, dysfunctional organizations inevitably offer the means of exploitation by individuals and governments wishing to do others harm. There are a number of steps that Twitter should take to address its continuing failures.
For starters, employee background checks and periodic supervisor checks, which are standard practice in the U.S. government’s intelligence agencies and Cyber Command, should be broadly implemented throughout the Twitter organization.
In addition, the company clearly needs more specialists tasked with actively looking for indications of illegal activity.
While Twitter’s senior management have acknowledged that they are now looking for a new security chief, skeptics have reason to doubt the company’s abiding commitment to protecting the privacy of its users.
According to Bloomberg: “Concerns over insider access to Twitter accounts were brought to Twitter’s board of directors almost annually during a period from 2015 to 2019, only to be deferred for other priorities including other cybersecurity programs…”
It is no secret that oppressive regimes will use every means at their disposal to monitor and silence their critics. Social media forums such as Twitter, Facebook and blog sites offer instant communications to the world that did not exist a generation ago.
Responsibilities of the provider do not end with delivering customers the means to communicate. Providers must defend customers from exploitation and attack, and in this respect, Twitter has failed miserably.
Freedom of speech does not include shutting down the same freedom of another. Nor does it include generating lies and unfounded slander with the intent to cause harm to another. As Supreme Court Justice Oliver Wendell Holmes, Jr. pointed out, the First Amendment does not include falsely yelling fire in a crowded theater.
Retired Colonel Wes Martin served as Chief of Information Operations for Headquarters, Department of Army and for U.S. Forces, in Korea.