As The Washington Post reports, chatter in the cybersecurity community largely focused on the Tesla CEO’s plans for direct messages on the social media platform. Currently, DMs on Twitter don’t use end-to-end encryption, though their contents tend to be highly private. The lack of encryption means that various countries may require them to be handed over with the proper warrant. Others worried that Musk, for whom Twitter is a hobby alongside Tesla and the other firm he runs as CEO, SpaceX, might publish DMs on a whim.
Patrick Howell O’Neill, senior editor at MIT Technology Review, noted “the considerable obstacles that Twitter would face in making DMs secure.” O’Neill added, “It’s a difficult problem without easy solutions that cover everyone.”
Sen. Ron Wyden (D-Ore.) bemoaned the lack of either encryption for DMs or a tougher U.S. privacy law. “The protection of Americans’ privacy must be a condition of any sale," he tweeted.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, echoed the call for encrypted DMs. “I bet there are plenty of people who are going through their DMs and deleting things,” she wrote. Runa Sandvik, who works on digital security for journalists, indicated that Twitter ought to be able to figure out how to secure DMs.
Musk also vowed to make Twitter’s algorithms public. Matt Tait, former chief operating officer of Corellium, suggested this plan might not raise serious cybersecurity concerns. “Adds a few minor risks, perhaps, but the key systems that matter for cybersecurity risk are likely to be supporting systems, corporate systems, and database state that won't be shared," he tweeted.
Musk said that an additional goal was “authenticating all humans.” Ron Bradley, vice president of Shared Assessments, noted that “the human element [is] the weakest link in the cybersecurity chain” and praised this aim. “This change can’t come soon enough and will greatly impact spam bots and other modes of false information," he said, speaking to Channel Futures.
Musk’s Twitter purchase also came on the heels of European Union institutions’ announcement of a deal on the Digital Services Act, a new law that will impose a heavier burden on tech companies. As PYMNTS.com notes, the jury is still out on whether Musk will help or hinder Twitter in complying with the DSA’s requirements, including annual risk assessments and protecting minors.
Twitter has already been a victim of a major cyberattack. In 2020, it suffered a data breach orchestrated by a 17-year-old hacker.