Expert says ‘Twitter spies’ committed espionage but broke no federal privacy laws, because there are none | News | Notre Dame News | University of Notre Dame Skip To Content Skip To Navigation Skip To Search University of Notre Dame Notre Dame News Experts ND in the News Subscribe About Us Home Contact Search Menu Home › News › Expert says ‘Twitter spies’ committed espionage but broke no federal privacy laws, because there are none Expert says ‘Twitter spies’ committed espionage but broke no federal privacy laws, because there are none Published: November 07, 2019 Author: Shannon Roddel ND Experts Michael Chapple Teaching Professor, Academic Director of the Master of Science in Business Analytics Mike Chapple Federal prosecutors Wednesday (Nov. 6) charged two former Twitter employees — a Saudi national and a U.S. citizen — with spying on behalf of Saudi Arabia. The Justice Department alleges the individuals used their access at the social media giant to gather sensitive and nonpublic information on dissidents of the Saudi regime. Cybersecurity and privacy expert Mike Chapple, associate teaching professor of information technology, analytics and operations at the University of Notre Dame’s Mendoza College of Business, says Twitter failed to live up to industry-standard cybersecurity practices. “Both of the accused accessed information about private individuals that they had no legitimate need to view as part of their job responsibilities,” says Chapple, a former computer scientist with the National Security Agency. “One of the two employees worked as a site reliability engineer responsible for keeping the Twitter platform up and running. His job did not involve accessing individual user accounts, yet he managed to access the personal information of over 6,000 individuals of interest to the Saudi government, apparently without drawing any attention from Twitter’s cybersecurity team.” Chapple notes this was a significant violation of the principle of least privilege, a long-standing security paradigm stating that any employee should only have the minimum level of access necessary to carry out their job function. “If Twitter had implemented this principle,” he says, “the misappropriation of information would not have been possible.” The case also underscores the interest that foreign governments have in obtaining information from American technology companies.  “The global nature of social media makes user data an attractive target for foreign intelligence agencies,” Chapple says. “The information maintained by these companies goes far beyond the posts users make on their accounts and also includes sensitive personal details, such as telephone numbers, IP addresses and even precise geolocation information. Social media companies must understand the sensitivity of this information and restrict access to the smallest possible number of employees. Failing to do so puts the privacy, and even the physical safety, of social media users at risk." Chapple says the individuals did not break any federal privacy laws, because there are none. He has long recommended the U.S. implement comprehensive privacy laws as the European Union did in 2018 with its General Data Protection Regulation (GDPR). Chapple stated in a recent CNN op-ed urging regulation, “That law applies to broad categories of personal information across all industries and offers individuals some basic protections. It requires that companies obtain consent before collecting personal information, disclose how they will use the information they do collect, and provide a mechanism for consumers to request the deletion of their personal information from corporate files. GDPR also requires that companies promptly disclose data breaches to regulators and affected individuals.” Contact: Mike Chapple, 574-631-5863, mchapple@nd.edu Posted In: Faculty and Staff Home Experts ND in the News Subscribe About Us Related October 04, 2022 NIH awards $4 million grant to psychologists researching suicide prevention September 09, 2022 Karrie Koesel to testify before Congressional-Executive Commission on China August 18, 2022 Two faculty win NEH grants to research history of red hair, philosophy of revelation August 16, 2022 NSF names Center for Computer-Assisted Synthesis a Phase II Center for Chemical Innovation August 15, 2022 Notre Dame President Rev. John I. Jenkins, C.S.C., on Russian atrocities against clergy in Ukraine For the Media Contact Office of Public Affairs and Communications Notre Dame News 500 Grace Hall Notre Dame, IN 46556 USA Facebook Twitter Instagram YouTube Pinterest © 2022 University of Notre Dame Search Mobile App News Events Visit Accessibility Facebook Twitter Instagram YouTube LinkedIn