Senator Hawley Requests Twitter Clarify Employee’s Involvement in Cyberattack and New Questions About Moderation Practices

Friday, July 17, 2020

Today Senator Hawley sent a letter to Twitter CEO Jack Dorsey requesting he respond to reports that a Twitter employee was involved in Wednesday’s cyberattack and, if true, when Twitter became aware of this fact. Senator Hawley also asked Dorsey to explain screenshots seeming to indicate Twitter engages in “shadowbanning” users and whether these tools have ever been applied to an elected official.

Within an hour of Wednesday’s hacking incident, Senator Hawley had sent a letter to Dorsey calling for Twitter to immediately cooperate with federal law enforcement agencies to respond to secure the site.

Read the full letter here or below.

July 17, 2020

Jack Dorsey
Chief Executive Officer
355 Market Street, Suite 900
San Francisco, CA 94103

Dear Mr. Dorsey,

Shortly after I wrote to you about Wednesday’s breach of Twitter’s security, Twitter announced its detection of a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

Contrary to this account, press reports suggest that the employees in question may not have been mere victims. According to Vice, sources in the hacking community claim that the Twitter employee involved may have been paid to facilitate this breach.

These reports also indicate that screenshots of Twitter’s internal tools have been circulating within the hacking community. One such screenshot indicates that Twitter employs tools allowing it to append “Search Blacklist,” “Trends Blacklist,” “Bounced,” and “ReadOnly” flags to user accounts. Given your insistence in testimony to Congress that Twitter does not engage in politically biased “shadowbanning” and the public interest in Twitter’s moderation practices, it is notable that Twitter reportedly suspended user accounts sharing screenshots of this panel.

In addition to the questions I submitted earlier this week, please respond promptly to the following questions:

  • To your knowledge, did any Twitter employee voluntarily participate in or facilitate Wednesday’s incident?
  • If so, was Twitter aware of the possibility of the employee’s voluntary involvement at the time that it publicly claimed knowledge of a “coordinated social engineering attack by people who successfully targeted some of our employees?” 
  • Did you participate in discussions about the company’s public disclosures about this incident during which any participants considered downplaying Twitter employees’ complicity in this incident? Are you aware of any such conversations taking place, whether or not you were directly involved?
  • What steps does Twitter take to prevent any single employee from obtaining improper access to the accounts of its entire userbase? Has Twitter considered and decided against implementing more stringent access control measures in the past? If so, why?
  • Please define the terms “Search Blacklist,” “Trends Blacklist,” “Bounced,” and “ReadOnly.” Please also explain, for each term, whether such flags on user accounts affect the visibility of tweets within users’ timelines.
  • Does Twitter indicate to users affected by these flags or other similar measures that reduce user reach that their accounts or tweets have been flagged in such a manner? If not, why not?
  • Have any of these flags, or other flags with similar functions limiting the visibility of user tweets, ever been applied to the account or tweets of President Trump or other U.S. elected officials? If so, please include a record of each such flag. 
  • Please explain the rules that Twitter uses to implement such flags on user accounts and tweets and the process by which Twitter ensures that such implementation is not conducted in a politically biased manner. As you no doubt recall, you have testified to Congress that “We believe strongly in being impartial, and we strive to enforce our rules impartially. We do not shadowban anyone based on political ideology.” This statement indicates that your use of these internal systems is governed by “rules” rather than mere discretion.
  • I understand that Twitter removed some screenshots of these internal systems Wednesday because they included private user information. Did Twitter remove any screenshots that had been redacted to remove such information or ban any accounts sharing such screenshots? If so, given the public interest in this matter, why did Twitter take such action? Was any consideration given in making such a decision to the possibility that such screenshots would subject Twitter’s content moderation practices to greater scrutiny?


Josh Hawley
United States Senator