Even as lawmakers criticized Twitter for its alleged missteps, they also reserved some ire for the federal agencies charged with keeping Twitter accountable. Durbin and Grassley both highlighted what they viewed as a lack of enforcement.
"I’m concerned that for almost ten years the Federal Trade Commission didn’t know or didn’t take strongly enough action to ensure Twitter complied with the consent decree,” Grassley said. "This is a consent decree that was intended to protect twitter users' personal information.”
As part of his testimony, Zatko said federal agencies like the FTC are under-resourced and at a disadvantage compared to powerful tech platforms.
Zatko also said that Twitter was not afraid of the FTC as much as it was afraid of foreign regulators, such as France’s data protection authority, CNIL.
That’s because where Twitter expected US regulators to impose only one-time fines or penalties in response to any legal violations by the company, Twitter feared the prospect of foreign regulators imposing ongoing penalties or restrictions on its business going forward.
"One-time fines are priced in," he explained.