Is the private sector gaming social-media policies to silence security researchers, critics?

22 April 2021
Between 27 and 31 March, Twitter locked three accounts that deal with cyber-security issues and regularly post information about data breaches. These accounts belong to the Free Software Movement of India, Rajshekhar Rajaharia and Robert Baptiste, who goes by the name Elliot Alderson on Twitter. Rajaharia and Baptiste had tweeted about a data breach at MobiKwik, a digital wallet, while FSMI has posted about a leak at Big Basket, on online grocery store. Rajaharia and Baptiste’s accounts were restored within 12 hours, but FSMI was locked out of it’s account for almost 17 days.
Between 27 and 31 March, Twitter locked three accounts that deal with cyber-security issues and regularly post information about data breaches. These accounts belong to the Free Software Movement of India, Rajshekhar Rajaharia and Robert Baptiste, who goes by the name Elliot Alderson on Twitter. Rajaharia and Baptiste had tweeted about a data breach at MobiKwik, a digital wallet, while FSMI has posted about a leak at Big Basket, on online grocery store. Rajaharia and Baptiste’s accounts were restored within 12 hours, but FSMI was locked out of it’s account for almost 17 days.

On 13 April, the Free Software Movement of India, a coalition of organisations promoting the adoption of free software, was allowed access to its Twitter account, almost 17 days after the social-media platform locked it out. Twitter had locked the account of FSMI on 27 March, for a tweet that referred to a data breach of customers’ details at Big Basket, an online grocery store. On 30 March, Robert Baptiste, a France-based cyber-security expert, who goes by the name Elliot Alderson on Twitter, too, was locked out of his account for a tweet referring to a data breach at Mobikwik, a digital payments platform. The next day, another cyber-security researcher Rajshekhar Rajaharia faced similar action by Twitter for a tweet regarding the MobiKwik breach, which affected the personal data of almost ten crore users. This was the second time in a month that Rajaharia had been locked out of his account for tweets on MobiKwik. In each instance, Twitter told the accounts that their tweets violated its rules against “posting private information.” 

Baptiste and Rajaharia’s accounts were restored in less than 12 hours—both of them deleted their respective tweets. Rajaharia shared a screenshot which showed that his account was locked for 12 hours for violating Twitter’s private-information policy, but he told me his account was reinstated after about four hours. FSMI, which was locked out of its account for a tweet dated 12 December 2020, chose not to delete the post and Twitter later took down the tweet. Strangely, another tweet by FSMI, from 11 November, which refers to the same content, remained visible on the account. 

In each case, it was unclear how the tweets on data breaches violated the rules against “posting private information,” and if Twitter took action on its own, or whether some other individual or organisation reported these accounts. In an email response to The Caravan on 31 March, Twitter did not answer specific questions on who reported FSMI’s account and only said, “The referenced account was correctly actioned for violating the Private information policy.” However, on 13 April, Twitter sent an email to FSMI, informing them that their account had been restored and admitted that “After reviewing your account, it looks like we made an error.”

Amrita Singh is an assistant editor at The Caravan.

Keywords: twitter
COMMENT