Three Republican senators sent a letter to Meta’s chief executive on Wednesday asking him to respond to whistle-blower allegations over security flaws.
Three senior Republican lawmakers sent a letter to Meta’s chief executive, Mark Zuckerberg, on Wednesday demanding responses to whistle-blower allegations about security and privacy flaws on the messaging app WhatsApp.
In their letter, Senators Charles Grassley of Iowa, Josh Hawley of Missouri and Marsha Blackburn of Tennessee asked Mr. Zuckerberg to address whether Meta had violated a settlement with federal regulators by allowing major security vulnerabilities in the company’s messaging app without informing shareholders and the public of the risks.
The letter comes days after the former head of security for WhatsApp sued Meta, which owns the messaging app, claiming it had allowed thousands of employees to have access to the sensitive data of its three billion users.
“I’ve always fought for whistle-blowers in both the public and private sectors,” Mr. Grassley said in a statement. “The American public deserves to know what Meta has done to keep their personal data safe and secure, and I look forward to getting answers.”
Meta has pushed back on the whistle-blower’s allegations.
“These are a mixture of outdated, distorted and demonstrably false claims,” Andy Stone, a spokesman for Meta, said in a statement. “WhatsApp has internal systems that protect the limited information available from users and we constantly enhance them.”
Meta, which also owns Facebook and Instagram, has faced several whistle-blower allegations this week. On Tuesday, the Senate judiciary subcommittee on privacy, technology and the law held a hearing in which former Meta researchers testified that the company actively suppressed findings about children as young as age 10 being harassed and groomed on the company’s virtual reality platform.
In their letter, the senators also highlighted new whistle-blower documents submitted in the spring by a former Meta senior policy official, Sarah Wynn-Williams. This year, Ms. Wynn-Williams published a memoir, called “Careless People” about her time at Meta. The company won a legal victory to stop her from publicizing her book, the allegations of which it has vehemently denied.
The new documents, provided to Mr. Grassley’s office, detail Meta’s plans in 2017 to meet with Chinese communist officials to discuss artificial intelligence, the company’s virtual reality business and content moderation. The company planned to move forward with the meetings, despite the security and privacy risks associated with operating in the nation, according to the senators’ letter.
The senators also asked Mr. Zuckerberg to address and provide records related to a document from 2015, which describes Meta’s attempt to create a censored version of Facebook in China called “Project Aldrin.”
“I am very grateful the United States Senate continues to investigate,” Ms. Wynn-Williams said in a statement, adding that she wished she could say more. “I urge other tech employees and those who are thinking of whistle-blowing to share what they know.”
Mr. Stone said that Meta did not provide its services in China.
“It is no secret we were once interested in doing so as part of Facebook’s effort to connect the world,” he added, saying it was widely reported a decade ago. “We ultimately opted not to go through with the ideas we’d explored, which Mark Zuckerberg announced in 2019.”
The WhatsApp whistle-blower, Attaullah Baig, recently told Mr. Grassley’s office that the messaging app was at risk of a “large scale” hacking of data, according to the letter.
In 2020, Meta agreed to a $5 billion privacy settlement with the Federal Trade Commission for allowing the political consulting firm, Cambridge Analytica, to harvest users’ data without their permission. As part of the settlement, the company agreed to strengthen security and privacy for users, including minimizing the ability of employees to access user data.
Mr. Baig’s lawsuit claimed that he had warned leaders, including Mr. Zuckerberg, about a litany of security weaknesses and that thousands of employees had access to users’ locations, groups, contact lists, profile pictures and other sensitive information. He was then blocked from making any technical fixes, he said in his suit.
Mr. Baig, who is represented by the whistle-blower organization Psst.org, was fired in February.
In their letter, the lawmakers asked Mr. Zuckerberg to respond to Mr. Baig’s claims that the security risks had violated the F.T.C. settlement and whether there had been any attempts to hack U.S. consumer data from WhatsApp’s servers.
Mr. Stone, the Meta spokesman, noted that the figures Mr. Baig had provided to Mr. Grassley and were cited in the letter were inaccurate based on the company’s employment data.
“The former employee submitted a complaint with the Department of Labor, which it dismissed,” he added.