[j-c-hewitt]

Why would a serious government not walk through the open door and take what they needed while their agents collect two salaries? It's just a win-win for foreign intelligence. They would be negligent in their duties to NOT infiltrate US companies with open doors and permissive, trusting internal policies about user data.

Then the company can do the liability minimization dance when the FBI comes and points out that they are running a cheap data service for foreign spies. "We, uh, had no idea..."

[meowface]

Absolutely. It's their job to do this.

But what should large tech companies do? Avoid hiring people from certain countries/heritages? Obviously that's not fair and not a good look. Same for putting extra monitoring on them. This is independent of Twitter apparently trying to downplay this and cover it up, which of course is wrong. It just seems like preventing this is really tough unless you state "we won't hire anyone who's lived in, was born in, or whose parents are from China, Iran, Saudi Arabia, or Russia", which is untenable.

[mc32]

Instead of targeted monitoring monitor everyone who has certain level of access regardless of origin? It's not like it's not scalable, obviously they are capable of widescale automation.

[meowface]

It's really not that easy to monitor for every possible violation/exfiltration, especially at that scale. Of course those need to be monitored for, but they're never perfect. NSA obviously had mechanisms to detect this, but it didn't work for Snowden.

They likely have already had such monitoring in place for years, and are probably augmenting it now. It just didn't work.