Twitter's whistleblower problem is much bigger than Elon Musk's bot complaints

Twitter’s whistleblower problem is much bigger than Elon Musk’s bot complaints

When Peiter Zatko, the famous hacker best known as Mudge, was given the job of head of security at Twitter in November 2020, internet archivist Jason Scott he tweeted“You have my full support to leave after setting the place on fire.

Zaťko may have done just that, if not exactly in that order. A few months after being fired by CEO Parag Agrawal, Zaťko blew the whistle on the company, telling the Securities and Exchange Commission (SEC) that Twitter had done essentially nothing to improve its terrible security — the reason for Zaťko’s employment in the first place — and that the company has a pattern of lying or deceiving the government, investors and Elon Musk.

Twitter did not address specifics of Zaťko’s allegations in a statement to Recode, but said in general that they were not accurate and that Zaťko was a disgruntled former employee whose timing is “opportunistic.”

“Mr. Zaťko was fired from his leadership role at Twitter in January 2022 due to ineffective leadership and poor performance,” a Twitter spokesperson said. “What we have seen so far is a false narrative about Twitter and our privacy and data security practices , which is full of inconsistencies and inaccuracies and lacks important context.”

Musk’s claims might get the most attention, given the eccentric billionaire’s high profile and ongoing controversy over his attempt to buy (and then not buy) Twitter. They are placed fairly high in the SEC’s complaint, which was leaked to the Washington Post and CNN on Tuesday, and some of the claims that Zatko directly deal with the allegations that Musk made to try to get out of his $44 billion deal. Musk said that fake accounts, or spam bots, are a much larger part of Twitter’s user base than the company claimed, and therefore Twitter is not worth what it originally agreed to pay for it. Twitter disagrees, saying Musk is trying to find a reason to back out of the deal. The company sued Musk to force the company to acquire him. That trial is scheduled to begin on October 17.

But these claims may be the least of Twitter’s leak concerns. Zaťko portrays Twitter as a company that lacks the motivation and ability to protect its users and itself from security breaches while deceiving investors and government agencies.

Here are some of the allegations Twitter should be more concerned about than what Agrawal is tweeting about bot accounts.

Allegation that Twitter defrauded the Federal Trade Commission

Zaťko alleges that Twitter violated a 2011 FTC consent order requiring the company to implement certain security protocols. Zaťko says Twitter has never been in compliance with this regulation and probably never will be. They argue that this put the company (and its users’ data) at risk of security beaches like the one in 2020 that prompted Zaťka’s hiring.

The FTC is reportedly looking into these claims, and things could get very expensive for Twitter if they turn out to be true — just look at Facebook’s unprecedented $5 billion payout for violating the FTC’s consent order. Twitter would also become a repeat offender; the company recently agreed to pay $150 million to request information about users for security purposes and then use it to target ads to them. The FTC will not look kindly on this.

Claims that foreign government agents were working for Twitter and had access to user information — and Twitter knew it

One of Zatka’s more alarming revelations is that Twitter employed agents of the Indian government, meaning they would have had extensive access to data because the company had not taken basic precautions to limit that access for many employees. The complaint says Twitter executives knew too many employees had access to too much and that Indian government agents were working for the company, but did nothing in response. It also says the US government said on Twitter that at least one of its employees was working on behalf of a foreign intelligence agency not named in the complaint.

If true, it wouldn’t be the first time Twitter has been infiltrated by people working for a foreign government, presumably to gather information about dissidents or rivals. A Saudi national was recently convicted of infiltrating Twitter to spy on users critical of the Saudi government, for which he was paid by an adviser to Crown Prince Mohammed bin Salman. Another former Twitter employee accused of spying for Saudi Arabia fled the country before he could be arrested.

Allegation that Jack Dorsey quit and was replaced by the worst CEO ever

This may not come as a surprise to anyone who has watched the company’s founder and then-CEO’s laconic appearances before Congress over the past few years, but Zatko says Dorsey was mostly absent from Twitter when Zatko was there. Dorsey was “experiencing a drastic loss of focus in 2021,” the complaint says, attending only a few meetings and barely attending the ones he showed up for. Zatko says it made his job more difficult and that he had no support in the “Herculean effort” to fix Twitter. Dorsey was reportedly working from a private island in French Polynesia when the decision was made to ban President Trump from the platform. He retired from Twitter at the end of 2021.

Agrawal is now the CEO of Twitter and seemingly the object of Zatka’s wrath. The complaint repeatedly and frequently accuses Agrawal of failing to improve Twitter’s security and privacy, trying to hide Twitter’s problems from investors and the board, and failing to provide Zatko with the support and resources Zatko felt he needed to do the job he was hired to do. Although Dorsey was CEO for most of Zatko’s tenure at Twitter, he got off easy on the report. This may not protect him from any fallout from this leak.

Claims that Twitter has long failed to follow basic security practices

In the full complaint, Zaťko says the company refused to implement some basic security measures, even though it counted among its users some of the most powerful and important people in the world. That led, Zatko claims, to security breaches, including the one that led to his hiring: The teenager was able to gain access to some of the most famous accounts on the platform and then use them to tweet bitcoin scams, ultimately stealing $120,000. value of cryptocurrency from victims. This hacker gained access by getting Twitter employees to give up their passwords, showing how lax Twitter apparently was in restricting and controlling access to high-profile accounts.

Unsurprisingly, this claim has so far attracted most of the attention of members of Congress, most if not all of whom are Twitter users themselves. According to the Washington Post, some lawmakers have already met with Zaťek or plan to in the near future. Expect Zatko to testify before committees, much like Facebook whistleblower Frances Haugen did after her revelations (both Zatko and Haugen used Whistleblower Aid, a nonprofit legal aid firm, to facilitate their complaints and represent them). It’s unclear what lawmakers can do beyond sending angry letters or holding committee hearings because Congress has failed to pass federal privacy laws. On the other hand, the SEC and FTC may already be preparing their charges against Twitter for allegedly misleading shareholders and consumers.

As for Musk, he responded to the news with several tweets, including one illustration of Jiminy Cricket singing “Give a Little Whistle”. Pinocchio; screenshot from a Washington Post article saying Twitter had internal spam and bot numbers it didn’t share with investors; and several tweets with a stand-alone emoji, including a monocle face and crying smiley face.

Musk’s lawyer told the Washington Post that Zaťko has already been subpoenaed to court with Musk and Twitter.

Musk’s joy may be premature. If he loses his fight and is forced to buy Twitter, he won’t just get a company that’s already worth far less than the price he agreed to pay for it. He also gets a company that, if Zaťko’s allegations are true, is riddled with internal and external problems that someone will have to fix — and be held accountable for.


#Twitters #whistleblower #problem #bigger #Elon #Musks #bot #complaints

Leave a Comment

Your email address will not be published.