In whistleblower testimony that could affect the legal battle over Elon Musk’s buyout bid, Twitter’s former security chief claimed that the company misled users and US regulators about “extreme, egregious” gaps in its online protections.
An important part of Musk’s case for trying to cancel his $44 billion deal to own the platform is a complaint filed by Peiter Zatko and published by US media on Tuesday, in which he accuses Twitter of significantly underestimating the number of fake and spam accounts.
Zatko has accused Twitter of “negligence, willful ignorance, and threats to national security and democracy” in a filing to authorities including the Securities and Exchange Commission.
Twitter claims the employee was terminated for poor performance, but the former employee is warning of outdated servers, hackable software, and executives who want to keep the number of hacking attempts hidden from US authorities and the company’s board of directors.
According to the filing, “Mudge,” a former hacker-turned-executive, claims that expanding Twitter’s user base takes precedence over reducing the platform’s spam and bot activity.
Because “if accurate measurements ever became public, it would harm the image and valuation of the company,” Zatko claims that the platform and CEO Parag Agrawal have been providing misleading information about user accounts.
In his complaint, he claims that the true scale of spam bots is unknown because Twitter counts users based on the number who can be reached by advertising rather than the actual number of accounts.
In a retaliatory tweet, Twitter claimed that Zatko had been let go in January due to “ineffective leadership and poor performance.”
The company issued a statement saying, “What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lack important context.”
The statement went on to say that the allegations were made at an “opportunistic time” in order to “capture attention and inflict harm on Twitter, its customers, and its shareholders.”
The filing was redacted and dated July 6, nearly a week before Twitter sued Musk to get him to complete the buyout deal. That case will go to trial in mid-October.
Zatko’s legal team called the characterizations of his work and departure from Twitter as “false”, noting he was fired after clashing with the new CEO Agrawal.
The legal dispute between Twitter and Tesla’s CEO Musk centres on the issue of fake accounts.
On Tuesday, the billionaire tweeted, “spam prevalence *was* shared with the board, but the board chose not to disclose that to the public…” He has long claimed that the company is understating the number of bot accounts on its platform.
According to Twitter’s lawsuit, it’s too late for Musk to use the bot argument to get out of his buyout agreement and avoid paying severance.
According to CNN’s reporting, Zatko has not communicated with Musk and initiated the whistleblower process before there was evidence of the billionaire’s engagement with Twitter.
Musk’s attorney, Alex Spiro, told AFP, “We have already issued a subpoena for Mr. Zatko, and we found his exit and that of other important workers odd in light of what we have been seeing.”
After a big attack in late 2020 damaged the accounts of prominent users like Joe Biden, Barack Obama, reality TV star Kim Kardashian, and Tesla CEO Elon Musk, Twitter founder and former boss Jack Dorsey recruited Zatko to fix the problem.
Zatko has worked in executive capacities at Google, payments processing company Stripe, and the Defense Advanced Research Projects Agency (DARPA) prior to joining Twitter.
US lawmakers have already expressed concern over Zatko’s filing and promised to investigate the allegations made therein.
Senator Dick Durbin issued a statement saying, “If these claims are accurate, they may show dangerous data privacy and security risks for Twitter users around the world.”
