A former Twitter security director has provided documents accusing the company of “serious shortcomings” related to privacy, security, and content moderation.
Mr. Peiter Zatko, the whistleblower against Twitter
A complaint has been submitted to the U.S. Securities and Exchange Commission, the Federal Trade Commission, and the Department of Justice.
This complaint was filed by the non-profit law firm Whistleblower Aid, representing former Twitter security director Mr. Peiter Zatko. Whistleblower Aid previously represented Facebook whistleblower Frances Haugen.
In the complaint sent to the Securities and Exchange Commission, Zatko alleges that he “witnessed senior executives engaging in deceptive and/or misleading communications affecting Board members, users, and shareholders” numerous times in 2021, including CEO Parag Agrawal requesting Zatko to provide misleading and deceptive materials.
This news has also been reported by The Washington Post and CNN.
Zatko alleges that Twitter failed to accurately present four critical issues to the Board: outdated software lacking basic security measures, “general issues” regarding who can access or control systems and data, problematic internal processes, and “the volume and frequency of security incidents affecting a vast amount of user data, which is indeed staggering.”
Zatko also claims that more than half of Twitter’s 500,000 servers are running outdated software and over a quarter of employee computers have disabled software updates that could provide important security patches.
He stated that Twitter’s broad access granted to employees for systems and data is unprecedented for a company of Twitter’s significance.
If government regulators find that Twitter deceived consumers about its security protocols, Twitter could be deemed to have violated its 2011 agreement with the Federal Trade Commission.
At that time, Twitter was banned for 20 years from misleading consumers about how the company protects the security and personal information of users. The agreement also required Twitter to create and maintain a comprehensive information security program to be audited by an independent auditor for 10 years.
A spokesperson for the Senate Intelligence Committee stated in a statement that the panel has also received the complaint and is in the process of scheduling a meeting to discuss the allegations further: “We take this matter very seriously.”
Mr. Peiter Zatko’s complaint also mentions Twitter’s misrepresentation of billionaire Elon Musk, who is caught in a legal battle. Musk is seeking to withdraw from the acquisition deal of Twitter, as he “doubts the accuracy of Twitter’s claim that only ‘less than 5% of accounts are bots or automated spam accounts.'”
A lawyer representing Zatko stated that Zatko has no connection to Musk, and Zatko’s complaint is objective.
Elon Musk’s lawyer, Alex Spiro of Quinn Emanuel, told CNBC: “We have issued a subpoena for Mr. Zatko. We believe he and other key staff can help clarify Twitter’s issues.”
Musk and Twitter will meet in court in October, where Judge Kathaleen McCormick of the Delaware Court of Chancery will determine whether Musk is required to complete the acquisition of Twitter.
Twitter CEO – Agrawal lied
Parag Agrawal – the CEO of Twitter and his wife Vineeta Agarwal, walking to a morning session at the Allen & Company Sun Valley Conference on July 7, 2022, in Sun Valley, Idaho (photo: Getty Images)
Zatko alleges that a tweet from CEO Agrawal on May 16 stating that the company “is strongly encouraged to detect and remove as much spam as possible, every day” was actually a lie. He claimed that Twitter executives were not encouraged to detect bots and “senior management did not want to accurately measure the prevalence of bot accounts,”
because if accurate measurements were made public, it would damage the company’s image and value.
Zatko further alleged that the company lacked proper security controls. According to The Washington Post, about 7,000 Twitter employees have “broad access to the company’s internal software and that access is not closely monitored.”
In a memo sent to employees, shared by CNN reporter Donie O’Sullivan on Twitter, CEO Agrawal described Zatko as “a former Twitter security director who was terminated in January 2022 for ineffective leadership and poor performance.”
“We are reviewing the published statements, but what we have seen so far is a false, contradictory, inaccurate story, presented without important context,” Agrawal wrote.
“With the attention on Twitter at this time, we can assume that we will continue to see more headlines in the coming days – which will only make our job more difficult,” Agrawal said. “We will pursue every avenue to protect our integrity as a company.”