By Tom Ozimek
Congressional lawmakers are probing allegations made by Twitter’s former chief of security in an explosive whistleblower complaint that includes claims of deception around data security and privacy and misleading tech entrepreneur Elon Musk about the number of bots on the platform.
Peiter Zatko, the whistleblower who served as Twitter’s head of security for around 14 months before being fired earlier this year, alleged in a disclosure obtained by The Epoch Times that Twitter’s security and privacy systems were grossly inadequate and that the company misled regulators, investors, and Musk about fake “spam” bots on the platform.
While Twitter CEO Parag Agrawal has called Zatko’s claims a “false narrative,” U.S. lawmakers seem determined to make up their own minds and are investigating.
Sen. Dick Durbin (D-Ill.), chair of the Senate Judiciary Committee, said in a statement that he is looking into Zatko’s allegations.
“The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns,” Durbin said.
“As chair of the Senate Judiciary Committee, I will continue investigating this issue and take further steps as needed to get to the bottom of these alarming allegations,” he said, adding that if the whistleblower’s claims are accurate, there may be “dangerous” risks for Twitter users in terms of data privacy and security.
Sen. Ed Markey (D-Mass.) sent a letter (pdf) to the Federal Trade Commission (FTC) and the Department of Justice expressing “significant concerns” about the whistleblower’s allegations.
“According to Peiter Zatko, Twitter’s former head of security, Twitter has systematically and repeatedly failed to take basic security measures to protect its user data and has misled investors, regulators, and the public about the strength of its security systems,” Markey said in a statement.
Markey added that Zatko’s allegations suggest Twitter has again “flagrantly violated” its consent decree with the FTC just months after the company agreed to pay a $150 million penalty for failing to keep Twitter users’ data secure.
“I strongly urge the federal government to investigate Zatko’s claims and, if necessary, take strong and swift action against Twitter to ensure Twitter user data is properly protected,” the senator wrote.
Rep. Frank Pallone (D-N.J.), who chairs the House Energy and Commerce Committee, said in a statement that he was “carefully reviewing this whistleblower disclosure and assessing next steps.”
“These allegations are alarming and reaffirm the need to pass my comprehensive privacy legislation to protect Americans’ online data,” Pallone added, referring to the American Data Privacy and Protection Act that he co-sponsored.
Several other lawmakers have issued similar statements.
The Epoch Times reached out to Twitter with a request for comment on Zatko’s claims but received no response.
Twitter spokesperson Anna Hughes was cited by The Washington Post as saying that Zatko’s complaint seems to contain “inconsistencies and inaccuracies” and takes things out of context.
“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” she said, according to the outlet.
In a similar vein, Twitter’s CEO also pushed back on Zatko’s claims, reportedly writing in a message to staff that was shared on social media by CNN’s Donie O’Sullivan that the whistleblower’s complaint appears to be a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.”
“We will pursue all paths to defend our integrity as a company and set the record straight,” he added.
Key Takeaways from Whistleblower Complaint
Zatko claims that, despite Twitter agreeing in its settlement with the FTC to put in place stronger data security protections, the situation over time actually became worse.
His complaint alleges that Twitter’s internal systems let far too many employees access users’ personal data that they didn’t need for their jobs, opening the door to potential abuse.
Experts who were deeply familiar with Twitter’s problems with the FTC told Zatko “unequivocally that Twitter had never been in compliance with the 2011 FTC Consent Order, and was not on track to ever achieve full compliance,” the complaint reads.
Zatko’s disclosure also claims that Twitter had difficulty identifying—much less restricting—the presence of foreign agents on its platform, while alleging that Chinese entities gave money to Twitter, raising concerns that these entities could access sensitive information about Twitter users.
The complaint also claims Twitter suffered from server vulnerabilities, alleging that over 50 percent of Twitter’s 500,000 data center servers had kernels or operating systems that were non-compliant and many had problems with encryption.
Zatko’s complaint also states that Elon Musk, who’s embroiled in a legal fight with Twitter over his backing out of a deal to buy the platform for $44 billion, was right in claiming that Twitter executives have little incentive to carry out accurate measurements of the amount of fake accounts and spam bots on the platform.
“Senior management had no appetite to properly measure the prevalence of bot accounts,” Zatko’s complaint states.
It alleges that Twitter executives were concerned that accurate bot counts would be damaging to Twitter’s “image and valuation.”
Zatko’s disclosure also includes the allegation that the true number of spam accounts and bots on Twitter is probably “meaningfully higher” that the 5 percent of daily monetizable users that the social media firm claims.
Key to Musk’s backing out of the buyout agreement is his claim that Twitter’s longstanding position that spam accounts and bots make up fewer than 5 percent of monetizable daily users is a fallacy.
Twitter has repeatedly insisted that its 5 percent estimate is accurate.
The two sides are scheduled to go to trial in October in a Delaware court, with experts saying Zatko’s disclosure could give Musk’s legal team more ammunition in their legal fight against Twitter.