This year has been extremely turbulent for Twitter.
Peiter “Mudge” Zatko, a former Twitter security chief, said in a whistleblower complaint that he discovered “severe, egregious inadequacies” in Twitter’s policies on user privacy, security, and content moderation. This was made public on Tuesday by The Washington Post.
The Federal Trade Commission and users were given “false and misleading” information by Twitter, according to Zatko, who was removed from the business in January. This allegedly violates federal law.
“Zatko spent 14 months pushing for improvements from the inside, and was terminated for his efforts,” the complaint states.
He is being defended by a nonprofit law firm called Whistleblower Aid, which also assured the Washington Post that the accusation is legitimate. In July, Zatko sent the US Securities and Exchange Commission, Department of Justice, and FTC an 84-page complaint.
The accusations are made at a trying time for Twitter. As a result of Elon Musk, the billionaire founder of Tesla and SpaceX, trying to back out of a $44 billion acquisition of Twitter, the powerful social media giant is engaged in a public court spat with him. A five-day trial is set for October after the tech platform filed a lawsuit against Musk to close the purchase.
In addition to raising important concerns about whether Twitter is doing enough to protect user privacy and security, the complaint may also have an influence on Musk’s ability to acquire the social media giant.
Here’s everything you need to know.
Who is the whistleblower on Twitter?
Before joining Twitter in 2020, Zatko, a well-known hacker and veteran security expert, worked at Google and DARPA, the research and development arm of the US Department of Defense.
He developed the password strength testing software that is still in use today. Additionally, he was a member of well-known hacker organisations like L0pht, which in the 1990s testified before Congress on security-related topics.
After adolescents hacked the prominent Twitter accounts of Musk, Kim Kardashian, and even Joe Biden, who was then the presumed Democratic nominee for US president, Jack Dorsey, the former CEO of Twitter, hired Zatko to work for the firm.
The suit makes what claims?
A number of charges are made against Twitter in the lengthy lawsuit, including that the business gave daily user growth priority above the stability and integrity of the network.
According to the complaint, executives tried to cover up problems rather than try to remedy them, either because they were financially rewarded for helping Twitter increase daily users, didn’t know any better, or had contributed to the creation of the “broken systems.”
According to Zatko, he discovered numerous security and privacy issues at the business in 2021 and alerted leadership to them. The organisation appeared to have a high number of security issues, some employees had blocked security and software updates on their devices, and personnel had excessive access to sensitive information.
“Mudge identified there were several exposures and vulnerabilities at the scale of the 2020 incident waiting to be discovered, and reasonably feared Twitter could suffer an Equifax-level hack,” the complaint reads.
The credit reporting agency Equifax disclosed a significant data breach in 2017 that affected 148 million Americans.
Zatko claims that instead of receiving support to address these concerns, he instead encountered “strong resistance,” particularly from Parag Agrawal, who is now the CEO of Twitter.
Agrawal was Twitter’s Chief Technology Officer before he got promoted and the complaint notes that “Twitter’s problems had developed under Agrawal’s watch.”
Twitter is charged with violating an 11-year-old deal with the FTC by making misleading claims that it had an extensive security programme, according to the lawsuit. According to Zatko, the corporation had never complied with the FTC order and wasn’t on course to do so, and his results were worse than what Dorsey had anticipated.
According to CNET, the complaint claims that Twitter misled the FTC about properly erasing the data of users who leave the site and lied to Musk about the quantity of spam bots on its network. Threats to national security and democracy are also listed by Zatko. According to the complaint, some of these dangers include Twitter becoming more reliant on revenue from Chinese companies and the Indian government pressuring the firm to hire government agents.
Twitter’s response?
According to Twitter, Zatko was sacked because of his “poor performance and weak leadership,” and the firm places a high priority on security and privacy.
“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” Twitter spokeswoman Rebecca Hahn told The Post. “Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
How are American legislators and regulators reacting?
US lawmakers are already looking into the complaint. Democratic senator from Connecticut Richard Blumenthal encouraged FTC Chair Lina Khan to look into Twitter.
In a letter to Khan, Blumenthal stated that “these disturbing revelations paint a picture of a company that has consistently and repeatedly prioritised profits over the safety of its users and its responsibility to the public.” Twitter executives, Blumenthal claimed, “appeared to ignore or hinder efforts to address threats to user security and privacy.”
Will the complaint have a bearing on the Musk-Twitter tiff?
It is feasible. According to the complaint, Zatko began compiling Twitter fraud evidence in January, before Musk made an acquisition approach.
According to The Washington Post, which cited unidentified people with knowledge of the situation and legal professionals, Musk’s legal team is anticipated to use the complaint to make the case for “wider discovery into Twitter’s internal operations and data.” This could support Musk’s claim that he was given false information by the business, which caused him to overpay for Twitter.
Before media outlets covered the whistleblower lawsuit, Musk’s attorneys reportedly apparently planned a deposition with Zatko, and his attorney Alex Spiro informed CNN that the legal team had already subpoenaed Zatko.
Twitter has come under fire from Musk for allegedly exaggerating the number of phoney or spam accounts using its platforms.
According to the complaint, Musk is right when he claims that Twitter executives have little to no personal interest to effectively detect or monitor spam bots because they are worried about how it will affect the company’s reputation and price.
Musk tweeted a meme with the message “Give a little whistle” on Tuesday.
Indian angle in this saga
According to the explosive whistleblower complaint, the Indian government pressured the social media company to hire a person who was a “government agent” and probably had access to private user information as part of their duties.
An excerpt from the whistleblower complaint filed with the SEC. Photo credits: The Washington Post
The former Twitter security head claims that the Indian government tried “with different success” to get Twitter to hire local full-time workers who “might be used as leverage” in another part titled “Squeezing Local Staff”.
“The threat of harm to Twitter employees was sufficient to cause Twitter to seriously consider complying with foreign government requests that Twitter would otherwise fundamentally oppose,” the complaint reads.
(With inputs from agencies)
Also WATCH | India: Are electric vehicles safe? | Tech It Out
