Lawmakers Investigating Twitter Whistleblower’s Explosive Claims

By Tom Ozimek
Tom Ozimek
Tom Ozimek
Reporter
Tom Ozimek has a broad background in journalism, deposit insurance, marketing and communications, and adult education. The best writing advice he's ever heard is from Roy Peter Clark: 'Hit your target' and 'leave the best for last.'
August 24, 2022 Updated: August 25, 2022

Congressional lawmakers are probing allegations made by Twitter’s former chief of security in an explosive whistleblower complaint that includes claims of deception related to data security and privacy and misleading tech entrepreneur Elon Musk about the number of bots on the platform.

Peiter Zatko, the whistleblower who served as Twitter’s head of security for about 14 months before being fired earlier this year, asserted in a disclosure obtained by The Epoch Times that Twitter’s security and privacy systems were grossly inadequate and that the company misled regulators, investors, and Musk about fake “spam” bots on the platform.

While Twitter CEO Parag Agrawal has called Zatko’s claims a “false narrative,” U.S. lawmakers appear determined to make up their own minds and are investigating.

‘Serious Concerns’

Sen. Dick Durbin (D-Ill.), chair of the Senate Judiciary Committee, said in a statement that he is looking into Zatko’s allegations.

“The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns,” he said.

“As chair of the Senate Judiciary Committee, I will continue investigating this issue and take further steps as needed to get to the bottom of these alarming allegations,” he said, adding that if the whistleblower’s claims are accurate, there may be “dangerous” risks for Twitter users in terms of data privacy and security.

Sen. Ed Markey (D-Mass.) sent a letter (pdf) to the Federal Trade Commission (FTC) and the Department of Justice expressing “significant concerns” about the whistleblower’s allegations.

“According to Peiter Zatko, Twitter’s former head of security, Twitter has systematically and repeatedly failed to take basic security measures to protect its user data and has misled investors, regulators, and the public about the strength of its security systems,” Markey said in a statement.

Markey added that Zatko’s allegations suggest that Twitter has again “flagrantly violated” its consent decree with the FTC, just months after the company agreed to pay a $150 million penalty for failing to keep Twitter users’ data secure.

“I strongly urge the federal government to investigate Zatko’s claims and, if necessary, take strong and swift action against Twitter to ensure Twitter user data is properly protected,” the senator wrote.

Rep. Frank Pallone (D-N.J.), who chairs the House Energy and Commerce Committee, said in a statement that he was “carefully reviewing this whistleblower disclosure and assessing next steps.”

“These allegations are alarming and reaffirm the need to pass my comprehensive privacy legislation to protect Americans’ online data,” Pallone added, referring to the American Data Privacy and Protection Act that he co-sponsored.

Several other lawmakers have issued similar statements.

Twitter officials didn’t respond by press time to a request by The Epoch Times for comment on Zatko’s claims.

parag-agrawal
Parag Agrawal, CEO of Twitter, walks to a morning session during the Allen & Co. Sun Valley Conference in Idaho, on July 7, 2022. (Kevin Dietsch/Getty Images)

‘False Narrative’

Twitter spokesperson Anna Hughes was cited by The Washington Post as saying that Zatko’s complaint seems to contain “inconsistencies and inaccuracies” and takes things out of context.

“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” she said, according to the outlet.

Agrawal also pushed back on Zatko’s claims, reportedly writing in a message to staff that was shared on social media by CNN’s Donie O’Sullivan that the whistleblower’s complaint appears to be a “false narrative that is riddled with inconsistencies and inaccuracies, and presented without important context.”

“We will pursue all paths to defend our integrity as a company and set the record straight,” Agrawal wrote.

Key Takeaways from Whistleblower Complaint

Zatko claims that, despite Twitter agreeing in its settlement with the FTC to put in place stronger data security protections, the situation over time actually became worse.

His complaint alleges that Twitter’s internal systems let far too many employees access users’ personal data that they didn’t need for their jobs, opening the door to potential abuse.

Experts who were deeply familiar with Twitter’s problems with the FTC told Zatko “unequivocally that Twitter had never been in compliance with the 2011 FTC Consent Order, and was not on track to ever achieve full compliance,” the complaint reads.

Zatko’s disclosure also claims that Twitter had difficulty identifying—much less restricting—the presence of foreign agents on its platform, while alleging that Chinese entities gave money to Twitter, raising concerns that these entities could access sensitive information about Twitter users.

The complaint also claims Twitter experienced server vulnerabilities, alleging that over 50 percent of Twitter’s 500,000 data center servers had kernels or operating systems that were non-compliant and many had problems with encryption.

1.tagreuters.com2022binary_LYNXMPEI7503P-FILEDIMAGE
An image of Elon Musk is seen on smartphone placed on printed Twitter logos in this picture illustration taken on April 28, 2022. (Dado Ruvic/Illustration/Reuters)

Zatko’s complaint also states that Musk, who’s embroiled in a legal fight with Twitter over his backing out of a deal to buy the platform for $44 billion, was right in claiming that Twitter executives have little incentive to carry out accurate measurements of the amount of fake accounts and spam bots on the platform.

“Senior management had no appetite to properly measure the prevalence of bot accounts,” Zatko’s complaint states.

It alleges that Twitter executives were concerned that accurate bot counts would be damaging to Twitter’s “image and valuation.”

Zatko’s disclosure also includes the allegation that the true number of spam accounts and bots on Twitter is probably “meaningfully higher” that the 5 percent of daily monetizable users that the social media firm claims.

Key to Musk’s backing out of the buyout agreement is his claim that Twitter’s longstanding position that spam accounts and bots make up fewer than 5 percent of monetizable daily users is a fallacy.

Twitter has repeatedly insisted that its 5 percent estimate is accurate.

The two sides are scheduled to go to trial in October in a Delaware court, with experts saying Zatko’s disclosure could give Musk’s legal team more ammunition in their legal fight against Twitter.

Tom Ozimek
Reporter
Tom Ozimek has a broad background in journalism, deposit insurance, marketing and communications, and adult education. The best writing advice he's ever heard is from Roy Peter Clark: 'Hit your target' and 'leave the best for last.'