Congressional lawmakers are probing allegations made by Twitter’s former chief of security in an explosive whistleblower complaint that includes claims of deception related to data security and privacy and misleading tech entrepreneur Elon Musk about the number of bots on the platform.
Peiter Zatko, the whistleblower who served as Twitter’s head of security for about 14 months before being fired earlier this year, asserted in a disclosure obtained by The Epoch Times that Twitter’s security and privacy systems were grossly inadequate and that the company misled regulators, investors, and Musk about fake “spam” bots on the platform.
‘Serious Concerns’
Sen. Dick Durbin (D-Ill.), chair of the Senate Judiciary Committee, said in a statement that he is looking into Zatko’s allegations.“The whistleblower’s allegations of widespread security failures at Twitter, willful misrepresentations by top executives to government agencies, and penetration of the company by foreign intelligence raise serious concerns,” he said.
“As chair of the Senate Judiciary Committee, I will continue investigating this issue and take further steps as needed to get to the bottom of these alarming allegations,” he said, adding that if the whistleblower’s claims are accurate, there may be “dangerous” risks for Twitter users in terms of data privacy and security.
“According to Peiter Zatko, Twitter’s former head of security, Twitter has systematically and repeatedly failed to take basic security measures to protect its user data and has misled investors, regulators, and the public about the strength of its security systems,” Markey said in a statement.
Markey added that Zatko’s allegations suggest that Twitter has again “flagrantly violated” its consent decree with the FTC, just months after the company agreed to pay a $150 million penalty for failing to keep Twitter users’ data secure.
“I strongly urge the federal government to investigate Zatko’s claims and, if necessary, take strong and swift action against Twitter to ensure Twitter user data is properly protected,” the senator wrote.
Rep. Frank Pallone (D-N.J.), who chairs the House Energy and Commerce Committee, said in a statement that he was “carefully reviewing this whistleblower disclosure and assessing next steps.”
Several other lawmakers have issued similar statements.
Twitter officials didn’t respond by press time to a request by The Epoch Times for comment on Zatko’s claims.
‘False Narrative’
Twitter spokesperson Anna Hughes was cited by The Washington Post as saying that Zatko’s complaint seems to contain “inconsistencies and inaccuracies” and takes things out of context.“Mr. Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders,” she said, according to the outlet.
Key Takeaways from Whistleblower Complaint
Zatko claims that, despite Twitter agreeing in its settlement with the FTC to put in place stronger data security protections, the situation over time actually became worse.His complaint alleges that Twitter’s internal systems let far too many employees access users’ personal data that they didn’t need for their jobs, opening the door to potential abuse.
Experts who were deeply familiar with Twitter’s problems with the FTC told Zatko “unequivocally that Twitter had never been in compliance with the 2011 FTC Consent Order, and was not on track to ever achieve full compliance,” the complaint reads.
Zatko’s disclosure also claims that Twitter had difficulty identifying—much less restricting—the presence of foreign agents on its platform, while alleging that Chinese entities gave money to Twitter, raising concerns that these entities could access sensitive information about Twitter users.
The complaint also claims Twitter experienced server vulnerabilities, alleging that over 50 percent of Twitter’s 500,000 data center servers had kernels or operating systems that were non-compliant and many had problems with encryption.
Zatko’s complaint also states that Musk, who’s embroiled in a legal fight with Twitter over his backing out of a deal to buy the platform for $44 billion, was right in claiming that Twitter executives have little incentive to carry out accurate measurements of the amount of fake accounts and spam bots on the platform.
“Senior management had no appetite to properly measure the prevalence of bot accounts,” Zatko’s complaint states.
It alleges that Twitter executives were concerned that accurate bot counts would be damaging to Twitter’s “image and valuation.”
Zatko’s disclosure also includes the allegation that the true number of spam accounts and bots on Twitter is probably “meaningfully higher” that the 5 percent of daily monetizable users that the social media firm claims.
Key to Musk’s backing out of the buyout agreement is his claim that Twitter’s longstanding position that spam accounts and bots make up fewer than 5 percent of monetizable daily users is a fallacy.
Twitter has repeatedly insisted that its 5 percent estimate is accurate.
The two sides are scheduled to go to trial in October in a Delaware court, with experts saying Zatko’s disclosure could give Musk’s legal team more ammunition in their legal fight against Twitter.