A former Twitter executive filed a whistleblower complaint in July with multiple government agencies, claiming that the company has spam problems and “egregious” security deficiencies that could have ramifications for national security, democracy, and the privacy of all of its users.
The executive, former head of security Peiter “Mudge” Zatko, was fired earlier this year, well before Musk had emerged as a significant Twitter shareholder, and before he agreed to buy the company for roughly $44 billion.
The Tesla CEO has since tried to renege on the agreement, claiming that Twitter has significantly understated the amount of spam and bots on its platform. Litigation over the matter is unfolding in the Delaware Court of Chancery, with a trial slated to begin in October.
Zatko’s account, which was also distributed to members of Congress, paints a blistering image of Twitter’s management and its alleged failure to protect its estimated 238 million daily users.
1. Zatko raised significant concerns about Twitter’s security practices and management.
Zatko had built a reputation as an “ethical hacker” before being hired at Twitter in the wake of an embarrassing security breach that saw the accounts of some of the world’s most famous people—including former president Barack Obama and then-presidential candidate Joe Biden—taken over by a Florida teenager to run a cryptocurrency scam.
In his whistleblower complaint, Zatko outlined a long list of alleged security failures at Twitter, including that execs failed to safeguard its software or keep its servers up to date. As the Post reported, the company’s leadership allegedly “withheld dire facts about the number of breaches and lack of protection for user data.” Zatko claimed the lapses amounted to a violation of a previous settlement with the Federal Trade Commission. He further alleged that Twitter’s leaders falsely claimed to care about addressing spam, when in reality some of them stood to reap huge bonuses by prioritizing the volume of daily users. Moreover, he suggested that the Indian government may have “put one of its agents on the payroll, with access to user data at a time of intense protests in the country.”
A Twitter spokesperson said Zatko’s claims were “riddled with inaccuracies,” adding that “security and privacy have long been company-wide priorities at Twitter and will continue to be.”
Musk, for his part, tweeted a meme that read, “Give a little whistle.”
2. It’s not clear how much the complaint will alter Musk’s attempt to back out of the Twitter acquisition.
Zatko’s complaint contained “limited hard documentary evidence… regarding spam and bots,” the Post reported, making it difficult to assess how much the revelations will affect October’s trial—assuming Musk and Twitter don’t settle the matter beforehand. Six legal experts told the outlet that new details about Twitter misrepresenting information to investors or regulators could help Musk, though much of the effect would come down to specifics. Anthony Casey, a professor at the University of Chicago Law School, told the Post that Zatko’s claims are likely not a “smoking gun.” To significantly alter the course of the litigation, he said, “It has to be more than just, ‘You guys were sloppy about this because you didn’t really care.’” He added that the news might help Musk, “but I still think he’s got a weak case.”
3. The whistleblower said he didn’t coordinate with Musk prior to filing his complaint.
A lawyer at Whistleblower Aid, the law firm representing Zatko, told the Post that the former security chief had not coordinated with Musk or his affiliates prior to submitting his complaint. The attorney said that Zatko would reply to a subpoena, however. On Tuesday, one of Musk’s lawyers, Alex Spiro, told CNN that a subpoena had already been issued, adding that “we found [Zatko’s] exit and that of other key employees curious.”
4. At a minimum, the optics are a win for Musk.
Musk’s attempt to cite spam and bots for calling off the acquisition has been met with skepticism by legal experts and many press outlets. Tuesday’s revelations, at a minimum, will offer Musk a favorable round of headlines. A Twitter spokesperson, apparently acknowledging that dynamic, declared that Zatko’s “allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders.”
5. There are questions about why Zatko was fired earlier this year.
Zatko claimed he had tried to address Twitter’s shortcomings while at the company, though the Post noted his tenure “was controversial, resulting in repeated clashes with fellow executives.” A spokesperson for Twitter sought to diminish Zatko’s credibility, saying that he “was fired from his senior executive role…for ineffective leadership and poor performance.”