With just under two months to go before the trial between Elon Musk and Twitter begins, a new bomb threatens to explode in the hands of the social network’s top executives. Is that Peiter “Mudge” Zatkothe company’s former head of Security, has denounced serious security problems that not only endanger the personal information of users, but also the integrity of the entire platform. And he assures that the most important executives are aware of it, but have decided to ignore it or, directly, hide it.
Through Whistleblower Aid, the same group that has legally represented Frances Haugen, the informant who leaked the information that led to the Facebook Papers, Zatko has sent a 200-page document to different US government agencies and bodies in which he exposes this situation. It is already in the hands of the Securities and Exchange Commission, the Federal Trade Commission, the Department of Justice and the Senate Intelligence Committee, among others.
Although the complaint was sent to the aforementioned parties at the beginning of last July, only in the last few hours has it become public. This is because CNN and the Washington Post have obtained access to the information with which Peiter Zatko intends to demonstrate that Twitter’s cybersecurity policies have been reckless and negligent.
It is worth mentioning that the former director turned informant reached the social network when Jack Dorsey was still CEO. However, he was fired last January. According to Twitter, Zatko’s departure was related to an alleged “poor performance and ineffective leadership” to hold his position. However, the complainant assures that there is actually much more behind the determination.
The former head of platform security assures that he tried to show the Twitter board of directors the serious security problems of the platform, which brought with it technical problems and regulatory breaches. Added to this was the lack of control over the large number of employees with access to critical tools and the possibility that one or more workers were spies for intelligence agencies in other countries.
Peiter Zatko, from security chief to Twitter “whistleblower”
It is clear that Peiter Zatko’s accusations against Twitter are notoriously serious. The document sent to US government agencies and other interested parties includes documentation that purportedly supports the expert’s claims. Among them, emails and constant exchanges with top executives such as Parag Agrawalthe current CEO and former head of Technology of the company, with whom he had a relationship of permanent tension.
These are some of the most important complaints:
- Twitter has misled its own board of directors and regulators by not acknowledging its serious security problems.
- The company does not properly delete user data when they decide to terminate their accounts. Here he even mentions that this is because in certain cases he loses track of the information in question.
- Parag Agrawal himself instructed Peiter Zatko that presentations to the board of directors on security issues be made orally and not in writing, to prevent access to detailed reports. The whistleblower also claims that he was asked to misrepresent himself using specifically selected data to give the false impression that progress was being made on the matter.
- Upon arrival at Twitter, the expert encountered very poor security practices. Among them, that practically half of the company’s employees had access to critical tools to apply changes to the platform. “It was impossible to protect the production environment. All engineers had access. There was no record of who was coming in or what they were doing. No one knew where the data resided or if it was critical, and all engineers had some kind of critical access to the production environment. “, he explained.
- Twitter’s server infrastructure is outdated and could be the gateway for malicious actors. According to Peiter Zatko, approximately half of the social network’s servers use old software that does not allow the encryption of stored information.
- The US government has provided evidence that at least one of its employees was a spy for international intelligence services. But what could be more. It is worth remembering that the social network already has a precedent in this regard, after the arrest in 2019 of an employee who was recently convicted of spying for Saudi Arabia.
- Twitter doesn’t have the resources to know for sure how many bots the platform has, and executives never cared to find out.
Twitter fights back
Peiter Zatko’s accusations they have not fallen on deaf ears. In fact, Twitter came out to respond with a statement sent to CNN:
“While we have not had access to the specific allegations referenced, what we have seen so far is a narrative about our privacy and data security practices that is riddled with inconsistencies and inaccuracies, and lacks important context. Mr. Zatko’s accusations and his opportunism appear to be designed to gain attention and inflict harm on Twitter, its customers and shareholders. Security and privacy have long been company-wide priorities and we still have a lot of work ahead of us.” .
…and Elon Musk licks his lips?
The question now is not only how this story will advance in regulatory matters, but what effect will it have on the trial between Elon Musk and Twitter. It will begin on October 17, and the tycoon’s legal team has already involved former directors of the social network in the dispute. Will there also be room for Peiter Zatko?
Undoubtedly, Twitter is facing a very complex situation. In 2011, the social network made a commitment to the Federal Trade Commission to create and maintain a comprehensive information security program. This happened after being accused of incorrectly manipulating the private information of its users. If the FTC launches a new investigation and finds that the company never delivered on its promises, you could receive billions of dollars in fines.